HPE Community
BladeSystem - General
1753532 Members
6418 Online
108795 Solutions
New Discussion

Integrity Blade BL870c - iLO Under Attack - WBEM Event Number 10893

 
chuckk281
Trusted Contributor

‎01-26-2015 08:20 AM

‎01-26-2015 08:20 AM

Integrity Blade BL870c - iLO Under Attack - WBEM Event Number 10893

Management question from Brian:

 

**************

 

My customer has TWO Integrity Blade servers in TWO different data centers that are throwing the following CRITICAL WBEM errors to the HP SIM Consoles monitoring these systems:

 

Event Number: 10893

  • WBEM Severity: CRITICAL
  • Event Summary: High rate of iLO login failures.
  • Event Description: Login failures are occurring at a high rate.
  • Probable Cause: Unauthorized Access
  • Event Category: System Firmware Security
  • Event Sub-Category: Other
  • Cause 1 : The system is receiving a high volume of login attempts. In order to protect itself from these repeated attempts, iLO is now enforcing a login delay of 1 hour.
  • Recommended Action1 : Determine if your system is under attack. Consider actions to isolate the system from the network. If you have physical access to the server, first unplug the manageability LAN cables. Next push the Security Override button to cancel any login delay that is in progress. Connect to the iLO via the serial port and examine the IEL and SEL logs. If this is a blade server and you do not have physical access, login to the Onboard Administrator and change the iLO IP address.

 

It’s a scary message, but I don’t believe we are really  “under attack”.

 

One thing common between these two systems is that originally they were BOTH BL860c systems and then we went through an upgrade process to connect two adjoining blades to make them each BL870c i4 systems – so now they are double wide.  Ever since they were each converted into BL870c systems we have been getting these errors in HP SIM.

 

Has anyone seen this?  Could this be the OA trying to communicate with the iLO and it is confused (used to be TWO systems with TWO iLO’s but now there is only ONE system and ONE iLO)?  Could this be SIM hitting the iLO somehow during a discovery of some kind?

 

*************

 

Input from Eirik:

 

************

 

You would need to check the logs to see where the error is coming from, easiest would be to serially connect to the iLO\MP from the OA and check there, probably some kind of monitoring software external from the chassis.

 

***********

 

Other suggestions?

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.