HP iLO 3 User Guide Abstract This guide provides information about configuring, updating, and operating HP ProLiant servers by using the HP iLO 3 firmware. This document is intended for system administrators, HP representatives, and HP Authorized Channel Partners who are involved in configuring and using HP iLO 3 and HP ProLiant servers. This guide discusses HP iLO for HP ProLiant servers and HP ProLiant BladeSystem server blades.
© Copyright 2011, 2014 Hewlett-Packard Development Company, L.P Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents 1 Introduction to iLO....................................................................................12 iLO iLO iLO iLO web interface...................................................................................................................12 RBSU...............................................................................................................................13 mobile app.......................................................................................................
Logging in to iLO by using an SSH client...............................................................................43 Configuring iLO security..........................................................................................................43 General security guidelines.................................................................................................43 iLO RBSU security..........................................................................................................
Configuring SNMP alert destinations....................................................................................85 Configuring Insight Management integration.........................................................................86 Using the iLO RBSU................................................................................................................87 Accessing the iLO RBSU......................................................................................................
Using Shared Remote Console (.NET IRC only)....................................................................119 Using Console Capture (.NET IRC only)..............................................................................120 Viewing Server Startup and Server Prefailure sequences...................................................121 Saving Server Startup and Server Prefailure video files.....................................................121 Capturing video files....................................
Managing the server power..............................................................................................144 Configuring the System Power Restore Settings.....................................................................146 Viewing server power usage..............................................................................................146 Viewing the current power state.........................................................................................
Setting up schema-free directory integration.........................................................................167 Active Directory prerequisites........................................................................................167 Introduction to Certificate Services............................................................................167 Installing Certificate Services....................................................................................167 Verifying Certificate Services....
Role address restrictions..........................................................................................193 User restrictions...........................................................................................................193 User address restrictions..........................................................................................193 User time restrictions...............................................................................................
Num Lock out of sync between iLO and Shared Remote Console............................................222 Keystrokes repeat unintentionally during Remote Console session............................................222 Session leader does not receive connection request when .NET IRC is in replay mode...............222 Keyboard LED does not work correctly................................................................................222 Inactive .NET IRC.........................................................
Core attributes.................................................................................................................239 Core class definitions.......................................................................................................239 hpqTarget..................................................................................................................239 hpqRole.....................................................................................................................
1 Introduction to iLO The iLO software can remotely perform most functions that otherwise require a visit to the servers at the data center, computer room, or remote location. iLO allows you to do the following: • Monitor server health. iLO monitors temperatures in the server and sends corrective signals to the fans to maintain proper server cooling. iLO also monitors firmware versions and the status of fans, memory, the network, processors, power supplies, and server hard drives.
For more information about iLO functionality and integration, see the following: • “Integrating HP Systems Insight Manager” (page 157) • “Directory services” (page 160) • “Troubleshooting” (page 209) iLO RBSU You can use the iLO ROM-based setup utility to configure network parameters, global settings, and user accounts. iLO RBSU is designed for the initial iLO setup, and is not intended for continued iLO administration.
2 Setting up iLO The iLO default settings enable you to use most features without additional configuration. However, the configuration flexibility of iLO enables customization for multiple enterprise environments. This chapter discusses the initial iLO setup steps. For information about additional configuration options, see “Configuring iLO” (page 25). Complete the initial setup steps: 1. Decide how you want to handle networking and security. For more information, see “Preparing to set up iLO” (page 14). 2.
3. What access security is required, and what user accounts and privileges are needed? iLO provides several options to control user access. Use one of the following methods to prevent unauthorized access: • Local accounts—Up to 12 user names and passwords can be stored in iLO. This is ideal for small environments such as labs and small-sized or medium-sized businesses. • Directory services—Use the corporate directory to manage iLO user access. This is ideal for environments with a large number of users.
Connecting iLO to the network You can connect iLO to the network through a corporate network or a dedicated management network. • In a corporate network, the server has two network port types (server NICs and one iLO NIC) connected to the corporate network, as shown in Figure 1 (page 16).
Configuring a static IP address by using iLO RBSU This procedure is required only if you are using a static IP address. When you are using dynamic IP addressing, your DHCP server automatically assigns an IP address for iLO. NOTE: To simplify installation, HP recommends using DNS or DHCP with iLO. To configure a static IP address: 1. Optional: If you access the server remotely, start an iLO remote console session. You can use the .NET IRC or Java IRC. 2. 3. Restart or power on the server.
5. Enter the network settings: a. Select Network→NIC and TCP/IP, and then press Enter. The Network Configuration window opens. b. Enter the appropriate information in the IP Address, Subnet Mask, and Gateway IP Address fields, as shown in Figure 4 (page 18). Figure 4 iLO RBSU Network Configuration window c. 6. Press F10 to save the changes. Select File→Exit to exit iLO RBSU. The changes take effect when you exit iLO RBSU.
Figure 5 iLO RBSU Add User window 5. 6. Enter the following user account details: • User name appears in the user list on the User Administration page. It does not have to be the same as the Login name. The maximum length for a user name is 39 characters. The user name must use printable characters. Assigning descriptive user names can help you to easily identify the owner of each login name. • Login name is the name you must use when logging in to iLO.
HPONCFG can still reconfigure iLO. Only a user who has the Administer User Accounts privilege can enable or disable this privilege. 7. 8. 9. Press F10 to save the new user account. Repeat step 4 through step 7 until you are done creating user accounts. Select File→Exit to exit iLO RBSU. Editing user accounts To edit a local iLO user account: 1. Optional: If you access the server remotely, start an iLO remote console session. You can use the .NET IRC or Java IRC. 2. 3. Restart or power on the server.
3. Press F8 in the HP ProLiant POST screen. The iLO RBSU screen appears. 4. Select User→Remove, and then press Enter. The Remove User screen appears, as shown in Figure 7 (page 21). Figure 7 Removing user accounts 5. Select the user that you want to remove, and then press Enter. The iLO RBSU prompts you to confirm the request. 6. 7. Press Enter to confirm the request. Select File→Exit to exit iLO RBSU.
NOTE: The serial number/iLO information pull tab is double-sided. One side shows the server serial number, and the other side shows the default iLO account information. The same information is printed on a label attached to the chassis.
For OS-specific driver information, see the following: • “Microsoft device driver support” (page 23) • “Linux device driver support” (page 23) • “VMware device driver support” (page 24) Microsoft device driver support When you are using Windows with iLO, the following drivers are available: • HP ProLiant iLO 3/4 Channel Interface Driver for Windows—This driver is required for the operating system to communicate with iLO. Install this driver in all configurations.
VMware device driver support When you are using VMware with iLO, the following driver is available: HP ProLiant Channel Interface Device Driver (hpilo)—This driver manages agent, WBEM provider, and tool application access to iLO. It is included in the customized HP VMware images. For raw VMware images, the driver must be installed manually.
