RIBCL: Reset Administrator Password on iLO
Last night I got locked out of my Compaq DL360's iLO. I searched the web to find how to reset the Administrator password and read that, for the most part, I'd have to be at the console. Bah! My servers are in San Jose and I'm up here in San Francisco, I didn't want to make a trip just to reset my passwords. I continued to look around the web for a solution and found that I could reset the Administrator password (or even add another user with admin privs) using Compaq's Remote Insight Board Command Language. Apparently, if you are processing RIBCL commands through your given operating sytem so long as you have the rights to login to the server. I logged in as my Windows Domain Admin and performed the following steps (Linux users, you can download the RPM for HPONCFG):
1. I installed SNMP because it was a preprequesite for HP Insight Management Agents.
2. I dowloaded and installed the HP Insight Management Agents.
3. I then downloaded HP Lights-Out Online Configuration Utility.
4. I ran into NTVDM errors trying to run the file so I just used WinRAR to extract the contents into C:\hp\ilo. I also extracted the zip file contained within the initial archive.
5. I then downloaded the HP Lights-Out XML Scripting Sample for Windows (Linux users can download the files in tgz format here or here.) extracted it and found the file I was looking for --
<ribcl VERSION="2.0">
<login USER_LOGIN="Administrator" PASSWORD="boguspassword">
<user_INFO MODE="write">
<mod_USER USER_LOGIN="Administrator">
<password value="newpass"/>
</mod_USER>
</user_INFO>
</login>
</ribcl>6. Using notepad, I opened up the sample file and modified it slightly. Initially, I just removed the LOGIN and ran the file but HPONCFG gave me a syntax error. I then added it back and gave the Administrator a bogus password. Apparently, the LOGIN line is required for syntax reasons but it is not actually processed.
7. Next, I opened a command line and changed directories to C:\hp\ilo and typed the following:
HPONCFG.exe /f Administrator_reset_pw.xml /l log.txt > output.txt8. I opened up Firefox, navigated to my iLO machine and viola! I was able to login as Administrator.
If changing Administrator's password seems too scary, you can also add another user with administrator privileges. You can then login as that user and change the Administrator password via the web console. Use the following code, suited to your liking:
<ribcl version="2.0">
<login USER_LOGIN="Administrator" PASSWORD="boguspass">
<user_INFO MODE="write" >
<add_USER
USER_NAME="Chrissy"
USER_LOGIN="Chrissy"
PASSWORD="mynewpass">
<reset_SERVER_PRIV value = "Y" />
<admin_PRIV value = "Y" />
</add_USER>
</user_INFO>
</login>
</ribcl>Here's a zip of just hponcfg.exe, add_user.xml, and Administrator_reset_pwd.xml. Since it's an exe with no apparent supporting files, y ou may be able to just use that.
I see quite a few people have hit this page..if you found it useful, please let me know! If not, drop me a note and I'll see how I can help.



May 2nd, 2009 - 05:58
There is a GUI available now in the new version of PSP, which does exactly the same as the command line. Except that it is very convenient and easy to use!!
May 8th, 2009 - 05:57
Worked like a charm!! Much appreciated!!
May 14th, 2009 - 15:01
Nice guide, worked perfectly!!
Q: Is there a way to recover a password instead of changing it?
May 21st, 2009 - 04:26
Hi,
Its a little of the topic, hope you’ll help me out.
i am trying to configure “HP Integrity” servers through “cpqlocfg”
but i am getting same error for all the xml scripts i have tried with,
Connecting to Server..
Negotiated cipher: 168-bit Triple DES with RSA and a SHA1 MAC
cpqlocfg.exe: ERROR: Malformed RIB response: (146):
501 Not Implemented
501 Not Implemented
The requested method is not recognized by this server.
do we need to install advanced license to use cpqlocfg on integrity servers ?
same cpqlocfg and xml scripts are working for proliant servers with advanced license .
(newbie to ilo)
please let me know where its going wrong, thanks in advance !!
June 1st, 2009 - 07:47
Fantastic, you just saved me a trip to the server room
June 5th, 2009 - 07:22
BRAVO!! Saved us multi-server outages (scheduling nightmare) on dozens of our servers with “inaccessible ILOs”. MANY MANY THANKS!!!
In gratitude, have summarized (below) most helpful responses.
Also, note this issue vanishes with cClass – assuming alternative ILO access/account-management via OA logon to each enclosure.
HP should consider broadcast of your workaround as an alert. At a minimum (if not done already) it should be linked/posted in the HP Support forum.
Tom
____________________________________________________________________
If you get a “script failed” error, try;
1) Check the log.txt. It might be that the password is too short.
2) Verify the password length is at least 8 characters.
3) Add/create a new user (instead of modifying an existing user).
If attempts to reset the password of an EXISTING ILO user fails;
1) You may be trying to reset the password for an account that does not exist.
2) Remember, both login and password are case sensitive!
3) Update the ilo firmware and/or drivers.
_____________________________________________________________________
If you get the error message “ERROR :firmware flash is in progress. Please wait for a while”, download and install a later version of HPONCFG from HP.COM.
_____________________________________________________________________
If you get “No RILOE II board found” error.
Install the latest HP PSP (aka HP support pack/firmware).
_____________________________________________________________________
HPONCFG should be executed from the target server console session -
It may, or may NOT work properly via alternatives (RDP/Terminal Services session, Citrix/Metaframe session, etc.)
_____________________________________________________________________
HPONCFG.exe is specific to the OS platform (32 vs. 64 bit)…there is a different version for x64 Windows, search for windows x64 (on hp.com).
