HP Integrated Lights-Out 2 User Guide HP Part Number: 394326-402 Published: June 2011 Edition: 1
© Copyright 2011 Hewlett-Packard Development Company, L.P Notices The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Confidential computer software.
Contents 1 Overview................................................................................................11 New in this release of iLO 2.....................................................................................................11 iLO 2 Overview......................................................................................................................11 Differences between iLO 2 and iLO......................................................................................
Password guidelines......................................................................................................41 Securing RBSU..............................................................................................................42 iLO 2 Security Override Switch administration...................................................................42 Trusted Platform Module support..........................................................................................
Fans............................................................................................................................76 Temperatures................................................................................................................76 Power..........................................................................................................................77 Processors..................................................................................................................
Creating iLO 2 disk image files.....................................................................................111 Virtual folder...................................................................................................................111 Virtual folder operating system notes..................................................................................112 Power management..............................................................................................................
Management snap-in installer............................................................................................140 Directory services for Active Directory.................................................................................140 Active Directory installation prerequisites........................................................................140 Installing Active Directory on Windows Server 2008.......................................................
hpqRole................................................................................................................172 hpqPolicy..............................................................................................................173 Core attribute definitions..............................................................................................173 hpqPolicyDN.........................................................................................................173 hpqRoleMembership.....
iLO 2 Security Override switch...........................................................................................191 Authentication code error message.....................................................................................191 Troubleshooting directory issues..............................................................................................191 Domain/name format login issues......................................................................................
Displaying the current session cookie.............................................................................201 Preventing cookie-related user issues..............................................................................201 Inability to access ActiveX downloads.................................................................................201 Inability to get SNMP information from HP SIM....................................................................
1 Overview The iLO 2 firmware provides multiple ways to configure, update, and operate servers remotely. The HP Integrated Lights-Out 2 User Guide describes these features and how to use them with the browser-based interface and RBSU. Some features are licensed features and may only be accessed after purchasing an optional license. For more information, see “Licensing” (page 26).
Differences between iLO 2 and iLO The iLO 2 firmware is based on the iLO and shares many common features. However, to use iLO 2 to access a pre-operating system, text-based remote console, you must use the remote serial console. For more information, see “Text-based remote console overview” (page 95). The following table highlights the differences between iLO 2 and iLO.
Server management through IPMI version 2.0 compliant applications Server management through the IPMI is a standardized method for controlling and monitoring the server. iLO 2 provides server management based on the IPMI version 2.0 specification. The IPMI specification defines a standardized interface for platform management.
Authentication: • The iLO 2 firmware uses basic authentication over SSL, compliant with profile: wsman:secprofile/https/basic. • Authenticated users are authorized to execute WS-Management commands in accordance with designated privileges in their local or directory accounts. • To enable basic authentication on Windows Vista, enter gpedit.msc at the command prompt to launch the Group Policy Object Editor.
• “Troubleshooting iLO 2” (page 182) • “Directory services schema” (page 171) Supported browsers and client operating systems • • Microsoft Internet Explorer 7, Internet Explorer 8, Internet Explorer 9 ◦ These browsers are supported on Microsoft Windows products. ◦ HP supports Microsoft JVM and SUN Java 1.4.2_13. To download the recommended JVM for your system configuration, see the HP website at http://www.hp.com/servers/ manage/jvm. Mozilla Firefox 2.
• 16 Overview ◦ RedHat Enterprise Linux 5 (x86) ◦ RedHat Enterprise Linux 5 (AMD64/EM64T) SUSE LINUX ◦ SUSE LINUX Enterprise Server 9 (x86) ◦ SUSE LINUX Enterprise Server (AMD64/EM64T) ◦ SUSE LINUX Enterprise Server 10
2 Setting up iLO 2 Quick setup To quickly set up iLO 2 by using the default settings for iLO 2 Standard and iLO Advanced features, follow these steps: 1. To decide how you want to structure networking and security, see“Preparing to set up iLO 2” (page 17) 2. To connect iLO 2 to the network, see “Connecting to the network” (page 18). 3. If you are not using dynamic IP addressing to configure a static IP address, use the iLO 2 RBSU. See “Configuring the IP address” (page 19). 4.
3. What access security is required and what user accounts and privileges are needed? The iLO 2 firmware provides several options to control user access. You must select one of the following methods to prevent unauthorized access to corporate IT assets: 4. • Local accounts with up to 12 user names and passwords can be stored on iLO 2. This is ideal for small environments such as labs and small- and medium-sized businesses.
• Dedicated management network, where the iLO 2 port is on a separate network. Configuring the IP address This step is necessary only if you are using a static IP address. When using dynamic IP addressing, your DHCP server automatically assigns an IP address for iLO 2. To simplify installation, HP recommends using DNS or DHCP with iLO 2. To configure a static IP address, use the iLO 2 RBSU with the following procedure to disable DNS and DHCP and configure the IP address and the subnet mask: 1.
Logging in to iLO 2 for the first time The iLO 2 firmware is configured with a default user name, password, and DNS name. Default user information is located on the iLO 2 Network Settings tag attached to the server containing the iLO 2 management processor. Use these values to access iLO 2 remotely from a network client using a standard Web browser. For security reasons, HP recommends changing the default settings after logging in to iLO 2 for the first time.
Setting up iLO 2 with the browser-based option If you can connect to iLO 2 on the network with a browser, then use the browser-based setup method. You can also use this method to reconfigure a previously configured iLO 2. Access iLO 2 from a remote network client using a supported browser, and provide the default DNS name, user name, and password. Default DNS name and account information is located on the iLO 2 Network Settings tag attached to the server containing the iLO 2 management processor.
1. 2. Click the iLO 2 graphic. Select Software and Drivers. Microsoft device driver support The device drivers that support the iLO 2 are part of the PSP that is located on the HP website at http://www.hp.com/support or on the SmartStart CD. Before you install the Windows drivers, obtain the Windows documentation and the latest Windows Service Pack. iLO 2 prerequisite files: • CPQCIDRV.SYS – Provides the iLO 2 Management Interface Driver support. • CPQASM2.SYS, SYSMGMT.SYS, and SYSDOWN.
When updating iLO 2 drivers, be sure iLO 2 is running the latest version of iLO 2 firmware. You can obtain the latest version as a Smart Component from the HP website at http://www.hp.com/ servers/lights-out. Install the drivers download the PSP from the HP website at http://www.hp.com/support to a NetWare server. After downloading the PSP, follow the Novell NetWare component installation instructions to complete the installation.
3 Configuring iLO 2 iLO 2 configuration overview Typically, an advanced or administrative user who must manage users and configure global and network settings configures iLO 2. You can configure iLO 2 using the iLO 2 browser-based GUI or scripting tools such as CPQLOCFG and HPONCFG (described in the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide at http:// h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.
• Scripting with HPONCFG – Download the HPONCFG component to get the host-based scripting utility HPONCFG. This utility enables you to use RIBCL scripts that perform firmware updates, Lights-Out processor configuration and operations in bulk, from Administrator or root account access on supported host operating systems. • HP Directories Support for Management Processors – Download the HP Directories Support for Management Processors executable file to get the directory support components.
Recovering from a failed iLO 2 firmware update To recover from a failed firmware update using the HP Drive Key Boot Utility: 1. Copy the iLO 2 offline flash component to your USB drive key. 2. Verify that the iLO 2 security override switch is set to disabled. 3. Boot the USB drive key containing the iLO 2 flash component. To download the HP Drive Key Boot Utility and for information on how to create a boot USB key, see the HP website at http://www.hp.com/go/support. 4. 5. 6.
NOTE: The features annotated with an asterisk (*) are not supported on all systems.
Feature iLO 2 Advanced iLO 2 Advanced for BladeSystem iLO 2 Standard iLO 2 Standard Blade Edition Kernel debugger for Windows X X –– –– Console replay X X –– –– Shared remote console X X –– –– Boot/fault console capture X X –– –– iLO video player (license required for capture) X X X X In addition to the standard iLO 2 single-server licenses, two other licensing options are available: • The Flexible Quantity License Kit enables you to purchase a single software package, one cop
iLO 2 Directory Accounts enables you to view iLO 2 groups and modify the settings for those groups. You must have the Administer Directory Groups privilege. To access Directory Accounts, click Administration>User Administration>Group Accounts. Adding a new user NOTE: 2. Only users with the Administer User Accounts privilege can manage other users on iLO You can assign a different access privilege to each user.
5. Complete the fields. The following options are available: • User Name appears in the user list and on the home page. It is not necessarily the same as the Login name. The maximum length for a User Name is 39 characters. The User Name must use printable characters. • Login Name is the name that you must use when logging in to iLO 2. The maximum length for a login name is 39 characters. The login name can only use printable characters.
4. 5. Change user information as required. After changing the fields, return to the User Administration screen by clicking Save User Information. To recover the original user information, click Restore User Information. All changes made to the profile are discarded. Deleting a user NOTE: 2. Only users with the Administer User Accounts privilege can manage other users on iLO To delete existing user information: 1. Log in to iLO 2 using an account that has the Administer User Accounts privilege. 2.
The following settings are available: • Security Group Distinguished Name is the distinguished name of a group within the directory. All members of this group are granted the privileges set for the group. The group specified in the Security Group Distinguished Name must exist within the directory, and users who need access to iLO 2 must be members of this group. Complete this field with a Distinguished Name from the directory (for example, CN=Group1,OU=Managed Groups, DC=domain, DC=extension).
Services options The Services tab enables you to select which services you want to enable on iLO 2, including SSH, SSL, Remote Console, Telnet, and Terminal Services. The Services tab also enables you to set the ports for each selected option. Settings on the Services page apply to all iLO 2 users. You must have the Configure iLO 2 Settings privilege to modify settings on this page. To access Services, click Administration>Access>Services. Click Apply to save updated information.