3 Configuring iLO Typically, an advanced or administrative user who manages users and configures global and network settings configures iLO. This guide provides information about configuring iLO by using the iLO web interface and iLO RBSU. TIP: You can also perform many iLO configuration tasks by using XML configuration and control scripts or SMASH CLP.
For instructions about obtaining the iLO firmware image, see “Obtaining the iLO firmware image file” (page 26). Performing an out-of-band firmware update When you use this method to update the iLO firmware, you use a network connection to communicate with iLO directly. You can use the following out-of-band firmware update methods: • iLO web interface—Download the iLO Online ROM Flash Component and install it by using the iLO web interface.
3. 4. Click the Drivers & Downloads link. In the search box, enter the server model that you are using (for example, DL360). A list of servers is displayed. 5. Click the link for your server. The HP Support Center page for the server opens. 6. 7. 8. 9. Click the link for your server operating system. Follow the onscreen instructions to download the iLO Online ROM Flash Component file. Double-click the downloaded file, and then click the Extract button.
5. To start working with the updated firmware, clear your browser cache, and then log in to iLO. If an error occurs during a firmware update, see “Unable to upgrade iLO firmware” (page 228). If an iLO firmware update is corrupted or canceled, and iLO is corrupted, see “iLO network Failed Flash Recovery” (page 229). Using language packs Language packs enable you to easily switch the iLO web interface from English to a supported language of your choice.
Figure 9 Access Settings – Language page 4. 5. Click Browse (Internet Explorer or Firefox) or Choose File (Chrome) in the Upload Language Pack section. Select the downloaded language pack, and then click Open. The following message appears: Only one language pack is supported at a time. If a language pack is already installed, it will be replaced with this upload. iLO will automatically reboot after installing the new language pack. Are you sure you want to install now? 6. Click OK to continue.
Figure 10 Login page Language menu • From the toolbar located on the bottom right side of the iLO web interface, as shown in Figure 11 (page 30). Figure 11 Toolbar Language menu • From the Administration→Access Settings→Language page. For instructions, see “Configuring the current language settings” (page 30). Configuring the default language settings To set the default language for the users of this instance of the iLO firmware: 1.
3. Click OK to continue. iLO resets and closes your browser connection. Wait at least 30 seconds before you attempt to re-establish a connection. iLO licensing HP iLO standard features are included in every HP ProLiant server to simplify server setup, engage health monitoring, monitor power and thermal control, and promote remote administration.
• Only one evaluation license can be installed for each iLO system. The iLO firmware will not accept the reapplication of an evaluation license. • The evaluation license expires 60 days after the installation date. HP will notify you by email when your license is about to expire. Installing an iLO license by using a browser You must have the Configure iLO Settings privilege to install a license. 1. Navigate to the Administration→Licensing page in the iLO web interface.
The following privileges are required for user and directory group administration: • Administer User Accounts—Required for adding, modifying, and deleting users. If you do not have this privilege, you can view your own settings and change your password. • Configure iLO Settings—Required for adding, modifying, and deleting directory groups. If you do not have this privilege, you can view directory groups. NOTE: You can also manage users with the iLO RBSU.
can still reconfigure iLO. Only a user who has the Administer User Accounts privilege can enable or disable this privilege. • Administer User Accounts —Enables a user to add, edit, and delete local iLO user accounts. A user with this privilege can change privileges for all users. If you do not have this privilege, you can view your own settings and change your own password.
Figure 14 Add/Edit Local User page 3. Provide the following details in the User Information section: • User Name appears in the user list on the User Administration page. It does not have to be the same as the Login Name. The maximum length for a user name is 39 characters. The user name must use printable characters. Assigning descriptive user names can help you to easily identify the owner of each login name. • Login Name is the name you use when logging in to iLO.
TIP: Click the select all check box to select all of the available user privileges. For more information about each privilege, see “Viewing local user accounts” (page 33). 5. Do one of the following: • Click Add User to save the new user. • Click Update User to save the user account changes.
When you select iLO user privileges, the equivalent IPMI/DCMI user privilege is displayed in the IPMI/DCMI Privilege based on above settings box. • User—A user has read-only access. A user cannot configure or write to iLO, or perform system actions. For IPMI User privileges: Disable all privileges. Any combination of privileges that does not meet the Operator level is an IPMI User. • Operator—An operator can perform system actions, but cannot configure iLO or manage user accounts.
Figure 15 Add/Edit Directory Group page 3. Provide the following details in the Group Information section: • Group DN (Security Group DN)—DN of a group in the directory. Members of this group are granted the privileges set for the group. The specified group must exist in the directory, and users who need access to iLO must be members of this group. Enter a DN from the directory (for example, CN=Group1, OU=Managed Groups, DC=domain, DC=extension). Shortened DNs are also supported (for example, Group1).
Deleting a user account or a directory group The privilege required for this procedure depends on the user account type. • To delete a local user account, the Administer User Accounts privilege is required. • To delete a directory group, the Configure iLO Settings privilege is required. To delete an existing user account or directory group: 1. Navigate to the Administration→User Administration page, as shown in Figure 13 (page 33). 2.
1. Navigate to the Administration→Access Settings page, as shown in Figure 16 (page 40) Figure 16 Access Settings page 2. Update the following settings as needed: Table 1 Service settings Service setting Default value Secure Shell (SSH) Access Enables you to specify whether the SSH feature on iLO is enabled or disabled. SSH provides encrypted access to the iLO CLP. The default is Enabled. 3.
NOTE: You can configure some of these settings by using iLO RBSU. For instructions, see “Using the iLO RBSU” (page 87). To view or modify iLO access options: 1. Navigate to the Administration→Access Settings page. 2. Click the Access Settings tab and scroll to the Access Options section of the Access Settings page, as shown in Figure 17 (page 41). Figure 17 Access Options 3.
Table 2 Access options (continued) Option Default value Description iLO ROM-Based Setup Utility Enabled This setting enables or disables iLO RBSU. The iLO Option ROM prompts you to press F8 to start iLO RBSU, but if iLO is disabled or iLO RBSU is disabled, this prompt is not displayed. Require Login for iLO RBSU Disabled This setting determines whether a user-credential prompt is displayed when a user accesses iLO RBSU.
Logging in to iLO by using an SSH client When a user logs in to iLO by using an SSH client, the number of login name and password prompts displayed by iLO matches the value of the Authentication Failure Logging option (3 if it is disabled). The number of prompts might also be affected by your SSH client configuration. SSH clients also implement delays after login failure.
iLO RBSU security iLO RBSU enables you to view and modify the iLO configuration. You can configure iLO RBSU access settings by using iLO RBSU, a web browser, RIBCL scripts, or the iLO Security Override Switch. • For information about using a web browser to configure iLO RBSU access settings, see “Configuring access options” (page 40). • For information about using iLO RBSU to configure iLO RBSU access settings, see “Using the iLO RBSU” (page 87).
