Unable to access Plesk GUI: Access denied for user 'admin'@'localhost' (using password: YES)

Pablo Alvarez

Updated April 15, 2024 03:19

kb: technical ABT: Group B

Applicable to:

Plesk for Linux

Symptoms

Plesk interface is inaccessible. One of the following error messages is shown in a web-browser or when executing some Plesk utilities, like plesk db or plesk login:

PLESK_INFO: ERROR: 500 Plesk\Exception\Database
Zend_Db_Adapter_Exception: SQLSTATE[HY000] [1045] Access denied for user 'admin'@'localhost' (using password: YES)

PLESK_INFO: ERROR: PleskFatalException
Unable to connect to database: saved admin password is incorrect.
0: common_func.php3:93
psaerror(string 'Unable to connect to database: saved admin password is incorrect.')
1: auth.php3:127
Additionally, an exception has occurred while trying to report this error: Zend_Exception
No entry is registered for key &;translate&; (Abstract.php:144)

Cause

The hashed password in the file /etc/psa/.psa.shadow, that is used to access Plesk database, does not match the admin password in the 'mysql' database.

Resolution

If the password for MySQL admin user is known

Make a backup of the file /etc/psa/.psa.shadow:

# cp /etc/psa/.psa.shadow /etc/psa/.psa.shadow.bak
Insert the new password in /etc/psa/.psa.shadow in plain text:

# echo 'new_password' > /etc/psa/.psa.shadow

Note: do not forget to replace the new password from the command by the proper password.
Set the same password using Plesk utility in order to store it encrypted in /etc/psa/.psa.shadow:

# PSA_PASSWORD=new_password /usr/local/psa/admin/sbin/ch_admin_passwd

Note: if this command produces some output, apply the 2 method.

If the password for MySQL admin user is unknown

Connect to the Plesk server via SSH.
With the command below, check if the directive old-passwords exist in the MySQL configuration file my.cnf (no output means it does not exist):

# grep -ir old-passwords /etc/my*
- If it exists, remove it using a text editor.
Get a hashed password of the MySQL admin user and copy it to clipboard:

Note: Make sure there is only one password specified in the file.

# grep AES /etc/psa/.psa.shadow

Here is an example of a hashed password:

PLESK_INFO: $AES-128-CBC$ZmY/EEpy1+TwCNq5kalqSA==$Pd02kf4TTlpXdi/qyeo92w==
Modify the my.cnf file:

4.1. Open the my.cnf file in a text editor. In this example, we are using the vi editor:
- on CentOS/RHEL-based distributions
  
  # vi /etc/my.cnf
- on Debian/Ubuntu-based distributions
  
  # vi /etc/mysql/my.cnf
4.2. Add the skip-grant-tables line under the [mysqld] section:

CONFIG_TEXT: [mysqld]
skip-grant-tables
<...>

4.3. Save the changes and close the file.
Restart MySQL. The command depends on MySQL version and operating system:

# service mariadb restart

# service mysql restart

# service mysqld restart
Connect to MySQL:

# plesk db
Switch to the mysql database:

MYSQL_LIN: mysql> use mysql;
Find the version of MySQL:

MYSQL_LIN: mysql> SELECT VERSION();
Reload the ACL tables cache:

MYSQL_LIN: mysql> FLUSH PRIVILEGES;

Note: Once the command above is executed, do not exit the current MySQL session as this command loads grant tables back.
Restore the MySQL admin user:
- For MySQL 5.1 up to 5.6 and MariaDB 5.5 up to 10.3
  1. Drop the current admin user:
    
    MYSQL_LIN: mysql> DROP USER 'admin'@'localhost';
  2. Create a new admin user with the hashed password from step 3:
    
    MYSQL_LIN: mysql> CREATE USER 'admin'@'localhost' IDENTIFIED BY 'HASHED_PASSWORD_FROM_STEP_3';
  3. Grant all permissions to the admin user:
    
    MYSQL_LIN: mysql> GRANT ALL ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
  4. Exit MySQL:
    
    MYSQL_LIN: mysql> exit
- For MariaDB 10.4 and later versions
  1. Drop the current admin user:
    
    MYSQL_LIN: mysql> DROP USER 'admin'@'localhost';
  2. Create a new admin user with the hashed password from step 3:
    
    MYSQL_LIN: mysql> CREATE USER 'admin'@'localhost' IDENTIFIED VIA mysql_native_password USING PASSWORD('HASHED_PASSWORD_FROM_STEP_3');
  3. Grant all permissions to the admin user:
    
    MYSQL_LIN: mysql> GRANT ALL ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
  4. Exit MySQL:
    
    MYSQL_LIN: mysql> exit
- For MySQL 5.7 up to 8.0
  1. Drop the current admin user:
    
    MYSQL_LIN: mysql> DROP USER 'admin'@'localhost';
  2. Create a new admin user with the hashed password from step 3:
    
    MYSQL_LIN: mysql> CREATE USER 'admin'@'localhost' IDENTIFIED WITH 'mysql_native_password' BY 'HASHED_PASSWORD_FROM_STEP_3';
  3. Grant all permissions to the admin user:
    
    MYSQL_LIN: mysql> GRANT ALL ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
  4. Exit MySQL:
    
    MYSQL_LIN: mysql> exit
Remove the skip-grant-tables line from the my.cnf file (step 4).
Restart MySQL:

# service mariadb restart

# service mysql restart

# service mysqld restart

Comments

5 comments

NOVAPULSE
September 11, 2023 05:47

Amazing !

🙏🙏🙏

2
Ferhat Göller
August 15, 2024 07:11

it is not abolut my article

0
Noiz
October 15, 2024 11:15

This did nothing to solve the problem in Ubuntu 22.04 LTS with MariaDB

-1
Em El
December 06, 2024 14:19 (Edited December 06, 2024 15:34)

Not the first error I've had and spent hours trying to figure out. I finally purchased Plesk's support plan for $10/month today and that will be money well spent if they are able to fix the issue. Unfortunately, Plesk encrypts all of their files which makes troubleshooting and debugging very difficult. I guess for a support plan though $10 is a super easy decision for me.

1
Tarun Meena
December 21, 2024 08:33

Your guide not only covered the technical aspects thoroughly but also anticipated potential challenges and offered clear solutions. This level of detail and practical advice makes it an invaluable resource for anyone tackling this migration.
Thank you for sharing your expertise and creating such a comprehensive and user-friendly resource. It’s clear a lot of effort went into making this guide, and it is deeply appreciated!

1

Please sign in to leave a comment.