Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
2
Replies

Recent UCS firmware change to password change behavior

Go to solution
dbarstad
Level 1
Level 1

‎09-11-2023 04:23 PM

I have had scripts that initialize C-series servers from a factory config to full application deployment for some time, but a recent change in the firmware is not allowing scripted password changes via the 'usual tools'.

Powershell allows for login, but I cannot use the Set-ImcLocalUser command as previously done to change the user password.

  • Get-ImcLocalUser -AccountStatus "active" | Set-ImcLocalUser -Pwd $NewPass -Force

RedFish also allows for 'login' but errors when doing the XPATCH.

Anyone know of a workaround or if there is direction from Cisco on a 'new flow' to affect a touchless provisioning?

d

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dbarstad
Level 1
Level 1

‎09-22-2023 10:06 AM

Workaround established.

As noted in my own follow up above, the restrictions on other fields in the admin user and the inability to individually reference a ID in the set-imclocaluser command necessitates a different approach.  The below PowerShell Invoke-RestMethod will patch just the password parameter and allow an automated flow to commence:

 
$user = "admin"
$DefPass = ConvertTo-SecureString "password" -AsPlainText -Force
$ImcDefCred = New-Object System.Management.Automation.PSCredential($user,$DefPass)
Invoke-RestMethod -Uri https://$Host.IP/redfish/v1/AccountService/Accounts/1 -Body '{ "Password" : "NewPassword" }' -Credential $ImcDefCred -Method patch
 
If you are automating in a non-powershell environment, you can just use curl also:
 
curl -k -u admin:password https://$Host.IP/redfish/v1/AccountService/Accounts/1 -XPATCH -d '{"Password" : "NewPassword"}'
 
 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
dbarstad
Level 1
Level 1

‎09-11-2023 04:54 PM

Found some detail in the XML question from a few months back.

https://community.cisco.com/t5/unified-computing-system-ucs/cimc-xml-api-change-in-behavior-for-0-day-provisioning/td-p/4864264

Looks like they just constrained what elements can be 'updated' to the password until it is initially reset.  That is an issue in the current Powershell structure as there is no -Id option in the set-imclocaluser command.  The only way it can be defined what user is to use get-imclocaluser -Id 1| set-imclocaluser -Pwd "xxx" or get-imclocaluser -AccountStatus "active" | set-imclocaluser -Pwd "xxx".

Is there a pending powershell commandlet update to be able to target the user via -Id  so a set-imclocaluser -Id 1 -Pwd "xxx" would work?

d

0 Helpful

Go to solution
dbarstad
Level 1
Level 1

‎09-22-2023 10:06 AM

Workaround established.

As noted in my own follow up above, the restrictions on other fields in the admin user and the inability to individually reference a ID in the set-imclocaluser command necessitates a different approach.  The below PowerShell Invoke-RestMethod will patch just the password parameter and allow an automated flow to commence:

 
$user = "admin"
$DefPass = ConvertTo-SecureString "password" -AsPlainText -Force
$ImcDefCred = New-Object System.Management.Automation.PSCredential($user,$DefPass)
Invoke-RestMethod -Uri https://$Host.IP/redfish/v1/AccountService/Accounts/1 -Body '{ "Password" : "NewPassword" }' -Credential $ImcDefCred -Method patch
 
If you are automating in a non-powershell environment, you can just use curl also:
 
curl -k -u admin:password https://$Host.IP/redfish/v1/AccountService/Accounts/1 -XPATCH -d '{"Password" : "NewPassword"}'
 
 
0 Helpful
Customers Also Viewed These Support Documents