Ramifications of setting the iLO Security Override Switch include the following: • All security authorization verifications are disabled when the switch is set. • iLO RBSU runs if the host server is reset. • iLO is not disabled and might be displayed on the network as configured. • iLO, if disabled when the switch is set, does not log out the user and complete the disable process until the power is cycled on the server. • The boot block is exposed for programming.
User accounts and access iLO supports the configuration of up to 12 local user accounts. Each account can be managed through the following features: • Privileges • Login security You can configure iLO to use a directory to authenticate and authorize its users. This configuration enables an unlimited number of users and easily scales to the number of iLO devices in an enterprise.
Note the following when working with SSH keys: • Any SSH connection authenticated through the corresponding private key is authenticated as the owner of the key and has the same privileges. • The iLO firmware provides storage to accommodate SSH keys that have a length of 639 bytes or less. If the key is larger than 639 bytes, the authorization might fail. If this occurs, use the SSH client software to generate a shorter key.
Figure 19 DSA Public Key Import Data box The key must be a 1,024-bit DSA key. 8. Click Import Public Key. Deleting SSH keys 1. 2. 3. 4. Navigate to the Administration→Security page. Click the Secure Shell Key tab, as shown in Figure 18 (page 47). Select the check box to the left of the user for which you want to delete an SSH key. Click Delete Selected Key(s). The selected SSH key is removed from iLO.
The iLO firmware enables you to create a certificate request, import a certificate, and view information associated with a stored certificate. Certificate information is encoded in the certificate by the CA and is extracted by iLO. By default, iLO creates a self-signed certificate for use in SSL connections. This certificate enables iLO to work without additional configuration steps. Importing a trusted certificate can enhance the iLO security features.
Figure 21 Security–SSL Certificate Customization page 3. 4. Enter the following information in the Certificate Signing Request Information section. The required boxes are marked with an asterisk (*) in the iLO web interface.
8. Follow the onscreen instructions and submit the CSR to the CA. The CA will generate a certificate in the PKCS #10 format. 9. After you obtain the certificate, make sure that: • The CN matches the iLO FQDN. This is listed as the iLO Hostname on the Information→Overview page. • The certificate is generated as a Base64-encoded X.509 certificate, and is in the RAW format. • The first and last lines are included in the certificate. 10.
You must have the Configure iLO Settings privilege to change directory settings. This feature and many others are part of an iLO licensing package. For more information about iLO licensing, see the following website: http://www.hp.com/go/ilo/licensing. Configuring authentication and directory server settings 1. Navigate to the Administration→Security→Directory page, as shown in Figure 23 (page 52). Figure 23 Security - Directory page 2.
extended with the HP Extended Schema. User accounts and group memberships are used to authenticate and authorize users. After you enter and save the directory network information, click Administer Groups, and then enter one or more valid directory DNs and privileges to grant users access to iLO. • Kerberos Authentication—Enables Kerberos login. If Kerberos login is enabled and configured correctly, the HP Zero Sign In button appears on the login page.
• LOM Object Distinguished Name—Specifies where this iLO instance is listed in the directory tree (for example, cn=iLO Mail Server,ou=Management Devices,o=hp). This option is available when Use HP Extended Schema is selected. User search contexts are not applied to the LOM object DN when iLO accesses the directory server. • Directory User Contexts—These boxes enable you to specify common directory subcontexts so that users do not need to enter their full DNs at login.
1. Click Test Settings on the Security→Directory page. The Directory Tests page opens, as shown in Figure 24 (page 55). Figure 24 Directory Tests page This page displays the results of a series of simple tests designed to validate the current directory settings. Also, it includes a test log that shows test results and any detected issues. After your directory settings are configured correctly, you do not need to rerun these tests.
4. Click Start Test. Several tests begin in the background, starting with a network ping of the directory user by establishing an SSL connection to the server and evaluating user privileges. While the tests are running, the page refreshes periodically. You can stop the tests or manually refresh the page at any time. Viewing directory test results The Directory Test Results section shows the directory test status with the date and time of the last update.
Table 3 Directory tests (continued) Test Description 1. Verify that the configured directory server is the correct host. 2. Verify that iLO has a clear communication path to the directory server through port 636 (consider any routers or firewalls between iLO and the directory server). 3. Verify that any local firewall on the directory server is enabled to allow communications through port 636.
Table 3 Directory tests (continued) Test Description NOTE: You can enter a LOM Object Distinguished Name on the Security→Directory page only when Use HP Extended Schema is selected. This test is run even if LDAP Directory Authentication is disabled. If the tests is successful, iLO found the object that represents itself. If a failure occurs: 1. Verify that the LDAP FQDN of the LOM object is correct. 2.
• 128-bit AES with RSA, DHE, and a SHA1 MAC • 128-bit AES with RSA, and a SHA1 MAC • 168-bit 3DES with RSA, and a SHA1 MAC • 168-bit 3DES with RSA, DHE, and a SHA1 MAC iLO also provides enhanced encryption through the SSH port for secure CLP transactions. iLO supports AES128-CBC and 3DESCBC cipher strengths through the SSH port.
The Encryption Settings page displays the current encryption settings for iLO. • Current Negotiated Cipher—The cipher in use for the current browser session. After you log in to iLO through the browser, the browser and iLO negotiate a cipher setting to use during the session. • Encryption Enforcement Settings—The current encryption settings for iLO: ◦ FIPS Mode—Indicates whether FIPS Mode is enabled or disabled for this iLO system.
2. Verify that a trusted certificate is installed. Using iLO in FIPS Mode with the default self-signed certificate is not FIPS compliant. For instructions, see “Obtaining and importing an SSL certificate” (page 49). IMPORTANT: Some interfaces to iLO, such as supported versions of IPMI and SNMP, are not FIPS compliant and cannot be made FIPS compliant. For information about the iLO firmware versions that are FIPS validated, see the following document: http://csrc.nist.
Configuring iLO for HP SSO 1. Navigate to the Administration→Security→HP SSO page, as shown in Figure 26 (page 62). Figure 26 Security–Single Sign-On Settings page 2. 3. Make sure you have an iLO license key installed. Enable Single Sign-On Trust Mode by selecting Trust by Certificate, Trust by Name, or Trust All. The iLO firmware supports configurable trust modes, which enables you to meet your security requirements. The trust mode affects how iLO responds to HP SSO requests.
4. Configure iLO privileges for each role in the Single Sign-On Settings section. When you log in to an HP SSO-compliant application, you are authorized based on your HP SSO-compliant application role assignment. The role assignment is passed to iLO when SSO is attempted. For more information about each privilege, see “Managing iLO users by using the iLO web interface” (page 32). SSO attempts to receive only the privileges assigned in this section. iLO directory settings do not apply.
