Passa al contenuto principale

Emergency XCC Password Reset

When emergency XCC password reset is performed, the SED AK stored in the server will be cleared at default for security. Check the emergency XCC password reset settings to enhance data security and prevent data loss.

Log in to Lenovo XClarity Controller web interface, and go to BMC Configuration > Security > Emergency XCC Password Reset to see the settings.

Emergency XCC password reset

If both XCC and UEFI password are lost, emergency XCC password reset feature allows the user to regain the access by resetting XCC password. Emergency XCC password reset feature does not include the normal XCC password reset methods, which can be performed with authorized access to tools like XCC, UEFI, BoMC, OneCLI, etc. See the following information to learn the capability of emergency XCC password reset feature.

For ThinkEdge SE350 V2, emergency XCC password reset can be performed with ThinkShield Edge Mobile Management App.

When the server’s System Lockdown Control status is ThinkShield Portal, users with proper permission can perform emergency XCC password reset through mobile app.

See Activate or unlock the system for the details of System Lockdown Mode and mobile app settings.

For ThinkShield Edge Mobile Management Application User Guide, see ThinkEdge Security.

Clear SED AK as part of Emergency XCC Password Reset

When SED encryption is enabled, if emergency XCC password reset is performed, the SED AK stored in the server will be cleared as the default action. Data stored on the SED will no longer be accessible unless the SED AK is restored. Backing up the SED AK is strongly advised to reduce the risk of data loss. See Manage the Self Encryption Drive Authentication Key (SED AK) for more information.

The clearing SED AK action can be changed in XCC.

  • Clear SED AK as part of Emergency XCC Password Reset

    • The default status is Enabled. Press the button to change the status to Disabled.

Important
When the server’s System Lockdown Mode status is XClarity Controller and Clear SED AK is disabled, the data in SED might be accessed by login with default credentials after password reset. To prevent security risk, it is recommended to keep Clear SED AK as Enabled.
Note
If users reset XCC password not by emergency XCC password reset but by tools like XCC, UEFI, BoMC, OneCLI, etc., the SED AK stored in the server will not be cleared.