2016-09-04 10:02 PM
I've experienced an access deny saying "your account has expired"
The account was "admin" account also other accounts also has been denied when trying a SA UI log in attempt.
Right before admin sign in, customer changed a security setting such as "password security policy"
After the change, all user accounts has been denied.
In this scenario, all user accounts not following the new security policy has been denied.
There is some steps you can take a action to recover.
1. SSH to SA server
2. cd /var/lib/netwitness/uax/db
3. stop jettysrv
4. cp platform.h2.db ~/platform.h2.db.org
5. rm platform.h2.db
6. unzip platform.h2.db.backup.<latest file backed up>.zip
7. start jettysrv
8. Log in to SA UI again.
9. change your account's password according to new security policy.
Plz leave any comments if you find any wrong information above, i am happy to hear you any time.
Thanks
2016-09-06 09:19 AM
In Step 4 I'd recommend copying it back to it's current location but using .bak extension rather than throwing it in '~' which would be /root. Depending on how large the platform DB file can get, it may cause problems for the filesystem / storage and better to keep larger files under a larger filesystem such as /var/lib/netwitness...
Good write-up, I've ran into this a few times in the past. Thanks for documenting the steps.