Reset password on a IBM RSA II

I got the hand on three nice servers built by IBM. All of them include a Remote Supervisor Adapter II slimline (RSA II) for system management. There was a unknown password on it and I had to bring the RSA II back to it's factory default.

I followed several ways how to do it and read many forum posts about it but it took a long time until it worked for me (Don't try MPCLI, never got a connection to my RSA II!). So hopefully this short how-to will bring you back access to your RSA II too!

This manual uses a Linux live system loaded from CD, so you don't have to touch your already installed operating system!

To follow this instructions you have to download the following files:

Step by step instruction

  1. Burn the Fedora iso image to a CD rewritable (to save the environment), else use a normal CD-R
  2. Copy the other downloaded files to a USB memory stick
  3. Boot your IBM system and select the CD as boot media
  4. Wait until the Fedora live system is finished booting
  5. Plug-in the memory stick and open it in a file browser
  6. Open ibm_svc_rsa2_hlp253a_linux_32-64.tgz go to RPMS and extract ibmusbasm-1.53-2.rhel5.i686.rpm
  7. Install (by double clicking on it): ibmusbasm-1.53-2.rhel5.i686.rpm
  8. Install ( by double clicking on it): ibm_utl_asu-3.60-asut69k.i386.rpm
  9. Open a terminal (In the starter menu under system tools)
  10. Get root, the live CD does not ask for a password, type and press enter: “su”
  11. Install libusb, type and press enter: “yum install libusb-devel”
  12. Reload ibmasm daemon, type and press enter: “ibmspdown && ibmspup”
  13. Wait about 10s
  14. Make sure it was loaded correctly, type and press enter: “tail /var/log/messages” and you should find a line: localhost ibmasm: V1.51 IBM RSA II 32-bit device support loaded. when not, write me an email.
  15. Go to the asu install directory, type and press enter: “cd /opt/ibm/toolscenter/asu”
  16. Try to get information from your RSA II, type and press enter: "./asu show --group rsa" You should get a long list of values.
  17. Revert your RSA II back to factory defaults, type and press enter: “./asu resetrsa”
  18. Connect the RSA II to your network or computer, it is accessible now on the IP 192.168.70.125 with the default user USERID and the password PASSW0RD (with a digit '0', not a char 'o')

Discussion

tim, 2014/01/25 09:22

anyone looking for the RPM might have trouble like I did - try this:

ftp://ftp.software.ibm.com/systems/support/system_x/ibm_utl_asu-3.60-asut69k.i386.rpm

Jarrod (JRC), 2013/11/30 07:51

Here is how you can use the ASU utility to set the IP for the RSA

1. Disable DHCP ./asu set RSA_DHCP1 Disabled 2. Set the IP ./asu set RSA_HostIPAddress1 xxx.xxx.xxx.xxx 3. Set the subnet ./asu set RSA_HostIPSubnet1 xxx.xxx.xxx.xxx 4. Set the GW ./asu set RSA_GatewayIPAddress1 xxx.xxx.xxx.xxx 5. Restart ./asu rebootRSA

I got these from here: http://publib.boulder.ibm.com/infocenter/toolsctr/v1r0/index.jsp?topic=%2Fasu%2Fcfg_ether_rsaii.html

Ian Darwin, 2013/04/09 15:08

Hey, this is great stuff, thanks. Especially useful for those that, like me, start off knowing very little about IBM rackmount servers.

Advice for people reading this in 2013:

Although Fedora 14 is hard to find nowadays, it's worth it. I tried Fedora 15 and 16 on my xSeries 336 and they did NOT find the SCSI disk, whereas 14 did. 14 is still out there, use your google-fu to find it (I do not remember where I found it, don't bother asking, and I don't have the bandwidth to host it, sorry).

Step 9, it is of course the Application menu, not the non-existent “Starter” menu.

Step 16, there are two dashes before “group” (the wikicode or font or something makes it look like there is only one).

Step 18, if you previously had the RSA configured for DHCP, it will still be on DHCP if it can get an address, not at the default address shown (if you're cant conntect and are not sure what this is set, boot machine into BIOS (hit F1 when asked), Advanced Settings, then RSA II settings, and it will show if it got a DHCP address).

But: really useful stuff. Thanks!

Christoph Zimmermann, 2014/12/14 17:11

Hi Ian

Thanks for your valuable inputs! I corrected now step 16.

Paul Elson, 2013/01/30 03:48

Hey.. I followed you instructions but can connect ? Can you please help logs Jan 30 13:38:14 localhost yum[2632]: Installed: ibm_utl_asu-3.63-asut71D.i386 Jan 30 13:39:38 localhost yum[2665]: Installed: libusb-devel-0.1.12-23.fc14.i686

root@localhost asu]# ./asu show IBM Advanced Settings Utility version 3.63.71D Licensed Materials - Property of IBM (C) Copyright IBM Corp. 2007-2013 All Rights Reserved FATAL: Error inserting ipmi_si (/lib/modules/2.6.35.6-45.fc14.i686/kernel/drivers/char/ipmi/ipmi_si.ko): No such device Initiating OpenIPMI connection…………………………FATAL: Error inserting ipmi_si (/lib/modules/2.6.35.6-45.fc14.i686/kernel/drivers/char/ipmi/ipmi_si.ko): No such device Initiating OpenIPMI connection FATAL: Error inserting ipmi_si (/lib/modules/2.6.35.6-45.fc14.i686/kernel/drivers/char/ipmi/ipmi_si.ko): No such device Initiating OpenIPMI connection IPMI command error. Please check your IPMI driver and IBM mapping layer installation. [root@localhost asu]#

Christoph Zimmermann, 2013/02/06 08:40

Looks somewhat strange. As I see the ipmi_si module is a kernel standard module which is shipped by the fedora distribution. So this module should be there and because this version of the kernel worked on my machine it should also on yours.

