Article Number: 000133536
PowerEdge, PowerFlex, VXRail, PowerVault and others systems with an Integrated Dell Remote Access Control (iDRAC) are available with a few option in regards to the password as it comes from the factory. The choices are Secure Default Password, Legacy Password, and Force Change Password.
By default, all PowerEdge servers will ship with a unique, randomly generated iDRAC password, to provide additional security. This unique password is generated at the factory and is located on the pull-out Information Tag located on the front of the chassis, near the server asset tag. Customers who choose this option will need to note this unique random password and use it to log in to iDRAC for the first time. For security purposes, Dell strongly recommends changing the default password.
Customers who prefer the known legacy password "calvin" should choose this option. One reason to select this option would be to ensure conformance to current scripts. For security purposes, Dell strongly recommends changing the legacy password.
The “Force Change of Password” feature prompts the user to change the factory default password of the device. The Force Change Password screen appears after successful user authentication and cannot be skipped. Only after the user enters a password, normal access and operation will be allowed.
You can reset the password through the iDRAC settings by pressing F2 at startup. Also, you can reset the password to its factory default with the following racadm command:
racadm racresetcfg -all
To reset the password to the legacy password, use the following racadm command:
racadm racresetcfg -rc
The default iDRAC username and password are widely known, and any user can access the server and make changes using the default credentials. The Default Password Warning feature in iDRAC warns you if the default login credentials are still in place.
Whenever a user with Configure User privileges logs in to iDRAC or SSH/Telnet or runs racadm commands remotely using the default login credentials, the system displays a warning message (SEC0701). Because UI and SSH/Telnet users log in once per session, they see a single warning message for each session. Because remote racadm users log in for every command, they see a warning message for every command.
An iDRAC with default login credentials is even less secure if the system is Internet-accessible or part of a large network with different trust boundaries. If any of the following items is configured, the possibility exists that iDRAC could become accessible on the Internet.
Whenever a user with Configure User privileges logs in to iDRAC using Web UI using the default login credentials, the Default Password Warning Message displays. From this page, the user can either change the password for a root user, or they can change nothing and continue logging in to iDRAC. The option to disable the Default Password Warning Message appears on this page if the user does not change the password.
Figure 2: iDRAC9 default password warning
Figure 3: iDRAC8 default password warning
The Default Password Warning can be enabled or disabled from the iDRAC Overview, then iDRAC Settings, User Authentication, and then the Local Users page, under the section titled Default Password Warning.
If you have lost the iDRAC password, you must reset the iDRAC to its default setting. This process is explained in How to Reset the Internal Dell Remote Access Controller (iDRAC) on a PowerEdge Server.
Duration: 00:00:54 (hh:mm:ss)
When available, closed caption (subtitles) language settings can be chosen using the Settings or CC icon on this video player.
Here are some recommended articles related to this topic that might be of interest to you.
02 Oct 2023