ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

ILO Override Switch audit

 
Brian A Morris
Occasional Visitor

ILO Override Switch audit

Recently while rebuilding our ILO solution upon DHCP and directory security, we discovered large numbers of our servers had the override switch set to true. Due to the fact that manually auditing all 3000 of our ILO IP's would take forever I've been trying to find a way to script an audit of this however I'm unable to find any information on a command sequence that would show whether or not a server had the switch set. Can anyone give me some guidance?
4 REPLIES
Hakki Aydin Ucar
Honored Contributor

Re: ILO Override Switch audit

You mean security override ,switch S1 ?
I don t know any utility the switch position audit in ILO menu or console but you'd better to check this doc:

http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00294268/c00294268.pdf
Hakki Aydin Ucar
Honored Contributor

Re: ILO Override Switch audit

On second though,
if S1 switch is considered as I asked before, at least you can make a login test and machines that no need to passwords to logon has the override switch set to true.
Adrian Clint
Honored Contributor

Re: ILO Override Switch audit

As Hakki indicates

Get your self the list of iLO IP addresses.
Looking at the doc he mentions create a script that can capture the server name to a file.
Using the CPQLOCFG.EXE (page46) utility batch edit this script to process connecting to an ilO IP using Administrator/StupidPassword.
If you can login and capture the server OS name in the file. Thats a server you need to change the switch on.
If you dont login with this user/password and you dont have a capture file then you dont have the switch set.

If you need help with the script. This is the best forum
http://forums11.itrc.hp.com/service/forums/categoryhome.do?categoryId=298
Brian A Morris
Occasional Visitor

Re: ILO Override Switch audit

Yes I found this as well and am working on a script to take a list and dump it into excel. My initial thought was to enter a whole IP range and have it get the servername and attempt to login with bogus creds so I could automate it to run once a month (simply put our VLAN range in, rather than rely on a list of server names which change frequently get decommed, new servers get purchased etc.) but the Get Server Name function does not seem to work with anything prior to ILO 2. Once I get something polished up and running I'll post the script.