Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Policy Enforcer] Resetting invalid/expired pe_user password on Junos Space

0

0

Article ID: KB34396 KB Last Updated: 30 May 2019Version: 1.0
Summary:

This article provides information about resetting the pe_user password for a Policy Enforcer user when the password has expired or is shown to be invalid.

The pe_user is created by Junos Space when Policy Enforcer is added to Security Director via the path: Security Director > Administration > Policy Enforcer Settings and this user communicates with Security Director for feeds.

 

Symptoms:

When the pe_user password is invalid or has expired, communication between Policy Enforcer and Security Director is affected. The following symptoms have been observed when the pe_user password is invalid or has expired on Junos Space:

  1. The following error message is reported on Junos Space:
    • The Policy Enforcer Space API user (pe_user) password is currently invalid. A valid password is required in order for Policy Enforcer to be fully functional. To resolve this issue, please login to the Policy Enforcer VM, change the root password, and then enter the new value below.

  2. Security Director is not updated with the feeds coming from Policy Enforcer.

  3. In the Policy Enforcer Command Line Interface (CLI), under controller.log, the following error message is seen:

    • Pe_user expiry:   {"status_code":6,"status_message":"Your password has expired. Please contact your administrator."}

 

Solution:

To fix this issue, perform the following steps:

  1. Check whether the pe_user password has expired in Junos Space and the user is disabled by navigating via the following path: Network Management Platform > Role Based Access Control > User Accounts.
  2. Look for the pe_user and check the status in the Password column.

 

If the Password column shows Expired, the root user password for Policy Enforcer needs to be reset.

  1. To reset the pe_user password, log in to the Policy Enforcer CLI as the root user.

  2. Select the "Change root password" option and change the root user password from the Policy Enforcer CLI.

  1. Navigate to Security Director > Administration > Policy Enforcer > Settings.

  2. Re-enter the root user password and click OK.

 

When you navigate to Network Management Platform > Role Based Access Control > User Accounts, you should now see the pe_user as Active.

Note: If the pe_user Password status still shows as Expired, contact Support for troubleshooting.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search