Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

Determining status of security override

Occasional Visitor

Determining status of security override

Is there any way to get the status of the security override programmatically? I only see it with the web interface which is checking the value of "SecurityJumper" for REMOVED or PRESENT.
8 REPLIES
Honored Contributor

Re: Determining status of security override

I believe there is not a way to programmaticlaly check the state of the security override switch. What are you trying to accomplish?
Occasional Visitor

Re: Determining status of security override

I have several hundred new servers so I need a way to identify which ones have the the override set so that I can correct it and possibly figure out how this happened.
Honored Contributor

Re: Determining status of security override

There might be another way...
You could write a valid RIBCL script (just login/logout) and supply known invalid credentials; i.e. make up a "nonsense" password.

Broadcast this to all of the lights-out processors using CPQLOCFG (HP Lights-Out Configuration Utility). All of the lights-out processors that accept the script either:

1) have an account using the bogus credentials
2) have the security override switch.

I know it is not explicitly a test for the switch, but it does test for a symptom of having the switch set.
Trusted Contributor

Re: Determining status of security override

There is another way but I don't how this would work for you, I would depend of how many servers you have in production.

The process would be sending a broadcast with a script to change the Password for all ilo servers.

Here comes the part that won't be that nice. You will have to wait until the next maintenance window or the next reboot for all servers, once this is done you can send another scrip trying to verify or login the iLOs if the security switch was set to on the password you sent will not work since the password was changed to the default due to the switch being on the ON position.

I know, it will require a long time but is another way to give it a try.
You heve a question... I have an aswer!!!
Occasional Visitor

Re: Determining status of security override

I like the CPQLOCFG option, but I've not used this tool. I downloaded it but it doesn't extract per the instructions. A couple windows open, then close, and then nothing.
Honored Contributor

Re: Determining status of security override

CPQLOCFG
When you download this and run it, the component extracts the utility on your client. You might want to try again and see where the utility extracted-to. The result will be CPQLOCFG.EXE. Mine extracted to my desktop.

CPQLOCFG is a command-line utility, so you first have to open a command prompt window and use it from there.

I tried the experiment successfully with a simple "do nothing" script in three phases:
1) using valid credentials Result: success
2) using invalid credentials Result: failure
3) using invalid credentials with security jumper set Result: success

--> The exact script that I tried is attached.
Below is the output that I captured.

########## First test, with valid credentials:
C:\RIBCL>cpqlocfg -s ilo2test -f secjmp.xml

CHECKING XML SYNTAX...
START_OPEN_TAG

etc...

Valid XML Syntax

etc...

cpqlocfg: Script succeeded on "ilo2test:443"



########## Second test, with invalid credentials:

C:\RIBCL>cpqlocfg -s ilo2test -f secjmp.xml

CHECKING XML SYNTAX...
START_OPEN_TAG

etc...

Valid XML Syntax

etc...

cpqlocfg: Response received from the RIB: (137):


STATUS="0x000A"
MESSAGE='User login name was not found'
/>


########## Third test, with invalid credential but with the security jumper set
C:\RIBCL>cpqlocfg -s ilo2test -f secjmp.xml

CHECKING XML SYNTAX...
START_OPEN_TAG

etc...

Valid XML Syntax

etc...

cpqlocfg: Script succeeded on "ilo2test:443"
Occasional Visitor

Re: Determining status of security override

I searched the computer for CPQLOCFG and it's not there. Could you attach it to this thread?
HPE Pro

Re: Determining status of security override

cpqlocfg for windows

http://h18023.www1.hp.com/support/files/lights-out/us/download/23909.html




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
//Add this to "OnDomLoad" event