_____________________________________________________________________
Suggestion – First reset the ILO to factory settings…then, reset the password. This ensures an account named “Administrator” exists, thus avoiding failed password reset of non-existent/renamed Administrator accounts!!
Execute the following line before attempting Administrator account password reset:
hponcfg /reset
This resets the iLO to factory settings, including the Administrator’s password to the original (asset tag of the server).
June 11th, 2009 - 04:39
Thanks Chrissy, works a treat.
June 11th, 2009 - 08:05
Thanks very much it worked perfectly !!!!
June 17th, 2009 - 09:08
Thank you very much for this solution. I initially received a “password is too short” error and had to lengthen the password to eight alpha-numeric characters with at least one capital letter.
June 28th, 2009 - 22:07
Very nice. I really appreciate for such a nice post!
July 1st, 2009 - 06:49
Thank you very much for this perfect solution. It even works with ribcl Version 2.1.
July 14th, 2009 - 04:01
Hi all,
I’ve tried to download the rpm so i can reset the pass on linux but the link above is not working.
Do you have any idea where i can find it ?
Many thanks
July 14th, 2009 - 04:31
It worked for me as well using the command
hponcfg -f
The utility i got it from Proliant Pack CD
Thanks,
Dani
October 8th, 2009 - 06:27
on one of my servers I get the following messages in my output.txt.
sm2user.dll not found
Any idea?
October 14th, 2009 - 04:49
You saved my day. Many thx!
October 22nd, 2009 - 05:28
Super info – just what i needed – thanks
)
October 29th, 2009 - 01:15
Youre my Hero! Thank you many times!
November 10th, 2009 - 18:18
The Proliant Support Pack now includes a GUI tool that can be used to do this as well as configure the rest of the iLO options:
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3716247&prodTypeId=18964&prodSeriesId=3716246&swLang=13&taskId=135&swEnvOID=1005
November 11th, 2009 - 22:29
That’s awesome, Daniel! Thanks for the info.
November 16th, 2009 - 10:51
Chrissy – thanks for the helpful info, worked like a champ and since I have DC’s and servers all across the US this sure makes life alot easier. You rock
November 20th, 2009 - 06:26
This is very helpfull but i ahve a problem.. i have a OLD ILO and not a ILOII.. any ideas?….
December 30th, 2009 - 11:20
20 responses and none of them talking about how cute you are.
January 22nd, 2010 - 00:53
Thank you..so much..it helped me also
January 25th, 2010 - 16:55
Hi Chrissy,
I just wanted to say thanks — your post saved me from an undesired drive to my datacenter as well. Awesome!!
I also wanted to say how stoked I was to see another female in the IT industry. We are a rarity. =)
Take care and thanks again!
Natalie
January 27th, 2010 - 09:10
User addition worked from an Oracle Enterprise Linux 4U8 x86_64 box using hponcfg from the command line. Thanks !
January 28th, 2010 - 09:48
nice but i have a system but i can’t touch OS, I have no jumpers on the server to reset ilo password. The model is DL140 G3.
how can reset ilo psw?!
January 28th, 2010 - 11:10
latest proliant support pack powered down the machine halfway through install. i lold.
February 17th, 2010 - 18:22
I get an error when I run it on my HP Proliant DL 360.
It says “No ILO 2 board found”
All my servers have iLO 1 boards. Anyone know of a way to reset iLO 1 administrator passwords?
February 17th, 2010 - 18:48
BINGO the new Proliant Support Pack includes a ilo online utlity that resets ilo 1 baords too!!!
I am in, thanks guys.
March 15th, 2010 - 02:58
great help, thanks a lot!!
March 24th, 2010 - 08:11
I am getting following error. Can you help me with this?
Syntax error: Line #0: syntax error near “<" in the line: "”
Firmware Revision = 1.41 Device type = iLO Driver name = CpqCiDrv
Script failed
March 30th, 2010 - 08:24
I write a version in Chinese for RHEL4 user. For Chinese reader to follow.
http://freelamp.com/58718
April 6th, 2010 - 22:41
Thanks Mate, saved me a lot of reading.
April 9th, 2010 - 09:28
Hi
need help in RILOE reset
HPONCF doesnt work with RILOE 1…
thanks
April 22nd, 2010 - 12:17
Worked for me. Thanks a bunch.
May 13th, 2010 - 09:12
Amazingly helpfull, thanks
June 2nd, 2010 - 19:10
Fantastic hint! I just had to gather physical info for servers spread all over the country…
For those having trouble with the version of hponcfg.exe provided by Crissy and/or Brandon, there’s a good chance your server already has the HP management software installed. Just do a search for hponcfg.exe and if it shows up somewhere on the hard drive, use that instance (don’t forget to enable search in hidden folders.) Just move the xml file you need to the same directory where the exe lives and you should be good to go.
June 13th, 2010 - 10:32
Saviour of the day
Thanks!!
June 17th, 2010 - 17:48
my apple computer screen is blank with only a (?) question mark in the middle ,tried every thing what can i do to resolve this
June 23rd, 2010 - 12:07
I’ve created a utility that will allow the hponcfg utility to be ran on remote systems. You can change the passwords remotely on many systems at once. If anyone needs it let me know. dbov21@yahoo.com
July 8th, 2010 - 09:58
Very Useful……….
July 27th, 2010 - 00:45
how about changing the iLO IP address from within the Windows UI?? so that I don’t need to reboot the servers… anybody please?? thanks in advance.
August 6th, 2010 - 06:54
You’re cool :O)