Have you ever been locked out of DualShield Management Console? Don't panic. The account will be automatically unlocked in 3 minutes, if you have not changed the default Lockout system policy. That means that you can try again in 3 minutes, assuming that you still remember the correct password.

However, what if you have totally forgotten the password? Don't worry, the feature called "safe mode" comes to rescue

Enabling Safe Mode

DualShield on Windows OS

On the DualShield server machine, open Windows Prompt, navigate to the DualShield installation directory, e.g. C:\Program Files\Deepnet DualShield

Change to the subfolder "tomcat\bin", then issue the command "Dir tomcat*.*";

Look for the file ending "w.exe", e.g. tomcat9w.exe, then issue the command "tomcat9w.exe //ES//dualshield " (replacing tomcat9w with the version found in your directory),

A new window will open titled "DualShield Authentication Server Properties", select the tab "Java";

In "Java Options" add the command "-Ddual.safe.mode=true" 

Click "OK", then restart the DualShield service.

DualShield on Linux OS

If you have DualShield Linux version installed, you should edit the file "/usr/lib/systemd/system/dualshield.service" to achieve the same effect as in Windows


sudo su -
systemctl stop dualshield
nano /usr/lib/systemd/system/dualshield.service

Add the following lines just after -Djava.io.tmpdir=$TMP_DIR \

-Ddual.safe.mode=true \
-Ddual.safe.mode.anyip=true \

See example below

 


You must restart the service after the modification.  Use the following commands:


systemctl daemon-reload
systemctl start dualshield


Resetting the SA User Password

Once you have enabled safe mode and fully restarted the service, you will be able log in to the Management Console without entering a password, and will then be able to change the system administrator's password using the following procedure;

(please note that, in safe mode, you must access the management console from the machine where DualShield is installed);

Log in to the management console in safe mode.








Navigate to "Directory | Users", select the Domain "Management Console", then left click the context menu of the user account "sa" and select "Reset Password";

A new window will now open titled "Reset Password";

 

 

  

Enter a new password.

Enter a new password.

Retype the new password.


This option is optional and will determine if the user will be forced to change their password next time they log in.

Enter and confirm the new password for the system administrator's account then click "Save".


The password for the system administrator will now be changed to your new password, and the management console can now be exited.


Disabling the Safe Mode

Important: Once you have reset the sa password, make sure you disable the safe mode by removing the line -Ddual.safe.mode=true (and -Ddual.safe.mode.anyip=true on Linux OS) from the JAVA options, otherwise, you will leave a potential security hole.

Do not forget to restart the DualShield service after removing the options.