Alert on Citrix ADC "One or more RPC nodes are configured with default passwords. For enhanced security, you must change the default RPC node password"

book

Article ID: CTX270630

calendar_today

Updated On:

Description

The following error is displayed after upgrading ADC:


"One or more RPC nodes are configured with default passwords. For enhanced security, you must change the default RPC node password"

 

image.png

 

Resolution

This is just a warning and will not cause any issues. 

It is recommended to change the default RPC node password to a custom password.


Refer to Citrix Documentation for more details about changing the RPC node password from both Cli and GUI.

Issue/Introduction

To determine which rpcNode has the default password:

  1. Run show rpcNode on each appliance.
  2. Compare the encrypted password hashes.
  3. Nodes showing the default hash have the default password.
  4. Change the password on the HA nodes to secure the environment.

Additional Information

RPC stands for "Remote Procedure Call"

How to Identify the Default RPC Password (Cli & GUI) :

  1. Use the CLI to Show RPC Nodes and Password Hashes
    1. Run the following command on each NetScaler appliance to display RPC node information:
      1. show rpcNode
      2. This command shows the RPC nodes configured on the appliance, including the encrypted password hash.
      3. Compare the encrypted password hashes between nodes.
      4. Nodes with the default password will have the default hash value.
      5. Nodes with changed passwords will show a different hash.
  2. Check HA Pair Nodes
    1. In an HA pair, ensure that both nodes have the same RPC node password configured.
    2. If the hashes differ, it indicates one node is using the default password (or a mismatched password).
  3. Use the NetScaler GUI
    1. Navigate to System > Network > RPC 
    2. Check the RPC nodes and their password status.

Note - The default hash mentioned in step1 above is generated for individual devices, hence the hash value is not the same used for all the devices by default

Powered by Wolken Software