- Community Home
- >
- Servers and Operating Systems
- >
- HPE BladeSystem
- >
- BladeSystem - General
- >
- Integrity Blade BL870c - iLO Under Attack - WBEM E...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2015 08:20 AM
01-26-2015 08:20 AM
Integrity Blade BL870c - iLO Under Attack - WBEM Event Number 10893
Management question from Brian:
**************
My customer has TWO Integrity Blade servers in TWO different data centers that are throwing the following CRITICAL WBEM errors to the HP SIM Consoles monitoring these systems:
Event Number: 10893
- WBEM Severity: CRITICAL
- Event Summary: High rate of iLO login failures.
- Event Description: Login failures are occurring at a high rate.
- Probable Cause: Unauthorized Access
- Event Category: System Firmware Security
- Event Sub-Category: Other
- Cause 1 : The system is receiving a high volume of login attempts. In order to protect itself from these repeated attempts, iLO is now enforcing a login delay of 1 hour.
- Recommended Action1 : Determine if your system is under attack. Consider actions to isolate the system from the network. If you have physical access to the server, first unplug the manageability LAN cables. Next push the Security Override button to cancel any login delay that is in progress. Connect to the iLO via the serial port and examine the IEL and SEL logs. If this is a blade server and you do not have physical access, login to the Onboard Administrator and change the iLO IP address.
It’s a scary message, but I don’t believe we are really “under attack”.
One thing common between these two systems is that originally they were BOTH BL860c systems and then we went through an upgrade process to connect two adjoining blades to make them each BL870c i4 systems – so now they are double wide. Ever since they were each converted into BL870c systems we have been getting these errors in HP SIM.
Has anyone seen this? Could this be the OA trying to communicate with the iLO and it is confused (used to be TWO systems with TWO iLO’s but now there is only ONE system and ONE iLO)? Could this be SIM hitting the iLO somehow during a discovery of some kind?
*************
Input from Eirik:
************
You would need to check the logs to see where the error is coming from, easiest would be to serially connect to the iLO\MP from the OA and check there, probably some kind of monitoring software external from the chassis.
***********
Other suggestions?