I broke it - reset db2inst1 password and all breaks

aixtools · February 27, 2019, 4:27pm

While trying to follow the instructions for setting up BFI - there is a screen where I must enter the db2inst1 password.

Instead - I got this:

I thought - incorrectly - I would just change the password “back” to what documentation said it should be.

Once I did that the BFI process moved forward, BUT now stops here:

then:

I tried the password again, then thought maybe the API needed a reset, but wow oh wow - I see:

PLEASE - some guidance on how to fix - somewhere deep - the db2inst1 password value. I guess when I re-installed the server after a crash I changed (and did not document) the password I created for db2inst1. I would rather not do a new install (I am over 2000km away from my bf server).

Thanks!

masonje · February 27, 2019, 4:42pm

Do you have root on the box? Can you “sudo passwd db2inst1” and reset the pw there?

From there, you would need to update the password value in /var/opt/BESServer/besserver.config

[Software\BigFix\EnterpriseClient\Settings\Client_BESServer_Database_Password]
value = “”

…and in /var/opt/BESWebReportsServer/beswebreports.config
[Software\BigFix\Enterprise Server\FillAggregateDB] password value

…also WebUI config too.

masonje · February 27, 2019, 4:43pm

Actually thought of another question. Is DB2 local on the root?

aixtools · February 27, 2019, 5:34pm

classic install - db2, bigfix, BFI all on one (RHEL).

p.s. I found some other documentation with the original db2inst1 password, so I can login to the console again – SO – I would like to rephrase my question.

How does one change the db2inst1 password without breaking everything?

(I am sure it is documented somewhere, but maybe one of you just know - and maybe having an answer here makes it easier to find via google next time. I did not find it while was in “panic” mode.)

oops - just saw you had replied twice. So I’ll go look in the config file.

masonje · February 27, 2019, 5:40pm

As root run:
passwd db2inst1
…then enter the pw and validate pw

Then update the config files mentioned above. You will have to restart each of the services and when they do, they will encrypted into the .odf file.

aixtools · February 27, 2019, 5:42pm

OK. Since this is the value currently in the config file - I would assume that the process is to:

stop the services
edit the config file and insert the new password
start services
4 (optional) verify password in clear-text has been removed from config file.

masonje · February 27, 2019, 5:46pm

That works. If you really wanted to follow the process without causing any issues:

stop services (root, web reports, webui)
reset password
start services

Andy yes, when the service starts up, it looks for updated password and removes it, then encrypts it into the .odf file.

aixtools · March 7, 2019, 8:54am

Thanks.

Quick question - now that I am further. I think this page may be in error. It shows:

But shouldn’t the webreports database be

BESREPOR (or BESREPORTS)

Before this the same article is saying:

So, I am just a bit confused.

And, lastly, since I did not fill in this bit during the initialization phase - how do I do that later?

masonje · March 8, 2019, 1:08am

Yep, it should be besrepor

Also the bigfix console operator has to be an MO.

Regarding you “doing that later”, meaning setting up the database connect from BFI to your root server? Unless I misunderstand, your looking at the /management/datasources page in your snapshot.

aixtools · March 13, 2019, 10:16am

Doing that later… meant how to add/fill-in the Web Reports Database later.

I found that under the “Data Sources”

As I still have not done that - could that be the reason I am getting - cans done, but not uploaded?

p.s. another error I had was having both ILMT and BFI activated. BF came up with a warning message (or fixlet) so I caught that before I actually done any scans - but I did load the wrong scanner (the ILMT one) on a few servers. The fixlets to do that ALL show up as fixlet:#1, so I learned an extra “thing” to check (site a fixlet is associated with). Suggestion for relevance (make both/all irrelevant when additional site “inventory” site is active - may need to look at the uninstall logic again (e.g., was installed, but no longer subscribed to the site the scanner came from).

And - maybe I should open a new thread. This was “actually” about “lost/changed” passowrd for db2inst1 - and we are “drifting”.

Many thx for the replies, and patience waiting for my reply back.