Troubleshooting
Problem
This document explains how to reset the password for the QSECOFR Service Tools user ID.
Resolving The Problem
To reset the password for the QSECOFR Service Tools user ID, sign on with Operating System User ID QSECOFR and do the following:
To avoid the situation of having to reset the password from DST (described in Step 4a), do one or both of the following procedures:
Procedure 1: There is a security parameter within the Service Tools to allow users to change their password from STRSST rather than DST. From the STRSST menu, do the following:
Procedure 2: A second Service Tools user ID can be created with the same capabilities as QSECOFR. This allows the user ID owner to you to get into the Service Tools to reset the password and enable the user IDs.
|
1. |
On the operating system command line, type the following: CHGDSTPWD *DEFAULT Press the Enter key. |
| 2. | On the operating system command line, type the following: STRSST Press the Enter key. |
| 3. | Type QSECOFR for the user ID, and QSECOFR for the password. The password must be all uppercase. The user ID is not case sensitive. |
| 4a. | If you receive a message indicating that "The password has expired": Press the F9 key to change the password. The new password must be 6, 7, or 8 characters and cannot be one of the last 18 passwords used. |
| 4b. |
If you receive message CPF4AB7 indicating that the "Password cannot be changed": The password must be changed from Dedicated Service Tools (DST).
*Note: If forcing DST from the HMC and after entering the new password, you only get 'Password correct but is set to expired.' at the bottom of the screen with no option to change the password, then select F18 to bypass. This will give the OS signon, but force function 21 a second time to DST. After signing in to DST again with the default password, this should now give the option to change the password. See the steps below for forcing Function 21 DST:
Forcing DST from a Version 6 or earlier HMC: Follow this procedure in Rochester Support Center knowledgebase document: New, Forcing DST for a Partition on an HMC-Managed System: . HMC Version 6 and Earlier: Forcing DST for a Partition on an HMC-Managed System
Forcing DST from a Version 7 HMC: Follow this procedure in Rochester Support Center knowledgebase document: New , HMC Version 7: Forcing DST for a Partition on an HMC-Managed System: HMC Enhanced View: Forcing DST for a Partition on an HMC-Managed System: Follow this procedure in Rochester Support Center knowledgebase document: New, HMC Enhanced View: Forcing DST for a Partition on an HMC-Managed System: . Forcing DST on other System i systems:
Put the system in manual mode using the front panel, and enter Function 21. Forcing DST on Blades: Put a check box beside the partition name, then go to the drop down box, select operator service panel functions, then Option 21. Then, type QSECOFR for the user ID, and QSECOFR (must be all uppercase) for the password. The screen to change the password is shown. The new password must be 6, 7, or 8 characters and cannot be one of the last 18 passwords used. Once this is done, exit DST, and put the system back into Normal mode. Note: The DSPSECA command can be issued to determine if QSECOFR can be reset at SST or from the console at DST, specifically under this parameter: "Allow service tools user ID with default and expired password to change its own password . :" If you have a cloud hosted IBMi instance, select function 21 from the user interface:
To change the System Service Tools (SST) and Dedicated Service Tools (DST) passwords complete the following steps:
|
Procedure 1: There is a security parameter within the Service Tools to allow users to change their password from STRSST rather than DST. From the STRSST menu, do the following:
| 1. | Select Option 7, Work with System Security. |
| 2. | Set the Option "Allow a service tools user ID with a default and expired password to change its own password" to a 1=Yes. |
Procedure 2: A second Service Tools user ID can be created with the same capabilities as QSECOFR. This allows the user ID owner to you to get into the Service Tools to reset the password and enable the user IDs.
| 1. | From the STRSST menu, select Option 8, "Work with service tools user IDs". |
| 2 . | On the top line, type 1 to create a user ID, and type in the name of the new user ID and press the Enter key. Provide a password, and type 1 to "Allow ID access before storage management recovery". Type 2 next to Set password to expire so it will not be initially expired. |
| 3 . | Select Option 7 to Change privileges, and press the Enter key. |
| 4. | Type 2 next to all privileges (there are 5 screens of privileges) to grant, and press the Enter key. |
[{"Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CHyAAM","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0;7.2.0;7.3.0;7.4.0"},{"Product":{"code":"SSC3X7","label":"IBM i 6.1"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SSC52E","label":"IBM i 7.1 Preventative Service Planning"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]
Historical Number
333784115
Was this topic helpful?
Document Information
Modified date:
08 March 2023
UID
nas8N1019217