I recently authored a powershell script to get ILO version and Server model remotely. You can get it from here https://techibee.com/tips/powershell-script-to-get-ilo-version-and-server-model-remotely/572
I never thought that it possible. It’s really awesome and many people wanted to find out this information. I thought of giving details about the procedure to my blog readers and hence writing here. If you want the Unix based script straight away go to Nacho tech Blog. You can continue here if you want to understand the logic behind the script.
If a machine has ILO enabled, it listens on the port number 17988. It’s the port used for mapping virtual devices. Now you need to scan your network for list of machines which are listening on this port. For this purpose you can use nmap(a unix based utility which has it’s flavor in Windows also). This is very cool utility with little bit of complex options J. The simple example I can provide you scan a network for port 17988 is, “nmap -n -P0 -p 17988 -oG -S 10.10.10.0/24”. AFAIK, nmap uses broad cast when you ask it to scan a network range — correct me if I am wrong. Based on my assumption, you should run nmap from a host where broadcast is allowed to all your VLANS.
Above process returns the list of hosts which are listening on given port. The next step is, fetching the ILO details from IPs which are listening on this port. The script uses a utility called curl (not sure of windows equivalent version) which connects to http://ip-listening-on-port-17988/xmldata?item=All and fetches a XML file. This doesn’t require any authentication to server. The returned XML file contains the Server Serial number, IP address of ILO, Server Model and ILO version details. Using serial number you can easily find out the server name if you have proper inventory. If you don’t have this data, then go and check the serial numbers of server manually. Hey!…I don’t want you to that much hard work. You know?, you can query serial number of a windows machine remotely using WMIC. Use the below command for this purpose.
C:>wmic /node:remotehost bios get serialnumber
If you are a modern administrator and want to use powershell, the see my blog post.
This completes the task.
nmap will scan each host in the provided range. http://nmap.org/book/man-target-specification.html