7 Posts
0
1328
iDRAC user password change procedure 2023
So here is the scenario. I've got 100+ iDRAC devices in OME that need their root passwords changed. From my searching it seems like the procedure is to change the password at the iDRAC (racadm, powershell, ansible, etc.), remove the devices from OME, then rediscover them back into OME. Is that still the accepted method? Just asking because the most recent post I can find about this is 6+ months old and I'm kinda hoping that it was addressed in an update. It kinda blows my mind that there isn't a way to update the password that OME uses to communicate with an iDRAC that doesn't involve removing the device and discovering it again. Thanks
DELL-Chris H
Moderator
Moderator
•
8.5K Posts
0
February 7th, 2023 11:00
ThatGuyJ,
I had a similar post not too long ago discussing the same issue, which can be found here. The options you have are
option 1: use a different account for OME you don't intend to change
option 2: after changing the password use the OME Onboarding option to change the password
option 3: technically editing initial discovery would also work as well.
Let me know if this helps.
ThatGuyJ
7 Posts
0
March 10th, 2023 14:00
Just chiming back in for anyone else that ended up stumbling upon this post. The solution I ended up going with was to set the root/password is as follows.
I didn't really want to do the domain SA since that is another thing to manage (another password to change on a schedule), but not the worst option and at least I can use the same account for discovery so things keep flowing smoothly.
DeepBlueSomething
1 Message
0
January 4th, 2024 13:52
I did the following:
1. In the devices tab select all the servers you want to change the password. And choose Export all in the More Actions
2. Only keep the ip or name column and save them to a file serversidrac.txt
3. Run the follwing racadm command:
FOR /f "delims=" %G in (d:\temp\serversidrac.txt) DO racadm -r %G -u root -p calvin set iDRAC.Users.2.Password "Thisisthenewpassword!"
3. Run the discovery in OME for all the devices you changed the password for. Just copy the contents of the serversidrac.txt file and fill in the new credentials.
rgb_9
1 Rookie
1 Rookie
•
14 Posts
0
March 28th, 2024 21:15
I am considering changing the password as well. Fortunately, we're running OME 4.0.1, so updating the root password on most devices will not affect the server connection since the custom OME user is used (Credential Type = Internal). However, on other iDRAC devices, they do not have the license to enable the custom OME account creation, so I will end up selecting the devices where 'Credential Type' is "Discovery", exporting, then going to More Actions > RACADM CLI
Depending on the iDRAC version, I will need to enter one of these two commands:
(edited)
DELL-Young E
Moderator
Moderator
•
3.7K Posts
0
March 29th, 2024 07:12
Hello I think what you need to do is change/fix/edit the OME host file or register the OME IP in the DNS server record.
Respectfully,
rgb_9
1 Rookie
1 Rookie
•
14 Posts
0
March 29th, 2024 12:29
@DELL-Young E I don't know who that suggestion was for, but my instance of OME is in DNS and has an alias, so no issues there. I was simply sharing what I will do to update the iDRAC root password - there are no issues.
DELL-Young E
Moderator
Moderator
•
3.7K Posts
0
April 1st, 2024 07:58
Hello,thanks for waiting.
Regarding your query, removing and re-discovering the devices with the new iDRAC password is the only option whenever a password change is made.
However, in OME 4.0, there’s a new feature called iDRAC Password Rotation where the customer can opt-in on the password management & select a rotation schedule in preference.
Then OME will create a service account & rotates its password with system generated password on the set schedule.
For more information, please refer to the following references to see if this is something that would meet your needs.
OpenManage Enterprise 4.0: iDRAC Password Management and Rotation
Announcing iDRAC Credential Management in OpenManage Enterprise 4.0 | Dell Technologies Info Hub
Respectfully,
rgb_9
1 Rookie
1 Rookie
•
14 Posts
0
April 2nd, 2024 20:22
@DELL-Young E I understand the new feature, as I mentioned it in the previous post. However, some devices still communicate to OME with the "Discovered" credentials. While going through the process, I found that https://www.dell.com/support/manuals/en-us/dell-openmanage-enterprise/ome_p_40_users_guide/onboarding-devices?guid=guid-1810a484-56cc-4b8a-9228-b23eec4b464e&lang=en-us states, "Onboarding jobs can be used to update management credentials of devices when the device credentials differ from what was used during discovery."
Instead of removing the devices which are assigned to various Static Groups and have custom configurations, running another Onboard task after updating the root password reestablished the connection again.
(edited)