IBM Support

Default SST profiles with default passwords are Expired after PTF upgrade



A change has been made to the default user Profiles for Service Tools (SST and DST) so that when the PTF's below are applied those profiles will be marked as Expired if they are still using a default password.
The profiles changed are 11111111, 22222222 and QSRV.
The PTF's where this change was made are listed below:
V7R2= MF66639-A....included in Cumulative package C9297720
V7R3= MF66501-A...included in Cumulative package C9311730
V7R4= MF66502-A...included in Cumulative Package C9304740
This particular change WILL NOT affect the QSECOFR profile which is already shipped as having an expired password.  If any of the profiles listed above have a non-default password they will not be affected either.
For Example....the SST user profile 11111111 has a password of ABC1234.  That WILL NOT be affected since ABC1234 is not the default password.
There are options to change those passwords so that they do not go to an expired state:
Via System Service Tools:
- Get a 5250 (or Console) session
- Issue command STRSST...login with SST ID QSECOFR
- Option 8- Work with Service Tools User IDs and Devices
- Option 1- Service tools User IDs
- Option 2- Change Password next to the user ID you want to reset. 
- Give it a unique password and change Set Password to Expire to 2 for No.
Via Dedicated Service Tools:
- Get a 5250 Console session
- Via Control Panel Options (when in Manual Mode) execute a Function 21 to force DST.  This can be done from Front Control Panel, Remote Control Panel or via HMC Web Interface if HMC managed.
- Sign into DST with QSECOFR
- Option 5- Work with DST Environment
- Option 3- Service tools user IDs
- Option 2 next to the ID you want to change
- Give it a unique password and make sure to change Set Password to Expire to 2 for No.
Service Tools ID 11111111 can also be reset from the Front Control Panel with the following method.  Note: this is only needed if the 11111111 profile has been tried wrong too many times and goes to a Disabled state as opposed to Expired Password.
- Get Front Control Panel access
- Put the system into Manual mode
   - Arrow to 02...hit enter 2 times to see 02 B N<
   - Up arrow 1 time...will see 02 B M<
   - Enter 2 times to get back to 02
- Enable extended functions
   - Arrow to 25...hit will see 25 00
   - Arrow to 26...hit will see 26 00 (Note: If you see 26 FF you will need to do 25 and 26 again)
- Reset 11111111
   - Arrow up to 65...hit will see 65 00
   - Arrow down to 13...hit will see a lot of characters. The only one we are concerned with is the last digit on the top line.  Should look like this:
   - Continue going between 65 and 13 and hitting enter until that number becomes a 9:
   - This indicates that 11111111 was reset to a password of 11111111 and marked expired. 
   - You can then launch a console session and at the initial Service Tools signon box use the above credentials:
   - This will populate the following message:
   - Click Ok and you will then be prompted to set a new, unique, password for 11111111 (Must be 6-8 characters, is case-sensitive, cannot be any of the previous 17 passwords)
The PTF's listed also took away some non-essential functionality from the profile of 11111111.  You can re-grant any of these authorities you wish as follows:
- 5250 session
- STRSST...login with QSECOFR
- Option 8- Work with service tools User IDs and Devices
- Option 1- Service Tools User IDs
- Put a 7 next to the ID to Change Privileges and hit enter
- You can give the profile any permissions you wish.  Remember that 11111111 profile can be reset through the Front Control Panel so limiting it's privileges is recommended.
Note: The Partition Remote Panel Key function is now revoked.  You will need to Grant this privilege if you plan to utilize the Remote Virtual Control Panel and 11111111 Service Tools profile.
Note: It is recommended by IBM that you create at least 1 other Service Tools profile with sufficient privileges to have as a backup should you ever have problems accessing Service Tools.

Document Location


[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"V7R2 and later","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
28 August 2020