HP server warranty via the ISEE API

TL;DR: Here’s a simple proof of concept program to look up HP server warranty details via the HP ISEE API. That’s right: no more web scraping.

If you’ve ever tried to look up warranty details for an HP server, you’ve probably come across some of these:

  1. http://h20566.www2.hp.com/portal/site/hpsc/public/wc/home/
  2. http://h20000.www2.hp.com/bizsupport/TechSupport/WarrantyLookup.jsp
  3. http://h10025.www1.hp.com/ewfrf/wc/weInput

For anything other than a couple of servers, these are useless. Also:

  • The last one is for non-server products. I wish it clearly said so.
  • Two different UIs for warranty lookup. No link between them.
  • One requires the product number for 10-digit serials, while the other does not. I’m guessing that’s due to duplicate serials coming from various aquisitions over the years.
  • The output data varies significantly. The first one is definitely the most interesting.

So you sit there and copy-paste serials and product numbers while your life drains away at every click, and then you get the brilliant idea of automating the process with some scripting and scraping. There are tons of implementations readily available, but you realize that each time you scrape HTML, another .NET-SOA-SAAS-XML-J2EE developer is employed somewhere in the world and will somehow find a way to get on your nerves with some poorly implemented, massively bloated piece of software that you have to run through fucking Mono.

So you curse and throw up your hands, and then someone comes along and suggests HP SIM. Yes, the 1.8GB interstellar monster that somehow runs with the smallest number of wtfs on Windows 2008 with another few gigabytes of MS SQL Server on board. Oh, and then you need 800 additional megabytes for HP Insight Remote Support Advanced (RSA) which lets you do warranty lookups. Great.

In reality, all you need when looking up warranty details is a couple of lines of XML.

RSA uses HP’s Instant Support Enterprise Edition (ISEE) API, and damn is it enterprise. In short, it’s a SOAP interface that sends embedded XML documents back and forth. There’s no WSDL available, so let’s walk through the process in full, including details on the service interface.

Client Registration

A client must supply a GDID and registrationToken parameter with every warranty lookup. These parameters are obtained from the server response when the client carries out the registration process, which goes as follows:

SOAP action: http://www.hp.com/isee/webservices/RegisterClient2
HTTP URL:    https://services.isee.hp.com/ClientRegistration/ClientRegistrationService.asmx

The SOAP envelope:

File: register_soapenv.xml


The ISEE registration request is then inserted as text in the <iseeReg:request> tag. It is a fairly verbose blob, and yes, it has been stripped down to the bare minimum accepted by the server.

File: register_payload.xml

<isee:ISEE-Registration schemaVersion="5.00"
        <Section name="SYSTEM_IDENTIFIERS">
          <Property name="TimestampGenerated"/>
        <Section name="SYSTEM_IDENTIFIERS">
          <Property name="CollectorType" value="MC3"/>
          <Property name="CollectorVersion" value="T05.80.1 build 1"/>
          <Property name="AutoDetectedSystemSerialNumber" value="10"/>
          <Property name="SystemModel" value="HP ProLiant"/>
          <Property name="TimestampGenerated"/>


  • Both TimestampGenerated properties must contain a near-current timestamp on the form %Y/%m/%d %H:%M:%S %Z. Use time zone “GMT” in case of problems.
  • The AutoDetectedSystemSerialNumber property need not contain a valid serial; it’s enough with two (or more) digits.

The server will then return:

<?xml version="1.0" encoding="utf-8"?>
    <RegisterClient2Response xmlns="http://www.hp.com/isee/webservices/">

Save the Gdid and the massively long RegistrationToken values so they can be used in upcoming requests.

Warranty Lookup

Next up is the warranty (aka entitlement) lookup itself. The GDID and registrationToken parameters are included in the SOAP/ISEE header. Again, this is the bare minimum accepted by the server, so even the empty <isee:OSID/> and <isee:CSID/> tags must be present.

SOAP action: http://www.hp.com/isee/webservices/GetOOSEntitlementList2
HTTP URL:    https://services.isee.hp.com/EntitlementCheck/EntitlementCheckService.asmx

File: warranty_soapenv.xml


The <isee:request> tag should then contain the following payload.

File: warranty_payload.xml



  • The empty tags must also be present.
  • The CountryCode need not match the origin country.
  • To look up multiple entries, simply add more HP_ISEEEntitlementParameters sections.

