Note : Start the System in Single-user mode. KB available as well.

Impact of procedure: This procedure requires that you restart the BIG-IP system in single-user mode. While in this mode, the device is unable to process traffic.

1. Start the system in single-user mode. This procedure applies to both GRUB 0.97 and 2. Depending on the platform for your system, you must decide where to append rd.break in the kernel entry line (replacing single with rd.break), in addition to initiating a system boot (b or Ctrl-X). For more information, refer to K4178: Restarting the BIG-IP system in single-user mode (GRUB 0.97) or K14662: Restarting the BIG-IP system in single-user mode (GRUB2).Note: Some attempts at booting to single-user mode result in a forced FSCK and asking for the password. K14662 states that you can skip the file system check by appending the words single fastboot instead of single. Keep in mind that this does not work to put fastboot after rd.break, which is the current method.After the system boots into single-user mode, the command prompt appears similar to the following example:switch_root:/#
2. Verify the current mounting path for later reference by entering the following command:mount | grep /dev/mapper/vg–dbOutput appears similar to the following example:/dev/mapper/vg–db–sda-set.2.root on /sysroot type ext3 (ro,relatime,errors=continue,barrier=0,data=ordered)
   /dev/mapper/vg–db–sda-set.2._usr on /sysroot/usr type ext3 (ro,noatime,errors=continue,barrier=0,data=ordered)
   Important: On some BIG-IP platforms, you may observe vda instead of sda in the output. For example, /dev/mapper/vg–db–vda-set.2.root.On such platforms, you must replace sda with vda for the commands in the rest of the procedure.
3. Remount both the /sysroot and /sysroot/usr directories to read-write mode by entering the following commands:mount -o remount,rw /sysroot
   mount -o remount,rw /sysroot/usr
4. Mount the appropriate /sysroot/config and /sysroot/var directories using the mounting path and volume set references retrieved from step 2, taking careful note of which set you need to mount. For example, if step 2 shows that you have set 2 (which means you booted into HD1.2) already mounted, then in this step you need to mount the set.2._config and set.2._var volumes. Similarly, if you boot to HD1.3, you already have set.3.root and set.3._usr mounted and mount set.3._config and set.3._var here.For example, to mount additional HD1.2 volumes, enter the following commands:mount /dev/mapper/vg–db–sda-set.2._config /sysroot/config
   mount /dev/mapper/vg–db–sda-set.2._var /sysroot/varFor example, to mount additional HD1.4 volumes, enter the following commands:mount /dev/mapper/vg–db–sda-set.4._config /sysroot/config
   mount /dev/mapper/vg–db–sda-set.4._var /sysroot/var
5. Verify the current mounting path and ensure the directories are in read-write mode by entering the following command:mount | grep /dev/mapper/vg–dbOutput appears similar to the following example:/dev/mapper/vg–db–sda-set.2.root on /sysroot type ext3 (rw,relatime,errors=continue,barrier=0,data=ordered)
   /dev/mapper/vg–db–sda-set.2._usr on /sysroot/usr type ext3 (rw,noatime,errors=continue,barrier=0,data=ordered)
   /dev/mapper/vg–db–sda-set.2._config on /sysroot/config type ext3 (rw,relatime,errors=continue,barrier=0,data=ordered)
   /dev/mapper/vg–db–sda-set.2._var on /sysroot/var type ext3 (rw,relatime,errors=continue,barrier=0,data=ordered)
6. Change to the root file system by entering the following command:chroot /sysrootA new command prompt appears similar to the following example:sh-4.2#
7. Change the root password by entering the following command:passwd root
8. When prompted, enter a new password.Output should appear similar to the following example:sh-4.2# passwd root
   Changing password for user root.
   New BIG-IP password:
   Retype new BIG-IP password:
   Changing password for user root.
   passwd.bin: all authentication tokens updated successfully.
9. Force Security-Enhanced Linux (SELinux) to re-label the file system on the next boot by entering the following command:touch /.autorelabel
10. Exit and restart the system using the exit command for chroot and single-user mode command prompts. To do so, refer to the following examples:sh-4.2# exit
    switch_root:/# exit

Note: If you perform this operation on a VIPRION system with more than one blade installed, you must ensure the password is changed on the primary blade. You can do this by logging in to the secondary blade after rebooting and resetting the password there. After you are logged in, use ssh primary (which is key-authenticated and doesn’t prompt for a password), and then use the passwd root command again to change the password.