Unable to establish IPMI v2 / RMCP+ session

See this post:

https://stackoverflow.com/questions/51948745/error-unable-to-establish-ipmi-v2-rmcp-session 13 I installed the ipmitool 1.8.18 in the CentOS7.2 Dedicated Server, I can use it for check self own ipmi data: # ipmitool -I open power status Chassis Power is on but I want to check other ipmi address' status, I will get this error: # ipmitool -H 172.16.22.237 -U root -P mypassword -I lanplus chassis status -v Get Auth Capabilities error Error issuing Get Channel Authentication Capabilities request Error: Unable to establish IPMI v2 / RMCP+ session in the being controlled Server I use ipmitool checked the lan: [root@localhost ~]# ipmitool -I open lan print 1 Set in Progress : Set Complete Auth Type Support : NONE MD2 MD5 PASSWORD Auth Type Enable : Callback : MD2 MD5 PASSWORD : User : MD2 MD5 PASSWORD : Operator : MD2 MD5 PASSWORD : Admin : MD2 MD5 PASSWORD : OEM : MD2 MD5 PASSWORD IP Address Source : Static Address IP Address : 172.16.22.237 Subnet Mask : 255.255.255.0 MAC Address : 00:25:90:a9:42:4a SNMP Community String : public IP Header : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00 BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled Default Gateway IP : 0.0.0.0 Default Gateway MAC : 00:00:00:00:00:00 Backup Gateway IP : 0.0.0.0 Backup Gateway MAC : 00:00:00:00:00:00 802.1q VLAN ID : Disabled 802.1q VLAN Priority : 0 RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12 Cipher Suite Priv Max : aaaaXXaaaXXaaXX : X=Cipher Suite Unused : c=CALLBACK : u=USER : o=OPERATOR : a=ADMIN : O=OEM Bad Password Threshold : Not Available EDIT-01 I use nmap get bellow information: # nmap -p 623 -sU -P0 172.16.22.237 Starting Nmap 6.40 ( http://nmap.org ) at 2018-08-22 08:01 CST Nmap scan report for 172.16.22.237 Host is up. PORT STATE SERVICE 623/udp open|filtered asf-rmcp Nmap done: 1 IP address (1 host up) scanned in 2.11 seconds ipmiipmitool Share Improve this question Follow edited Aug 22, 2018 at 8:01 asked Aug 21, 2018 at 12:31 aircraft's user avatar aircraft 26.7k2828 gold badges101101 silver badges173173 bronze badges This seems to be an authentication error. Please take note that RMCP+ supports in addition to various authentication extensions, encryption of data transmission. – U880D CommentedAug 22, 2018 at 7:28 I also tried the -I lan. – aircraft CommentedAug 22, 2018 at 7:32 @U880D See my edited post, bro. – aircraft CommentedAug 22, 2018 at 7:42 @U880D When I use the -H 172.16.22.237 -U root -P mypassword , the password is the origin password, without encryption. does this is the reason? – aircraft CommentedAug 22, 2018 at 7:46 1 -U admin and you must know the correct admin password. Once you are sure of those, you need to try -C0 to -C3 for different cipher suites, as it says "Cipher Suite Priv Max : aaaaXXaaaXXaaXX". – Gambit Support CommentedAug 22, 2018 at 12:29 Show 5 more comments 9 Answers Sorted by: Highest score (default) 9 (SOLVED for a Dell machine) I had exactly the same issue on a Dell Poweredge R430 machine after having changed the system motherboard: although my credentials were restored in the new IDRAC board from the chassis flash backup, and despite the fact my credentials still allowed me to enter the IDRAC Web Interface, I was not able anymore to interact with the IDRAC board through IPMIv2/lanplus/SOL interface, facing the same problem of Error: Unable to establish IPMI v2 / RMCP+ session. For me the solution was, as suggested by Rupeshrams herein https://stackoverflow.com/a/55615668/13646401, to "reset ipmi default password to the same old one" ("same" because I had system tools all hardcoded with old credentials) with the IDRAC Web Interface as this : In your browser, enter the (static) ip address of the IDRAC : this should open an https web site. Then : Menu Overview -> IDRAC SETTINGS -> User Authentication -> Click on the userID of your admin account -> Next -> check "change your password" checkbox and enter the same (or new) password -> Apply Why : I understood that passwords were hashed/encrypted in my previous motherboard with a key specific to that old motherboard. By Changing the motherboard, and restoring a user database hashed by a from-now-on unknown key, my credentials became invalid, at least for using ipmitool and IPMIv2 interface. What was confusing me, but that finally helped me to solve the problem, was the fact that old credentials were still valid to enter the IDRAC web interface. TIP: every advice to check for IPMIv2/UDP 623 service availability with nmap or to "activate SOL (Serial Over Lan)" are helpful: "SOL activate" can be easily performed on the IDRAC web interface: Menu Overview -> IDRAC SETTINGS -> Network -> SerialOverLAN