Have you ever been locked out of DualShield Management Console? Don't panic. The account will be automatically unlocked in 3 minutes, if you have not changed the default Lockout system policy. That means that you can try again in 3 minutes, assuming that you still remember the correct password.

However, what if you have totally forgotten the password? Don't worry, the feature called "safe mode" comes to rescue

Enabling Safe mode for Windows Users

On the DualShield server machine, open Windows Prompt, navigate to the DualShield installation directory, e.g. C:\Program Files\Deepnet DualShield

Change to the subfolder "tomcat\bin", then issue the command "Dir tomcat*.*";

Look for the file ending "w.exe", e.g. tomcat9w.exe, then issue the command "tomcat9w.exe //ES//dualshield " (replacing tomcat9w with the version found in your directory),

A new window will open titled "DualShield Authentication Server Properties", select the tab "Java";

In "Java Options" add the command "-Ddual.safe.mode=true" , then click "Apply",

Click "OK", then restart DualShield service.

You can now log into the Management Console without password.

(please note that, in safe mode, you must access the management console from the machine where DualShield is installed);

Enabling Safe mode for Linux Users

If you have DualShield Linux version installed, you should edit the file "/etc/init.d/dualshield" to achieve the same effect as in Windows

sudo su -

nano /etc/init.d/dualshield

Add the following lines just after -Djava.io.tmpdir=$TMP_DIR \

-Ddual.safe.mode=true \
-Ddual.safe.mode.anyip=true \

See example below


You must restart the service after the modification.  Use the following command

 /etc/init.d/dualshield restart

Important: Once you have reset the sa password, make sure you disable the safe mode by removing the line -Ddual.safe.mode=true and -Ddual.safe.mode.anyip=true followed by service restart, otherwise, you will leave a potential security hole.

Resetting the SA User Password

Once you have enabled safe mode and fully restarted the service, you will be able log in to the Management Console without entering a password, and will then be able to change the system administrator's password using the following procedure;

  • Log in to the management console in safe mode.

  • Navigate to "Directory | Users" , select the Domain "Management Console", then left click the context menu of the user account "sa" and select "Reset Password";

  • A new window will now open titled "Reset Password";




    Enter a new password.

    Enter a new password.

    Retype the new password.

    This option is optional and will determine if the user will be forced to change their password next time they log in.

  • Enter and confirm the new password for the system administrator's account then click "Save".

The password for the system administrator will now be changed to your new password, and the management console can now be exited.

Important:  Once you have reset the sa password, make sure you disable the safe mode by removing the java options line -Ddual.safe.mode=true and restarting the DualShield service, otherwise you will leave a potential security risk.