VOS node cannot be re-onboarded with non-default ADMIN password and secure-mode enabled

Modified on: Mon, 14 Apr, 2025 at 5:34 PM

Scenario/Use-Case:

-> After initially onboarding a site out-of-the-box, we enabled SECURE-MODE and changed the default password for the admin user.

Later, we decided to re-onboard the VOS appliance.

-> This time, we enabled SECURE-MODE and changed the admin password to a non-default value before onboarding.

Issue: Onboarding fails with errors such as:

"Failed to fetch pub/priv keys"

"Connecting to appliance failed"

Reason:

When Secure Mode is enabled, as documented here, Veriexec enforces executable verification. This means the VOS must have a valid hash for each script or binary it runs.

During the onboarding process, the Director attempts to connect to the VOS appliance using the default admin password and pushes scripts like scp_bin_util.sh and flex_key_show.sh to the VOS.

However, because these scripts are new to the VOS and not previously hashed, Veriexec blocks their execution, causing the Director to fail to fetch the public/private keys necessary for onboarding.

Recommendation:

We suggest to disable SECURE-MODE and set the password to default-password for username: admin, if the ADMIN user login credential is non-default.

Did you find it helpful? Yes No

VOS node cannot be re-onboarded with non-default ADMIN password and secure-mode enabled

Modified on: Mon, 14 Apr, 2025 at 5:34 PM

More articles in VOS