06-28-2011 06:59 AM
Since implementing the password policy, it seems the password MP uses to access the Console is not 'strong' enough and it shows the message
%SYSTEM-F-PWDPOLICY, Password does not conform to security policy
Preventing me from getting to the console to login.
Where is this password and can it be easily changed?
Solved! Go to Solution.
06-28-2011 07:12 AM - edited 06-28-2011 07:14 AM
This error message does NOT seem to be a standard OpenVMS message.
It may be returned by the VMS$PASSWORD_POLICY example program, if password checking has been implemented. It also does not seem to have anything to do with logging in via the MP (Management Processor).
Please explain, under which circumstances you are seeing this message.
06-28-2011 05:32 PM
that's very odd! Although it looks like a real OpenVMS message, it isn't:
$ pipe lib/extr=$ssdef/out=sys$output sys$share:starlet/macro | search sys$pipe pwdpolicy
%SEARCH-I-NOMATCHES, no strings matched
That means someone is forging system-like messages, so I'd be VERY wary about entering passwords, in case they're being captured.
Please describe the exact set of steps that are leading to this message. What you're attempting to do. What you're doing, what you're getting prompted and where you're typing.
(what moron designed this ITRC interface? The only way to paste text is via a dialog box???)
06-29-2011 08:58 AM
The message is generated by the program linked to the VMS$PASSWORD_POLICY
I run after a reboot the following command file.
$! install and configure the site-local password policy module
$INSTALL ADD SYS$LIBRARY:VMS$PASSWORD_POLICY/OPEN/HEAD/SHARE
PARAMETER USE ACTIVE
PARAMETER SET LOAD_PWD_POLICY 1
PARAMETER WRITE ACTIVE
$!Restart ACME Server
$ SET SERVER ACME/RESTART
The problem is I can login to the MP but when I take the CO option, I can't get the signon screen to log into VMS.
It just seems to display that message.
If I don't run the command file, I can access the console fine.
06-29-2011 09:28 AM
it sounds suspiciously like you may have automatic login enabled for the console, or a custom ACME server.
Try MC SYSMAN ALF SHOW *
If you do not run the password policy command procedure, do you get a username/password prompt when you select the CO option, or do you simply get straight to the DCL command line?
06-29-2011 09:51 AM
You dont say if this is a Blade Server or a Rackmount Itanium. There are some differences in the Command menu's.
Entering CO should not trigger any Password checking (unless as pointed out above, the console is set for Auto Login). If ALF is configured, and the default MP credentials are being used, then this might trigger the error you are getting. Alternatively, if ALF is configured, then the credentials for the AutoLogin user account dont meet the policy requirements.
To get to the MP Passwords on a Blade system, after logging in, at the MP prompt, enter CM. This gives the Command Menu. LI(st) will then give you the list of available commands. I think the account passwords are controlled through the UC command (User Configuration.)
Warning, if you change the Default Admin account password, and then forget the new one, resetting back to default is a pain in the butt, so be sure to remember the new password.
06-30-2011 05:48 AM
The Itanium is a RX2660, not a blade.
After typing CO, you get shoudl get the normal VMS sign on screen, not a dollar prompt, unless it has been left logged in before Ctl-B is done.
I think as there is no time associated with the password messages, maybe I have been misled by these.
I have tried Ctl-E cf, just in case it has been locked for write on another session, but this doesn't work either.
I will have time tonight to investigate further to provide more information.