Saturday 17 March 2012

Resetting HP iLO IP address and password

I found myself in the interesting situation where a motherboard had been replaced in an HP Blade BL460 and I then I needed to load the iLO to rebuild the server; however I did not know the IP address of the iLO or the username/password and I could not connect to the iLO via the HP System Management Page...

I did not have a monitor or blade adaptor cable to hand to boot into the iLO BIOS, so I checked the DHCP server for the entry with the longest lease expiration, which should be the newest lease, but there was nothing there which looked like an iLO.

I then found the command to show all iLO IP address from the OA CLI, so I SSH'd onto the OA using PuTTY and ran the following command:

show ebipa



This then goes on to list all the iLO IP address/Subnet Mask, Default Gateway and DNS settings, and the specific iLO on the swapped out motherboard was set statically to 0.0.0.0, so I now knew why I couldn't see the iLO on the DHCP scope. 

I then found two different ways to reset the IP address and password - both using the HPONCFG tool installed with the SmartStart CD.  If you dont have this installed you can download the ProLiant Support Pack from the HP downloads section, specific to your server and OS.  The easiest way is via the GUI, but if you wanted to change multiple iLo usernames/passwords and network configuration, then the command line might be useful.

1) HPONCFG - GUI

To run this tool, logon to the server in question, it does not have to be a console session, just a normal RDP session and run the executable below:

C:\Program Files\HP\hponcfg\hponcfg_gui.exe

You will then see a summary of your iLO.


Click on Network - Standard Network Settings and you will see the below, where you can set the iLO to a static address or DHCP as you prefer.


You can then click on User, where you will see the below.  Here you can reset the password of the existing account, or add another one.



Now you will be able to log onto the iLO with your newly set IP and user credentials.

2) HPONCFG - Command Line

Again, ensure HPONCFG is installed via the SmartStart CD or the ProLiant support pack. Load a command prompt and navigate to:

C:\Program Files\HP\hponcfg\

To reset the password of the active account (assuming the username is Administrator) create the following XML in the C:\Program Files\HP\hponcfg\ folder:

<ribcl VERSION="2.0">
<login USER_LOGIN="Administrator" PASSWORD="password">
<user_INFO MODE="write">
<mod_USER USER_LOGIN="Administrator">
<password value="NewPassword"/>  
</mod_USER>
</user_INFO>
</login>
</ribcl>


NOTE - The second line must be present for the XML to parse, it does not matter what username/password you enter.  The blue highlighted line above is where the new password is set.

You would then run the following command to commit the XML to the iLO:

 C:\Program Files\HP\hponcfg\hponcfg.exe /f ScriptName.xml

You can also add a user, rather then touching the existing user, using the following XML:

<ribcl version="2.0">
 <login USER_LOGIN="Administrator" PASSWORD="password">
 <user_INFO MODE="write" >
 <add_USER
 USER_NAME="NewAdmin1"
 USER_LOGIN="NewAdmin1"
 PASSWORD="NewPassword">
 <reset_SERVER_PRIV value = "Y" />
 <admin_PRIV value = "Y" />
 <REMOTE_CONS_PRIV value="Y" />
 <RESET_SERVER_PRIV value="Y" />
 <VIRTUAL_MEDIA_PRIV value="Y" />
 <CONFIG_ILO_PRIV value="Y" />
 

 </add_USER>
 </user_INFO>
 </login>
</ribcl>


Then again, run the below to commit the XML:

C:\Program Files\HP\hponcfg\hponcfg.exe /f ScriptName.xml

NOTE - the permissions of the account are granted using the highlighted lines above.

To set network configuration use the XML below:

<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="user" PASSWORD="password">
<RIB_INFO MODE="WRITE" >
<MOD_NETWORK_SETTINGS>
<IP_ADDRESS VALUE = "x.x.x.x"/>
<SUBNET_MASK VALUE = "x.x.x.x"/>
<GATEWAY_IP_ADDRESS VALUE = "x.x.x.x"/>
<PRIM_DNS_SERVER value = "x.x.x.x"/>
   

<DHCP_ENABLE VALUE = "N"/>
</MOD_NETWORK_SETTINGS>
</RIB_INFO>
</LOGIN>
</RIBCL>


NOTE - The second line must be present for the XML to parse, it does not matter what username/password you enter. 

You can also extract the current iLO config to a .xml file, modify and re-upload using the command below:

C:\Program Files\HP\hponcfg>hponcfg /w iLO-Export.xml

More info on the command line can be found below:

HP iLO User Guide

Wednesday 7 March 2012

SCOM Web Application Monitoring - The URL probe returned error code -2147012894 Reason 0x80072ee2

The URL probe returned error code -2147012894. Reason: 0x80072ee2

I am new to SCOM 2007 R2 Web Application Monitoring, and there seems to be a surprisingly small amount of information out there for some of the errors that I started to get when testing out the functionality.

I have not completed my testing, but this blog details my findings of how to get past the cryptic error above.

My RMS does not have direct Internet access.  All Internet access needs to travel out via a proxy and the users need to be a member of a specific group to do so. 

So my play was to setup an application monitor and then configure a proxy for the test.  I setup a new web application monitor and tried to run the test function, and received an error code -2147012894 with a reason of 0x80072ee2. 


I click on details and get the same information.  Helpful.


After some general investigation into proxies and SCOM web application, it appears that SCOM cannot pull proxy information from your IE browser, as a lot of applications do, it needs to be configured using netsh if you are running Server 2008 (R2), or proxycfg if you are running Server 2003.  I am running Server 2008 R2 so in this case I ran:

netsh winhttp set proxy x.x.x.x:port


I then re-ran the test and this time, no -2147012894 error! I now get an http error 407 (proxy authentication error), this is the next step I need to figure out, how/where to configure the proxy authentication account. 

Hopefully this will help someone who has been equally stumped with the cryptic -2147012894 error.


SCOM 2007 R2 Web console - You do not have have permission to view this directory or page

When loading the SCOM Web console you receive:
"You do not have have permission to view this directory or page"


I came across this issue when testing using the SCOM web console from another server.  I was required to enter my credentials, and when I entered my domain admin account (also an OpsMgr admin), my credentials were rejected until the "You do not have permission to view this directory or page" message appeared.  

It seems the issue is with the order of the authentication providors, set in the IIS console.  The environment used is Server 2008 R2 and IIS 7.  If you load up the IIS manager and open the Operations Manager 2007 site, then select Authentication, you should see "Windows Authentication".


Select windows authentication and on the right hand side, click providors, then you should see the window below:


As per the above, move NTLM above Negotiate, and click OK.

Run an IISreset.


You should now find that the SCOM web console works without issue.  It would seem that the site can only authenticate with NTLM authentication.