How to change iLO IP from ESXi

I ran into an issue at work, where the iLO lost all its settings after a hardware intervention. The host was running fine and the iLO NIC was connected, but the IP configuration was missing. Because this is a remote site, it would be easy if the configuration could be set from within ESXi. Luckily, this is a possibility!

Installing the tools

The first thing we need to do is download the VIB from the HPE website. You can find the tools if you search for “HPE Utilities Offline Bundle”. Download the latest zip file, for your specific version of ESXi, and upload it somewhere on your ESXi host.

Next, install the bundle using this command;

esxcli software vib install -d /tmp/HPE-Utility-Component_6.5.0.10.7.1-8.zip

The result will look something like this

Installation result

Reboot the host after the installation. Once the host is back, you can verify that it is installed by running the following command. The output should look like the picture below.

esxcli software vib list | grep hpon*
Verify if software is installed

Listing iLO configuration

Now that we have the tool available, we can check the current configuration of the iLO. First, change the directory to /opt/tools, which is where the tool is installed to. Next, run the following command to export the active config to a txt file.

./hponcfg -w /tmp/ilocfg.txt

Looking at the exported configuration, you can immediately see what’s wrong, in our case the iLO configuration is completely empty.

iLO configuration

Changing the iLO configuration

To change the configuration, we can just make the required changes to the exported configuration file. Just use vi to make the required changes.

Once you’re satisfied with the new config, you can apply it by running this command

./hponcfg -f /tmp/ilocfg.txt

You should be able to reach the iLO on the configured IP address. There’s just one more step to do, and that is to reset the administrator password.

To do this, we’ll create a new xml file with the config to reset the admin password. Just create a new file and give it a name that you want, here we’re using admin.xml. The contents of the file look like this

<ribcl VERSION="2.0">
    <login USER_LOGIN="Administrator" PASSWORD="SuperS3curePass!>
        <user_INFO MODE="write">
            <mod_USER USER_LOGIN="Administrator">
                <password value="SuperS3curePass!" />
            </mod_USER>
        </user_INFO>
    </login>
</ribcl> 

Now we just apply the config file, like we did before;

./hponcfg -f /tmp/admin.xml

Once the configuration is successfully applied, verify that you can access iLO with the new password. If it works, make sure you delete the admin.xml file as this contains the password in clear text!


How to reset iLO password from ESXi

Everyone’s been here before, you know the iLO password should be set to something, only to find out that on just this one server the password is different.

There are several ways to reset the iLO password; you could reboot the server and reset it that way. But who likes planning downtime on a server for a password reset? Luckily you find that the server is an ESXi host that was installed using the HPE customized image. This is good news as you can now use the HPONCFG tool to reset the password!

Checking the configuration

Before you start resetting the administrator password, you can always check the current configuration. This will show you the entire configuration done on the iLO, including any additional users that were created.

To start using the HPONCFG tool, first enable SSH on the ESXi host in question and log on. Once logged on, go to /opt/tools . This is where you will find the HPONCFG tool.

To export the current config, run this command to write everything to a file

./hponcfg -w currentcfg

You can then look at the file using your editor of choice. In the file you can see the IP address assigned, DNS name of the iLO and, most importantly, the users created. You can see here that there’s 3 users

Resetting the password

Now that we know which users exist on the iLO, we can start doing the actual password reset on the user we want. To do this, we will create an XML file on the ESXi host that contains the new password for the user.

Create the new file on the host, using your editor of choice. I like to use vi, so that’s what you will see below.

vi pwreset.xml

Now you can press the i key to insert, copy the code below and right click in your ssh window to paste. You can replace the [email protected]! with the password you want to set on the user

<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="Administrator" PASSWORD="unknown">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="[email protected]!"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>

Afterwards, hit the escape button and type :wq to save the file. Now we can start the actual reset. Run the command below to perform the reset

./hponcfg -f pwreset.xml

If the reset is successful, you should see the output like this

Cleaning up

Now that the password has been reset, login just to make sure everything is working as expected. As a security precaution, make sure you delete the pwreset.xml file, once you have verified you can log in! We don’t want to store passwords in clean text anywhere 😉

rm -rf pwreset.xml

The above command will delete the file, if you’re still in the /opt/tools folder.