Parameter Default value Description not normally detect if this port is open on iLO 2. iLO 2 listens on this port for a few seconds when the Remote Console is opened, but Telnet connections are not accepted. Communication between the iLO 2 and Remote Console is always encrypted. Remote Console/Telnet Port 23 This setting enables you to specify which port the iLO 2 Remote Console uses for remote console communications.
3389. All data received from Terminal Services on this port is forwarded to the server and all data Terminal Services receives from the server is forwarded back to the socket. The iLO 2 firmware reads anything received on this port as an RDP packet. RDP packets are exchanged between the iLO 2 firmware and the server Terminal Services (RDP) server through the local host address on the server. The service provided facilitates communications between the iLO 2 firmware and the RDP server.
Terminal Services Passthrough installation The following section describes how to install Terminal Services Passthrough on Windows Server 2008, Windows Server 2003, and Microsoft Windows XP. • Windows Server 2003 and Windows Server 2008 Windows servers require Microsoft .NET Framework to support the use of iLO 2 Terminal Services.
is available or active. This is normal behavior, but it is different than the behavior observed when both Terminal Services sessions are established by Windows administrators. In that case, the warning message is received by the first Terminal Services session immediately. Terminal Services Passthrough option display The iLO 2 firmware might not accurately display the Terminal Services Passthrough option.
1. Verify that Terminal Services is enabled on the host by selecting My Computer>Properties>Remote>Remote Desktop. 2. 3. 4. 5. 6. Verify that the iLO 2 passthrough configuration is enabled or automatic in the iLO 2 Global Settings. Verify that iLO Advanced Pack is licensed. Verify that the iLO 2 Management Interface Driver is installed on the host. To verify the driver, select My Computer>Properties>Hardware>Device Manager>Multifunction Adapters.
The Options tab includes the following. Parameter Default value Descriptions Idle Connection Timeout 30 minutes (minutes) This setting specifies the interval of user inactivity, in minutes, before the web server and Remote Console session automatically terminate. The following settings are valid: 15, 30, 60, 120 minutes, or 0 (infinite). The infinite timeout value does not log out inactive users. Lights-Out Functionality Enabled This setting enables connection to iLO 2.
Parameter Default value Descriptions • Enabled-Every 3rd Failure – A failed login log entry is recorded after every third failed login attempt. • Enabled-Every 5th Failure – A failed login log entry is recorded after every fifth failed login attempt. • Disabled – No failed login log entry is recorded.
• Support for X.509 CA signed certificates • Support for securing RBSU • Encrypted communication using: • — SSH key administration — SSL certificate administration Support for optional LDAP-based directory services Some of these options are licensed features. To verify your available options, see “Licensing” (page 26). General security guidelines The following are general guidelines concerning security for iLO 2: • For maximum security, iLO 2 must be set up on a separate management network.
Securing RBSU iLO 2 RBSU enables you to view and modify the iLO 2 configuration. RBSU access settings can be configured using RBSU, a web browser, RIBCL scripts, or the iLO 2 Security Override Switch. For more information, see “Access options” (page 38). RBSU has three levels of security: • RBSU Login Not Required (default) Anyone with access to the host during POST can enter the iLO 2 RBSU to view and modify configuration settings. This is an acceptable setting if host access is controlled.
Depending on the server, the iLO 2 Security Override Switch might be a single jumper or a specific switch position on a dip switch panel. To access and locate the iLO 2 Security Override Switch, see the server documentation. The iLO 2 Security Override Switch can also be located using the diagrams on the server access panel. Trusted Platform Module support TPM is a hardware based system security feature. It is a computer chip that securely stores artifacts used to authenticate the platform.
Login security iLO 2 provides several login security features. After an initial failed login attempt, iLO 2 imposes a delay of five seconds. After a second failed attempt, iLO 2 imposes a delay of 10 seconds. After the third failed attempt, and any subsequent attempts, iLO 2 imposes a delay of 60 seconds. All subsequent failed login attempts cycles through these values. An information page appears during each delay. This continues until a valid login is completed.
• The SSL Key Length button to choose between 2048 or 1024 bit private key length for CSR. • The Customized CSR radio button to choose between CSR with custom or default subject fields. • The Country field for configuring the CSR subject country name. • The State or Province field for configuring the CSR subject state name. • The Organization Name field for configuring the CSR subject organization name. • The Organization Unit field for configuring the CSR subject organization unit name.
identity by providing both factors. You can store your digital certificates and private keys wherever you choose, for example, on a smart card, USB token, or hard drive. The Two-Factor Authentication tab enables you to configure security settings and review, import, or delete a trusted CA certificate. The Two-Factor Authentication Enforcement setting controls whether two-factor authentication is used for user authentication during login. To require two-factor authentication, click Enabled.
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. Obtain the public certificate from the CA that issues user certificates or smart cards in your organization. Export the certificate in Base64-encoded format to a file on your desktop (for example, CAcert.txt). Obtain the public certificate of the user who needs access to iLO 2. Export the certificate in Base64-encoded format to a file on your desktop (for example, Usercert.txt). Open the file CAcert.
6. 7. 8. 9. 10. 11. 12. 13. 14. Click inside the white text area so that your cursor is in the text area, and paste the contents of the clipboard by pressing the Ctrl+V keys. Click Import Root CA Certificate. The Two-Factor Authentication Settings page appears again with information displayed under Trusted CA Certificate Information. Change Enforce Two-Factor authentication to Yes. Change Certificate Revocation Checking to No (default). Change Certificate Owner Field to SAN.
After you have selected a certificate, if the certificate is protected with a password, or if the certificate is stored on a smart card, a second page appears prompting you to enter the PIN or password associated with the chosen certificate. The certificate is examined by iLO 2 to ensure it was issued by a trusted CA by checking the signature against the CA certificate configured in iLO 2. iLO 2 determines if the certificate has been revoked and if it maps to a user in the iLO 2 local user database.
Authentication using Default Directory Schema, part 1: The distinguished name for a user in the directory is CN=John Doe,OU=IT,DC=MyCompany,DC=com, and the following are the attributes of John Doe's certificate: • Subject: DC=com/DC=MyCompany/OU=IT/CN=John Doe • SAN/UPN: john.doe@MyCompany.com Authenticating to iLO 2 with username:john.doe@MyCompany.com and password works if two-factor authentication is not enforced.
Configuring directory settings iLO 2 enables administrators to centralize user account administration using directory services. You must have the Configure iLO 2 Settings privilege to configure and test the iLO 2 directory services. To access Directory Settings, click Administration>Security>Directory. iLO 2 directory settings enable you to control directory-related behavior for the iLO 2 directory you are logged in to.
iLO 2 directory server settings enables you to identify the directory server address and port. These settings include: • Directory Server Address – Enables you to specify the network DNS name or IP address of the directory server. You can specify multiple servers, separated by a comma (,) or space ( ). If Use Directory Default Schema is selected, enter a DNS name in the Directory Server Address field to allow authentication with user ID. For example: directory.hp.com 192.168.1.250, 192.168.1.
To test the communication between the directory server and iLO 2, click Test Settings. For more information, see “Directory tests” (page 53). Directory tests To validate current directory settings for iLO 2, click Test Settings on the Directory Settings page. The Directory Tests page appears. The test page displays the results of a series of simple tests designed to validate the current directory settings. Additionally, it includes a test log that shows test results and any issues that have been detected.
Encryption settings You can view or modify the current encryption settings using the iLO 2 interface, CLP, or RIBCL. To view or modify current encryption settings using the iLO 2 interface: 1. Click Administration>Security>Encryption. The Encryption page appears, displaying the current encryption settings for iLO 2. Both the current negotiated cipher and the encryption enforcement settings appear on this page. • Current Negotiated Cipher displays the cipher in use for the current browser session.
NOTE: Incorrectly editing the registry can severely damage your system. HP recommends creating a back up of any valued data on the computer before making changes to the registry. For information on how to restore your registry, see the Microsoft Knowledge Base article at http:// support.microsoft.com/kb/307545. To connect to iLO 2 through an SSH connection, see your SSH utility documentation to set the cipher strength.
Adding HP SIM trusted servers You can install HP SIM server certificates using scripting that is suitable for mass deployment. For more information, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide at http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp? contentType=SupportManual&lang=en&cc=us&docIndexId=64179&taskId=135& prodTypeId=18964&prodSeriesId=1146658. To add HP SIM server records using a browser: 1.
Setting up HP SIM SSO The HP SIM SSO page allows you to view and configure the existing iLO 2 Single Sign-On settings. You must have the Configure iLO 2 privilege to alter these settings. To access iLO 2 SSO settings, click Administration>Security>HP SIM SSO.
certificate is imported, but the certificate has expired, SSO is not allowed from that server. Additionally, the records are not used when SSO is disabled. iLO 2 does not enforce SSO server certificate revocation. — Status – Indicates the status of the record (if any are installed). — Description – Displays the server name (or certificate subject). A thumbnail of a certificate indicates that the record contains a stored certificate. — Actions – Displays the actions you can take on a selected record.
4. L_SHIFT F7 4 h R_SHIFT F8 5 i L-CTRL F9 6 j R_CTRL F10 7 k L_GUI F11 8 l R_GUI F12 9 m INS " " (Space) : n DEL ! ; o HOME " < p END # = q PG_UP $ > r PG_DN % ? s ENTER & @ t TAB ' [ u BREAK ( \ v BACKSPACE ) ] w NUM PLUS * ^ x NUM MINUS + _ y SCRL LCK , ' z SYS RQ - a { F1 . b } F2 / c | F3 0 d ~ Click Apply to save changes. This feature can also be configured using scripting or command lines.
1. 2. 3. 4. Log in to iLO 2 using an account that has the Configure iLO 2 Settings privilege. Click Administration>Network. Select Network Settings or DHCP/DNS. Change the settings as needed. After completing any parameter changes, click Apply to complete the changes. iLO 2 restarts, and the connection of your browser to iLO 2 terminates. To reestablish a connection, wait 60 seconds before launching another browser session and logging in.