Table 4 HP trusted certificate status Icon Description The record is valid. There is a problem with the trust settings or the iLO license. Possible reasons follow: ◦ This record contains a DNS name, and the trust mode is set to Trust by Certificate (only certificates are valid). ◦ Trust None (SSO disabled) is selected. ◦ A valid license key is not installed. The record is not valid. Possible reasons follow: ◦ An out-of-date certificate is stored in this record.
Extracting the HP SIM server certificate You can use the following methods to extract HP SIM certificates. • Enter one of the following links in a web browser: ◦ For HP SIM versions earlier than 7.0: http://:280/GetCertificate https://:50000/GetCertificate ◦ For HP SIM 7.
To change the Remote Console Computer Lock settings: 1. Navigate to the Administration→Security→Remote Console page, as shown in Figure 27 (page 66). Figure 27 Remote Console Computer Lock Settings 2. Modify the Remote Console Computer Lock settings as required: • Windows—Use this option to configure iLO to lock a managed server running a Windows operating system. The server automatically displays the Computer Locked dialog box when a Remote Console session ends or the iLO network link is lost.
Table 5 Remote Console Computer Lock keys (continued) 3. BREAK - c x BACKSPACE . d y NUM PLUS / e z NUM MINUS 0 f Click Apply to save the changes. Configuring the Integrated Remote Console Trust setting (.NET IRC) The .NET IRC is launched through Microsoft ClickOnce, which is part of the Microsoft .NET Framework. ClickOnce requires that any application installed from an SSL connection be from a trusted source.
1. Navigate to the Administration→Security→Login Security Banner page, as shown in Figure 29 (page 68). Figure 29 Security–Login Security Banner Settings page 2. Select the Enable Login Security Banner check box. iLO uses the following default text for the Login Security Banner: This is a private system. It is to be used solely by authorized users and may be monitored for all lawful purposes. By accessing this system, you are consenting to such monitoring. 3.
4. Click Apply. The security message is displayed at the next login, as shown in Figure 30 (page 69). Figure 30 Security message example Configuring iLO network settings Use the tabs on the Network page to view and configure the iLO network settings. You must have the Configure iLO Settings privilege to view and change these settings.
Figure 31 Network Summary page (iLO Dedicated Network Port) The iLO Shared Network Port and the iLO Dedicated Network Port cannot operate simultaneously. If you enable the iLO Dedicated Network Port, you will disable the iLO Shared Network Port. If you enable the iLO Shared Network Port, you will disable the iLO Dedicated Network Port. The Network Summary page for the inactive port displays the message iLO is not configured to use this NIC.
The following features support the use of IPv6: • IPv6 Static Address Assignment • IPv6 SLAAC Address Assignment • IPv6 Static Route Assignment • Integrated Remote Console • OA Single Sign-On • Web Server • SSH Server • SNTP Client • DDNS Client • DHCPv6 Address Assignment • DHCPv6 DNS and NTP Configuration • RIBCL over an IPv6 connection • HP SIM SSO • WinDBG Support • HPQLOCFG and HPLOMIG over an IPv6 connection • Scriptable Virtual Media • CLI/RIBCL key import over an IPv
• • Address list—This table shows the currently configured IPv6 addresses for iLO. It provides the following information: ◦ Source—Indicates whether the address is a static or SLAAC address. ◦ IPv6—The IPv6 address. ◦ Prefix Length—The address prefix length. ◦ Status—The address status: Active (the address is in use by iLO), Pending (Duplicate Address Detection is in progress for this address), or Failed (Duplicate Address Detection failed and the address is not in use by iLO).
3. Enter the following information in the iLO Hostname Settings section: • iLO Subsystem Name (Host Name)—The DNS name of the iLO subsystem (for example, ilo instead of ilo.example.com). This name can be used only if DHCP and DNS are configured to connect to the iLO subsystem name instead of the IP address. iLO subsystem-name limitations follow: ◦ ◦ • 4. Name service limitations—The subsystem name is used as part of the DNS name. – DNS allows alphanumeric characters and hyphens.
◦ 10BaseT, Full-duplex—Forces a 10 Mb connection using full duplex ◦ 10BaseT, Half-duplex—Forces a 10 Mb connection using half duplex If the Shared Network Port is enabled, you cannot modify the link state or duplex option. In Shared Network Port configurations, link settings must be managed in the operating system. • Select or clear the Enable VLAN check box to enable or disable VLAN (Shared Network Port only).
Figure 33 IPv4 Settings page (iLO Dedicated Network Port) 3. Configure the following settings: • Enable DHCPv4—Enables iLO to obtain its IP address (and many other settings) from a DHCP server. ◦ Use DHCPv4 Supplied Gateway—Specifies whether iLO uses the DHCP server-supplied gateway. If DHCP is not used, enter a gateway address in the Gateway IPv4 Address box. ◦ Use DHCPv4 Supplied Static Routes—Specifies whether iLO uses the DHCP server-supplied static routes.
Use DHCPv4 Supplied Time Settings—Specifies whether iLO uses the DHCPv4-supplied NTP service locations. ◦ Use DHCPv4 Supplied WINS Servers—Specifies whether iLO uses the DHCP server-supplied WINS server list. If not, enter the WINS server addresses in the Primary WINS Server and Secondary WINS Server boxes. • IPv4 Address—The iLO IP address. If DHCP is used, the iLO IP address is supplied automatically. If DHCP is not used, enter a static IP address.
When using IPv6, note the following: • IPv6 is not supported in the Shared Network Port configuration. • If you downgrade the iLO firmware from version 1.6x or later to version 1.5x, the IPv6 settings will be reset to the default values. To configure the IPv6 settings: 1. Navigate to the Network→iLO Dedicated Network Port page. 2. Click the IPv6 tab, as shown in Figure 34 (page 77). Figure 34 IPv6 Settings page (iLO Dedicated Network Port) 3.
If communication fails using the first protocol, iLO automatically tries the second protocol. • Enable Stateless Address Auto Configuration (SLAAC)—Select this check box to enable iLO to create IPv6 addresses for itself from router advertisement messages. NOTE: • Enable DHCPv6 in Stateful Mode (Address)—Select this check box to allow iLO to request and configure IPv6 addresses provided by a DHCPv6 server. ◦ • iLO will create its own link-local address even when this option is not selected.
Configuring SNTP settings SNTP allows iLO to synchronize its clock with an external time source. Configuring SNTP is optional because the iLO date and time can also be synchronized from the following sources: • System ROM (during POST only) • Insight Management Agents (in the OS) • Onboard Administrator (blade servers only) To use iLO SNTP, you must have at least one NTP server available on your management network.
