Remotely Reset Administrator Password on iLO without Reboot

Last night I got locked out of my Compaq DL360’s iLO. I searched the web to find how to reset the Administrator password and read that, for the most part, I’d have to be at the console. Bah! My servers are in San Jose and I’m up here in San Francisco, I didn’t want to make a trip just to reset my passwords. I continued to look around the web for a solution and found that I could reset the Administrator password (or even add another user with admin privs) using Compaq’s Remote Insight Board Command Language. Apparently, if you are processing RIBCL commands through your given operating sytem so long as you have the rights to login to the server. I logged in as my Windows Domain Admin and performed the following steps (Linux users, you can download the RPM for HPONCFG):

1. I installed SNMP because it was a preprequesite for HP Insight Management Agents.
2. I dowloaded and installed the HP Insight Management Agents.
3. I then downloaded HP Lights-Out Online Configuration Utility.
4. I ran into NTVDM errors trying to run the file so I just used WinRAR to extract the contents into C:\hp\ilo. I also extracted the zip file contained within the initial archive.
5. I then downloaded the HP Lights-Out XML Scripting Sample for Windows (Linux users can download the files in tgz format here or here.) extracted it and found the file I was looking for —

<ribcl VERSION="2.0">
 <login USER_LOGIN="Administrator" PASSWORD="boguspassword">
  <user_INFO MODE="write">
   <mod_USER USER_LOGIN="Administrator">
    <password value="newpass"/>
   </mod_USER>
  </user_INFO>
 </login>
</ribcl>

6. Using notepad, I opened up the sample file and modified it slightly. Initially, I just removed the LOGIN and ran the file but HPONCFG gave me a syntax error. I then added it back and gave the Administrator a bogus password. Apparently, the LOGIN line is required for syntax reasons but it is not actually processed.
7. Next, I opened a command line and changed directories to C:\hp\ilo and typed the following:

HPONCFG.exe /f Administrator_reset_pw.xml /l log.txt > output.txt

8. I opened up Firefox, navigated to my iLO machine and voila! I was able to login as Administrator.

If changing Administrator’s password seems too scary, you can also add another user with administrator privileges. You can then login as that user and change the Administrator password via the web console. Use the following code, suited to your liking:

<ribcl version="2.0">
 <login USER_LOGIN="Administrator" PASSWORD="boguspass">
  <user_INFO MODE="write" >
   <add_USER
    USER_NAME="Chrissy"
    USER_LOGIN="Chrissy"
    PASSWORD="mynewpass">
     <reset_SERVER_PRIV   value = "Y" />
     <admin_PRIV   value = "Y" />
   </add_USER>
  </user_INFO>
 </login>
</ribcl>

Here’s a zip of just hponcfg.exe, add_user.xml, and Administrator_reset_pwd.xml. Since it’s an exe with no apparent supporting files, y ou may be able to just use that.

I see quite a few people have hit this page..if you found it useful, please let me know! If not, drop me a note and I’ll see how I can help.

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, holds a master's degree in Systems Engineering and is coauthor of Learn dbatools in a Month of Lunches. Chrissy is certified in SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Security