NOTE: If autosense is disabled, the network switch must match the iLO 2 settings to prevent iLO 2 access issues. You are not permitted to modify the NIC speed settings and autosense options on blade servers. These settings are auto negotiated between iLO 2 and the Onboard Administrator. iLO 2 subsystem name limitations The iLO 2 subsystem name represents the DNS name of the iLO 2 subsystem. For example, ilo instead of ilo.hp.com.
iLO 2 Shared Management Port features and restrictions iLO 2 Shared Network Port and the iLO 2 Dedicated Management NIC port are used for iLO 2 server management. You can only use the iLO 2 Shared Network Port and the iLO 2 Dedicated Management NIC port for iLO 2 server management. The iLO 2 Shared Network Port and the iLO 2 Dedicated Management NIC port cannot operate simultaneously. If you enable the dedicated iLO 2 NIC, you will disable the iLO 2 Shared Network Port.
After iLO 2 resets, the Shared Network Port feature is active. Any network traffic going to or originating from iLO 2 is directed through the system's NIC port 1. Enabling the iLO 2 Shared Network Port feature through the web interface 1. 2. 3. 4. 5. 6. Connect iLO 2 NIC port 1 to a LAN. Open a browser, and browse to the iLO 2 IP address or DNS name. Select Administration>Network Settings. On the Network Settings page, select Shared Network Port.
The following options are available: • DHCP allows you to select static IP (disabled) or enable the use of a DHCP server to obtain an IP address for the iLO 2 subsystem. You cannot set the iLO 2 IP address if DHCP is enabled. Disabling DHCP allows you to configure the IP address. The IP Address field also appears on the Network Settings page for your convenience. Changing the value on either page changes the DHCP setting. 64 • IP Address is the iLO 2 IP address.
• Ping Gateway on Startup option causes iLO 2 to send four ICMP echo request packets to the gateway when iLO 2 initializes. This option ensures that the ARP cache entry for iLO 2 is up-to-date on the router responsible for routing packets to and from iLO 2. • DHCP Server is the IP address of the DHCP server. This field cannot be assigned. It is received from DHCP if DHCP is enabled and represents the last known valid DHCP server address.
To configure alerts: 1. Log in to iLO 2 using an account that has the Configure iLO 2 Settings privilege. 2. Select Management in the Administration tab. The SNMP/Insight Manager Settings screen appears. 3. In the SNMP Alert Destination(s) fields, enter up to three IP addresses that you want to receive the SNMP alerts and select the alert options you want iLO 2 to support. 4. Click Apply Settings.
processor detects the host system is in reset because of events unknown to the management processor. Certain operating system behavior or actions can cause this type of event to be detected, and the alert transmitted. • ALERT_ILLEGAL_LOGIN – An SNMP alert transmitted when a connection is attempted using an invalid username and password. This alert is transmitted regardless of connection type; web interface, serial port, Telnet, SSH, or RIBCL.
ProLiant BL p-Class configuration ProLiant BL p-Class servers can be accessed and configured through the: • The iLO 2 Diagnostic Port on the front of the server • Browser-based setup, which initially configures the system through the iLO 2 Diagnostic Port.
1. 2. 3. 4. 5. Install a server blade in bay 1 of the BL p-Class enclosure. The server blade does not need to be configured or have an operating system installed. The server blade must be configured before installing any additional blades in the enclosure. Connect a client device to the front-panel iLO 2 port of the blade using the local I/O cable. The local I/O cable connects to the I/O port on the front of the server blade. This connection enables the static IP 192.168.1.
Ending IP Address (Bay 16) – Assigns the ending IP address. All IP addresses must be valid addresses. Subnet Mask – Assigns the subnet mask for the default gateway. This field might be filled in if either Static IP Bay Configuration or DHCP is enabled. The entire IP address range must conform to the subnet mask. Gateway IP Address – Assigns the IP address of the network router that connects the Remote Insight subnet to another subnet where the management PC resides.
Click Cancel to close the automated setup wizard. Click Next to set up your blade server. The setup wizard will guide you through: 1. iLO 2 configuration 2. Server RAID verification 3. Virtual media connection 4. Software installation The iLO 2 firmware configuration screen This screen enables you to change the following settings: • Administrator password. HP recommends changing the default password. • Network configuration settings.
addresses for other iLO 2s in the enclosure. After you click Next, you are prompted to verify that you want to use DHCP for this iLO 2 IP address. • Enable DHCP (No) and Enable Static IP Bay Configuration (Yes) This configuration causes the iLO 2 being configured to set its IP address according to the settings specified through the Static IP Bay Configuration. Clicking Next displays the Static IP Bay Configuration page.
Install Software screen This step of the installation wizard enables you to launch the Remote Console and install the operating system. To start the operating system installation process: • Click Launch Software Installation to launch the Remote Console. iLO 2 automatically initiates a server power-on or reboot to start the operating system installation through the previously selected virtual media. • Accept security certificates as they appear. Click Finish to complete the setup process.
4 Using iLO 2 System status and status summary information When you first access iLO 2, the interface displays the Status Summary page with system status and status summary information, and provides access to health information, system logs, and Insight Agent information. The options available in the System Status section are: Summary, System Information, iLO 2 Log, IML, Diagnostics, iLO 2 User Tips, and Insight Agents.
• UID Light – Displays the state of the UID light when the page was loaded. You can control the UID state using the Turn UID On button in addition to the physical UID buttons on the server chassis. The UID helps you identify and locate a system, especially in high-density rack environments. Additionally, the UID indicates that a critical operation is underway on the host, such as Remote Console access or firmware update. CAUTION: Never remove power from a server with a flashing UID.
(ability to handle a failure). The subsystems can include fans, temperature sensors, power supplies, and voltage regulator modules. • Fans – Displays the state of the replaceable fans in the server chassis. This data includes the area that is cooled by each fan and current fan speeds. • Temperatures – Displays the temperature conditions monitored at sensors in various locations in the server chassis, and the processor temperature.
below the caution threshold. If one or more sensors exceed this threshold, iLO 2 implements the recovery policy to prevent damage to server components. • If the temperature exceeds the caution threshold, the fan speed is increased to maximum. • If the temperature exceeds the critical temperature, a graceful server shutdown is attempted. • If the temperature exceeds the fatal threshold, the server is immediately turned off to prevent permanent damage.
failed authentications. You can configure tracking failed login attempts for every attempt or every second, third, or fifth attempt, and captures the client name for each logged entry to improve auditing capabilities in DHCP environments, as well as recording account name, computer name, and IP address. When login attempts fail, iLO 2 also generates alerts and sends them to a remote management console. Events logged by higher versions of iLO 2 firmware might not be supported by earlier versions.
• Temperature normal • Automatic shutdown started • Automatic shutdown cancelled Diagnostics The Diagnostics option on the System Status tab displays the Server and iLO 2 Diagnostics screen. The Server and iLO 2 Diagnostic screen displays iLO 2 self-test results, and provides options to generate an NMI to the system and to reset iLO 2. NOTE: When connected through the Diagnostics Port, the directory server is not available. You can log in using a local account only.
have the Configure iLO 2 privilege (configure local device settings) to reset iLO 2 using this option. Insight Agents The HP Insight Management Agents support a browser interface for access to runtime management data through the HP System Management Homepage. The HP System Management Homepage is a secure web-based interface that consolidates and simplifies the management of individual servers and operating systems.
system. Remote Console operates with all operating systems and browsers supported by iLO 2. • “Remote Serial Console” (page 100) – Provides access to a VT320 serial console through a Java applet-based console connected to the iLO 2 Virtual Serial Port. The Remote Serial Console is available without an additional license and is suitable for host operating systems that do not require access to the graphical console. Standard iLO 2 provides server console access from server power-on through POST.
The Remote Console Settings page includes three tabs: Settings • High Performance Mouse settings can help alleviate remote console mouse synchronization issues, but this feature is not supported on all operating systems. The effects of changing the settings take place when remote console is started or restarted. The following options are available: — Disabled – Enables the mouse to use the relative coordinates mode which is compatible with most host operating systems.
can be captured. You can change the enabled buffers at any time to maximize buffer utilization. When the buffer configuration is changed, both buffers are reset and information currently in the buffers at that time is lost. — • Auto Export/Fault Buffer allows you to enable or disable automatically exporting captured console data. Export Boot/Fault Buffer enables you to specify the URL location of a web server that accepts a PUT or POST Method data transfer. For example: http://192.168.1.
not necessarily reflect the state of the server keyboard. However, pressing any of the locking keys will change that Lock state on the server. To define a Remote Console hot key: 1. Click Remote Console>Hot Keys. 2. Select the hot key you want to define, and use the drop-down boxes to select the key sequence to be transmitted to the host server when you press the hot key. 3. Click Save Hot Keys when you have finished defining the key sequences.
F10 8 m F11 9 n SYS RQ Hot keys and international keyboards To set up hot keys on an international keyboard, select keys on your keyboard in the same position on a US keyboard. To create a hot key using the international AltGR key, use R_ALT in the key list. Use the US keyboard layout shown to select your keys. Shaded keys do not exist on a US keyboard. • The green shaded key is known as the Non-US \ and | keys on an international keyboard.
Console is a licensed feature available with the purchase of optional licenses. For more information, see “Licensing” (page 26). The Integrated Remote Console supports four simultaneous remote console sessions with the same server if enabled through the Remote Console Settings screen, SMASH CLI (OEM), or RIBCL. For more information about using multiple remote console sessions, see “Multi-user access to the Integrated Remote Console” (page 89).
• Replay (play icon on the main menu) – Displays the Replay Console. The Replay Console provides playback control of the selected data buffer and displays elapsed playback time. The Replay Console has the following options: ◦ ◦ Click Play to start the playback. After you click Play, you can: – Click Pause to stop the playback and hold the current position. To resume playback, click Play from the paused state and the playback resumes from the current position.
• Power (green power icon) – Displays the power status and allows you to access the power options. The power button is green when the server is powered up. When you press Power the Virtual Power Button screen appears with four options: Momentary Press, Press and Hold, Cold Boot, and Reset System. When either the Drives or Power button is pressed, the menu displayed remains open even when the mouse is moved away from the menu bar.
