Edit: This is still something that you might run into. Surprised that the link still works.
Originally published October 29, 2007 on AIXchange
I went to a customer site to look at a machine that wasn’t showing up on the hardware-management console (HMC). The machine’s HMC port was connected to the same network switch as the HMC, so I powered it up. I logged onto the HMC, and under the status column on my HMC view, it said that authentication for this new machine had failed, there were too many failed attempts to log in to the service processor.
How do you get the machine connected to the HMC, if the HMC is unable to authenticate with the machine? Some people suggested that we just remove the NVRAM battery from the machine, and that the passwords would go back to defaults. I was hoping that this was not the case, as that seemed like a pretty trivial way to bypass the security that the password provided. After trying this without success, we called support, and they provided the celogin password for the day so that I could log into the ASMI.
IBM Support is able to take the serial number of the machine, and match that with the current date, and based on that provide a password that’s good for the day. This is very similar to when you have to call support to get the root password to the HMC.
The next issue was the fact that pulling the NVRAM battery had set the date to 1/1/2003. The password we were trying to use was for the current date. Once I logged into ASMI as admin, I was able to set the machine to the correct date. With the celogin password I was able to log in and reset the unknown HMC password. From: http://publib.boulder.ibm.com/infocenter/systems/index.jsp?topic=/iphby/browser.htm&tocNode=int_130339
There are several authority levels for accessing the service-processor menus using the ASMI. The following levels of access are supported:
- General user–The menu options presented to the general user are a subset of the options
available to the administrator and authorized service provider. Users with general authority can view settings in the ASMI menus. The login ID is “general” and the default password is “general.” - Administrator–The menu options presented to the administrator are a subset of those available to the authorized service provider. Users with administrator authority can write to persistent storage, and view and change settings that affect the server’s behavior. The first time a user logs into the ASMI after the server is installed, a new password must be selected. The login ID is “admin” and the default password is “admin.”
- Authorized service provider–This login gives the authorized service provider access to all of the functions that could be used to gather additional debug information from a failing
system, such as viewing persistent storage, and clearing all deconfiguration errors. The login ID is “celogin.” The password is dynamically generated and must be obtained by
calling IBM technical support.
Be sure that when you change the ASMI and HMC passwords that you document this change just like you would any other passwords. Also be sure to keep your machines under warranty in case you do find yourself in a situation where you need to call IBM support, although I imagine they would be willing to provide the service for a fee.