You can reset the password of a login (such as sa) that has sso_role by rebooting
ASE after adding the parameter "-p<sso_login_name>" to the list of dataserver parameters
in the RUN_SERVER file.
A new, randomly generated password will be output to the console window (but not included in the errorlog). In current versions, this appears just after the master database finishes recovery.
Login using that password and change it to something you will remember.
Remove the -p parameter from the RUN_SERVER file so the password doesn't get randomly reset again the next time ASE is rebooted.
-bret