Friday, January 30, 2009

How to reset the iLO password on an HP system

Typically new HP systems come with an iLO port that allows you to access the console output of the machine, even when it is booting, crashed etc in a RDP-style fashion through any browser by going to the IP address assigned to that iLO card (its DHCP by default). Nowadays, this iLO web management portal has a factory-assigned username and password which are printed on a nifty little plastic card tucked into the front of the server's bezel.

A good administrator will realize the immediate value of this tool, and the extreme threat it provides were an unscrupulous user to decide they wanted to gain access, and promptly change the password. Then they will write it down somewhere and not lose it. The former admin of a site I am administering failed it big time.

You can reset the password by cracking the case and flipping a dip switch, but who wants to down a server and pull it apart for that? Not me. Here is another way to change the password from the windows based operating system installed on that hardware.

HP made a tool called the HP Lights-Out Online Configuration utility (HPONCFG for short) that will run scripts against your host's ILO system to make changes without requiring a reboot. Finding the tool on HP's website is damn near impossible, but i found it by searching for 'cp008120.exe' on google. You need to have some prereqs installed, but if the HP installation CD's were used you may already have the prereqs (and this tool) installed. You can tell by looking under Add/Remove programs for 'HP Lights-Out Online Configuration Utility' or by checking C:\Program Files\HP\hponcfg to see if that folder exists.

Next you are going to need an admin script for resetting the password. I got it from this site: http://blog.netnerds.net/2006/04/ribcl-reset-administrator-password-on-ilo/ which also details the prereqs you need in the event that the HP installer cd was not used to setup the system. Either that or you can make your own XML file by opening up a notepad and typing in


<ribcl version="2.0">
<login password="boguspassword" user_login="Administrator">
<user_info mode="write">
<mod_user user_login="Administrator">
<password value="newpass">
</mod_user>
</user_info>
</login>
</ribcl>

Be sure to change "newpass" to your desired password in up above next to password value... then save it as something like resetpassword.xml in the same directory as your hponcfg.exe file. Now go to a command prompt and type in:

HPONCFG.exe /f resetpassword.xml /l log.txt > output.txt

and review the output files. Should work like a charm. All credit goes to that link i posted up above for this one... just logging it with the steps i had to follow for my own sake...

5 comments:

  1. Thanks a lot mate. Worked like a charm. I am running windows 2008 R2 so i have to download a different version of hponcfg (cp012903.exe) but all the other steps were similar and worked fine.
    Once again this post saved me a lot of time and many thanks.

    ReplyDelete
  2. If you have a current login that works and want to batch script the process using SSH then check out http://serverfault.com/questions/489865/batch-reset-all-ilo-passwords-via-command-line

    ReplyDelete
  3. If the server is running WIndows OS, then we can use HP Lights-Out Online Configuration Utility (HPONCFG.exe utility) for Windows. This is a simple GUI and we can easily reset the password. This utility does not ask for any password when you launch it. Moreover, when you reset the iLO password, HPONCFG will not ask for the previous password.

    May be the link provided below will be worth to look,

    How to reset iLO Administrator password of HP Server

    http://www.tricksguide.com/reset-ilo-forgot-administrator-password-of-hp-proliant-server.html

    Cheers

    ReplyDelete
  4. Quality articles is the crucial to interest the visitors to pay a quick visit the web
    site, that's what this site is providing.

    my page: how to get a flat belly

    ReplyDelete