The server response SOAP envelope:


..and then finally, the warranty data itself. It can easily be hundreds of lines, so here’s a link to an example result: warranty-ok.xml

Each entry in the lookup is returned in its own <Data> section with a running frame count. You can also see that since the lookup specified the wrong CountryCode “US”, the response includes a warning about a mismatch with the database’s ship-to country.


There appears to be no WSDL available, so the SOAP envelope can be constructed manually or a WSDL can be reconstructed from the XML. I’m guessing that the client and server applications have been built and deployed directly from a Visual Studio project with no particular need for a WSDL.

The web interface lets you look up the serial only, but that seems to be impossible in the api. This is unfortunate for quick manual lookups, but isn’t really an issue for batch requests; the product number is readily available in any kind of iLO and also in the SMBios system SKU number.

Multiple warranty entries per request saves a lot of round-trips, but there is bound to be a maximum number of entries allowed per request. That number is not yet known.

The server returns a variety of error codes on malformed input. With the missing WSDL, error handling has to be inferred from the api by fuzzing it with invalid data. Some common error examples:

In addition to the enterprise choice of XML-in-XML, there are some odd inconsistencies in the api, such as Gdid vs GDID and RegistrationToken vs registrationToken, unused XML namespaces, inconsistent namespace local names, versioned SOAP actions (GetOOSEntitlementList2), etc. Beware when coding.

Apart from the register and entitlement lookup functions, the api supports other SOAP actions. Here’s a partial(?) list:

SOAP URLs that match some of the actions above:

Closing Words

The overall characteristics of the api makes it pretty clear that it is not designed for 3rd party use, but it certainly provides all the warranty info you need and it lets you avoid embarrassing HTML scraping. So I wish HP would publish api details and openly encourage its use, particularly for read-only authoritative data like warranty details. It doesn’t need to be the ISEE api in particular, but something well-engineered that provides the same (or better) level of detail.

As for functions other than warranty lookup, I can understand the desire to limit access to phone-home mechanisms for error reporting, hardware replacements, support cases, etc, but I would maintain that a strict api would easily limit abuse and poorly formed requests, and let competent users integrate the functionality into their own systems. One thing is for sure: Being forced to use vendor-specific, sub-par management software is definitely not the right way to go.

HP iLO authorization? Nah

This is old news and certainly not the end of the world, but just so it’s clear: Always keep your management network internal only.

Any version of iLO will by default happily provide anyone who can access it with details on product type, serial number, iLO firmware version, etc. This can be a convenience when autodetecting nodes on your management network.

Here are some exposed iLOs, courtesy of Shodan:

There’s also /xmldata?item=CpqKey that’s probably useful for something.

Oh, and FORTRAN called and congratulated on the all-caps XML.

Fuckin’ UUIDs, how do they work?

Pretty much any computer these days has an smbios full of lovely data. The system UUID is particularly useful for identifying and keeping track of your servers. You happily assume it’s set in stone from now until the end of time, but then someone comes along and fucks up the byte order.

Here are some brilliant wtfs from a HP server:

# dmidecode -s system-uuid

$ curl -ks "https://ilo4/xmldata?item=All"

So the first three fields are in reverse byte order. Which one is the right one? Neither. Or both? Hngh!

HP’s UUID is a simple ascii encoding of the six-digit product number plus the ten-digit serial number:

$ python -c "import binascii as b
print b.hexlify('C1T43A2UX237109F');"

So dmidecode gets it right? Yeeaano. Not according to section 7.2.1 in version 2.6 of the smbios spec. In short, assumptions and poor specs have resulted in yet another mess. Dmidecode 2.10 adds the little endian parsing for smbios versions >= 2.6.

Here’s Dell doing the same thing:

# dmidecode -s system-uuid

Note the broken UUID format in the second field in the iDRAC’s SMASH CLP:

-> show admin1/system1

..and enumerating the WSMan CIM_ComputerSystem class gives the same result:


Dell have later added the WSMan DCIM_SystemView:smbiosGUID value that presents the uuid in network byte order (same as dmidecode <= 2.9).

Oh, and Dell’s C6100 servers come with the same UUID and serial numbers for all nodes in the enclosure. Thanks a lot, Dell.

More details on this UUID wtfery here.