Cisco IOS Password Recovery

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801746e6.shtml#t2

PIX 500 Series Password Recovery

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_password_recovery09186a008009478b.shtml

Introduction

This document describes how to recover a PIX password for PIX software releases through 7.0. Note that performing password recovery on the PIX erases only the password, not the configuration. If there are Telnet or console aaa authentication commands in versions 6.2 and later, the system also prompts to remove these.

Note: If you have configured AAA on the PIX and the AAA server is down, you can access the PIX by entering the Telnet password initially, and then pix as the username and the enable password (enable password password) for the password. If there is no enable password in the PIX configuration, enter pix for the username and press ENTER. If the enable and Telnet passwords are set but not known, continue with the password recovery process.

The PIX Password Lockout Utility is based on the PIX software release you run. Use show version in order to know the software version running on your PIX/ASA Security appliance.

Note: Refer to Performing Password Recovery for the ASA 5500 Series Adaptive Security Appliance for ASA 5500 Series Adaptive Security Appliance Password Recovery.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document requires these hardware devices:

• A PC

• A working serial terminal or terminal emulator

• Approximately 10 minutes of PIX and network downtime

Note: You must have approximately 10 minutes of PIX and network downtime to perform this procedure.

You need the PIX Password Lockout Utility to use the password recovery procedure, which includes these files:

• The appropriate binary file, depending on the PIX software version you run:

  • np70.bin (7.x and 8.0 release)

  • np63.bin (6.3 release)

  • np62.bin (6.2 release)

  • np61.bin (6.1 release)

  • np60.bin (6.0 release)

  • np53.bin (5.3 release)

  • np52.bin (5.2 release)

  • np51.bin (5.1 release)

  • np50.bin (5.0 release)

  • np44.bin (4.4 release)

  • nppix.bin (4.3 and earlier releases)

    Note: You need to determine what .bin file to use, which depends upon the PIX code that your PIX currently runs irrespective of the BIOS version.

• rawrite.exe (needed only for PIX machines with a floppy drive)

• TFTP Server Software (needed only for PIX machines without a floppy drive) — TFTP server software is no longer available from Cisco.com, but you can find many TFTP servers by searching for "tftp server" on your favorite Internet search engine. Cisco does not specifically recommend any particular TFTP implementation.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Step-by-Step Procedure

PIX With a Floppy Drive

Complete these steps to recover your password:

1. Execute the rawrite.exe file on your PC and answer the questions on the screen using the correct password recovery file.

2. Install a serial terminal or a PC with terminal emulation software on the PIX console port.

3. Verify that you have a connection with the PIX, and that characters are going from the terminal to the PIX, and from the PIX to the terminal.

   Note: Because you are locked out, you only see a password prompt.

4. Insert the PIX Password Lockout Utility disk into the floppy drive of the PIX.

5. Push the Reset button on the front of the PIX. The PIX reboots from the floppy and prints this message:

   Erasing Flash Password. Please eject diskette and reboot.

6. Eject the disk and press the Reset button. You are now able to log in without a password. Press ENTER when you are prompted for a password.

7. The default Telnet password after this process is "cisco." There is no default enable password. Go into configuration mode and issue the passwd your_password command to change your Telnet password and the enable password your_enable_password command to create an enable password, and then save your configuration.

PIX Without a Floppy Drive

Complete these steps to recover your password:

Note: Sample output from the password recovery procedure is available in this document.

1. Install a serial terminal or a PC with terminal emulation software on the PIX console port.

2. Verify that you have a connection with the PIX, and that characters are going from the terminal to the PIX, and from the PIX to the terminal.

   Note: Because you are locked out, you only see a password prompt.

3. Immediately after you power on the PIX Firewall and the startup messages appear, send a BREAK character or press the ESC key. The monitor> prompt is displayed. If needed, type ? (question mark) to list the available commands.

4. Use the interface command to specify which interface the ping traffic should use. For floppiless PIXes with only two interfaces, the monitor command defaults to the inside interface.

5. Use the address command to specify the IP address of the PIX Firewall's interface.

6. Use the server command to specify the IP address of the remote TFTP server containing the PIX password recovery file.

7. Use the file command to specify the filename of the PIX password recovery file. For example, the 5.1 release uses a file named np51.bin.

8. If needed, enter the gateway command to specify the IP address of a router gateway through which the server is accessible.

9. If needed, use the ping command to verify accessibility. If this command fails, fix access to the server before continuing.

10. Use the tftp command to start the download.

11. As the password recovery file loads, this message is displayed:

    Do you wish to erase the passwords? [yn] y
    Passwords have been erased. 

    Note: If there are Telnet or console aaa authentication commands in version 6.2, the system also prompts to remove these.

12. The default Telnet password after this process is "cisco." There is no default enable password. Go into configuration mode and issue the passwd your_password command to change your Telnet password and the enable password your_enable_password command to create an enable password, and then save your configuration.

Sample Output

This example of floppiless PIX password recovery with the TFTP server on the outside interface is taken from a lab environment.

Network Diagram

monitor>interface 0
0: i8255X @ PCI(bus:0 dev:13 irq:10)
1: i8255X @ PCI(bus:0 dev:14 irq:7 )

Using 0: i82559 @ PCI(bus:0 dev:13 irq:10), MAC: 0050.54ff.82b9
monitor>address 10.21.1.99
address 10.21.1.99
monitor>server 172.18.125.3
server 172.18.125.3
monitor>file np52.bin
file np52.bin
monitor>gateway 10.21.1.1
gateway 10.21.1.1
monitor>ping 172.18.125.3
Sending 5, 100-byte 0xf8d3 ICMP Echoes to 172.18.125.3, timeout is 4 seconds:
!!!!!
Success rate is 100 percent (5/5)
monitor>tftp
tftp np52.bin@172.18.125.3 via 10.21.1.1...................................
Received 73728 bytes

Cisco Secure PIX Firewall password tool (3.0) #0: Tue Aug 22 23:22:19 PDT 2000
Flash=i28F640J5 @ 0x300
BIOS Flash=AT29C257 @ 0xd8000

Do you wish to erase the passwords? [yn] y
Passwords have been erased.

