Skip to main content
Question of the Week

This question was asked in Live Chat this week, but to be fair it has come up several times from various users...

Q) I've forgotten the password to the admin account on our FME Server. Is there a way to recover it?

 

A) In short, no! But because the FME Server Support team has seen an increasing number of cases recently where a customer is unable to log in because of a forgotten password, I think it's worth outlining what the options are at this point, and how to avoid getting here in the first place!

What's the Default Admin Password?

Up until recent FMEs, the default administrator account used to be admin/admin. You can see why we felt that wasn't a good choice, because it's so easy to guess.

So now - although the default is still admin/admin - you are forced to change it when logging in for the first time. The username remains admin, but the password becomes one of your own devising.

I've Forgotten the Admin Password - Now What?

So at a later date you forget the admin password that you set, or your administrator has left without telling you what it is.

Is that a problem? Well, if Server is still functioning, then it can stay in use, processing jobs. But as soon as you need to carry out an administrative task such as adding a new user, then you are going to be stuck.

If you have the Reset Password option set, then you can simply request a password reset sent to the associated system email address. Now you can reset the password and log in.

Problem solved.

However... if you haven't got the Reset Password option set then - let me be blunt - a reinstallation is pretty much the only option. Hopefully either:

  • This was a recent installation, so there isn't much that will be overwritten. Or...
  • You have a very recent backup of the system, so not much work will be lost.

You'd probably want to take action fairly quickly because - even if the system is running - the longer you leave it, the more work you're going to lose.

That's Scary - How Can I Avoid That Situation?

Luckily, there are many options to set up to avoid this situation.

Turn On Reset Password

Firstly, as the Server administrator, you can turn on the Reset Password option. It's only one tiny click on a toggle, and then you need to enter a system email address, so there's not much work involved.

Why might you not do that? Well, there aren't many reasons. The only requirement is that every user must have a valid email address. Without that they can't receive a reset email. So if you can't guarantee that, then it's not that useful.

But it's a simple change and one that can save a lot of anguish and lost work.

Organize Your Accounts

Part of the problem, as described to me, is that the admin account is the only one with administrator privileges. Every other account only has the ability to run their own workspaces. So if you forget the admin account password, then you might not be able to even create automations or apps.

So, take the time to organize your accounts and identify senior users and administrators (plural)! You'll need at least one user with fmesuperuser privileges, in order to use the backup and restore tools. This role has access to all resources of FME Server so you'll not want everyone to have it. However to access the User Management page where you can change passwords, users only need the admin role or 'Manage' permissions explicitly set for the User Management item. So give that capability to multiple users so that if one admin password is lost, another admin/user can still access the web UI where they can update that admin password.

In short, you don't necessarily need to be limited to one admin account, and you can allow other useful functions to be carried out by lower-level roles.

Keep Backups

Speaking of backups, you'll want to keep these going on a regular basis. It's not going to help get back into a locked system, but it will help you if the worst happens and you have to reinstall everything from scratch.

One way to do this is to enable the schedule that runs backups automatically. Schedule a daily backup and at least you'll only lose a day's work at most.

Is FME Cloud Different to Plain FME Server?

Yes, FME Cloud is - slightly - different.

When you start an FME Cloud machine, you get provided the admin account password in a credentials file.

So download the credentials file and don't lose it! Why? Because it can only be downloaded once.

Note another difference is that the default password is not admin - it's more complex than that - so you won't get prompted to reset it the first time you log in.

Other than that, FME Cloud is the same as FME Server, and you should take the time to set up the proper accounts and to turn on Reset Password.

FAQ

Q) Is there a sneaky way back in?

A) Not that I know of! For example, you can't reset your password using the API.

Q) Can someone at Safe help me get back in?

A) Possibly. At the very least we can advise you on the best method to proceed should you really be locked out. So contact our support team if you are really, really stuck, and they'll do their best to help.

Other Notable Questions

  • Is there a way to get a computer back up and running if one disk on a raid pair fails?
    • I'm asking this because that's just what happened to me! That's why this is a fairly truncated question-of-the-week, with no other notable questions! Sorry. I hope to have the quiz up and running on Monday though (before you ask, yes everything is backed up as it should be, I'd just like to get the computer working properly)!
    • I don't really need to know answers, by the way. I just mentioned it to explain why I've been offline for a couple of day (a dump truck also took out the local internet - it's been quite the week)!

Weird! I got the exact same problem few days ago. We use Active Directory to connect into FME Server.

IT here decided last week to change something in the AD. Result : impossible to connect in.

I tried to found the admin password in my stuff. Maybe it was hiding somewhere, under the dust, who knows! Unfortunately, nothing.

Well, don't judge me plz, I haven't used it since the installation and I was a newbie back then...


Would you recommend creating a backup admin account right after the installation (with a different password of course)?


Would you recommend creating a backup admin account right after the installation (with a different password of course)?

I think that would be a wise move. Or elevate a trusted user. Or even use a "corporate password" that several people would know. The key point is to avoid having just one admin account with a password that is private and no way to get it back via email (if someone left unexpectedly, an IT department can usually get into their email account).


Weird! I got the exact same problem few days ago. We use Active Directory to connect into FME Server.

IT here decided last week to change something in the AD. Result : impossible to connect in.

I tried to found the admin password in my stuff. Maybe it was hiding somewhere, under the dust, who knows! Unfortunately, nothing.

Well, don't judge me plz, I haven't used it since the installation and I was a newbie back then...

I think the second part (yes I deleted it) seems to be the accepted hack. But now there's the ability to retrieve (or reset) passwords via email, I imagine that method being prevented by an increased level of security.


Would you recommend creating a backup admin account right after the installation (with a different password of course)?

Maybe another way would be to create a backup admin account, with a unique email address (like emergency@myorg .com). Enter some random characters as a password and then forget them. Now you have an account that normally can't log in, but could get an email reset in case of emergency. You could even offer that to customers as an extra service; like keeping a spare key for your neighbour! If they get completely locked out, with no way to enter, you can help them to get back in. I don't know if that's good security practice, but it's a thought.


Maybe another way would be to create a backup admin account, with a unique email address (like emergency@myorg .com). Enter some random characters as a password and then forget them. Now you have an account that normally can't log in, but could get an email reset in case of emergency. You could even offer that to customers as an extra service; like keeping a spare key for your neighbour! If they get completely locked out, with no way to enter, you can help them to get back in. I don't know if that's good security practice, but it's a thought.

I've recently come across 2 customers where FME server had initially been set up by somebody who then left the organisation before they could really start to use it. At least one of them did not actually document the admin account password (but fortunately it was still that default one and their replacement got that pretty much on the first try) so I think it would be wise to have at least one other account that can get admin access if necessary.


Old thread, but in case someone else comes across it like I did. I lost access to the admin account and all of our people users are domain accounts and that service was failing. The author account was still accessible though with its default password, so I assigned it the role of fmesuperuser through the db and was able to get back into fme flow with elevated permissions and restore the admin account password and demote author.


Old thread, but in case someone else comes across it like I did. I lost access to the admin account and all of our people users are domain accounts and that service was failing. The author account was still accessible though with its default password, so I assigned it the role of fmesuperuser through the db and was able to get back into fme flow with elevated permissions and restore the admin account password and demote author.

Good idea! I think we'll add “at least one account with admin rights that's not a domain account” to our list of recommendations


Reply