There is a bug open about the ipmi_si module for one specific machine. Which type of server do you have? If it is different than my x336 you could try to install fedora to the hard drive and then upgrade the kernel (hopefully the ibmasm drivers are still working). Just a guess.

Divakar SK, 2012/11/23 11:41

Thank you so much…it worked for me – Divakar/IBM

Normunds Karklins, 2012/10/12 18:55

Thank you very much for this great information! Worked just fine for me.:-)

Brett Hawthorne, 2012/10/10 10:47

Hi,

I have tried your recommendation and when I run the reload the ibmasam I get the following error

[root@localhost liveuser]# ibmspdown && ibmspup Command not found. Command not found. [root@localhost liveuser]#

Simon Munk, 2012/01/21 22:08

Love that someone takes the time to put solid guides like this on the net - thanks.

Though was going through the guide on a x3650 when I ran into problems on the “Install libusb”, where a module wasn't found. Continued anyway but the resetrsa command didn't find any hardware. Read through the comments on RSA not being set to Linux mode, which I knew it wasn't, and there while in the BIOS under RSA II Settings I saw ”«RESTORE RSA II DEFAULTS»”. I thought I could give it a try, and that completely resat the RSA and I were able to log on using defaults.

Might be a bit easier for others like my self trying to find a way to reset the RSA II.

Cheers Simon

Christoph Zimmermann, 2012/03/07 16:08

I would have loved a «RESTORE RSA II DEFAULTS» on my x336 BIOS. Would have saved me several hours of work :-)

Nice to hear, that on newer machines this is now just a small thing that is solved in seconds.

Lennart, 2011/12/02 04:41

Tanx man, Worked like a charm.

Joe Dalton, 2011/07/29 13:06

It works great on IBM x346, but just one tip to others:

It is possible that DHCP is enabled by default, anyway what's given in the setup of the x346. Try the given IP from the DHCP Server and not the default IP 192.168.70.125. Logon to the given IP and then disable DHCP in “ASM Control” and “Network Settings” over the Webdialog. Only after that procedure you are able setting a Static IP over the Webdialog or x346 Setup! Don't forget to restart the ASM!

Don't know what the cause is, but I discover this behavior on two x346 with RSA II Card.

Many Thanks to the Author for this great Tutorial!

Joe

Sam, 2011/06/16 14:02

Thanks for the tutorial. Works great on the x436

Dave, 2011/05/16 11:30

Hi!

Everything went fine up to ibmspdown && ibmspup when it gave two lines of “Command not found”. ./asu rsareset gives “Error communicationg with RSA/RSA2” A result of the “Command not found” errors?

Truly hope you can help.

The card is reacheable via the LAN and seems to be working, was it noy for the userid and password.

Thanks for helping!!

Dave

Christoph Zimmermann, 2011/05/16 22:15

hi dave

indeed the “Error communicationg with RSA/RSA2” is a result of the error you had before. this means that no driver was loaded.

the two commands “ibmspdown” and “ibmspup” are only visible when you are root. make sure you are root and not a ordinary user before trying to access your RSA2.

another possibility for errors could be the installation of “ibmusbasm-1.53-2.rhel5.i686.rpm” as it was described in step 7. start the package manager and search for “ibm” and validate that the ibmusbasm stuff is installed correctly, else try to reinstall it in the console and post here the errors you get.

Dave, 2011/05/17 23:45

Morning Christoph

Many thanks so far. Ended up installing from the console and got error as follows:

“No IBM Remote Supervisor Adaptor II was found” and it goes on about cables and being set up for Linux. The card is indeed installed, the (20 pin I think) connected to the M/board and set up for Linux OS.

I'm beginning to wonder if this is the right card? Don't know how to describe it save to say it's got a daughter/second smaller board fitted on top of the card, has a push-button reset (that I've tried, 5-5-10, and which doesn't seem to work). Anything else I can look for?

Any idea will be appreciated greatly!!

Many thanks

Dave

Jo, 2014/07/19 15:16

Dave,

I'm stuck at step 12 like Dave and Brett here. typing “ibmspdown && ibmspup” gives the command not found responses. I have tried a windows server based method of updating the firmware too. I believe the RSAII cards to be faulty or the fact that once they are used, they are locked.

Should of went with HP Proliant. Now server migration ahead…

Thanks for your help Chris.

Sincerely,

Jo

Art Crego, 2011/04/02 10:18

this works just like it says until I get to step 11 and it gives me an error about a missing repository and and I should check the location. this usually means that I don't see the line from #14. I try to run the ASU and it just runs and brings nothing back. Help?

Christoph Zimmermann, 2011/04/02 16:44

hi art crego,

make sure that your network connection is working (lan cable pluged in, ip adress configuration, dns server, kernel module and firmware for your network card etc.) because yum tries to download libusb-devel from the internet.

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International