How to reset the iLO password on an HP system

Typically new HP systems come with an iLO port that allows you to access the console output of the machine, even when it is booting, crashed etc in a RDP-style fashion through any browser by going to the IP address assigned to that iLO card (its DHCP by default). Nowadays, this iLO web management portal has a factory-assigned username and password which are printed on a nifty little plastic card tucked into the front of the server's bezel.

A good administrator will realize the immediate value of this tool, and the extreme threat it provides were an unscrupulous user to decide they wanted to gain access, and promptly change the password. Then they will write it down somewhere and not lose it. The former admin of a site I am administering failed it big time.

You can reset the password by cracking the case and flipping a dip switch, but who wants to down a server and pull it apart for that? Not me. Here is another way to change the password from the windows based operating system installed on that hardware.

HP made a tool called the HP Lights-Out Online Configuration utility (HPONCFG for short) that will run scripts against your host's ILO system to make changes without requiring a reboot. Finding the tool on HP's website is damn near impossible, but i found it by searching for 'cp008120.exe' on google. You need to have some prereqs installed, but if the HP installation CD's were used you may already have the prereqs (and this tool) installed. You can tell by looking under Add/Remove programs for 'HP Lights-Out Online Configuration Utility' or by checking C:\Program Files\HP\hponcfg to see if that folder exists.

Next you are going to need an admin script for resetting the password. I got it from this site: http://blog.netnerds.net/2006/04/ribcl-reset-administrator-password-on-ilo/ which also details the prereqs you need in the event that the HP installer cd was not used to setup the system. Either that or you can make your own XML file by opening up a notepad and typing in

<ribcl version="2.0">
<login password="boguspassword" user_login="Administrator">
<user_info mode="write">
<mod_user user_login="Administrator">
<password value="newpass">
</mod_user>
</user_info>
</login>
</ribcl>

Be sure to change "newpass" to your desired password in up above next to password value... then save it as something like resetpassword.xml in the same directory as your hponcfg.exe file. Now go to a command prompt and type in:

HPONCFG.exe /f resetpassword.xml /l log.txt > output.txt

and review the output files. Should work like a charm. All credit goes to that link i posted up above for this one... just logging it with the steps i had to follow for my own sake...

Windows Installer CleanUp Utility

Another tool that I have known about for some time but figured I should write about before I forget: The Windows Installer CleanUp Utility. Its a great little tool that will give you a list of all the programs installed on your machine and allow you to rip out their registry keys. Great for stingy antivirus or office installations that just don't want to uninstall. Run this tool, remove it, and reinstall on top of it... then uninstall it for reall. Voila!

http://support.microsoft.com/kb/290301

Uninstalling Symantec (or any program) remotely

Found a nifty tool (that I knew about all along) in PSTools from Sysinternals called PSExec. It lets you run processes on remote computers. I namely found this useful in uninstalling Symantec Antivirus Corporate from over 100 workstations that needed McAfee installed on them. You can get PSTools from a simple search on Microsoft's website.

The first step is to find the uninstall string. In the registry of a computer with the app you want to uninstall, browse to HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall and browse through the list of applications till you find the one you want. Then look for the UninstallString value (or something similar). It likely has a large registry key associated with it. For example, Here is the one for Symantec AV CE 10.x:

{5A633EDO-E5D7-4D65-AB8D-53ED43510284}

Now just run the following command to uninstall it:

psexec.exe \\remotecomputername -u Domain\administrator -p Password MSIExec.exe /norestart /q /x{5A633EDO-E5D7-4D65-AB8D-53ED43510284}

As a side note... it is also worth mentioning that if policies are in place to require a password to uninstall Symantec AV CE... the following string will remove the password requirements so that the above string will work:

psexec.exe \\remotecomputername -u Domain\administrator -p Password regedit /s \\server\pathtoregfile.reg

And the contents of that regfile are (verbatim):
-------------------------------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security]
"LockUnloadServices"=dword:00000000
"UseVPUninstallPassword"=dword:00000000
-------------------------------------------------------------------------

These changes essentially set the above keys to 0 instead of 1, so the password is no longer required.

You can even stitch the two psexec commands together into a bat... then supply psexec with a list of computers in a text file and let-er-rip.

Hidden Symantec Tools Site

Found a great hidden sub-site at Symantec.com that hosts all their tools that you usually have to call them to get a copy of.... like SymNRT, NoNAV, etc.

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005103109480139

MSDTC 53258 error after dcpromo

Run the Component Services MMC snap-in: Start -> Administrative Tools ->
Component Services

Browse to: Console Root -> Component Services -> Computers -> My Computer

In Component Services, right click on My Computer, and click "Properties".

Select the "MSDTC" tab. On the bottom of the tab page, click the "Security
Configuration" button. A new dialog will open. Just click "OK" to close the
dialog (I believe this may set the MSDTC defaults). Then click "OK" to close
the first dialog and try restarting the MSDTC service and see if the warnings
still occurr.

Then as a test, restart MSDTC (net stop msdtc && net start msdtc) and check
the application event log. You should not see any warnings as before.