Unable to access Plesk GUI: Access denied for user 'admin'@'localhost'

[Administrator]

Question : Unable to access Plesk GUI: Access denied for user 'admin'@'localhost' (using password: YES)

Symptoms
Plesk interface is inaccessible. One of the following error messages is shown in a web-browser or when executing some Plesk utilities, like plesk db or plesk login:

ERROR: 500 Plesk\Exception\Database
Zend_Db_Adapter_Exception: SQLSTATE[HY000] [1045] Access denied for user 'admin'@'localhost' (using password: YES)

ERROR: PleskFatalException
Unable to connect to database: saved admin password is incorrect.
0: common_func.php3:93
psaerror(string 'Unable to connect to database: saved admin password is incorrect.')
1: auth.php3:127
Additionally, an exception has occurred while trying to report this error: Zend_Exception
No entry is registered for key &;translate&; (Abstract.php:144)

Cause
The hashed password in the file /etc/psa/.psa.shadow, that is used to access Plesk database, does not match the admin password in the 'mysql' database.

Resolution
1) If the password for MySQL admin user is known
Make a backup of the file /etc/psa/.psa.shadow:

cp /etc/psa/.psa.shadow /etc/psa/.psa.shadow.bak


Insert the new password in /etc/psa/.psa.shadow in plain text:

echo 'new_password' > /etc/psa/.psa.shadow

Note: do not forget to replace the new password from the command by the proper password.

Set the same password using Plesk utility in order to store it encrypted in /etc/psa/.psa.shadow:

PSA_PASSWORD=new_password /usr/local/psa/admin/sbin/ch_admin_passwd



2) If the password for MySQL admin user is unknown
Connect to the Plesk server via SSH.

With the command below, check if the directive old-passwords exist in the MySQL configuration file my.cnf (no output means it does not exist):

grep -ir old-passwords /etc/my*

If it exists, remove it using a text editor.
Get a hashed password of the MySQL admin user and copy it to clipboard:

Note: Make sure there is only one password specified in the file.

grep AES /etc/psa/.psa.shadow

Here is an example of a hashed password:

$AES-128-CBC$ZmY/EEpy1+TwCNq5kalqSA==$Pd02kf4TTlpXdi/qyeo92w==

Modify the my.cnf file:

4.1. Open the my.cnf file in a text editor. In this example, we are using the vi editor:

on CentOS/RHEL-based distributions

vi /etc/my.cnf

on Debian/Ubuntu-based distributions

vi /etc/mysql/my.cnf

4.2. Add the skip-grant-tables line under the [mysqld] section:

[mysqld]
skip-grant-tables
<...>

4.3. Save the changes and close the file.

Restart MySQL. The command depends on MySQL version and operating system:

service mariadb restart

# service mysql restart

# service mysqld restart

Connect to MySQL:

plesk db

Switch to the mysql database:

mysql> use mysql;

Find the version of MySQL:

mysql> SELECT VERSION();

Reload the ACL tables cache:

mysql> FLUSH PRIVILEGES;

Note: Once the command above is executed, do not exit the current MySQL session as this command loads grant tables back.

Restore the MySQL admin user:

For MySQL 5.1 up to 5.6 and MariaDB 5.5 up to 10.4

Drop the current admin user:

mysql> DROP USER 'admin'@'localhost';

Create a new admin user with the hashed password from step 3:

mysql> CREATE USER 'admin'@'localhost' IDENTIFIED BY 'HASHED_PASSWORD_FROM_STEP_3';

Grant all permissions to the admin user:

mysql> GRANT ALL ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;

Exit MySQL:

mysql> exit

For MariaDB 10.5

Drop the current admin user:

mysql> DROP USER 'admin'@'localhost';

Create a new admin user with the hashed password from step 3:

mysql> CREATE USER 'admin'@'localhost' IDENTIFIED VIA mysql_native_password USING PASSWORD('HASHED_PASSWORD_FROM_STEP_3');

Grant all permissions to the admin user:

mysql> GRANT ALL ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;

Exit MySQL:

mysql> exit

For MySQL 5.7 up to 8.0

Drop the current admin user:

mysql> DROP USER 'admin'@'localhost';

Create a new admin user with the hashed password from step 3:

mysql> CREATE USER 'admin'@'localhost' IDENTIFIED WITH 'mysql_native_password' BY 'HASHED_PASSWORD_FROM_STEP_3';

Grant all permissions to the admin user:

mysql> GRANT ALL ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;

Exit MySQL:

mysql> exit

Remove the skip-grant-tables line from the my.cnf file (step 4).

Restart MySQL:

service mariadb restart

# service mysql restart

# service mysqld restart