If a DHCPv6 address is not available for the primary or secondary address, a DHCPv4 address (if available) is used. • 4. Enter NTP server addresses in the Primary Time Server and Secondary Time Server boxes. You can enter the server addresses by using the server FQDN, IPv4 address, or IPv6 address. If you selected only Use DHCPv6 Supplied Time Settings, or if you entered a primary and secondary time server, select the server time zone from the Time Zone list.
it. If you later decide to switch back to the iLO Dedicated Network Port, you can do this using any of the standard iLO interfaces. On servers that do not have an iLO Dedicated Network Port, the standard hardware configuration provides iLO network connectivity only through the iLO Shared Network Port connection. The iLO firmware automatically defaults to the Shared Network Port.
Enabling the iLO Shared Network Port feature through iLO RBSU 1. 2. Connect the Shared Network Port LOM or Shared Network Port Enabled Standup NIC port 1 to a LAN. Optional: If you will access the server remotely, start an iLO remote console session. You can use the .NET IRC or Java IRC. 3. 4. 5. 6. Restart or power on the server. Press F8 in the HP ProLiant POST screen. Select Network→NIC and TCP/IP, and then press Enter.
devices with different VLAN tags will appear to be on separate LANs, even if they are physically connected to the same LAN. 7. 8. If you enabled VLAN, enter a VLAN tag (Shared Network Port only). All network devices that you want to communicate with each other must have the same VLAN tag. The VLAN tag can be any number between 1 and 4,094. Click Apply. Your changes are applied to the iLO network configuration, your browser connection ends, and iLO restarts.
7. Click Apply. Your changes are applied to the iLO network configuration, your browser connection ends, and iLO restarts. You must wait at least 30 seconds before you attempt to re-establish a connection. Configuring iLO Management settings The Administration→Management page allows you to configure the iLO settings for SNMP alerts and Insight Manager integration. You must have the Configure iLO Settings privilege to change these settings.
3. 4. Enable or disable the following alert types: • iLO SNMP Alerts—Alert conditions that iLO detects independently of the host operating system can be sent to specified SNMP alert destinations, such as HP SIM. • Forward Insight Manager Agent SNMP Alerts—Alert conditions detected by the host management agents can be forwarded to SNMP alert destinations through iLO. These alerts are generated by the Insight Management Agents, which are available for each supported operating system.
1. Navigate to the Administration→Management page, as shown in Figure 38 (page 86). Figure 38 iLO Management – SNMP Settings page 2. Enter the SNMP Alert Destinations in the Configure SNMP Alerts section. You can provide the IP addresses of up to three remote management systems to receive SNMP alerts from iLO. NOTE: 3. Typically, you enter the HP SIM server console IP address in this section. Click Apply. Configuring Insight Management integration 1. 2.
Using the iLO RBSU Accessing the iLO RBSU You can access the iLO RBSU from the physical system console, or by using an iLO remote console session. To access iLO RBSU: 1. Optional: If you access the server remotely, start an iLO remote console session. You can use the .NET IRC or Java IRC. 2. 3. Restart or power on the server. Press F8 in the HP ProLiant POST screen. The iLO RBSU screen appears. 4. Select an option, and then press Enter.
Figure 39 Network Configuration screen 5. View or update the following values, as needed: • MAC Address (read-only)—The MAC address of the selected iLO network interface. • Network Interface Adapter—Specifies the iLO network interface adapter to use. Select ON or OFF to enable or disable the iLO Dedicated Network Port. Select Shared Network Port to use the Shared Network Port. The Shared Network Port option is available only on supported servers. 6. 7.
4. Select Network→DNS/DHCP. The Network Autoconfiguration screen appears, as shown in Figure 40 (page 89). Figure 40 Network Autoconfiguration screen 5. View or update the following values, as needed: • DHCP Enable—Configures iLO to obtain its IP address (and many other settings) from a DHCP server. • DNS Name—The DNS name of the iLO subsystem (for example, ilo instead of ilo.example.com).
Figure 41 Global iLO 3 Settings window 5. For each option that you want to change, select the option, and press the spacebar to toggle the setting to ENABLED or DISABLED. You can change the following settings: • iLO 3 ROM-Based Setup Utility • Require iLO 3 RBSU Login • iLO 3 ROM-Based Setup Utility • Local Users For more information about the first four options in the list, see Table 2 (page 41).
Figure 42 iLO RBSU Configure iLO Command-Line Interface window 6. For each option that you want to change, select the option, and press the spacebar to toggle through the available settings. You can change the following settings: • Serial CLI Status • Serial CLI Speed (bits/second) For more information about these options, see Table 2 (page 41). 7. 8. Press F10 to save the settings. Select File→Exit to close iLO RBSU.
4 Using iLO The main iLO features for a nonadministrative user are located in the Information, Remote Console, Virtual Media, Power Management, and BL c-Class sections of the navigation pane. This guide provides information about using iLO with the iLO web interface. TIP: You can also perform many iLO tasks by using XML configuration and control scripts or SMASH CLP.
2. Enter an HP iLO user name and password, and then click Log In. Login problems might occur for the following reasons: • You have recently upgraded the iLO firmware. You might need to clear your browser cache before attempting to log in again. • You are not entering the login information correctly. ◦ Passwords are case sensitive. ◦ User names are not case sensitive. Uppercase and lowercase characters are treated the same (for example, Administrator is treated as the same user as administrator).
1. 2. View the certificate to ensure that you are browsing to the correct management server (not an imposter). • Verify that the Issued To name is your management server. Perform any other steps you feel necessary to verify the identity of the management server. • If you are not sure that this is the correct management server, do not proceed. You might be browsing to an imposter and giving your sign-in credentials to that imposter when you sign in. Contact the administrator.
Figure 43 iLO Overview page The Information section displays the following information: • Server Name—The server name defined by the host operating system. Click the Server Name link to navigate to the Administration→Access Settings page. • Product Name—The product with which this iLO processor is integrated. • UUID—The universally unique identifier that software (for example, HP SIM) uses to uniquely identify this host. This value is assigned when the system is manufactured.
• License Type—The level of licensed iLO functionality. • iLO Firmware Version—The version and date of the installed iLO firmware. Click the iLO Firmware Version link to navigate to the Administration→iLO Firmware page. For more information about firmware, see “Updating firmware” (page 25). • IP Address—The network IP address of the iLO subsystem. • Link-Local IPv6 Address—The SLAAC link-local address for iLO, followed by the address prefix length.
Viewing iLO system information The iLO System Information page displays the health of the monitored subsystems and devices. The System Information page includes the following embedded health tabs: Summary, Fans, Temperatures, Power, Processors, Memory, NIC Information, and Drives. Viewing health summary information The Health Summary page displays the status of monitored subsystems and devices. Depending on the server type, the information on this page varies.
Table 7 Health status values (continued) Value Description Not Redundant There is no backup component for the device or subsystem. Failed Redundant The device or subsystem is in a nonoperational state. Failed One or more components of the device or subsystem are nonoperational. Other Navigate to the System Information page of the component that is reporting this status for more information.
