Server Management - Remote Server Management
1839310 Members
2742 Online
110138 Solutions
New Discussion

Re: Best way to securely change password on multiple ILO's ?

 
SOLVED
Go to solution
Mikael Rönnbäck
Super Advisor

Best way to securely change password on multiple ILO's ?

Hello
We have a number of ILO boards and we would like to change the password for the local adminkey on these. However when I look through the different documentations I have found in my searches, I find the documented way to be using HPONCFG.EXE (on Windows) together with an XML file with the password config.
Is there any other more secure way, since the XML file is plaintext and I would have preferred some encrypted password so the file could not just be read by someone with access to wherever the file would be stored for execution ?
7 REPLIES 7
acartes
Honored Contributor

Re: Best way to securely change password on multiple ILO's ?

Is using the network an option? If you send the scripts to iLO using CPQLOCFG (the Lights-Out Configuration utility), the script data is sent over SSL (encrypted) to iLO. The only place it would be visible is from the client system used to execute the scripts.
Mikael Rönnbäck
Super Advisor

Re: Best way to securely change password on multiple ILO's ?

Yes, using the network is of course an option if it uses SSL, thank you very much for that suggestion, I will try to see if I can get this to work from the SIM server since access to that actual server is rather restricted.

However, do you happen to know which ports CPQLOCFG uses? Since I will need to traverse rather many firewalls here and if it uses its own port instead of the std. monitoring ports used by SIM/SNMP then I'd need to get approvals for opening those temporarily.
acartes
Honored Contributor
Solution

Re: Best way to securely change password on multiple ILO's ?

CPQLOCFG by default uses port 443 (https:) for communication. This port can be reassigned, so you may want to check.

If you can browse-to and login-to iLO, check the Network Administration page, for web-server SSL port to see the current assignment.
Mikael Rönnbäck
Super Advisor

Re: Best way to securely change password on multiple ILO's ?

Perfect, thanks a lot for the information. I will try this out right away to see if I can get this rolling :)
Mikael Rönnbäck
Super Advisor

Re: Best way to securely change password on multiple ILO's ?

Hmm, seems I was a bit quick in my answer, I've been testing this on one of my servers but I can't even connect using CPQLOCFG.EXE, I always get this error, does anyone happen to know what it means ?

By the way, this is from the local console, it does not matter if it is run from a remote machine.


IP Address is: 127.0.0.1
SIO_connect failure.
6000:error:0200274D:system library:connect:reason(1869):.\crypto\sio\s_sock.c:606:host=127.0.0.1:443
6000:error:10065068::lib(16) :SIO_CONNECT:connect error:.\crypto\sio\s_sock.c:608:
CPQLOCFG.EXE: ERROR: SIO_connect:reason(10061).
acartes
Honored Contributor

Re: Best way to securely change password on multiple ILO's ?

The error indicates that the SSL connection was refused. The IP address shown is the loopback address for the client, so I would expect an SSL failure unless you have a web server running on that client.

Did you try a command line syntax like:

c:>CPQLOCFG -s 192.168.1.1 -f script.xml -u Administrator -p password

Where the IP address is that of iLO or the DNS name of iLO?
Mikael Rönnbäck
Super Advisor

Re: Best way to securely change password on multiple ILO's ?

Oh, stupid me, I have been using the wrong IP. *doh*

Thanks :)