SST and access id recovery

105 pts.
Tags:
IBM 9407 M15
iSeries
Password recovery
QSECOFR
SST
We have a 9407 M15 without a HMC. On the odd occasion we have required it we have used a remote LAN console setup on a pc. However I have either forgotten the special Access id or it has expired and I am unable to connect the console pgm. To compound the issue I am unable to logon on to SST as the password has also either expired or been changed without recording the password somewhere. I reset the qsecofr sst id using chgdstpwd *default but when I try and log on with this I get into a catch22 where it says the password has expired but when I try and change it I get an error that I am not authorised to change the password!! The IBM techs are confounded but hopefully a software guy will respond to the job logged and be able to assist. In the meantime does anyone here have any suggestions to resolve this impasse.

Software/Hardware used:
iseries 9407 m15
ASKED: October 11, 2010  9:42 PM
UPDATED: October 18, 2010  5:04 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

use the CHGDSTPWD *DEFAULT to change the password to default, then go back to the console PC and run the Console program. When it asks for the DST user/password, enter the default QSECOFR user/password. It will then tell you to change the password and you can do so.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    ...it says the password has expired but when I try and change it I get an error that I am not authorised to change the password... That makes me think that passwords were locked down in DST. You might be seeing a result of message ID CPF4AB7:
    Message . . . . :   Service tools user ID password cannot be changed.
    Cause . . . . . :   Your system is configured to prevent a service tools user
      ID with a default and expired password from changing its own password.
    Recovery  . . . :   Either change the password of the service tools user ID
      through DST or use the Start Service Tools (STRSST) command, select the
      option to work with system security, and enable service tools user ID with a
      default and expired password to change its own password. Try the request
      again.
    (If not CPF4AB7, it's probably closely related.) Within DST (not SST), there are options available to lock down various security settings including the ability to access password changes from outside of DST. Unless you have multiple DST/SST security profiles, those can be very risky options to lock down. You must enter DST in order to make changes to anything locked down to DST. Of course, if you have now changed the QSECOFR DST/SST password to be a 'default' password with CHGDSTPWD *DEFAULT, it probably falls within the rules that stop it from setting a new password. You must get logged in to DST first, and that can only be done through an alternate security profile that has neither a default nor expired password. But you don't have a console available until you can log in to DST because the password is required in order to connect. So, let's start from here... I have either forgotten the special Access id or it has expired... Did you write "special Access id" because you are sure that an alternate DST/SST security profile other than QSECOFR was created? (Note that this is not a usual *SECOFR user profile. This would be a profile created explicitly within DST/SST for this type of use.) Tom
    125,585 pointsBadges:
    report
  • FrankStacey
    The access ID is another separate password that appears in the prompt to logon via the remote lan console. Below that it also requires a SST user id and its password. The SST profile we were probably using originally was the 8 x 1's with either of two possible passwords. If I leave the access ID blank it still gives me an error message.
    105 pointsBadges:
    report
  • FrankStacey
    BTW you are correct with the first part of your answer, it is a real catch-22.
    105 pointsBadges:
    report
  • TomLiotta
    The access ID is another separate password... Ah, yes. It's been too long (and too infrequent) since I had to go into a system by that route. And you changed all pre-configured passwords so even IBM Support can't get maintenance access. You tried the default passwords...? (It has to be asked.) Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following