How to reset the SafeWord RemoteAccess Administration password

How to reset the SafeWord RemoteAccess Administration password

Issue

The SafeWord RemoteAccess Administration password can be saved and is not required to be entered for administering SafeWord. When adding additional servers, they require the same Encryption Key, Signing Key and Administration password. If this password is unknown it can be reset.

Resolution

1. Make a complete list of all servers that have SafeWord components installed. This includes Servers, Agents, and SDK applications. Components include:

– SafeWord Core Servers (Database, Admin, Authentication Engine / AAA)
– Web Servers (Web Logon Server (WLS), Enrollment Server (ES))
– User Center
– SafeWord Administration Console
– Citrix Web Interface Agent
– RADIUS (IAS Agent, RADIUS, Ascend RADIUS, RADIUS Accounting)
– Outlook Web Access Agent (OWA), Universal Web Agent (UWA)
– Domain Logon Agent (DLA)

2. Stop all SafeWord server services (Admin, Authentication Engine / AAA Server, Web, RADIUS).

3. Stop all services that are using SafeWord Agents (e.g., IIS and IAS).

4. Remove any swec.md5 or swec.dat files (first stop any RADIUS services if they are running or exist, then delete the swec.md5 file/s. Then restart any RADIUS services) on all servers containing SafeWord components. Their location can vary, so search the entire computer. These swec files are often recreated when the service is stopped, so it’s imperative that you stop the service before doing the search.

5. Remove all of the following pem files on all SafeWord servers and Admin Console computers.

…\SERVERS\AdminServer\certificates\cacert.pem
…\SERVERS\AdminServer\certificates\cakey.pem
…\SERVERS\AdminServer\certificates\SccAdminServer.pem
…\SERVERS\AAAServer\certificates\SccAAAServer.pem
…\AdminConsole\certificates\PremierAccess_Administrator_Console.pem

6. Delete all client entries from the Admin Server’s clients.ini file. The clients.ini file is extensively documented if you require more information.

…\SERVERS\AdminServer\certificates\clients.ini

Do NOT delete these two lines. Increase the value of AcceptNewCertificates if necessary.

$AcceptNewCertificates=50 $AcceptNewCertificatesDefaultPolicy=always

7. Delete all server entries from the Admin Server’s and Admin Console’s servers.ini file. The servers.ini file is extensively documented if you require more information.

…\SERVERS\AdminServer\certificates\servers.ini
…\AdminConsole\certificates\servers.ini

Do NOT delete this line.

$AcceptNewCertsDefaultPolicy=never

8. Start services in this order.

a. SafeWord Database Server services
b. Admin Sever services
c. SafeWord Authentication Engine (AAA Server) services
d. All remaining services

Source : http://theether.net/kb/100168