Both the Integrated Remote Console and the Remote Console applets send absolute and relative mouse cursor coordinates to iLO 2. When iLO 2 is in High Performance Mouse mode, it discards the relative coordinates and sends the absolute coordinates to the USB tablet mouse emulator. The result is that the server "sees" the mouse move as if the coordinate information had originated from a local USB tablet mouse.
Shared Remote Console is a licensed feature available with the purchase of optional licenses. For more information, see “Licensing” (page 26). Shared Remote Console and Forced Switch mode are disabled by default. You must enable and configure these features through the browser, SMASH CLI (OEM), or RIBCL. All console sessions are encrypted by authenticating the client first, and then the session leader decides whether to allow the new connection.
iLO Video Player user interface When you launch HP iLO Video Player, the user interface appears and serves as the control point for all playback functions. iLO Video Player menu options: • • • File ◦ Open – Opens a video capture file. ◦ Exit – Closes the iLO Video Player. Controls ◦ Play – Plays or restart the current video capture file. ◦ Stop – Stop playback of the current video capture file. ◦ Skip to Start – Restarts playback of the current video capture file.
iLO Video Player controls Control Name Function Play/Pause Starts playback if the currently selected file is not playing or is paused. If playback is in progress, it pauses the file. If no file is selected, the button is disabled. Stop Stops playback. If no file is selected, the button is disabled. Skip to Start Restarts playback from the beginning of the file. If no file is selected, the button is disabled. Seek Moves the playback video forward or backward.
When you click Acquire, you are prompted to verify that you want to interrupt the other user's Remote Console session. The other user receives a notification that another user has acquired the Remote Console session after losing the connection. No prior warning is given. After you confirm you want to proceed with the acquire operation, you are notified by an alert window that the operation could take 30 seconds or longer to complete.
Remote Console uses dual cursors to help you distinguish between the local and remote mouse pointers. The client computer's mouse cursor appears in the Remote Console as a crosshair symbol. For best performance, be sure to configure the host operating system display as described in “Recommended client settings” (page 94)and “Recommended server settings” (page 95).
Use the following client and browser settings to optimize performance: • • • Display Properties — Select an option greater than 256 colors. — Select a greater screen resolution than the screen resolution of the remote server. — Linux X Display Properties On the X Preferences screen, set the font size to 12. Remote Console — For Remote Console speed, HP recommends using a 700-MHz or faster client with 128 MB or more of memory.
remote console. The iLO 2 Remote Serial Console applet appears as a text-based console, but the information is rendered using graphical video data. iLO 2 displays this information through the remote console applet while in the server pre-operating system state, enabling a non-licensed iLO 2 to observe and interact with the server during POST activities.
To use the iLO 2 Text Console feature successfully, you must update the HOST ROM. iLO 2 supports iLO 2 Text Console on the following HP ProLiant servers: • ML350 G5 • SE326 M1 • DL380 G6 • BL685c G6 • ML370 G5 • DL320 G6 • DL360 G6 • BL280c G6 • DL360 G5 • ML330 G6 • BL2x220c G6 • BL460c G6 • DL380 G5 • ML/DL 370 G6 • BL460c G1 • DL580 G5 • DL785 G6 • BL480c G1 • SE316 M1 • ML350 G6 • BL680c G5 Using the iLO 2 Text Console To start an iLO 2 Text Console session: 1.
To control the translation, use the xlt option with the appropriate reference number.
Character value Description Mapped equivalent 0x1B Right arrow > 0x1E Up pointer ^ 0x1F Down pointer v 0xFF Shaded block blank space Using a Linux session You can run an iLO 2 virtual serial port on a Linux system, if the system is configured to present a terminal session on the serial port. This feature enables you to use a remote logging service. You can remotely log on to the serial port and redirect output to a log file. Any system messages directed to the serial port are logged remotely.
Using the iLO 2 remote serial console, the remote user is able to perform operations such as interacting with the server POST sequence and operating system boot sequence; establishing a login session with the operating system, interacting with the operating system; and executing and interacting with applications on the server operating system. Users of the Microsoft Windows Server 2003 operating system have the ability to execute the EMS subsystem through the remote serial console.
After the server completes POST, the server system ROM transfers control to the operating system boot loader. If you are using Linux, you can configure the operating system boot loader to interact with the server serial port instead of the keyboard, mouse, and VGA console. This configuration enables you to view and interact with the operating system boot sequence through the Remote Serial console. For an example of a Linux operating system boot loader, see “Linux configuration example” (page 101).
Windows EMS Console The Windows EMS Console, if enabled, provides the ability to perform Emergency Management Services in cases where video, device drivers, or other operating system features have prevented normal operation and normal corrective actions from being performed. iLO 2, however, enables you to use EMS over the network through a Web browser. Microsoft EMS enables you to display running processes, change the priority of processes, and halt processes.
Serial Port Configuration displays server configuration information, available serial ports, and virtual serial port status. Status appears as: • Available – The virtual serial port is not in use • In use – Normal mode when the virtual serial port is connected normally • In use – Raw mode when the WiLODbg.exe utility is used to connect When the virtual serial port is in use, the Disconnect button is enabled and can be used to terminate any type of virtual serial port connection.
This example starts WinDBG.exe with an additional command line of -b and uses a direct socket connection from WinDBG.exe to iLO 2 on port 3002. • To connect to iLO 2 at 16.100.226.57 and validate the iLO 2 user with the username of admin and password mypass, and start kd with an additional command line for kd of -b: wilodbg 16.100.226.
To access iLO 2 Virtual Media devices using the graphical interface, select Virtual Media on the Virtual Devices tab. An applet loads in support of the Virtual Floppy or Virtual CD/DVD-ROM device. Virtual Media and Windows 7 By default, Windows 7 powers off the ILO virtual hub when no virtual media devices are enabled or connected during boot. To prevent this issue, manually override the power management feature in the Windows 7 through the Control Panel so the virtual hub does not power down. 1.
To use an image file: 1. From the Virtual Floppy/USBKey section of the Virtual Media applet, select Local Image File . 2. To locate the image file using the Choose Disk Image File dialog box, enter the path or file name of the image in the text-box, or click Browse. To ensure the source diskette or image file is not modified during use, select the Force read-only access option. 3. Click Connect.
obscured and unavailable during this time. You cannot use a physical local floppy drive and the Virtual Floppy simultaneously. • Windows Server 2008 or later and Windows Server 2003 Virtual Floppy and USB key drives appear automatically after Microsoft Windows has recognized the mounting of the USB device. Use it as you would a locally attached device.
When the drive letter shows as mounted, the drive will now be accessible through the server GUI as well as the system console. When the Virtual Floppy Drive is mounted, if the media is changed in the local floppy drive, you must reissue the lfvmount command on the server console to see the new media in the NetWare 6.5 operating system. Mounting USB Virtual Media/USBKey in Linux 1. 2. 3. Access iLO 2 through a browser. Select Virtual Media in the Virtual Devices tab.
Changing diskettes When using the iLO 2 Virtual Floppy or USB key drive, and the physical diskette drive on the client machine is a USB diskette drive, disk change operations will not be recognized. For example, in this configuration, if a directory listing is obtained from a floppy diskette and the diskette is changed, a subsequent directory listing will show the listing for the first diskette.
1. 2. 3. Select Local Image File within the Virtual CD/DVD-ROM section of the Virtual Media applet. Enter the path or file name of the image in the text box or click Browse to locate the image file using the Choose Disk Image File dialog. Click Connect. The connected drive icon and LED will change state to reflect the current status of the Virtual CD/DVD-ROM. When connected, virtual devices are available to the host server until you close the Virtual Media applet.
3. 4. Select the CD/DVD-ROM to be used and click Connect. Mount the drive using the following command: mount /dev/cdrom1 /mnt/cdrom1 For SLES 9: mount /dev/scd0 /media/cdrom1 Creating iLO 2 disk image files The iLO 2 virtual media feature enables you to create diskette and CD-ROM image files within the same applet. Creation of DVD image files using the Virtual Media applet is not supported. The image files created from the applet are ISO-9660 file system images.
on a local or networked directory that is accessible through the client, mounted and dismounted as a Virtual Media device. Virtual folder operating system notes • MS-DOS During boot and MS-DOS sessions, the Virtual Folder device appears as a standard BIOS floppy drive. This device appears as drive A. If a physically attached floppy drive exists, it is obscured and unavailable during this time. You cannot use a physical local floppy drive and the Virtual Folder simultaneously.
down the operating system. An operating system shutdown must be initiated using the Remote Console before using the Virtual Power Button options. The following options are available: • Momentary Press button provides behavior identical to pressing the physical power button. • Press and Hold is identical to pressing the physical power button for five seconds and then releasing it. This option provides the ACPI-compatible functionality that is implemented by some operating systems.
• The Power Regulator for ProLiant section has the following options: ◦ Enable HP Dynamic Power Savings Mode sets the processor to dynamically set the power level based on usage. ◦ Enable HP Static Low Power Mode sets the processor to minimum power. ◦ HP Static High Performance Mode sets the processor to the highest supported processor state and forces it to stay in that state. ◦ Enable OS Control Mode sets the processor to maximum power.
◦ If the server has the hardware and software to support dynamic power capping, the message System supports Dynamic Power Capping appears. Dynamic power capping provides electrical circuit breaker protection. ◦ If the message System supports Dynamic Power Capping does not appear, the server supports normal power capping. Normal power capping does not react fast enough to provide electrical circuit breaker protection.
The Power Meter Readings section displays the following: • The data graph displays the power usage of the server over the previous 24 hours. iLO 2 collects power usage information from the server every 5 minutes. For each five-minute interval, the peak and average power usage is stored in a circular buffer. These two values appear in the form of a bar graph, with the average values in blue and the peak values in red. This data resets whenever either the server or iLO 2 is reset.
