Knowledge Base

Unable to access Plesk UI or its database on Linux: Access denied for user ‘admin’@’localhost’ (using password: YES)

Symptoms

Plesk interface is inaccessible. One of the following error messages is shown in a web-browser:

PLESK_INFO: ERROR: 500 PleskExceptionDatabase
Zend_Db_Adapter_Exception: SQLSTATE[HY000] [1045] Access denied for user ‘admin’@’localhost’ (using password: YES)

PLESK_INFO: PleskDBException: Unable to connect to database: mysql_connect(): Access denied for user ‘admin’@’localhost’ (using password: YES) (Error code: 1045) (Abstract.php:69)

PLESK_INFO: ERROR: PleskFatalException
Unable to connect to database: saved admin password is incorrect.
0: common_func.php3:93
psaerror(string ‘Unable to connect to database: saved admin password is incorrect.’)
1: auth.php3:127
Additionally, an exception has occurred while trying to report this error: Zend_Exception
No entry is registered for key &;translate&; (Abstract.php:144)

The plesk db command returns the following error message:

ERROR 1045 (28000): Access denied for user 'admin'@'localhost' (using password: YES)

Cause

The hashed password in the file /etc/psa/.psa.shadow, that is used to access Plesk database, does not match the admin password in the ‘mysql’ database.

Resolution

If the password for MySQL admin user is known

Make a backup of the file /etc/psa/.psa.shadow:

# cp /etc/psa/.psa.shadow /etc/psa/.psa.shadow.bak
Insert the new password in /etc/psa/.psa.shadow in plain text:

# echo ‘new_password’ > /etc/psa/.psa.shadow

Note: do not forget to replace the new password from the command by the proper password.
Set the same password using Plesk utility in order to store it encrypted in /etc/psa/.psa.shadow:

# PSA_PASSWORD=new_password /usr/local/psa/admin/sbin/ch_admin_passwd

Note: if this command produces some output, apply the 2 method.

If the password for MySQL admin user is unknown

Connect to the Plesk server via SSH.
With the command below, check if the directive old-passwords exist in the MySQL configuration file my.cnf (no output means it does not exist):

# grep -ir old-passwords /etc/my*
- If it exists, remove it using a text editor.
Get a hashed password of the MySQL admin user and copy it to clipboard:

Note: Make sure there is only one password specified in the file.

# grep AES /etc/psa/.psa.shadow

Here is an example of a hashed password:

PLESK_INFO: $AES-128-CBC$ZmY/EEpy1+TwCNq5kalqSA==$Pd02kf4TTlpXdi/qyeo92w==
Modify the my.cnf file:

4.1. Open the my.cnf file in a text editor. In this example, we are using the vi editor:
- on CentOS/RHEL-based distributions
  
  # vi /etc/my.cnf
- on Debian/Ubuntu-based distributions
  
  # vi /etc/mysql/my.cnf
4.2. Add the skip-grant-tables line under the [mysqld] section:
```
[mysqld]
skip-grant-tables
<...>
```
4.3. Save the changes and close the file.
Restart MySQL. The command depends on MySQL version and operating system:

# service mariadb restart

# service mysql restart

# service mysqld restart
Connect to MySQL:

# plesk db
Switch to the mysql database:

MYSQL_LIN: mysql> use mysql;
Find the version of MySQL:

MYSQL_LIN: mysql> SELECT VERSION();
Reload the ACL tables cache:

MYSQL_LIN: mysql> FLUSH PRIVILEGES;

Note: Once the…