Restore an Administrator Password
If you have forgotten or lost the administrator password for your Secure Web Gateway appliance, you can restore the initial password, which is webgateway. This will allow you to access the user interface again.
You can restore the password on a command line using SSH or working on a local system console. You must have root access to the command line.
You should also be familiar with Secure Web Gateway and basic Linux administration. If you are not sure about this, contact support.
Proceed as follows.
- Stop the Secure Web Gateway Coordinator component and the user interface.
To stop both, run the following commands on the command line:/etc/init.d/mwg-coordinator stop /etc/init.d/mwg-ui stop
If you are working with a newer product version, you can also run these commands:service mwg-coordinator stop service mwg-ui stop
- Change directory to go to the storage folder:
cd /opt/mwg/storage/default
- Change directory until you are in the folder with your current configuration. The name of this folder is usually the most recent time stamp.
For example, run this command at the end:cd 2024-11-05_15-42-16-631_+0200
The following command allows you to go directly from the storage folder to the folder with your current configuration. It does not work, however, in all working environments.cd 'cat /opt/mwg/storage/active_configuration'
- When you are in the folder with your current configuration, change directory to the internal subfolder:
cd internal/
-
Open the administration.xml file. In this file, there is an entry for every user. Review the entry for the admin user and edit is as needed. It looks, for example, like this:
<set> <admin id="com.mcafee.k.admins.initial"> <login>admin</login> <name></name> <passwordHash>SHA-256:1000:6uBaImP3XhOsIX ... Xjfp5XtP/1os=</passwordHash> <roleID>com.mcafee.k.adminrole.superadmin</roleID> </admin> </set>
-
The name for the admin user is shown between the <login> tags.
<login>admin</login>
Initially, it is admin. If it has been changed, you can leave it, as it is. You can also change it back to admin. -
Make sure the superadministrator role is configured for the admin user. It is shown between the <roleID> tags as follows.
<roleID>com.mcafee.k.adminrole.superadmin</roleID> -
Replace the existing password hash. It it is shown between the <passwordHash> tags. In the example shown here, the middle part of the existing password hash is omitted.
To replace the existing password hash, copy the following password hash and paste it between the <passwordHash> tags.
SHA-256:1000:MUVpa4aENB3zEaOHKU8xoQ==:f0eS7dCjDCaO1dm43qIj5/Uveg6cVB3BTDSnZiTqVGwyqF1FK3TZsDrXsXkwxqJpZnvzWlu2rOzLfKizTZM0GZIECDNTZdr3oI+8biag/SV0wUhkPgzWgAvdMzXHW1m9tn/TkMdsN5k1EeS0JU+rdF13ZFBLURoQKb3rLGKUie/cDNOng1ZO/pSVQYZn2U8yJa1Xob0MT/Tu62b0aavIaLqtL9fXmkW624oOotdVZD8eVqGrEfmGPFJLm7p9YE1gWxqabDJgJMAuSI1603THvg0+KL7o46WORhBgyDnpcpM3oXbVGIOCFP8x0xj+fPtYinEUTjrGGW7Ow6RPNtB0t5KqwMD2df1+Xm+eIAH4PYKKpFnljl/6z4ChTCvIFV3/rnrVhZZ94GGx5DRQWtVT+PkoNKZDOTWTh0oWI+0BhmbkAqooWgF7yR7LVRo1Nj07ZKMCw9mO55abP/Bm4FFAzFbtB0x/S9VaMxiXvMTRhwhSTjxHm1wJHFxcfJzB2VPOqhp+ywB8/vVmrncAZRXc9hmOR6ptSu9VZm8x8oiL9cwZ2+TSyZTi9h6VCH9DfmjvHAJUEccTMA2pNLhFywlyVGDs8wC+lTCSCMYE9olA0ASdtTT9Mm0BxDcL8LhZUy6dDJl9t2urngK7RPrHTqlLeg5YOSYFcpv+yKBRPoxutTI=
The entry for the admin user should then look like this. Again, the middle part of the new password hash is omitted.<set> <admin id="com.mcafee.k.admins.initial"> <login>admin</login> <name></name> <passwordHash>SHA-256:1000:MUVpa4aENB3z ... yKBRPoxutTI=</passwordHash> <roleID>com.mcafee.k.adminrole.superadmin</roleID> </admin> </set>
-
-
Save your changes.
-
Recalculate the password hash for the folder that now includes your most recent configuration. The name of this folder is again the most recent time stamp.
Run, for example, this command:/opt/mwg/bin/mwg-coordinator -F "file:in=/opt/mwg/storage/default/2024-11-05_16-14-36-975_+0200"
The following command allows you recalculate the password hash for the folder with your current configuration without specifying a time stamp. It does not work, however, in all working environments.
/opt/mwg/bin/mwg-coordinator -F "file:in='cat /opt/mwg/storage/active_configuration'"
-
Check the output of the Coordinator component. It should return a line like this:
OK - enforced as folder '/opt/mwg/storage/default/2024-11-05_16-14-36-975_+0200'
-
Change the access permissions for the Coordinator component.
chown -R mwgc.mwg /opt/mwg/storage/default/2024-11-05_16-14-36-975_+0200*
The following command allows you to change the access permissions without specifying a time stamp. It does not work, however, in all working environments.
chown -R mwgc.mwg `cat /opt/mwg/storage/active_configuration`*
-
Restart the Coordinator component and the user interface.
/etc/init.d/mwg-coordinator start /etc/init.d/mwg-ui start
If you are working with a newer product version, you can also run these commands:
service mwg-coordinator start service mwg-ui start
You can now log on the user interface for Secure Web Gateway after submitting a user ID and the initial password.
If the name for the admin user is still admin in the administration.xml file, use this name as the user ID. The initial password is webgateway.
We recommend that you change the password after logging on to the user interface.
To contact Skyhigh Security support, click this link: Create a Service Request. On the Service Portal, submit your user ID and password and click Log In. Then work with the options for creating a request.
If you have not registered with support yet, click Register and provide the required information. You will then receive an email with a password and usage instructions.