You must have the Configure iLO 2 Settings privilege to view the Power Regulator for ProLiant Data page. Power Regulator for ProLiant Data is a licensed feature available with the purchase of optional licenses. For more information, see “Licensing” (page 26). To access the Power Regulator for ProLiant Data page, click Power Management>Processor States.
You can configure HEM only through the RBSU. You cannot modify these settings through iLO. Settings for HEM are Enabled or Disabled (also called Balanced Mode), and Odd or Even supplies as primary. These settings are visible in the High Efficiency Mode & Standby Power Save Mode section of the System Information>Power tab.
Brown-Out recovery A brown-out condition occurs when power momentarily is lost to the server. A brown-out interrupts the operating system, but does not interrupt the iLO firmware. Under brown-out conditions the iLO service remains uninterrupted for about 4 seconds (longer power interruptions result in black-outs). Support has been added to iLO to detect and recover from power brown-outs. If iLO detects that a brown-out has occurred, server power is restored after the power-on delay.
the blade with the diagnostic station and connecting to an existing network through a hub. The IP address is assigned by a DHCP server on a network. The BL p-Class tab enables you to control specific settings for the ProLiant BL p-Class blade server rack. iLO 2 also provides Web-based status for the ProLiant BL p-Class server rack. Rack View The Rack View page presents an overview of all the enclosures and the contained blade servers, network components, and power supplies.
Blade configuration and information The blade configuration option provides information regarding the identity, location, and network address of the blade selected on the Rack View page. To view these settings, select a blade component and select Configure on the “Rack View” (page 120) page. You can change some of the settings for the blade in which you are currently logged in. To save changes, click Apply.
Enclosure information Enclosure information is specific to the selected enclosure. Information about a particular enclosure is viewed by selecting Details located on the enumerated enclosure headers. A limited amount of rack information is available, including the name and serial number A basic set of information is available for the enclosures that do not contain the blade that you are logged in to. This information includes the name, serial number, and enclosure type.
The following fields are available: • Rack name • Rack serial number • Enclosure name • Enclosure serial number • Enclosure type • Firmware revision • Hardware revision • Load balance wire • Enclosure temperature • Enclosure temperature side A and B • Management Module UID Certain fields can be changed and updated by clicking Apply. Network component information Network component information displays the status of the patch panel or interconnect switch that has been selected.
Insufficient power notification iLO 2 turns the Server Health LED solid red if iLO 2 cannot power on the server because insufficient power is in the rack infrastructure. ProLiant BL p-Class alert forwarding iLO 2 supports blade infrastructure SNMP traps on a passthrough basis. Reporting of blade infrastructure status by iLO 2 does not require operating system support. The alerts (traps) originate from the Enclosure Manager and Power Supply Manager and are transmitted to iLO 2.
The Onboard Administrator option enables you to view a brief overview of the server system health as well as launch a browser (which launches the HP Onboard Administrator Rack View screen) or turn the UID Light on or off. Enclosure bay IP addressing During completion of the First Time Setup Wizard, you are asked to set up your enclosure bay IP addressing. For more information about the complete wizard setup process, see the HP BladeSystem Onboard Administrator User Guide.
16.100.226.32. If you set the interconnect bay EBIPA range to 16.200.139.51 to 16.209.139.58, the interconnect module management port in interconnect bay #1 is assigned 16.200.139.51 and the interconnect module management port in interconnect bay #7 is assigned 16.200.139.57. To enable EBIPA settings for the server bays in this enclosure, select Enable Enclosure Bay IP Addressing for Server Bay iLO 2 Processors, then enter the following information. 126 Field Possible value Beginning Address ###.###.
Dynamic power capping for server blades Dynamic power capping is an iLO 2 feature available for c-Class server blades and accessed through HP Onboard Administrator. For more information on all the power setting options for c-Class server blades, see the HP BladeSystem Onboard Administrator User Guide. Dynamic power capping is only available if your system hardware platform, BIOS (ROM), and power micro-controller firmware version support this feature.
For more information on Static Power Limit, see the HP BladeSystem Onboard Administrator User Guide. iLO 2 Virtual Fan In c-Class blade servers, the HP Onboard Administrator controls the enclosure fans. The iLO 2 firmware cannot detect these enclosure fans. Instead, the iLO 2 firmware monitors an ambient temperature sensor located on the blade server. This information displays on the iLO 2 interface and retrieved by the Onboard Administrator periodically.
BL p-Class and BL c-Class features The HP ProLiant BL p-Class and ProLiant c-Class servers share common features.
5 Directory services Overview of directory integration iLO 2 can be configured to use a directory to authenticate and authorize its users. Before configuring iLO 2 for directories, you must decide whether or not you want to use the HP Extended schema option. The advantages of using the HP Extended schema option are: • There is much more flexibility in controlling access. For example, access can be limited to a time of day or from a certain range of IP addresses.
Advantages and disadvantages of schema-free directories and HP schema directory Directories enhance security, enabling you to manage access and rights from a centralized location. Directories also enable flexible configuration. Some directory configuration practices work better with iLO 2 than others. Before configuring iLO 2 for directories, you must decide whether to use the schema-free directory or the HP schema directory integration methods.
admin named User1; you can copy the distinguished name of the domain admin security group over to iLO 2 and give it full privileges. User1 would then have access to iLO 2. Disadvantages of using schema-free directory integration • Supports only Microsoft Active Directory • Group privileges are administered on each iLO 2. However, this disadvantage is minimized by group privileges rarely changing, and the task of changing group membership is administered in the directory and not on each separate iLO 2.
7. 8. 9. Accept the default locations of the certificate database and the database log. Click Next. Browse to the c:\I386 folder when prompted for the Windows 2000 Advanced Server CD. Click Finish to close the wizard. Verifying certificate services Because management processors communicate with Active Directory using SSL, you must create a certificate or install Certificate Services. You must install an enterprise CA because you are issuing certificates to objects within your organizational domain.
1. Download and review the scripting and command line resource guide at http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp? contentType=SupportManual&lang=en&cc=us&docIndexId=64179&taskId=135& prodTypeId=18964&prodSeriesId=1146658. 2. Write a script that configures iLO 2 for schema-free directories support and run it. The following script can be used as a template. PAGE 135Better Login Flexibility • In addition to the minimum settings, enter at least one directory user context. At login time, the login name and user context are combined to make the user's distinguished name. For instance, if the user logs in as JOHN.SMITH and a user context is set up as CN=USERS,DC=HP,DC=COM, then the distinguished name that iLO 2 tries is CN=JOHN.SMITH,CN=USERS,DC=HP,DC=COM. Maximum Login Flexibility • Configure iLO 2 as described.
Setting up HP schema directory integration When using the HP schema directory integration, iLO 2 supports both Active Directory and eDirectory. However, these directory services require the schema being extended. Features supported by HP schema directory integration iLO 2 Directory Services functionality enables you to: • Authenticate users from a shared, consolidated, scalable user database. • Control user privileges (authorization) using the directory service.
For more information on managing the directory service, see “Directory-enabled remote management” (page 156). Examples are available in “Directory services for Active Directory” (page 140) and “Directory services for eDirectory” (page 149). 5. Handle exceptions • Lights-Out migration utilities are easier to use with a single Lights-Out role.
Schema required software iLO 2 requires specific software, which will extend the schema and provide snap-ins to manage the iLO 2 network. An HP Smart Component is available for download that contains the schema installer and the management snap-in installer. The HP Smart Component can be downloaded from the HP website at http://www.hp.com/servers/lights-out. You cannot run the schema installer on a domain controller that hosts Windows Server 2008 Core.
NOTE: Extending the schema on Active Directory requires that the user be an authenticated Schema Administrator, the schema is not write protected, and the directory is the FSMO role owner in the tree. The installer will attempt to make the target directory server the FSMO Schema Master of the forest. To get write access to the schema on Windows 2000 requires a change to the registry safety interlock.
Management snap-in installer The management snap-in installer installs the snap-ins required to manage iLO 2 objects in a Microsoft Active Directory Users and Computers directory or Novell ConsoleOne directory. iLO 2 snap-ins are used to perform the following tasks in creating an iLO 2 directory: • Creating and managing the iLO 2 and role objects (policy objects will be supported at a later date). • Making the associations between iLO 2 objects and the role (or policy) objects.
NOTE: Installing Directory Services for iLO 2 requires extending the Active Directory schema. Extending the schema must be completed by an Active Directory Schema Administrator. • Extending the Schema in the Microsoft Windows 2000 Server Resource Kit, available on the Microsoft website at http://msdn.microsoft.com).
1. 2. 3. Install Active Directory. For more information, refer to Installing Active Directory in the Microsoft Windows 2000 Server Resource Kit. Install the Microsoft Admin Pack (the ADMINPAK.MSI file, which is located in the i386 subdirectory of the Windows 2000 Server or Advance Server CD). For more information, refer to the Microsoft Knowledge Base Article 216999. In Windows 2000, the safety interlock that prevents accidental writes to the schema must be temporarily disabled.
a. b. c. Use the management snap-ins from HP to create iLO 2, Policy, Admin, and User Role objects. Use the management snap-ins from HP to build associations between the iLO 2 object, the policy object, and the role object. Point the iLO 2 object to the Admin and User role objects (Admin and User roles automatically point back to the iLO 2 object). For more information on iLO 2 objects, see “Directory services objects” (page 145).
2. Use the HP provided Active Directory Users and Computers snap-ins to create HP Role objects in the Roles organizational unit. a. Right-click the Roles organizational unit, select New then Object. b. Select Role for the field type in the Create New HP Management Object dialog box. c. Enter an appropriate name in the Name field of the New HP Management Object dialog box. In this example, the role contains users trusted for remote server administration and is called remoteAdmins. Click OK. d.
4. 5. Use the Lights Out Management tab to set the rights for the role. All users and groups within a role will have the rights assigned to the role on all of the iLO 2 devices managed by the role. In this example, the users in the remoteAdmins role is given full access to the iLO 2 functionality. Select the boxes next to each right, and then click Apply. Click OK to close the property sheet.