Figure 45 System Information – Fan Information page for rack servers • Blade servers—ProLiant c-Class server blades use the enclosure fans to provide cooling because they do not have internal fans. The enclosure fans are called “virtual fans” on this page. The virtual-fan reading represents the cooling amount that a server blade is requesting from the enclosure. The server blade calculates the amount of cooling required by examining various temperature sensors and calculating an appropriate fan speed.
Viewing temperature information The Temperature Information page displays the location, status, temperature, and threshold settings of temperature sensors in the server chassis. If the server is powered off, the system health information on this page is current as of the last power off. Health information is updated only when the server is powered on and POST is complete. The temperature is monitored to maintain the sensor location temperature below the caution threshold.
The Temperature Information page table displays the following information: • Temp—The ID of the temperature sensor. • Location—The area where the temperature is being measured. In this column, Memory refers to the following: ◦ Temperature sensors located on physical memory DIMMs. ◦ Temperature sensors located close to the memory DIMMs, but not located on the DIMMs. These sensors are located further down the airflow cooling path, near the DIMMs, to provide additional temperature information.
Figure 48 System Information – Power Information page The information displayed on this page varies depending on the server type. • Rack servers—The page displays VRMs, Power Readings, Power Supplies, Redundant Power Supply Modes, and Power Microcontroller. • Blade servers—The page displays VRMs, Power Readings and Power Microcontroller.
High Efficiency Mode does not affect power redundancy. If the primary power supplies fail, then the secondary power supplies immediately begin supplying DC power to the system, preventing any downtime. You can configure redundant power supply modes only through the system RBSU. You cannot modify these settings through iLO. For more information, see the HP ROM-Based Setup Utility User Guide.
The following information is displayed: • Processor Speed—The speed of the processor • Execution Technology—Information about the processor cores and threads • Memory Technology—The processor memory capabilities • Internal L1 cache—The L1 cache size • Internal L2 cache—The L2 cache size • Internal L3 cache—The L3 cache size Viewing memory information The Memory Information page displays a list of the memory modules in the host that are installed and operational at POST.
Figure 51 System Information – NIC Information page The following information is displayed: • Device Type—The device type is one of the following: ◦ iLO 3—This device type is assigned to the iLO Dedicated Network Port or iLO Shared Network Port. Users who have the Configure iLO Settings privilege can configure the iLO NIC settings on the General tab of the Network→iLO Dedicated Network Port or Network→Shared Network Port page.
To view drive information, navigate to the Information→System Information page, and then click the Drives tab. See Figure 52 (page 106). Figure 52 System Information – Drive Information page The following information is displayed: • Firmware version • Drive bay number • Product ID • Drive status • Drive UID status The UID lights can be toggled to help physically identify the drives.
Figure 53 iLO Event Log page The iLO Event Log displays the following information: • Severity—The importance of the detected event. Possible values follow: ◦ Informational—The event provides background information. ◦ Caution—The event is significant but does not indicate performance degradation. ◦ Critical—The event indicates a service loss or imminent service loss. Immediate attention is needed. • Class—The component or subsystem that identified the logged event.
When less important events are repeated, they are consolidated into one event log entry, and the Count and Last Update values are updated. Each event type has a specific time interval that determines whether repeated events are consolidated or a new event is logged. • Description—The description identifies the component and detailed characteristics of the recorded event.
2. Click OK. The following event is recorded: Event log cleared by . Using the Integrated Management Log The IML provides a record of historical events that have occurred on the server. Events are generated by the system ROM and by services such as the iLO health driver. Logged events include all server-specific events recorded by the system health driver, including operating system information and ROM-based POST codes.
Figure 55 Integrated Management Log page The log displays the following information: • Severity—The importance of the detected event. Possible values follow: ◦ Informational—The event provides background information. ◦ Caution—The event is significant but does not indicate performance degradation. ◦ Critical—The event indicates a service loss or an imminent service loss. Immediate attention is needed. ◦ Repaired—An event has undergone corrective action.
When less important events are repeated, they are consolidated into one event log entry, and the Count and Last Update values are updated. Each event type has a specific time interval that determines whether repeated events are consolidated or a new event is logged. • Description—The description identifies the component and detailed characteristics of the recorded event. If the iLO firmware is rolled back, the description UNKNOWN EVENT TYPE might be displayed for events recorded by the newer firmware.
3. Click Exit to close the window. Clearing the IML To clear the IML of all previously logged information: 1. Click Clear IML. The following message appears: Are you sure you want to clear the Integrated Management Log? 2. To confirm that you want to clear the IML, click OK. The following event is recorded: IML Cleared by . You can also clear the IML from the server HP System Management Homepage.
The Diagnostics page contains the following sections: • iLO Self-Test Results—This section displays the results of internal iLO diagnostics. ◦ The status of each self-test is listed in the Status column. Move the cursor over the status icons to view a tooltip description. If a status has not been reported for a test, the test is not listed. ◦ The tests that are run are system dependent. Not all tests are run on all systems.
Using the HP Insight Management Agents The HP Insight Management Agents support a browser interface for access to run-time management data through the HP System Management Homepage. The HP System Management Homepage is a secure web-based interface that consolidates and simplifies the management of individual servers and operating systems.
the same functionality and requirements as the .NET IRC application that is launched from the iLO web interface. Download HPLOCONS from the HP website: http://www.hp.com/go/ilo. • iLO Mobile Application for iOS and Android devices—Provides Integrated Remote Console access from your supported mobile phone or tablet. For more information, see http:// www.hp.com/go/ilo/mobileapp. For a list of supported browsers, see the “Browser support” (page 92). .
Figure 59 Remote Console – Java page Click the Download button to navigate to the following website and download the Java software: http://www.java.com/en/. Recommended client settings Ideally, the remote server display resolution is the same or lower than that of the client computer. Higher resolutions transmit more information, reducing the overall performance. Use the following client and browser settings to optimize performance: • • Display properties ◦ Select an option greater than 256 colors.
An iLO license must be installed to use this feature after the OS is started. Select Administration→Licensing to determine whether a license is installed. For more information about iLO licensing, see the following website: http://www.hp.com/go/ilo/licensing. When using the Remote Console, note the following: • The Java IRC is a signed Java applet. If you do not accept the Java IRC applet certificate, the Java IRC will not work. If you did not accept the certificate and you want to use the Java IRC: 1.
1. Navigate to the Remote Console page, and then click the Launch tab, as shown in Figure 60 (page 118). Figure 60 Remote Console – iLO Integrated Remote Console page 2. 3. Verify that your system meets the requirements for using the .NET IRC or Java IRC. Click the Launch button for the Remote Console that you want to use. If you attempt to open the Remote Console while it is in use, a warning message indicates that another user is using it.
2. Click the Acquire button. The other user is prompted to approve or deny permission to acquire the Remote Console, as shown in Figure 62 (page 119). Figure 62 Granting or denying permission to acquire the Remote Console If there is no response in 10 seconds, permission is granted. Using the Remote Console power switch To use the power switch, select one of the following options from the power switch menu: • Momentary Press—The same as pressing the physical power button.
