Log in problems T10

I've just renewed my watchguard subscription and need to upload my new feature key to my Firebox T10. I've connected to the box and am trying to log into the GUI using the credentials admin/readwrite. These are what I've always used and never had problems before but now I am getting an error message saying 'invalid credentials'. Anyone got any idea what the problem might be and how to fix it?

Comments

  • Caps lock on your keyboard?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    In addition to what Bruce mentioned, make sure that the webpage isn't cached from an old session.
    -Try clearing your cache. You can generally clear it for the page you're on by pressing ctrl+f5
    -If your browser has the function, try opening the page in incognito mode.
    -Make sure you're on the firebox management page (and not the sslvpn or hotspot page. the url should have a :8080 somewhere in it. By default it'll be https://10.0.1.1:8080
    If you're on another page, like 4100 or 443, it won't let you in there.

    -James Carson
    WatchGuard Customer Support

  • admin/readwrite are the default credentials. The default password should NEVER be used in a production environment. I thought the WSM setup wizard required changing the status and admin passwords. Has this T10 been factory reset, or did you never change the default password?

    Gregg Hill

  • Thanks for the suggestions @Bruce_Briggs, @James_Carson and @Greggmh123 Not caps lock or anything like that. I've never changed the password and wasn't asked to during the original set up. I'm definitely on the firebox management page.

    I'll try clearing cache and incognito mode.

  • :-( Neither of those options worked. If I go for a factory reset then I presume that all the settings I've input will be lost. Given that I had a hell of a job getting the T10 set up with my router/ISP in the first place I am very reluctant to go down this road. Any other suggestions to try first would be much appreciated.

  • edited January 2021

    Do you have Internet access through the T10? If so, and assuming you have a Windows computer, download and install the WatchGuard System Manager suite (https://cdn.watchguard.com/SoftwareCenter/Files/WSM/12_6_3/wsm_12_6_3.exe) with the default choices. Then run WatchGuard System Manager and connect to the device. Log in with the "status" user name and password.

    Once logged in as the "status" user, you can open Policy Manager and then save the current configuration to a file on your computer. In Policy Manager (PM), click on File > Backup and Restore, then enter your admin password. If "readwrite" doesn't work, that is not your admin password. You may have to do a factory reset. If you have your admin password, you can save a config backup. Have you ever saved a config before? If so, you can factory reset and re-load that config file.

    From WatchGuard System Manager, open Firebox System Manager (triangle icon below the word Help). In FSM, click Tools > Synchronize Feature Key, then enter your admin password. Again, if "readwrite" doesn't work, that is not your admin password.

    Does your "readwrite" password work with either PM or FSM above?

    Gregg Hill

  • Thanks Gregg! I'll give this a try!

  • Alas... I hooked up a Windows computer and got the WG System Manager running but I can't log in with the 'status' user name and password. It gives me an invalid credentials message. The password I'm using is 'readonly'. I am pretty certain that I have never changed this so I'm assuming that's what it should be. Any further ideas on how I can get in? The idea of having to do a factory re-set turns my stomach because it took months to get a configuration that works with my ISP and router.

  • Adobe Flash is no longer supported, so I suppose that it could be the problem, depending on the Fireware version on your T10.

    Review this post:
    Fireware XTM Web UI - Adobe Flash
    https://community.watchguard.com/watchguard-community/discussion/comment/6218

  • Also, if you get in using the Web UI - save your config!!!!!
    System -> Configuration File -> Download the Configuration File

  • Bruce - I'll take a look at that but I'm not sure what Flash has to do with it.... I can get the the UI it is just that it is rejecting my username and password. Could lack of support for flash be responsible for this error?

  • @julie said:
    Alas... I hooked up a Windows computer and got the WG System Manager running but I can't log in with the 'status' user name and password. It gives me an invalid credentials message. The password I'm using is 'readonly'. I am pretty certain that I have never changed this so I'm assuming that's what it should be. Any further ideas on how I can get in? The idea of having to do a factory re-set turns my stomach because it took months to get a configuration that works with my ISP and router.

    The fact that WSM also is rejecting the "status" password of "readonly" indicates that it has been changed, and that makes complete sense to me. I cannot verify it without defaulting a spare T10 I have, but I think the setup wizard forces one to set the new passwords.

    How did you do the original setup? I can try the same method you used and then see if it makes me change the default passwords.

    Gregg Hill

  • One thing not mentioned (unless I missed it) is that the Firebox should go online to retrieve its feature key any time it is restarted, and possibly at other times.

    Have you restarted the T10 recently?

    Gregg Hill

  • James,

    I know that some Cisco routers/switches have a console port reset process to use the CLI to reset the admin password without wiping out a config. Do Fireboxes have that feature?

