Locked Out of Cisco UCS? How to Recover the Master Admin Password | Lazy Admin Blog

Posted on October 29, 2015 Updated on March 23, 2026

It’s the nightmare scenario: you need to make a critical service profile change, but the only admin password is lost or forgotten. Because Cisco UCS Manager doesn’t store passwords in a reversible format, you can’t “view” the old one. Instead, you must perform a password reset by power-cycling the Fabric Interconnects (FIs) and interrupting the boot sequence.

⚠️ Warning: This procedure requires a physical power cycle of the Fabric Interconnects. In a production environment, this will cause a temporary disruption in management connectivity and potentially data traffic if not handled correctly in a cluster.

---

Phase 1: The Pre-Flight Check

Before you pull the power cables, you need two pieces of information. If you still have read-only access or a lower-privilege account, gather these now:

1. Identify the Roles: In a cluster, you must know which FI is Primary and which is Subordinate.
   • Path: Equipment > Fabric Interconnects > [FI Name] > General > High Availability Details.
2. Verify Firmware Versions: You must know the exact Kernel and System firmware versions currently running.
   • Path: Equipment > Firmware Management > Installed Firmware.

---

Phase 2: Password Recovery (The Process)

Scenario A: Standalone Configuration

If you only have one Fabric Interconnect, the process is straightforward but requires downtime.

1. Connect: Attach a console cable physically to the FI console port.
2. Power Cycle: Turn the FI off and then back on.
3. Interrupt Boot: As it boots, repeatedly press Ctrl+L or Ctrl+Shift+R until you see the loader > prompt.
4. Boot Kernel: Load the kickstart/kernel image: loader > boot /installables/switch/ucs-6100-k9-kickstart.x.x.x.gbin
5. Enter Config: Fabric(boot)# config terminal
6. Reset Password: Fabric(boot)(config)# admin-password YourNewPassword123
7. Load System: Exit config mode and boot the system image: Fabric(boot)# load /installables/switch/ucs-6100-k9-system.x.x.x.bin

Scenario B: Cluster Configuration (High Availability)

In a cluster, the order of operations is vital to ensure the database remains synchronized.

1. Subordinate First: Power cycle the Subordinate FI and interrupt its boot to the loader > prompt. Leave it there.
2. Primary Second: Power cycle the Primary FI and interrupt its boot to the loader > prompt.
3. Reset on Primary: Follow the “Standalone” steps (4 through 7) on the Primary FI console.
4. Bring up Subordinate: Once the Primary is back up and you can log into UCS Manager, go to the Subordinate console and boot its kernel and system images normally from the loader prompt.

---

Important Notes

• Clear Text: When you type the admin-password command in the boot loader, the password displays in clear text on the screen. Ensure no one is shoulder-surfing!
• Strong Passwords: UCS Manager requires at least one capital letter and one number.
• Console Access: This cannot be done via SSH. You must have physical or terminal server access to the console port.

#CiscoUCS #DataCenter #CiscoProphet #SysAdmin #Networking #ITTech #Cisco #UCSManager #LazyAdmin #Infrastructure