Each object represents a device, user, or relationship that is required for directory-based management. NOTE: After the snap-ins are installed, ConsoleOne and MMC must be restarted to show the new entries. After the snap-in is installed, iLO 2 objects and iLO 2 roles can be created in the directory. Using the Users and Computers tool, the user will: • Create iLO 2 and role objects. • Add users to the role objects. • Set the rights and restrictions of the role objects.
Active Directory role restrictions The Role Restrictions subtab allows you to set login restrictions for the role. These restrictions include: • Time restrictions • IP network address restrictions ◦ IP/mask ◦ IP range ◦ DNS name Time restrictions You can manage the hours available for logon by members of the role by clicking Effective Hours in the Role Restrictions tab. In the Logon Hours pop-up window, you can select the times available for logon for each day of the week in half-hour increments.
Enforced client IP address or DNS name access Access can be granted or denied to an IP address, IP address range, or DNS names. 1. In the By Default dropdown menu, select whether to Grant or Deny access from all addresses except the specified IP addresses, IP address ranges, and DNS names. 2. Select the addresses to be added, select the type of restriction, and click Add. 3. In the new restriction pop-up window, enter the information and click OK. The new restriction pop-up window displays.
The available rights are: • Login – This option controls whether users can log in to the associated devices. • Remote Console – This option enables the user access to the Remote Console. • Virtual Media – This option enables the user access to the iLO 2 virtual media functionality. • Server Reset and Power – This option enables the user access to the iLO 2 Virtual Power button to remotely reset the server or power it down.
Snap-in installation and initialization for eDirectory For step-by-step instructions on using the snap-in installation application, see “Snap-in installation and initialization for Active Directory” (page 142). NOTE: After the snap-ins are installed, ConsoleOne and MMC must be restarted to show the new entries.
3. Create HP Role objects in the roles organizational unit using the HP provided ConsoleOne snap-ins tool. a. Right-click the roles organizational unit found in the region2 organizational unit, and select New>Object. b. Select hpqRole from the list of classes, and click OK. c. Enter an appropriate name on the New hpqRole page. In this example, the role will contain users trusted for remote server administration and will be named remoteAdmins. Click OK. The Select Object Subtype page appears. d.
5. Using the same procedure as in step 4, edit the properties of the remoteMonitors role: a. Add the three iLO 2 devices within hp devices under region1 to the Managed Devices list on the Role Managed Devices option of the HP Management tab. b. Add users to the remoteMonitors role using the Members tab. c. Select the Login check-box, and click Apply>Close.
Members After user objects are created, the Members tab allows you to manage the users within the role. Clicking Add enables you to browse to the specific user you want to add. Highlighting an existing user and clicking Delete removes the user from the list of valid members.
eDirectory Role Restrictions The Role Restrictions subtab enables you to set login restrictions for the role. These restrictions include: • Time restrictions • IP network address restrictions • — IP/mask — IP range DNS name Time restrictions You can manage the hours available for logon by members of the role by using the time grid displayed in the Role Restrictions subtab. You can select the times available for logon for each day of the week in half-hour increments.
eDirectory Lights-Out Management After a role is created, rights for the role can be selected. Users and group objects can now be made members of the role, giving the users or group of users the rights granted by the role. Rights are managed on the Lights Out Management Device Rights subtab of the HP Management tab. The available rights are: • Login – This option controls whether users can log in to the associated devices.
• Server Reset and Power – This option allows the user to remotely reset the server or power it down. • Administer Local User Accounts – This option allows the user to administer accounts. The user can modify their account settings, modify other user account settings, add users, and delete users. • Administer Local Device Settings – This option allows the user to configure iLO 2 settings.
Directory” (page 140), and “Directory services for eDirectory” (page 149). In general, you can use the HP provided snap-ins to create objects. It is useful to give the LOM device objects meaningful names, such as the device network address, DNS name, host server name, or serial number. • Configure the Lights-Out management devices Every LOM device that uses the directory service to authenticate and authorize users must be configured with the appropriate directory settings.
An admin user gains the login right from the regular user group. More advanced rights are assigned through the Admin role, which assigns additional rights – Server Reset and Remote Console. The Admin role assigns all admin rights Server Reset, Remote Console, and Login. How directory login restrictions are enforced Two sets of restrictions potentially limit a directory user's access to LOM devices. User access restrictions limit a user's access to authenticate to the directory.
NOTE: When directories are enabled, access to a particular iLO 2 is based on whether the user has read access to a Role object that contains the corresponding iLO 2 object. This includes but is not limited to the members listed in the role object. If the Role is set up to allow inheritable permissions to propagate from a parent, then members of the parent which have read access privileges will also have access to iLO 2.
IP address and subnet mask restrictions IP address and subnet mask restrictions enable the administrator to specify a range of addresses that are granted or denied access by the restriction. This format has similar capabilities as an IP address range but might be more native to your networking environment. An IP address and subnet mask range is typically specified using a subnet address and address bit mask that identifies addresses that are on the same logical network.
Creating multiple restrictions and roles The most useful application of multiple roles includes restricting one or more roles so that rights do not apply in all situations. Other roles provide different rights under different constraints. Using multiple restrictions and roles enables the administrator to create arbitrary, complex rights relationships with a minimum number of roles.
Using bulk import tools Adding and configuring large numbers of LOM objects is time consuming. HP provides several utilities to assist in these tasks. • HP Lights-Out Migration utility The HP Lights-Out Migration utility, HPQLOMIG.EXE, imports and configures multiple LOM devices. HPQLOMIG.EXE includes a GUI that provides a step-by-step approach to implementing or upgrading large numbers of management processors. HP recommends using this GUI method when upgrading numerous management processors.
Compatibility The HPQLOMIG utility operates on Microsoft Windows and requires Microsoft .NET Framework. For additional information and to download .NET framework, see the Microsoft website at http:// www.microsoft.com/net. The HPQLOMIG utility supports the following operating systems: • • Active Directory — Windows 2000 — Windows Server 2003 Novell eDirectory 8.6.
To start the process of discovering your management processors: 1. Click Start and select Programs>Hewlett-Packard, Lights-Out Migration Utility to start the migration process. 2. Click Next to move past the Welcome screen. 3. Enter the variables to perform the management processor search in the Addresses field. 4. Enter your login name and password, and click Find. The Find button changes to Verify when the search is complete. You can also input a list of management processors by clicking Import.
Upgrading firmware on management processors The Upgrade Firmware screen enables you to update the management processors to the firmware version that supports directories. This screen also enables you to designate the location of the firmware image for each management processor by either entering the path or clicking Browse. NOTE: Binary images of the firmware for the management processors are required to be accessible from the system that is running the migration utility.
During the firmware upgrade process, all buttons are deactivated to prevent navigation. You can still close the application using the "X" at the top right of the screen. If the GUI is closed while programming firmware, the application continues to run in the background and completes the firmware upgrade on all selected devices. HPLOMIG supports firmware flash on servers with a TPM chip.
To configure the management processor for: • Directory Services, see “Configuring directories when HP Extended schema is selected” (page 168). • Schema-free (default schema) directories support, see “Setting up Schema-free directory integration” (page 132). Naming management processors This screen enables you to name Lights-Out management device objects in the directory and create corresponding device objects for all management processors to be managed.
4. 5. To change the names (optional), click Clear All Names, and rename the management processors. After the names are correct, click Next. Configuring directories when HP Extended schema is selected The Configure Directory screen enables you to create a device object for each discovered management processor and to associate the new device object to a previously defined role.
1. 2. 3. 4. 5. Enter the network address, login name, and password for the designated directory server. Enter the container distinguished name in the Container DN field, or click Browse. Associate device objects with a member of a role by entering the role distinguished name in the Role DN field, or click Browse. Click Update Directory. The tool connects to the directory, creates the management processor objects, and adds them to the selected roles.
Setting up management processors for directories The last step in the migration process is to configure the management processors to communicate with the directory. This screen enables you to create user contexts. User contexts enable the user to use short or user object names to log in, rather than the full distinguished name. For example, having a user context such as CN=Users,DC=RILOETEST2,DC=HP enables user "John Smith" to log in using John Smith, rather than CN=John Smith,CN=Users, DC=RILOETEST2,DC=HP.
When you click Configure, HPLOMIG displays the following message: The message indicates that, all 15 User contexts are applicable to only iLO 2 machines with supported firmware version (1.75 or later.) For all other management processors, only the first three User Context fields are applicable. 4. When the process completes, click Done.
Core classes Class name Assigned OID hpqTarget 1.3.6.1.4.1.232.1001.1.1.1.1 hpqRole 1.3.6.1.4.1.232.1001.1.1.1.2 hpqPolicy 1.3.6.1.4.1.232.1001.1.1.1.3 Core attributes Attribute name Assigned OID hpqPolicyDN 1.3.6.1.4.1.232.1001.1.1.2.1 hpqRoleMembership 1.3.6.1.4.1.232.1001.1.1.2.2 hpqTargetMembership 1.3.6.1.4.1.232.1001.1.1.2.3 hpqRoleIPRestrictionDefault 1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleIPRestrictions 1.3.6.1.4.1.232.1001.1.1.2.5 hpqRoleTimeRestriction 1.3.6.1.4.1.232.1001.1.1.2.
hpqPolicy OID 1.3.6.1.4.1.232.1001.1.1.1.3 Description This class defines Policy objects, providing the basis for HP products using directory-enabled management. Class Type Structural SuperClasses top Attributes hpqPolicyDN – 1.3.6.1.4.1.232.1001.1.1.2.1 Remarks None Core attribute definitions The following defines the HP Management core class attributes. hpqPolicyDN OID 1.3.6.1.4.1.232.1001.1.1.2.
Options Single Valued Remarks If this attribute is TRUE, then IP restrictions are satisfied for unexceptional network clients. If this attribute is FALSE, then IP restrictions are unsatisfied for unexceptional network clients. hpqRoleIPRestrictions OID 1.3.6.1.4.1.232.1001.1.1.2.5 Description Provides a list of IP addresses, DNS names, domain, address ranges, and subnets which partially specify right restrictions under an IP network address constraint. Syntax Octet String – 1.3.6.1.4.1.1466.115.