Rebooting....

Installing Sharepoint (WSS 3.0) on SBS 2003

http://davidschrag.com/schlog/167/installing-wss-30-on-sbs-2003-standard

Connect to Windows Internal Database Using SQL 2005 Management Tools

http://msmvps.com/blogs/bradley/archive/2007/06/12/connecting-to-the-wsus-database-with-sql-2005-s-tools.aspx

Troubleshooting LAN and VPN Network Issues

http://www.informit.com/library/content.aspx?b=Troubleshooting_Remote_Access&seqNum=170

Exchange 2010 WebApp Issues

- Cannot click on new email
- Cannot Delete

WebApp lite worksfine.


Fix: rename the web.config file in the ...inetpub\wwwroot folder

http://social.technet.microsoft.com/Forums/en-US/exchange2010hosters/thread/e45d7277-b205-4791-a430-631b163a5072/

Cisco 887W Router - GUI for Wireless AP not working

Software bug on IOS 12.4(21A)JA1. Upgrade or Downgrade IOS on AP to fix the issue or go to http:///ap_express-setup.shtml


https://supportforums.cisco.com/docs/DOC-13047

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtc94776

Configure Intra-Interface Routing on Cisco ASA Firewall

 

http://www.tech21century.com/configure-static-routing-on-cisco-asa-firewall/

 

 

Using Interfaces with same security levels on Cisco ASA

 

PIX/ASA 7.2(1) and later: Intra-Interface Communications

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080734db7.shtml

 

Visit Comunet's new website www.comunet.com.au

NewSid Error cloning XenApp

NewSid Error cloning XenApp

http://forums.citrix.com/thread.jspa?threadID=86921&tstart=0

Upgrading asa 5505 to 3des

Upgrading asa 5505 to 3des (free) - gets rid of ssh warning about single des.

Do a sh ver to get serial number of ASA.


Follow these instructions to get activation key.
http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/DES-lic.html



Receive key via email instantly.

PrivateKeyMissing when running Enable-ExchangeCertificate

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1188



Enable-ExchangeCertificate : The certificate with thumbprint XXXXXXXXX was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate -Thumbprint XXXXXXXXX -Services "IIS"

The above error can as a result of multiple reasons. CSR was created with IIS and attempted to be installed through the Exchange Management Shell (EMS), CSR was created in EMS on another Exchange Server, a damaged certificate, or Windows simply "forgets" where it placed the PrivateKey for the certificate. It doesn't happen all the time, but sometimes the error can be a nuisance.

Option #1: Repair Damaged Certificate (Windows Server 2003/2008)

1. Open MMC and add the Certificate Snap-In for the Local Computer account.


2. Double-Click on the recently imported certificate.
Note: In Windows Server 2008 it will be the certificate missing the golden key beside it.


3. Select the Details tab.


4. Click on the Serial Number field and copy that string.
Note: You may use CTRL+C, but not right-click and copy.


5. Open up a command prompt session. (cmd.exe aka DOS Prompt)


6. Type: certutil -repairstore my "SerialNumber" (SerialNumber is that which was copied down in step 4.)


7. After running the above command, go back to the MMC and Right-Click Certificates and select Refresh (or hit F5 in the MMC)


8. Double-Click on the problem certificate. At the bottom of this window (General tab) it should state: "You have a private key that corresponds to this certificate."
Note: In Windows Server 2008 there will be a golden key to the left of the certificate, so there is no need to double-click the certificate.


9. Now that the Private Key is attached to the certificate, please proceed to enable Exchange Services via Enable-ExchangeCertificate.

Option #2: Remove and Re-Install Certificate (Windows Server 2003/2008)

1. Verify the certificate doesn't have it's private key.
   In the MMC and double-click the recently imported certificate. (Be sure that you're using the Certificate Snap-In for the Local Computer account!)
Note: In Windows Server 2008 it will be the certificate missing the golden key beside it.


2. Right-Click on the certificate and click Delete.


3. Re-install the Certificate

Renew Exchange 2007 SSL Certificate

Get-ExchangeCertificate to check existing certificates and their service type status

Remove-ExchangeCertificate to remove the old certs

Import-ExchangeCertificate -Path C:\cert.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"

---------------------------------------------------------------------------------------

PrivateKeyMissing when running Enable-ExchangeCertificate
http://nusak.blogspot.com/2010/06/privatekeymissing-when-running-enable.html

Configure IPSec between two routers and a Cisco VPN client

https://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094685.shtml

Cisco PIX Configuration Examples

Cisco PIX 500 Series Security Appliances

Configuration Examples and TechNotes

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

Using NAT and PAT Statements on the Cisco Secure PIX Firewall

http://www.ciscoverified.info/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b6e1a.shtml

Exchange Connectivity Verifier

https://www.testexchangeconnectivity.com/

Reporting Storage Size in Exchange

http://www.petri.co.il/reporting_storage_size_in_exchange.htm

Word Autorecover comes up everytime on a terminal server

http://www.andrewsmith.id.au/?q=node/26

Remove registry keys under the following locations.

Office 2003:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Office\11.0\Word\Resiliency\DocumentRecovery

Office 2007:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Office\12.0\Word\Resiliency\DocumentRecovery

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Resiliency\DocumentRecovery