Applicable to:
- Plesk for Linux
Symptoms
Plesk interface is inaccessible. One of the following error messages is shown in a web-browser or when executing some Plesk utilities, like plesk db
or plesk login
:
PLESK_INFO: ERROR: 500 Plesk\Exception\Database
Zend_Db_Adapter_Exception: SQLSTATE[HY000] [1045] Access denied for user 'admin'@'localhost' (using password: YES)
PLESK_INFO: ERROR: PleskFatalException
Unable to connect to database: saved admin password is incorrect.
0: common_func.php3:93
psaerror(string 'Unable to connect to database: saved admin password is incorrect.')
1: auth.php3:127
Additionally, an exception has occurred while trying to report this error: Zend_Exception
No entry is registered for key &;translate&; (Abstract.php:144)
Cause
The hashed password in the file /etc/psa/.psa.shadow
, that is used to access Plesk database, does not match the admin password in the 'mysql' database.
Resolution
-
Make a backup of the file
/etc/psa/.psa.shadow
:# cp /etc/psa/.psa.shadow /etc/psa/.psa.shadow.bak
-
Insert the new password in
/etc/psa/.psa.shadow
in plain text:# echo 'new_password' > /etc/psa/.psa.shadow
Note: do not forget to replace the new password from the command by the proper password.
-
Set the same password using Plesk utility in order to store it encrypted in
/etc/psa/.psa.shadow
:# PSA_PASSWORD=new_password /usr/local/psa/admin/sbin/ch_admin_passwd
Note: if this command produces some output, apply the 2 method.
-
Connect to the Plesk server via SSH.
-
With the command below, check if the directive
old-passwords
exist in the MySQL configuration filemy.cnf
(no output means it does not exist):# grep -ir old-passwords /etc/my*
- If it exists, remove it using a text editor.
-
Get a hashed password of the MySQL admin user and copy it to clipboard:
Note: Make sure there is only one password specified in the file.
# grep AES /etc/psa/.psa.shadow
Here is an example of a hashed password:
PLESK_INFO: $AES-128-CBC$ZmY/EEpy1+TwCNq5kalqSA==$Pd02kf4TTlpXdi/qyeo92w==
-
Modify the
my.cnf
file:4.1. Open the
my.cnf
file in a text editor. In this example, we are using the vi editor:-
on CentOS/RHEL-based distributions
# vi /etc/my.cnf
-
on Debian/Ubuntu-based distributions
# vi /etc/mysql/my.cnf
4.2. Add the
skip-grant-tables
line under the[mysqld]
section:CONFIG_TEXT: [mysqld]
skip-grant-tables
<...>4.3. Save the changes and close the file.
-
-
Restart MySQL. The command depends on MySQL version and operating system:
# service mariadb restart
# service mysql restart
# service mysqld restart -
Connect to MySQL:
# plesk db
-
Switch to the mysql database:
MYSQL_LIN: mysql> use mysql;
-
Find the version of MySQL:
MYSQL_LIN: mysql> SELECT VERSION();
-
Reload the ACL tables cache:
MYSQL_LIN: mysql> FLUSH PRIVILEGES;
Note: Once the command above is executed, do not exit the current MySQL session as this command loads grant tables back.
-
Restore the MySQL admin user:
-
For MySQL 5.1 up to 5.6 and MariaDB 5.5 up to 10.4
-
Drop the current admin user:
MYSQL_LIN: mysql> DROP USER 'admin'@'localhost';
-
Create a new admin user with the hashed password from step 3:
MYSQL_LIN: mysql> CREATE USER 'admin'@'localhost' IDENTIFIED BY 'HASHED_PASSWORD_FROM_STEP_3';
-
Grant all permissions to the admin user:
MYSQL_LIN: mysql> GRANT ALL ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
-
Exit MySQL:
MYSQL_LIN: mysql> exit
-
-
For MariaDB 10.5
-
Drop the current admin user:
MYSQL_LIN: mysql> DROP USER 'admin'@'localhost';
-
Create a new admin user with the hashed password from step 3:
MYSQL_LIN: mysql> CREATE USER 'admin'@'localhost' IDENTIFIED VIA mysql_native_password USING PASSWORD('HASHED_PASSWORD_FROM_STEP_3');
-
Grant all permissions to the admin user:
MYSQL_LIN: mysql> GRANT ALL ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
-
Exit MySQL:
MYSQL_LIN: mysql> exit
-
-
For MySQL 5.7 up to 8.0
-
Drop the current admin user:
MYSQL_LIN: mysql> DROP USER 'admin'@'localhost';
-
Create a new admin user with the hashed password from step 3:
MYSQL_LIN: mysql> CREATE USER 'admin'@'localhost' IDENTIFIED WITH 'mysql_native_password' BY 'HASHED_PASSWORD_FROM_STEP_3';
-
Grant all permissions to the admin user:
MYSQL_LIN: mysql> GRANT ALL ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
-
Exit MySQL:
MYSQL_LIN: mysql> exit
-
-
-
Remove the
skip-grant-tables
line from themy.cnf
file (step 4). -
Restart MySQL:
# service mariadb restart
# service mysql restart
# service mysqld restart
Comments
28 comments
The commands like mysql -uadmin mysql still says Access denied for user admin, even after adding skip-grant-tables to my.cnf
All these commands that should reset password assume I am already logged in, when in fact that is my initial problem.
Frustrating.
These doc pages don't seem accurate at all.
@adrianTNT, after modifying the my.cnf file and adding the skip-grant-tables option it is needed to restart the database server.
"11. If an output of the command is similar to the above - both strings
Password
andauthentication_string
are defined and theplugin
is set asmysql_native_password
for the admin user in themysql.user
table - run the query below. If not - move to the step 13."What is the step 13??
