Open srikarpyda opened 2 weeks ago
texroemer
commented
2 weeks ago Hi @srikarpyda
Thanks for bringing up this concern and looks to be a bug in iDRAC code for clearing BIOS password. I'm currently escalating this issue internally with iDRAC team, will keep you updated once i have more details.
For action Bios.ResetBios this will only reset BIOS settings to default values not clear setup or system password.
Thanks Tex
srikarpyda
commented
1 week ago Hi @texroemer ,
Just wanted to follow up. Did the iDRAC team come back with any details?
Thanks, Srikar
texroemer
commented
1 week ago Hi @srikarpyda
Bios password issue has been escalated internally and fixed. Fix will be available in iDRAC 7.10.70 which is scheduled to be released this Sept.
Thanks Tex
srikarpyda
commented
1 week ago Hey @texroemer , Thanks for the update. Is there a work-around I can use until September? Thanks, Srikar
texroemer
commented
1 week ago For a workaround you can use Server Configuration Profile (SCP) feature to clear BIOS passwords (setup or system or both). See example below using script "ImportSystemConfigurationLocalFilenameREDFISH.py" along with SCP file passed in to clear BIOS setup password.
C:\Python312>type 2024-7-8_134214_export.xml
<SystemConfiguration>
<Component FQDD="BIOS.Setup.1-1">
<!-- <Attribute Name="OldSysPassword">******</Attribute>-->
<!-- <Attribute Name="NewSysPassword">******</Attribute>-->
<Attribute Name="OldSetupPassword">Pass1234#</Attribute>
<Attribute Name="NewSetupPassword"></Attribute>
</Component>
</SystemConfiguration>
C:\Python312>python ImportSystemConfigurationLocalFilenameREDFISH.py -ip 192.168.0.120 -u root -p calvin --target BIOS --shutdown-type Forced --filename 2024-7-8_134214_export.xml
- PASS, JID_204930458522 successfully created for ImportSystemConfiguration method
- INFO, "Importing Server Configuration Profile.", percent complete: 10
- INFO, "Waiting for the system to shut down.", percent complete: 20
- INFO, "Applying configuration changes.", percent complete: 20
- INFO, "The configuration operation for the specified device is in progress.", percent complete: 40
- INFO, "The component configuration update on the host system is complete", percent complete: 90
- PASS, job ID JID_204930458522 successfully marked completed
- Detailed configuration changes and job results for "JID_204930458522"
{'Message': 'The operation successfully completed.',
'MessageID': 'SYS413',
'Oem': {'Dell': {'@odata.type': '#DellManager.v1_0_0.ServerConfigurationProfileResults',
'DisplayValue': 'OldSetupPassword',
'FQDD': 'BIOS.Setup.1-1',
'Name': 'OldSetupPassword',
'Status': 'Success'}},
'Severity': 'OK'}
{'Message': 'Successfully imported and applied Server Configuration Profile.',
'MessageArgs': [],
'MessageArgs@odata.count': 0,
'MessageId': 'IDRAC.2.9.SYS053'}
- JID_204930458522 completed in: 0:08:41Thanks Tex
Hello Texas,
Server Information: Model: PowerEdge R750 Bios Version: 1.13.2 IDRAC Firmware Version: 7.00.60.00
I have been able to set the Setup bios password on my R750 server through Redfish. Although I am able to clear the Setup password manually through the BMC UI, I am unable to do so programatically through Redfish. I am trying to clear the password through hitting the same Redfish endpoint that I used to initially set the password (redfish/v1/Systems/System.Embedded.1/Bios/Actions/Bios.ChangePassword). However, specifying an empty String for the new password is returning an error: "Retry the operation with a BIOS password that conforms with system BIOS password requirements".
I see the same error when I use the BiosChangePasswordREDFISH script to try to clear the password: `./BiosChangePasswordREDFISH.py -ip 99.999.999.999 -u root -p XXXXX --type 2 --old XXXXXX --new ""
INFO, clearing BIOS SetupPassword
FAIL, Command failed, error code is 400
{'_content': b'{"error":{"@Message.ExtendedInfo":[{"Message":"Invalid BIOS Password.","MessageArgs":["SetupPassword"],"MessageArgs@odata.count":1,"MessageId":"IDRAC.2.9.BIOS018","RelatedProperties":["#/PasswordName"],"RelatedProperties@odata.count":1,"Resolution":"Retry the operation with a BIOS password that conforms with system BIOS password requirements.","Severity":"Warning"}],"code":"Base.1.12.GeneralError","message":"A general error has occurred. See ExtendedInfo for more information"}}', '_content_consumed': True, '_next': None, 'status_code': 400, 'headers': {'Date': 'Wed, 26 Jun 2024 11:23:21 GMT', 'Server': 'Apache', 'OData-Version': '4.0', 'Cache-Control': 'no-cache', 'X-Frame-Options': 'DENY', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload', 'Content-Length': '482', 'Connection': 'close', 'Content-Type': 'application/json;odata.metadata=minimal;charset=utf-8'}, 'raw': <urllib3.response.HTTPResponse object at 0x7f1e9cd7cb80>, 'url': 'https://10.180.247.197/redfish/v1/Systems/System.Embedded.1/Bios/Actions/Bios.ChangePassword', 'encoding': 'utf-8', 'history': [], 'reason': 'Bad Request', 'cookies': <RequestsCookieJar[]>, 'elapsed': datetime.timedelta(microseconds=303289), 'request': <PreparedRequest [POST]>, 'connection': <requests.adapters.HTTPAdapter object at 0x7f1e9cd7da80>} `
In addition to the above approach, I have also tried hitting the Redfish endpoint to reset the BIOS default settings (../redfish/v1/Systems/System.Embedded.1/Bios/Actions/Bios.ResetBios), but that did not clear the Setup password. I also tried hitting (../redfish/v1/Managers/iDRAC.Embedded.1/Actions/Oem/DellManager.ResetToDefaults) to no avail.
Thanks