Lights-Out Management specific LDAP OID classes and attributes The following schema attributes and classes might depend on attributes or classes defined in the HP Management core classes and attributes. Lights-Out Management classes Class name Assigned OID hpqLOMv100 1.3.6.1.4.1.232.1001.1.8.1.1 Lights-Out Management attributes Class name Assigned OID hpqLOMRightLogin 1.3.6.1.4.1.232.1001.1.8.2.1 hpqLOMRightRemoteConsole 1.3.6.1.4.1.232.1001.1.8.2.2 hpqLOMRightVirtualMedia 1.3.6.1.4.1.232.1001.
Options Single Valued Remarks Meaningful only on ROLE objects, if TRUE, members of the role are granted the right. hpqLOMRightRemoteConsole OID 1.3.6.1.4.1.232.1001.1.8.2.2 Description Remote Console Right for Lights-Out Management Products. Meaningful only on ROLE objects. Syntax Boolean – 1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is only used on ROLE objects. If this attribute is TRUE, members of the role are granted the right. hpqLOMRightVirtualMedia OID 1.
hpqLOMRightConfigureSettings OID 1.3.6.1.4.1.232.1001.1.8.2.6 Description Configure Devices Settings Right for HP Lights-Out Management products. Syntax Boolean – 1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is only used on ROLE objects. If this attribute is TRUE, members of the role are granted the right.
6 HP Systems Insight Manager integration Integrating iLO 2 with HP SIM iLO 2 fully integrates with HP SIM in key operating environments. Full integration with Systems Insight Manager also provides a single management console for launching a standard Web browser to access. While the operating system is running, you can establish a connection to iLO 2 using HP SIM.
6. 7. 8. Click Add HP SIM Server. The HP Systems Insight Manager Single Sign-On Settings page displays. In Retrieve and import a certificate from a trusted HP SIM Server, enter the hostname or IP address of the HP SIM Server, and click Import Certificate. The server is added to the HP SIM trusted servers list on the HP SIM SSO tab. Log in to the HP SIM you entered in step 7 and discover this . After completing the discovery process, SSO is enabled for this iLO 2.
Clicking a status icon for iLO 2 takes you to the iLO 2 Web interface. Clicking the hardware status icon takes you to the Insight Management Agents for the device. Clicking the iLO 2 or server name takes you to the System Page of the device. Within the System Page are the Identity, Tools & Links, and Event tabs. These tabs provide identity and status information, event information, and links for the associated device. HP SIM systems lists iLO 2 management processors can be viewed within HP SIM.
NOTE: HP Insight Agents for iLO 2 must be installed on the remote host server to enable management of iLO 2. Refer to "Installing iLO 2 Device Drivers" for additional details about installing and configuring agents. HP SIM port matching HP SIM is configured to start an HTTP session to check for iLO 2 at port 80. The port can be changed. If you want to change the port number, you must also change it in Network Settings and HP SIM.
7 Troubleshooting iLO 2 iLO 2 POST LED indicators During the initial boot of iLO 2, the POST LED indicators flash to display the progress through the iLO 2 boot process. After the boot process is complete, the HB LED flashes every second. LED 7 also flashes intermittently during normal operation. The LED indicators (1 through 6) light up after the system has booted to indicate a hardware failure. If a hardware failure is detected, reset iLO 2.
LED indicator POST code (activity completed) Description Failure indicated None 00 Main_init() completed. Subsystem startup failed. HB and 7 Flashes as the iLO 2 processor executes firmware code. It does not change the value of the lower six LEDs. The iLO 2 microprocessor firmware includes code that makes consistency checks. If any of these checks fail, the microprocessor executes the FEH. The FEH presents information using the iLO 2 POST LED indicators.
Event log display Event log explanation iLO 2 reset by watchdog Displays when an error has occurred in iLO 2 and iLO 2 has reset itself. If this issue persists, call customer support. iLO 2 reset by host Displays when the server resets iLO 2. Recoverable iLO 2 error, code # Displays when a non-critical error has occurred in iLO 2 and iLO 2 has reset itself. If this issue persists, call customer support.
Event log display Event log explanation Remote Console Closed Displays when an authorized Remote Console user is logged out or when the Remote Console port is closed following a failed login attempt. Failed Console login Displays when an unauthorized user has failed three login attempts using the Remote Console port. IP Address: IP address Added User: User Displays when a new entry is made to the authorized user list.
Hardware and software link-related issues iLO 2 uses standard Ethernet cabling, which includes CAT5 UTP with RJ-45 connectors. Straight-through cabling is necessary for a hardware link to a standard Ethernet hub. Use a crossover cable for a direct PC connection. The iLO 2 Management Port must be connected to a network that is connected to a DHCP server, and iLO 2 must be on the network before power is applied. DHCP sends a request soon after power is applied.
Login issues Use the following information when attempting to resolve login issues: • Try the default login, which is located on the network settings tag. • If you forget your password, an administrator with the Administer User Accounts privilege can reset it. • If an administrator forgets his or her password, the administrator must use the Security Override Switch or establish an administrator account and password using HPONCFG.
iLO 2 RBSU unavailable after iLO 2 and server reset If the iLO 2 processor is reset and the server is immediately reset, there is a small chance that the iLO 2 firmware will not be fully initialized when the server performs its initialization and attempts to invoke the iLO 2 RBSU. In this case, the iLO 2 RBSU is unavailable or the iLO 2 Option ROM code is skipped altogether. If this situation occurs, reset the server a second time.
1. 2. Have only one active NIC on the client workstation. For example, disable the wireless network card. Configure the IP address of the client workstation network to match the iLO 2 Diagnostic Port network so that the following conditions are met: • The IP address setting is 192.168.1.X, where X is any number other than 1, because the IP address of the diagnostic port is set at 192.168.1.1. • The subnet mask setting is 255.255.255.0.
Proxy server issues If the Web browser software is configured to use a proxy server, it will not connect to the iLO 2 IP address. To resolve this issue, configure the browser not to use the proxy server for the IP address of iLO 2. For example, in Internet Explorer, select Tools>Internet Options>Connections>LAN Settings>Advanced, and then enter the iLO 2 IP address or DNS name in the Exceptions field.
Alert Explanation Rack Server Power On Failed The server was unable to power on because the BL p-Class rack indicated that insufficient power was available to power on the server. Rack Server Power On Manual Override The server was manually forced by the customer to power on despite the BL p-Class reporting insufficient power. Rack Name Changed The name of the ProLiant BL p-Class rack was changed.
ActiveX controls are enabled and I see a prompt but the domain/name login format does not work 1. 2. 3. 4. Log in with a local account and determine the directory server name. Verify the directory server name is a name and not an IP address. Verify you can ping the directory server name from your client. Run directory setup tests. Verify the ping was received successfully. For more information on testing directory settings, see “Directory tests” (page 53).
If the mouse still fails to operate correctly, or if this situation occurs frequently, verify that your mouse settings match those recommended in “Optimizing mouse performance for Remote Console or Integrated Remote Console” (page 88). Remote Console no longer opens on the existing browser session With the addition of the Terminal Services passthrough function, the behavior of the Remote Console applet is slightly different from previous versions of iLO 2 firmware.
Troubleshooting Integrated Remote Console issues Issues with Integrated Remote Console include: • Issues with Internet Explorer 7 • Apache web server setup for export • No console playback while server is powered down • Skipping information during boot and fault buffer playback Internet Explorer 7 and a flickering remote console screen Using Internet Explorer 7 with the remote screen can cause the remote console screen to flicker and become difficult to read.
Dav On Order allow,deny Allow from all No console replay while server is powered down Playback of capture buffers and recorded console sessions are not available any time the server is powered down. You can play back the captured buffers by exporting the buffers to a web server and playing the files on another server IRC console.
Inactive IRC The iLO 2 IRC might become inactive or disconnected during periods of high activity. The issue is indicated by an inactive IRC. IRC activity slows before becoming inactive. Symptoms of an affected IRC include: • The IRC display does not update. • Keyboard and mouse activity are not recorded. • Shared Remote Console requests do not register. • The Virtual Media connection displays an empty (blank) virtual media device.
GNOME interface does not lock Terminating an iLO 2 Remote Console or losing iLO 2 network connectivity does not lock the GNOME interface when iLO 2 and the GNOME interface are configured for the Remote Console Lock feature. The GNOME keyboard handler requires time to process key sequences that contain modifier keystrokes. This issue does not occur when key sequences are entered manually through the IRC, but it becomes an issue when the key sequence is sent by iLO 2.
Console applet is not trustworthy. The Remote Console cannot execute any code requiring a higher level of trust. If the Deny option is select, the Remote Console cannot launch the code required to activate the Terminal Services button. If you look in the Java Console, the following error message appears: "Security Exception - Access denied".
Virtual Media applet has a red X and does not display The Virtual Media applet might produce a red X if an unsupported browser or JVM is used, or if Enable All Cookies is not enabled. To correct this issue, ensure you are using a supported browser and JVM on your client by reviewing the support matrix found in “Supported browsers and client operating systems” (page 15). Also be sure Enable All Cookies is selected on the browser Preferences or Options menu. Some browsers do not enable cookies by default.
These multiple logins can confuse the browser. This confusion can appear as an iLO 2 issue; however, this is a manifestation of typical browser behavior. Several processes can cause a browser to open additional windows. Browser windows opened from within an open browser represent different aspects of the same program in memory. Consequently, each browser window shares properties with the parent, including cookies.
Displaying the current session cookie After logging in, you can force the browser to display the current session cookie by entering javascript:alert(document.cookie) in the URL navigation bar. The first field visible is the session ID. If the session ID is the same among the different browser windows, then these windows are sharing the same iLO 2 session. You can force the browser to refresh and reveal your true identity by pressing the F5 key, selecting View>Refresh, or using the refresh button.
