Error: Unable to establish IPMI v2 / RMCP+ session

Question

I installed the ipmitool 1.8.18 in the CentOS7.2 Dedicated Server, I can use it for check self own ipmi data:

# ipmitool -I open power status
Chassis Power is on

but I want to check other ipmi address' status, I will get this error:

# ipmitool -H 172.16.22.237  -U root -P mypassword  -I lanplus chassis status -v
Get Auth Capabilities error
Error issuing Get Channel Authentication Capabilities request
Error: Unable to establish IPMI v2 / RMCP+ session

---

in the being controlled Server I use ipmitool checked the lan:

[root@localhost ~]# ipmitool -I open lan print 1
Set in Progress         : Set Complete
Auth Type Support       : NONE MD2 MD5 PASSWORD 
Auth Type Enable        : Callback : MD2 MD5 PASSWORD 
                        : User     : MD2 MD5 PASSWORD 
                        : Operator : MD2 MD5 PASSWORD 
                        : Admin    : MD2 MD5 PASSWORD 
                        : OEM      : MD2 MD5 PASSWORD 
IP Address Source       : Static Address
IP Address              : 172.16.22.237
Subnet Mask             : 255.255.255.0
MAC Address             : 00:25:90:a9:42:4a
SNMP Community String   : public
IP Header               : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00
BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP      : 0.0.0.0
Default Gateway MAC     : 00:00:00:00:00:00
Backup Gateway IP       : 0.0.0.0
Backup Gateway MAC      : 00:00:00:00:00:00
802.1q VLAN ID          : Disabled
802.1q VLAN Priority    : 0
RMCP+ Cipher Suites     : 1,2,3,6,7,8,11,12
Cipher Suite Priv Max   : aaaaXXaaaXXaaXX
                        :     X=Cipher Suite Unused
                        :     c=CALLBACK
                        :     u=USER
                        :     o=OPERATOR
                        :     a=ADMIN
                        :     O=OEM
Bad Password Threshold  : Not Available

---

EDIT-01

I use nmap get bellow information:

# nmap -p 623 -sU -P0 172.16.22.237 

Starting Nmap 6.40 ( http://nmap.org ) at 2018-08-22 08:01 CST
Nmap scan report for 172.16.22.237
Host is up.
PORT    STATE         SERVICE
623/udp open|filtered asf-rmcp

Nmap done: 1 IP address (1 host up) scanned in 2.11 seconds

Answer 1

(SOLVED for a Dell machine)

I had exactly the same issue on a Dell Poweredge R430 machine after having changed the system motherboard: although my credentials were restored in the new IDRAC board from the chassis flash backup, and despite the fact my credentials still allowed me to enter the IDRAC Web Interface, I was not able anymore to interact with the IDRAC board through IPMIv2/lanplus/SOL interface, facing the same problem of Error: Unable to establish IPMI v2 / RMCP+ session.

For me the solution was, as suggested by Rupeshrams herein https://stackoverflow.com/a/55615668/13646401, to "reset ipmi default password to the same old one" ("same" because I had system tools all hardcoded with old credentials) with the IDRAC Web Interface as this : In your browser, enter the (static) ip address of the IDRAC : this should open an https web site. Then :

Menu Overview -> IDRAC SETTINGS -> User Authentication
-> Click on the userID of your admin account -> Next
-> check "change your password" checkbox and enter the same (or new) password
-> Apply

Why : I understood that passwords were hashed/encrypted in my previous motherboard with a key specific to that old motherboard. By Changing the motherboard, and restoring a user database hashed by a from-now-on unknown key, my credentials became invalid, at least for using ipmitool and IPMIv2 interface. What was confusing me, but that finally helped me to solve the problem, was the fact that old credentials were still valid to enter the IDRAC web interface.

TIP: every advice to check for IPMIv2/UDP 623 service availability with nmap or to "activate SOL (Serial Over Lan)" are helpful: "SOL activate" can be easily performed on the IDRAC web interface:

Menu Overview -> IDRAC SETTINGS -> Network -> SerialOverLAN

Every advice to "unlock" credentials through ipmitool various commands just can not and must not work. But, if web interface is not accessible, then you need to access the IDRAC through everything you can except ipmitools, at least in the case of a Dell machine (at first try BIOS "/IDRAC Settings/User configuration", or ssh, telnet, or anything else such as RACADM, or even the real serial interface with a db9 cable and a tty terminal (eg a PC with hyperterminal or anyother soft tty emulator).

Yours sincerely, Pierre

Answer 2

To resolve ipmi issue, need to change the IPMI over LAN setting from Disabled to **Enabled** in the iDRAC/iLO.

Once after IPMI over LAN been enabled, below command provides power status.

#ipmitool -H <ipx.x.x.x> -U <username> -I lanplus power status

Answer 3

Reset ipmi default password to the same or different one using the racadm command that will resolve the issue

to install racadm you need few packages in local,

sudo apt install srvadmin-base srvadmin-storageservices srvadmin-idrac7 srvadmin-all*

Answer 4

As stated above, the issue is likely that IPMI ove LAN is off even tho DRAC is enabled.

You can fix this by rebooting and going into the DRAC settings, or you can use the following command on the server OS in OpenManage Server Administration (OMSA)

omconfig chassis remoteaccess config=nic enableipmi=true

Answer 5

For us on a Dell R740, we had to enable IPMI Over Lan via the iDrac --> iDRAC Settings --> IPMI Settings:

What was frustrating is that racadm commands were working. When this is enabled when you run ipmitool sel info you should see:

Version          : 1.5 (v1.5, v2 compliant)