General
Ran into this issue during lab repro for separate request.
Symptom
After upgrading the device, the admin is unable to login and receives incorrect password message.
Conditions
The issue is observed in 2 conditions so far
Firepower 2100 FTD in HA, upgrading from release 6.2.1-341 to 6.2.2-81
Firepower 2100 FTD in HA, upgrading from release 6.2.3-6 to 6.3
Workaround
Create secondary admin account to be primarily used. If account gets locked, access to admin account is required.
'configure user unlock [username]' is the command that is needed from admin account in order to unlock an account that has been locked due to exceeding the maximum number of consecutive failed login attempts.
Further Problem Description
Users get locked after the upgrade, we could see below logs
This is what we could see in /ngfw/var/log/messages after the upgrade
Jan 22 06:28:28 Net-fw-ofc-01 sshd[14858]: Server listening on 0.0.0.0 port 22.
Jan 22 06:28:28 Net-fw-ofc-01 sshd[14858]: Server listening on :: port 22.
Jan 22 06:28:29 Net-fw-ofc-01 usermod[14987]: change user 'admin' password
Jan 22 06:28:30 Net-fw-ofc-01 nscd: 5358 monitored file `/etc/hosts` was moved into place, adding watch
When we try to authenticate we could see below errors in /var/log/messages
Jan 28 07:15:01 Net-fw-ofc-01 CROND[26860]: pam_unix(crond:session): session closed for user root
Jan 28 07:15:31 Net-fw-ofc-01 login[4232]: pam_tally(login:auth): user admin (100) tally 28, deny 3
Jan 28 07:15:36 Net-fw-ofc-01 login[4232]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/ttyS0 ruser= rhost= user=admin
Jan 28 07:15:39 Net-fw-ofc-01 login[4232]: FAILED LOGIN (1) on '/dev/ttyS0' FOR 'admin', Authentication failure
Jan 28 07:15:42 Net-fw-ofc-01 login[4232]: pam_tally(login:auth): user admin (100) tally 29, deny 3