The session leader can grant or deny access. If there is no response, permission is denied automatically. Shared Remote Console does not support passing the session leader designation to another user, or reconnecting a user after a failure. You must restart the Remote Console session to allow user access after a failure. During a Shared Remote Console session, the session leader has access to all Remote Console features, whereas all other users can access only the keyboard and mouse.
• Server Startup and Server Prefailure sequences are saved automatically in iLO memory. They will be lost during firmware upgrades, iLO reset, and power loss. You can save the captured video to your local drive by using the .NET IRC. • The Server Startup file starts capturing when server startup is detected, and stops when it runs out of space. This file is overwritten each time the server starts.
5. Press the Play button again to stop playback. The Save Capture dialog box opens, as shown in Figure 66 (page 122). Figure 66 Save Capture dialog box 6. Click Yes, and then follow the onscreen instructions to save the file. Capturing video files You can use Console Capture to manually capture video files of sequences other than Server Startup and Server Prefailure. 1. Start the .NET IRC. 2. Click the Record button. 3. The Save Video dialog box opens. 4.
1. Navigate to the Remote Console→Hot Keys page, as shown in Figure 67 (page 123). Figure 67 Remote Console – Hot Keys page 2. For each hot key that you want to define, select the key combination to send to the remote server. To configure hot keys to generate key sequences from international keyboards, select the key on a U.S. keyboard that is in the same position as the desired key on the international keyboard. Table 9 (page 123) lists the available keys.
Table 9 Keys for configuring hot keys (continued) 3. BACKSPACE . d y NUM PLUS / e z NUM MINUS 0 f Click Save Hot Keys. The following message appears: Remote Console Hot Keys settings successful. Resetting hot keys Resetting the hot keys clears all current hot-key assignments. 1. Navigate to the Remote Console→Hot Keys page, as shown in Figure 67 (page 123). 2. Click Reset Hot Keys. 3. The following message appears: Are you sure you want to reset all hot keys? 4. Click OK.
IMPORTANT: ESC+8. To start iLO RBSU during a Virtual Serial Port session, enter the key combination • Establish a login session with the operating system, interact with the operating system; and execute and interact with applications on the operating system. • For an iLO running Linux in a graphical format, you can configure getty() on the server serial port, and then use the iLO Virtual Serial Port to view a login session to the Linux operating system.
9. Select BIOS Serial Console & EMS, and then press Enter. NOTE: EMS is for Windows only. 10. Select BIOS Serial Console Port, and then press Enter. 11. Select the COM port that matches the value selected in step 7, and then press Enter, as shown in Figure 69 (page 126). Figure 69 Configuring the BIOS Serial Console Port 12. Select BIOS Serial Console Baud Rate, and then press Enter. 13. Select 115200, and then press Enter, as shown in Figure 70 (page 127).
Figure 70 Configuring the BIOS Serial Console Baud Rate NOTE: The current implementation of the iLO Virtual Serial Port does not use a physical UART, so the BIOS Serial Console Baud Rate value will have no effect on the actual speed the iLO Virtual Serial Port will use to send and receive data from the system. 14. Select EMS Console, and then press Enter. 15. Select the COM port that matches the value selected in step 7, and then press Enter, as shown in Figure 71 (page 128).
Figure 71 Configuring the EMS Console 16. Exit the system RBSU. Configuring the iLO Virtual Serial Port for Linux You can manage Linux servers remotely using console redirection. To configure Linux to use console redirection, you must configure the Linux boot loader (GRUB). The boot-loader application loads from the bootable device when the server system ROM finishes POST.
After Linux is fully booted, a login console can be redirected to the serial port. • If configured, the /dev/ttyS0 and /dev/ttyS1 devices enable you to obtain serial TTY sessions through the iLO Virtual Serial Port. To begin a shell session on a configured serial port, add the following line to the /etc/inittab file to start the login process automatically during system boot.
For more information about the security of the communication methods used by iLO, see the Integrated Lights-Out security technology brief on the HP website at http://h20000.www2.hp.com/ bc/docs/support/SupportManual/c00212796/c00212796.pdf. When you use the Text-based Remote Console, the presentation of colors, characters, and screen controls depends on the client you are using, which can be any standard SSH client compatible with iLO.
Table 10 Character equivalents Character value Description Mapped equivalent 0x07 Small dot 0x0F Sun 0x10 Right pointer > 0x11 Left pointer < 0x18 Up arrow ^ 0x19 Down arrow v 0x1A Left arrow < 0x1B Right arrow > 0x1E Up pointer ^ 0x1F Down pointer v 0xFF Shaded block Blank space Using the Text-based Remote Console 1. Use SSH to connect to iLO. Make sure that the terminal application character encoding is set to Western (ISO-8859-1). 2. 3. Log in to iLO.
• When virtual devices are connected, they are available to the host server until you disconnect them. When you are finished using a Virtual Media device and you disconnect it, you might receive a warning message from the host operating system regarding unsafe removal of a device. You can avoid this warning by using the operating system feature to stop the device before disconnecting it.
Virtual Media operating system information This section describes the operating system requirements to consider when you are using the iLO Virtual Media features. Operating system USB requirement To use Virtual Media devices, your operating system must support USB devices, including USB mass storage devices. For more information, see your operating system documentation. During system boot, the ROM BIOS provides USB support until the operating system loads.
Operating system considerations: Virtual CD/DVD-ROM • MS-DOS—The Virtual CD/DVD-ROM is not supported in MS-DOS. • Windows Server 2008 and Windows Server 2003—The Virtual CD/DVD-ROM appears automatically after Windows recognizes the mounting of the device. Use it as you would use a locally attached CD/DVD-ROM device.
Using iLO Virtual Media from the iLO web interface The Virtual Media page allows you to perform the following tasks: • View or change the Virtual Media port. You can also change the port on the Administration→Access Settings page. • View or eject local media, including locally stored image files, floppy disks, USB keys, CDs/DVD-ROMs, and virtual folders. • View, connect, eject, or boot from scripted media. Scripted media refers to connecting images hosted on a web server by using a URL.
Viewing and ejecting local media When local Virtual Media is connected, the details are listed in the following sections: • • Virtual Floppy/USB Key/Virtual Folder Status ◦ Image Inserted—The Virtual Media type that is connected. Local media is displayed when local media is connected. ◦ Connected—Indicates whether a Virtual Media device is connected. Virtual CD/DVD-ROM Status ◦ Image Inserted—The Virtual Media type that is connected. Local media is displayed when local media is connected.
To eject scripted media devices, click the Eject Media button in the Virtual Floppy/Virtual Folder Status section or Virtual CD/DVD-ROM Status section. Using iLO Virtual Media from the Remote Console You can access Virtual Media on a host server by using the .NET IRC or Java IRC, the iLO web interface, XML configuration and control scripts, and the CLP. This section describes how to use the iLO Virtual Media feature with the .NET IRC or Java IRC.