• Firmware Maintenance CD-ROM – Download the component to create a bootable CD-ROM that contains many firmware updates for ProLiant servers and options. • Scripting with CPQLOCFG – Download CPQLOCFG component to get the network-based scripting utility, CPQLOCFG. CPQLOCFG enables you to use RIBCL scripts that perform firmware updates, iLO 2 configuration, and iLO 2 operations in bulk, securely over the network. HP recommends that Linux users review the HP Lights-Out XML PERL scripting samples for Linux.
If the file is found: • The put command transfers the file to iLO 2 • The image validates • The flash process begins If the file is not found: • Some versions of the put command do not display an error message NOTE: If the directory path includes spaces, enclose the path and filename in quotes. After the firmware image transfers, the recovery payload calculates the check sum, validates the digital signature, and reports if the image is valid.
The iLO 2 firmware does not respond to SSL requests The iLO 2 firmware does not respond to SSL requests when a Java warning appears. If a user is logging in to an iLO 2 browser connection and does not complete the login process by responding to the Java certificate warning, iLO 2 does not respond to future browser requests. The user must continue the login process to free the iLO 2 Web server. Testing SSL The following test checks for the correct security dialog prompt.
To remove the Server Name field after a redeployment of a server, do one of the following: • Load the Insight Manager Agents to update the Server Name field with the new server name. • Use the Reset to Factory Defaults feature of the iLO 2 RBSU utility to clear the Server Name field. This procedure clears all iLO 2 configuration information, not just the Server Name information. • Change the server name on the Administration>Access>Options page on the iLO 2 browser interface.
8 Technical support Support information HP iLO Advanced Pack and HP iLO Advanced Pack for Blade System included with Insight Control suites and iLO Power Management Pack include one year of 24 x 7 HP Software Technical Support and Update Service. This service provides access to HP technical resources for help in resolving software implementation or operations issues.
• Software and Drivers download pages are on the HP website at http://www.hp.com/support. These pages provide the latest software and drivers for your ProLiant products. • Management Security is on the HP website at http://www.hp.com/servers/manage. HP is proactive in its approach to the quality and security of all its management software. Be sure to check this website often for the latest downloadable security updates. • Obtain the latest SmartStart firmware on the HP website at http://www.hp.
Acronyms and abbreviations ACPI Advanced Configuration and Power Interface ARP Address Resolution Protocol ASCII American Standard Code for Information Interchange ASM Advanced Server Management ASR Automatic Server Recovery BMC baseboard management controller CA certificate authority CLI Command Line Interface CLP command line protocol CR Certificate Request CRL certificate revocation list DAV Distributed Authoring and Versioning DDNS Dynamic Domain Name System DHCP Dynamic Host
KDE K Desktop Environment (for Linux) KVM keyboard, video, and mouse LAN local-area network LDAP Lightweight Directory Access Protocol LED light-emitting diode LOM Lights-Out Management LSB least significant bit MAC Media Access Control MLA Master License Agreement MMC Microsoft Management Console MP Multilink Point-to-Point Protocol MTU maximum transmission unit NIC network interface controller NMI non-maskable interrupt NVRAM non-volatile memory PERL Practical Extraction and
VPN virtual private networking VRM voltage regulator module WINS Windows Internet Naming Service WS web services XML extensible markup language 210 Acronyms and abbreviations
Index A access options Configuring iLO 2 access, 32 iLO 2 Remote Console and Remote Serial Console access, 40 Remote Console overview and licensing options, 81 access, VT320 serial console, 100 accessing Onboard Administrator, 124 accessing software, browser, 21 ACPI (Advanced Configuration and Power Interface), 112 acquire, remote console, 92 Active Directory integration Active Directory installation prerequisites, 140 Active Directory Lights-Out management, 148 Directory services for Active Directory, 140
setting up iLO 2 with the browser-based option, 21 browsers, supported, 15 bulk import tools, 162 C CA (certificate authority) Installing certificate services, 132 Setting up a user for two-factor authentication, 48 Two-factor authentication, 45 Two-factor authentication login, 48 Using two-factor authentication with directory authentication, 49 Verifying certificate services, 133 CD-ROM, virtual, 109 certificate authority (CA) Installing certificate services, 132 Setting up a user for two-factor authentic
D data protection methods, 53 defining hot keys, 83 device drivers, installing Installing iLO 2 device drivers, 21 Novell NetWare device driver support, 22 DHCP (Dynamic Host Configuration Protocol) BL p-Class and BL c-Class features, 129 DHCP/DNS Settings, 63 iLO 2 Log, 77 Network, 59 Network Settings, 60 preparing to set up iLO 2, 17 DHCP/DNS settings, 63 diagnosing issues, 182 diagnostic port iLO 2 diagnostic port configuration parameters, 73 Inability to connect to the iLO 2 Diagnostic Port, 188 diagnos
Enforced client IP address or DNS name access, 148, 154 hpqRoleIPRestrictions, 174 Introduction to directory-enabled remote management, 156 domain/name login, 191 drive key, support, 106 DVD-ROM, virtual, 109 Dynamic Host Configuration Protocol (DHCP) BL p-Class and BL c-Class features, 129 DHCP/DNS Settings, 63 iLO 2 Log, 77 Network, 59 Network Settings, 60 preparing to set up iLO 2, 17 dynamic link library (DLL) HP Lights-Out directory package, 163 Inability to access ActiveX downloads, 201 enclosure, te
Configuring directories when HP Extended schema is selected, 168 HP Lights-Out directory package, 163 Results, 139 Setting up HP schema directory integration, 136 HP Insight Control software, 12 HP Lights-Out Migration Command Line (HPQLOMGC) HP Lights-Out directory package, 163 Using bulk import tools, 162 HP Onboard Administrator, 124 HP Onboard Administrator, iLO option, 128 HP Onboard Administrator, Web Administration, 128 HP schema directory integration Features supported by HP schema directory integra
IP address range restrictions, 159 Network Settings, 60 IPMI (Intelligent Platform Management Interface), 13 IRC (Integrated Remote Console) Configuring Remote Serial Console, 100 Integrated Remote Console option, 85 IRC Fullscreen, 85 No console replay while server is powered down, 195 power management, 112 Re-enabling the dedicated iLO 2 management port, 63 Server power data, 115 Troubleshooting alert and trap issues, 190 Using Console Capture, 90 Using multiple roles, 157 Virtual folder, 111 IRC, sharing
login access, 188 login issues, 187 login, failure, 187 login, privileges, 43 login, security, 44 login, two-factor authentication, 48 LOM access, HP Onboard Administrator iLO option, 128 Web Administration, 128 M MAC (media access control) Encryption, 53 NIC, 77 management port, re-enabling, 63 management processor name troubleshooting, 187 management processors, Finding management processors, 163 Selecting a directory access method, 166 management processors, naming, 167 media, virtual, 104 medium access
POST LED indicators, 182 power management brown-out recovery, 119 Dynamic power capping for server blades, 127 HP Insight Control Software deployment, 12 Power, 77 Power enclosure information, 122 power management, 112 power monitoring, 77 power regulator, 112 power regulator settings Dynamic power capping for server blades, 127 power management, 112 Server power settings, 113 power supply, status Power, 77 power management, 112 power, monitoring, 115 powering down Graceful shutdown, 118 power management, 1
Text-based console during POST, 95 Text-based remote console overview, 95 Using a Linux session, 99 Using iLO Text Console, 97 remote console, troubleshooting Inability to access virtual media or graphical remote console, 188 Inability to navigate the single cursor of the Remote Console to corners of the Remote Console window, 192 Remote Console applet has a red X when running Linux client browser, 192 Remote Console no longer opens on the existing browser session, 193 Remote console text window not updatin
Schema-free browser-based setup, 133 Schema-free directory integration, 131 Schema-free setup options, 134 schema-free, setup Active Directory preparation, 132 Configuring directories when schema-free integration is selected, 169 Schema-free browser-based setup, 133 Schema-free scripted setup, 133 Setting up management processors for directories, 170 screen capture and replay, 80 scripted setup, 133 scripts, 162 Secure Shell (SSH) Access options, 38 Configuring Remote Serial Console, 100 Connecting to the i
Schema-free scripted setup, 133 Schema-free setup options, 134 setup, scripted Schema-free scripted setup, 133 Setting up user accounts, 20 shared network port, enabling Enabling the iLO 2 Shared Network Port feature through iLO 2 RBSU, 62 Enabling the iLO 2 Shared Network Port feature through the web interface, 63 Re-enabling the dedicated iLO 2 management port, 63 shared network port, features Enabling the iLO 2 Shared Network Port feature, 62 iLO 2 Shared Management Port features and restrictions, 62 sha
Directory settings, 50 eDirectory installation prerequisites, 149 Encryption, 53 Finding management processors, 163 iLO 2 does not respond to SSL requests, 204 Inability to access the login page, 188 Inability to connect to the iLO 2 Diagnostic Port, 188 Introduction to certificate services, 132 Schema-free setup options, 134 Security, 40 Setup, 138 SSL certificate administration, 44 Testing SSL, 204 Verifying certificate services, 133 WS-Management compatibility overview, 13 SSL, WS-Management, 13 static I
U V UID (unit identification) Enclosure information, 122 iLO 2 BL c-Class tab, 124 Power enclosure information, 122 System status and status summary information, 74 WS-Management compatibility overview, 13 unit identification (UID) Enclosure information, 122 iLO 2 BL c-Class tab, 124 Power enclosure information, 122 System status and status summary information, 74 WS-Management compatibility overview, 13 updating drivers Linux device driver support, 22 Microsoft device driver support, 22 Novell NetWare de
Connecting to the iLO 2 using AES/3DES encryption, 54 Encryption, 53 High Performance Mouse settings, 88 preparing to set up iLO 2, 17 SSL certificate administration, 44 Upgrading iLO 2 firmware, 24 Using Console Capture, 90 Using iLO 2 Virtual Media devices, 104 Virtual media, 104 224 Index