Thanks !!
@fabianevt, thank you for notice, It is required to move to step 12. The article was updated.
What is the step 12 or 13 ?
Hello @WartraxX!
Since previous comments regarding steps 12 and 13, the resolution was optimized and shortened.
Now resolution consists only of 10 steps.
but once the automatic reset is done, what is my new password ???
Hi @Domenico,
The password is stored in /etc/psa/.psa.shadow file in the hashed form.
You can copy the content and use it as a plain text password, MySQL will understand it.
@Yassir Elnaw
Hi,
Thank you for sharing the solution with us. I think other Pleskians will find it useful as well
I would like to mention that on step #10 the commands should be executed with "httpdocs" directory in path, for example:
find /var/www/vhosts/domain.tld/subdomain.tld/httpdocs/ -type f -exec chmod 644 {} \;
find /var/www/vhosts/domain.tld/subomdoman.tld/httpdocs/ -type d -exec chmod 755 {} \;
find /var/www/vhosts/domain.tld/subomdoman.tld/httpdocs/ -type f -exec chown user_example:psacln {} \;
find /var/www/vhosts/domain.tld/subomdoman.tld/httpdocs/ -type d -exec chown user_example:psacln {} \;
Thank you, Alexandr
The script runs in CentOS 7.4 with MariaDB 5.5.60, but with no effect. The manual solution works fine and with success.
@Markus Granzow
I have not reproduced the issue on a test CentOS 7 with MariaDB 5.5.60.
Does it show any errors? Is it showing "Password reset for MySQL user has been completed" message at the end?
what should i do if the error is ERROR 1045 (28000): Access denied for user 'admin'@'localhost' (using password: NO)
The difference to what you said before is that using password:NO)
I also got this error below
sudo MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysql_upgrade -uadmin
cat: /etc/psa/.psa.shadow: Permission denied
@Ojomo,
Hi!
We have another article for the mentioned error "Unable to upgrade MySQL: Access denied for user 'root'@'localhost' (using password: NO)"
However, please note that the command "MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysql_upgrade -uadmin" should be executed only by root user due to special permissions on /etc/psa/.psa.shadow file.
@Alisa Kasyanova
Thank you for your test. The problem I found is that php on my vserver is on an old version (5.6 or so) and the upgrade is more difficult than the manual solution above.
Hello @Markus,
CentOS 7.4 is supplied with PHP 5.4.16. As verified in a test environment, this PHP version is enough to apply the automatic solution.
Feel free to share additional information in case there were some error messages, for example.
After the manual solution did not work (at least my Plesk update still fails to complete from what seems to be related to it failing to take a MySQL Backup as far as I can see in the log which brought me to this support article). I now tried to do the automated approach which as well fails with the following error:
Checking if administrator exists
!ERROR: User 'admin'@'localhost' already exists on the system and has required privileges.Run the script with '-y' option to skip this check
exit status 1
It does not seems like a -y is possible, at least I get the same error.
Hello @Christian,
Thank you for your input.
There is a possibility, that the following article may help: Plesk upgrade/installation fails: Access denied for user 'admin'@'localhost'
However, to investigate the issue deeper and find the cause of such behavior, please create a request to Plesk Technical Support: How to submit a request to Plesk support?
Hi
The manual solution with "If the password for MySQL admin user is unknown" has worked for me in November 2020.
This has happened to me from messing around with mysql from the command line. Well it's another way to learn things :-)
Thanks for this solution
Hello there,
I did the manual 'if password unknown' version. Still getting this error message:
sudo MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysqldump -uadmin psa > /tmp/psa.`date +%F_%H.%M`.sql
cat: /etc/psa/.psa.shadow: Permission denied
mysqldump: Got error: 1045: "Access denied for user 'admin'@'localhost' (using password: NO)" when trying to connect
CentOS 7.9
Plesk Obsidian 18.0.31.2
MariaDB 5.5.68.
I verified each step of the process stated above and ran through it twice. I'm trying to get these permissions fixed so I can upgrade MariaDB to 10.3 following the steps under this tutorial.
Thank you.
From the error you provided, there are no permission to access /etc/psa/.psa.shadow. Make sure user has root privileges or login explicitly or impersonate yourself as root user with: "sudo su" command. Contact service provider/server administrator to obtain password for root, if it is required.
Hallo,
Ich versuche Option 2 (Passwort unbekannt):
Bei 2: grep AES /etc/psa/.psa.shadow ist der output leer, also kein gehashtes Passwort
Ich komme nicht weiter
Viele Grüße
Hello @Ibraheem Amer,
Try to reset Plesk Admin password using the following command:
plesk bin admin --set-admin-password -passwd '*****'
If this does not help, please consider submitting a ticket to Plesk Support.
Thank you Yaroslav for your reply.
When applying the given command, I get following:
plesk bin admin --set-admin-password -passwd 'MyPassword'
[2021-08-09 09:15:55.847] ERR [panel] Cannot load settings: SQLSTATE[HY000] [1045] Access denied for user 'admin'@'localhost' (using password: YES)
Curl failed: Peer certificate cannot be authenticated with given CA certificates
SQLSTATE[HY000] [1045] Access denied for user 'admin'@'localhost' (using password: YES)
exit status 3
@Ibraheem Amer,
Please, Submit a request to our support department so we could take a close look into the issue.
Thanks in advance!
At 6. I get:
ERROR 1049 (42000): Unknown database 'psa'
exit status 1
Hello, @Jeroen ter Laak
This means the PSA database is missing in MySQL. Restore it following the article:
https://support.plesk.com/hc/en-us/articles/213369589
Please sign in to leave a comment.