Locked out of production HA LM2200 due to concurrent session limit

0

I have two LM2200s in an HA pair that I have suddenly lost login access for the Shared WUI. I can login to the secondary, but not the primary or shared IP. I get "Login failed" and an email that states "Login failed - Concurrent Session limit reached". I have waited over 24 hours before attempting additional logins with the same result. I do not remember a setting for the session expiration, but normally after roughly 8-12 hours an alert email was sent that the session had timed out, but not this time.

Any ideas how to gain access to the user sessions from the standby/secondary unit WUI or how to clear the concurrent sessions so I can login? I need to do this before there are issues or maintenance required for the production servers. I have two servers currently disabled that I cannot re-enable or disable any additional servers if problems were to occur. If needed I can schedule a maintenance window, but would prefer not to do that. Perhaps a reboot or a failover would help?

Thank you in advance for your help.

2 comments

Avatar
0
Nick Smylie

Hi Randy,

It sounds like it is locked out.  Normally it unlocks after 10 minutes but I think the HA is causing it not to.  You can try logging onto the console as pwreset user. The password is 1pwreset. This will reset the password for "bal" to 1fourall until the LoadMaster is rebooted.  If unit is rebooted without the password being changed, the password will be reset to its old (unknown) value. It is thus strongly advised that the password should be changed using the configuration menu before the next reboot.

This has to be direct console, SSH will not work for this.  Also please make sure to set the new password on both units.  This also may cause some slight disruption with HA so I would advise doing this off hours.

Avatar
0
RandyM

Hi Nick,

Thanks for responding. The issue wasn't that I the userID/login was locked out as I have several IDs and could login successfully to the secondary unit directly, but rather the concurrent session limit. I had waited over 24 hours and it was still having this problem.

I ended up powering off the primary/active unit and having it failover to the standby/secondary unit. This allowed me to login on the shared IP and gain access to the full WUI again. I booted the primary unit again and left it as the standby. I have modified some of the session parameters to help prevent this issue in the future, but I believe the sessions were stuck and should have timed out (even though they did not). So it is working again.

Thanks again.