    Gregg Hill

  • Julie,

    I just factory reset my T10 to see how it behaves when using the web UI to do the setup wizard. It does present a prompt to change the passwords, but SADLY, it will accept inputting the factory status and admin passwords, rather than requiring them to be changed. So, yes, you COULD have the factory default passwords on it. I thought it required changing the default passwords as one would expect on a security appliance.

    It also should not be an issue with Adobe Flash. I used a new laptop with Win 10 Pro 20H2 64-bit and Chrome Version 87.0.4280.141 (Official Build) (64-bit).

    Gregg Hill

  • It looks like the earliest T10 Fireware version was v11.8.3.
    Adobe Flash was not being used by then for the Web UI access.

  • @Greggmh123 said:
    James,

    I know that some Cisco routers/switches have a console port reset process to use the CLI to reset the admin password without wiping out a config. Do Fireboxes have that feature?

    If this were the case it would be very good news!

  • @Greggmh123 said:
    One thing not mentioned (unless I missed it) is that the Firebox should go online to retrieve its feature key any time it is restarted, and possibly at other times.

    Have you restarted the T10 recently?

    Gregg -

    Will it retrieve the feature key even if Rapid Deploy is not activated? I did restart it a few days ago (to see if this sorted the password issue). This is probably a stupid question but how can I tell whether it is operating with the new feature key?

  • Rapid Deploy distributes a config to a firewall, and oresumably the Feature Key too.

    Deploy Your Firebox with RapidDeploy
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/my_products/rapiddeploy_about_c.html

    Depending on your config settings, there is an option for the firewall to synchronize the Feature Key.

    Enable Feature Key Synchronization and Alarm Notification
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/basicadmin/feature_key_sync_c.html

  • You can open a support incident on this, but I doubt that support can suggest any other method to help here.
    Worth a try.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @Greggmh123
    There's no way to reset the password without wiping the config.

    The only way to pull the config off the box without logging in would be via USB diagnostic files. That would require that the command "usb-diagnostic enable" and "usb-diagnostic encrypt " have already been run while there was access to the device.

    If WSM was in use at any point, the best best is to look around the my documents/my watchguard folders for .xml configuration files that were hopefully saved there.

    -James Carson
    WatchGuard Customer Support

  • @James_Carson said:
    @Greggmh123
    There's no way to reset the password without wiping the config.

    The only way to pull the config off the box without logging in would be via USB diagnostic files. That would require that the command "usb-diagnostic enable" and "usb-diagnostic encrypt " have already been run while there was access to the device.

    If WSM was in use at any point, the best best is to look around the my documents/my watchguard folders for .xml configuration files that were hopefully saved there.

    James,

    Thank you for that confirmation.

    Gregg Hill

  • We have 12 Watchguards in different locations that all now have this problem. Some are T35 and a few are T10 units and all are running different versions of Firmware version 12. The units work normal but none of the user logins can connect all with the same issue and it seems that the only way to fix the issue is to factory reset. All of these units are only accessible from the internal network. With this problem happening on so many different networks we are assuming this is a Software issue and It almost seems as if the Firebox use database is corrupt.

    It would be great if there is a way to connect with the console cable and reset the database or password to the admin.

  • If you have a support license on any of these, you should open a support incident on this issue.

    Can you get access using WSM Policy Manager?

    Does a reboot allow access via the Web UI?
    The T10s have limited memory and the Web UI needs a bunch of it when started.

  • Cannot access the units from WSM as none of the logins work. Reboot solves nothing. My next step if to see if we can use a console connection to reset the admin user login. If this was just 1 random Watchguard I would not think its a bug but since we have now seen the issue on multiple Watchguard TXX devices I'm thinking its a but in the system.

  • @Morse said:
    We have 12 Watchguards in different locations that all now have this problem. Some are T35 and a few are T10 units and all are running different versions of Firmware version 12. >

    This thread maybe old, but actually we have the same problem with a T35. The admin password is definitely correct, but login is no longer possible. I can get in with "status" and the associated password and the T35 otherwise works perfectly. A restart didn't help either. Something is definitely wrong there.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @liberty123de
    If you are running a version that is below Fireware 12.7.2, please read this page:
    https://detection.watchguard.com/
    (The version is 12.5.9 for some of the tabletop appliances, and M200/300)

    If you're running 12.7.2 or later, (or 12.5.9 on those other appliances) I'd suggest downloading your configuration, resetting your firewall, loading your config back up, and setting your passwords again.

    If you'd like help looking into what might have happened, I'd suggest opening a support case.

    -James Carson
    WatchGuard Customer Support

  • james.carsonjames.carson Moderator, WatchGuard Representative

    I've closed this thread to prevent folks from replying to it for slightly similar issues. If you're running into this issue, please consider creating a new thread.

    -James Carson
    WatchGuard Customer Support

This discussion has been closed.