Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

How to disable two-factor ILO from Windows

SOLVED
Go to Solution
Occasional Contributor

How to disable two-factor ILO from Windows

The ILO2 on ML370-G5 is set to use two-factor authentication. The trust certificate expired. No one can get in the ILO remotely. The server is in a remote hosting center with no console access. How can we reset the ILO2 from the Windows OS to no longer require two-factor? The command-line ILO utilites don't seem to have a mode to do that.
Thanks,
JJ
7 REPLIES
Esteemed Contributor

Re: How to disable two-factor ILO from Windows

Hi,

I understand that you have lost total ILO access to the server. In that case, I'm not sure how much of help the online configuration utility will be. But you can give it a try. Download HP Lights-Out Online Configuration Utility and see how it goes.

http://h18023.www1.hp.com/support/files/server/us/download/26992.html
Occasional Contributor

Re: How to disable two-factor ILO from Windows

Thanks for the reply, Seshadri, however I already have that download. None of the templates provided with the HP Lights-Out Online Configuration Utility for Windows Server 2003 include the ability to disable two-factor authentication. I do have access to the ILO via the Online Configuration Utility, however the Online Configuration Utility does not seem to be able to issue a command that will disable two-factor authentication. My question is how can I disable two-factor authentication without someone physically at the server during POST?
Esteemed Contributor

Re: How to disable two-factor ILO from Windows

Sorry, I am guessing that physically over-riding the ILO settings will be the only remaining choice.

Unless anybody else here has a brighter idea!?
Honored Contributor

Re: How to disable two-factor ILO from Windows

You can address this from the host OS using the HPONCFG utility, "HP Lights-Out Online Configuration Utility for Windows 2000/Server 2003". (There is also support for Linux).

You can download the utility here:
http://h18013.www1.hp.com/support/files/lights-out/us/locate/69_5867.html

Also get the XML scripting examples, you will need them for reference.

You can download the docs, "Integrated Lights-Out 1.70/1.75 Scripting and Command Line Resource Guide" here:
http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentTyp
e=SupportManual&locale=en_US&docIndexId=179166&taskId=101&prodTypeId=15
351&prodSeriesId=397989

In the scripting examples, there is a script called "Mod_Network_Settings.xml" that shows how you can alter the network settings. You can configure the iLO to use either a DHCP-assigned IP address (and then attach using domain name), or a statically assigned address.
Honored Contributor

Re: How to disable two-factor ILO from Windows

When iLO two-factor authentication is enabled, all interfaces except iLO browser access (HTTPS) are disabled. The Telnet, SSH and SML ports are disabled so out-of band access only occurs via individual browser sessions.

Try enabling those PORTS.
Valued Contributor

Re: How to disable two-factor ILO from Windows

Please try Using "Mod_2Factor.xml" XML script. XML COMMAND(RIBCL command) is "MOD_TWOFACTOR_SETTINGS".
Use this XML sample script with HPONCFG utility.
Occasional Contributor

Re: How to disable two-factor ILO from Windows

Thank you M.S.Srivatsa, your suggestion of the Mod_2Factor.xml was exactly what we needed. Even though the script archive indicates that it is for Linux, it did work on Windows. We have control of the ILO back now.
//Add this to "OnDomLoad" event