Recover a Locked Out Account

When an account is locked out, after entering the user name and password on the Tenable Core login page, the following alert appears:

If there remains one or more administrator accounts that are not locked out, an administrator may log in to the user interface, set a temporary password for any locked out account, and force the user to change the password upon the next login. However, if all of the administrator accounts are locked out then the recovery procedure depends upon the platform.

Recovery Actions

Environment Platform More Information
Virtual Machine VMware

Recover locked out account in VMware

Microsoft Hyper-V

Recover locked out account in Hyper-V

Nutanix

Recover locked out account in Nutanix

Cloud Amazon Web Services (AWS)

Recover locked out account in AWS

Microsoft Azure

Recover locked out account in Azure

  1. Download Tenable’s account recovery ISO from: https://appliance.cloud.tenable.com/repos/unlock_admins.iso

  2. Log into vSphere Client.

  3. Upload the recovery ISO to a datastore in vSphere Client.

  4. Locate the Virtual Machine (VM).

  5. Power Off the VM.

  6. Add a CD/DVD drive to the VM.

    This can be found under the Summary tab on the VM Hardware tile.

  7. Click Edit.

  8. Click Add New Device.

  9. Set the CD/DVD Media to the ISO file in the datastore.

  10. Power On the VM.

  11. When it comes up, log into the newly unlocked account.

    Note: You must change your password for this account.

  1. Download Tenable’s account recovery ISO from: https://appliance.cloud.tenable.com/repos/unlock_admins.iso

  2. Navigate to your Hyper-V interface.

  3. Shut down the virtual machine (VM).

  4. In VM settings > DVD Drive, set the Media to Image file.

  5. Browse to the Tenable account recovery ISO file you downloaded and open it.

  6. Start the VM.

  7. When it comes up, log into the newly unlocked account.

    Note: You must change your password for this account.

  1. Download Tenable’s account recovery ISO from: https://appliance.cloud.tenable.com/repos/unlock_admins.iso

  2. Upload the ISO image into the Nutanix datastore.

    Note: The + Upload Image button can be found under Settings > Image Configuration. Be sure to set the Image Type to ISO.

  3. Power Off the virtual machine (VM).

  4. Update the VM by adding, or updating, the CD-ROM disk. If there’s already a disc mounted, then eject it.

  5. Set the Operation to Clone from Image Service.

  6. Select the ISO image you uploaded into the Nutanix datastore.

  7. Power On the VM.

  8. When it comes up, log into the newly unlocked account.

    Note: You must change your password for this account.

  1. Log into the AWS portal.

  2. Find your EC2 instance.

  3. Stop the instance.

  4. Edit the user data.

    Note: User data can be found under Actions > Instance settings.

  5. Modify the user data as text and enter:

    Copy 
    #cloud-config
    bootcmd:
        - /usr/bin/chage -I -1 -E -1 ec2-user

  6. Start the EC2 instance.

  7. When it comes up, log into the newly unlocked account.

    Note: You must change your password for this account.

  1. In the Azure portal, bring up the virtual machine (VM) and navigate to Settings > Operating system.

  2. Check the Modify user data box.

  3. In the User data field enter:

    Copy 
    #cloud-config
    bootcmd:
        - /usr/bin/chage -I -1 -E -1 <username>

    Where <username> is the name of the account to be unlocked. For example, in the following screenshot <username> is “azureuser."

  4. Click Apply.

  5. Restart the VM.

  6. When it comes up, log into the newly unlocked account.

    Note: You must change your password for this account.