跳至主要内容

Emergency XCC Password Reset

When emergency XCC password reset is performed, the SED AK stored in the server will be cleared at default for security. Check the emergency XCC password reset settings to enhance data security and prevent data loss.

Log in to Lenovo XClarity Controller web interface, and go to BMC Configuration > Security > Emergency XCC Password Reset to see the settings.

Emergency XCC password reset

If both XCC and UEFI password are lost, emergency XCC password reset feature allows the user to regain the access by resetting XCC password. Emergency XCC password reset feature does not include the normal XCC password reset methods, which can be performed with authorized access to tools like XCC, UEFI, BoMC, OneCLI, etc. See the following information to learn the capability of emergency XCC password reset feature.

For ThinkEdge SE455 V3, emergency XCC password reset can be performed by the following methods:

1. Reset XCC password with ThinkShield Edge Mobile Management App

When the server’s System Lockdown Control status is ThinkShield Portal, users with proper permission can perform emergency XCC password reset through mobile app.

See Activate or unlock the system for the details of System Lockdown Mode and mobile app settings.

For ThinkShield Edge Mobile Management Application User Guide, see ThinkEdge Security.

2. Revert XCC to defaults with External Diagnostics Handset

ThinkEdge SE455 V3 supports External Diagnostics Handset. With the handset connecting to server, XCC can be reverted to default settings. See External Diagnostics Handset for more information.

When XCC is reverted to default settings by External Diagnostics Handset, depending on the settings, the XCC password might be reset at the same time.

If necessary, change the settings in XCC.

  • When using an external diagnostics handset to revert XCC to default settings, do you wish to reset the XCC password at the same time?

    • The default status is Disabled. Press the button to change the status to Enabled.

Important
If the server’s System Lockdown Mode status is XClarity Controller, enable emergency XCC password reset would cause a risk to security because the default credentials can be used to login to XCC after reset. It is recommended to keep the status as Disabled.

Clear SED AK as part of Emergency XCC Password Reset

When SED encryption is enabled, if emergency XCC password reset is performed, the SED AK stored in the server will be cleared as the default action. Data stored on the SED will no longer be accessible unless the SED AK is restored. Backing up the SED AK is strongly advised to reduce the risk of data loss. See Manage the Self Encryption Drive Authentication Key (SED AK) for more information.

The clearing SED AK action can be changed in XCC.

  • Clear SED AK as part of Emergency XCC Password Reset

    • The default status is Enabled. Press the button to change the status to Disabled.

Important
When the server’s System Lockdown Mode status is XClarity Controller and Clear SED AK is disabled, the data in SED might be accessed by login with default credentials after password reset. To prevent security risk, it is recommended to keep Clear SED AK as Enabled.
Note
If users reset XCC password not by emergency XCC password reset but by tools like XCC, UEFI, BoMC, OneCLI, etc., the SED AK stored in the server will not be cleared.