Creating an iLO disk image file The iLO Create Media Image feature enables you to create disk image files from data in a file or on a physical disk. To create an ISO-9660 disk image file (.img or .iso): 1. Start the Java IRC. 2. Select Virtual Drives →Create Disk Image. The Create Media Image dialog box opens as shown in Figure 73 (page 138). Figure 73 Create Media Image dialog box 3. 4. 5. 6. Verify that the Disk>>Image button is displayed.
5. Enter the path and file name for the existing image file in the Image File text box. The Java IRC begins the process of copying the data from the image file to the disk. The following message is displayed: Creating disk, please wait... When the disk creation is complete, the following message is displayed: Disk was created successfully. 6. 7. Click Close to close the Create Media Image dialog box. Confirm that the files were copied to the specified location. Using a Virtual Folder (.
2. Verify that IIS can access the MIME type for the files you are serving. For example, if your diskette image files use the extension .img, you must add a MIME type for that extension. Use the IIS Manager to access the Properties dialog box of your website. On the HTTP Headers tab, click MIME Types to add MIME types. HP recommends adding the following types: .img application/octet-stream .
Inserting Virtual Media with a helper application When you are using a helper application with the INSERT_VIRTUAL_MEDIA command, the basic format of the URL is as follows: protocol://user:password@servername:port/path,helper-script where: • protocol—Mandatory. Either HTTP or HTTPS. • user:password—Optional. When present, HTTP basic authorization is used. • servername—Mandatory. Either the host name or the IP address of the web server. • port—Optional. A web server on a nonstandard port.
# # Decode the range # if ($range =~ m/([0-9A-Fa-f]+)-([0-9A-Fa-f]+)/) { $start = hex($1); $end = hex($2); $len = $end - $start + 1; } # # Decode the data (a big hexadecimal string) # $decode = pack("H*", $data); # # Write it to the target file # sysopen(F, $file, O_RDWR); binmode(F); sysseek(F, $start, SEEK_SET); syswrite(F, $decode, $len); close(F); print "Content-Length: 0\r\n"; print "\r\n"; Configuring Virtual Media Boot Order The Virtual Media Boot Order feature enables you to set the server boot opt
2. Select a device in the Server Boot Order list, and click Up or Down to move it up or down in the boot order. You can select from the following devices: 3. • CD/DVD Drive • Floppy Drive • USB Storage Device • Hard Disk Drive • Network Device , where the server Ethernet card is Network Device 1, and additional NIC/ALOM cards are Network Device 2, Network Device 3, and so on. Click Apply.
Graceful shutdown The ability of the iLO processor to perform a graceful shutdown requires cooperation from the operating system. To perform a graceful shutdown, the iLO health driver must be loaded. iLO communicates with the health driver and uses the appropriate operating system method of shutting down the system safely to ensure that data integrity is preserved.
To change the server power state by using the Virtual Power Button options, you must have the Virtual Power and Reset privilege. Some of the power control options do not shut down the operating system gracefully. Before you use the Virtual Power Button options, you must use the Remote Console to initiate an operating system shutdown. To change the server power state: 1. Navigate to the Power Management→Server Power page, as shown in Figure 77 (page 145). Figure 77 Server Power page 2.
Configuring the System Power Restore Settings The System Power Restore Settings section enables you to control system behavior after power is lost. You can also configure these settings by using the system RBSU during POST. You must have the Configure iLO Settings privilege to change the System Power Restore Settings. To change the System Power Restore Settings: 1. Navigate to the Power Management→Server Power page, as shown in Figure 77 (page 145). 2. Select or clear the Auto Power-On check box.
Figure 78 Power Meter page The power-meter graphs display recent server power usage. The graph data is reset when iLO or the server is reset. The iLO firmware periodically samples peak power, average power, and power cap. The following graphs are displayed: • 24-Hour History Graph—This graph displays the power usage of the server over the previous 24 hours. The iLO firmware collects power usage information from the server every 5 minutes.
Select one or more of the following check boxes, and then click Refresh Page to update the graphs. • Min (static low)—The minimum value observed during a measurement period. Typically, the 20-minute graph measures a minimum value every 10 seconds, which matches the average value. The 24-hour graph can capture minimum values lower than the 5-minute average value. • Avg—The mean power reading during the sample. • Peak—The highest instantaneous power reading during the sample.
• Power Supply Capacity—The server power capacity. This value is displayed for HP ProLiant SL servers. • Peak Measured Power—The highest measured power reading. This value is displayed for HP ProLiant SL servers. Viewing the server power history To view the server power history, navigate to the Power Management→Power Meter page, as shown in Figure 78 (page 147). Scroll to the Power History section, as shown in Figure 79 (page 148).
1. Navigate to the Power Management→Power Settings page, as shown in Figure 81 (page 150). Figure 81 Power Settings page 2. 3. Select one of the following options: • HP Dynamic Power Savings Mode—Automatically varies processor speed and power usage based on processor utilization. This option allows the reduction of overall power consumption with little or no impact to performance. It does not require OS support. • HP Static Low Power Mode—Reduces processor speed and power usage.
Configuring power capping settings The Power Capping Settings section enables you to view measured power values, set a power cap, and disable power capping.
1. 2. Navigate to the Power Management→Power Settings page, as shown in Figure 81 (page 150). Select a value in the Warning Trigger list. The warning trigger determines whether warnings are based on peak power consumption, average power consumption, or if they are disabled. 3. Enter a value in the Warning Threshold box. This value sets the power consumption threshold, in watts. If power consumption exceeds this value for the specified time duration, an SNMP alert is triggered. 4.
Figure 82 Active Onboard Administrator page This page displays the following information and options: • MAC Address—The MAC address of the active OA. • System Health—The health of the active OA, as reported by the OA. A value of unknown means that the OA health has not been reported to iLO. • Blade Location—The location (enclosure bay) of the blade that is hosting the current iLO session. • Enclosure Name—The enclosure that the active OA is managing. You can change this value through the OA.
Enclosure bay IP addressing The First Time Setup Wizard prompts you to set up your enclosure bay IP addressing. For more information about the wizard, see the HP BladeSystem Onboard Administrator User Guide. Dynamic Power Capping for server blades Dynamic Power Capping is an iLO feature available for c-Class server blades, and is accessed through OA. Dynamic Power Capping is available only if your system hardware platform, BIOS (ROM), and power microcontroller firmware version support this feature.
Figure 83 Onboard Administrator page IPMI server management Server management through IPMI is a standard method for controlling and monitoring the server. The iLO firmware provides server management based on the IPMI version 2.
The KCS interface is accessible to the SMS software running on the local system. Examples of compatible SMS software applications follow: • IPMI version 2.0 Command Test Tool—A low-level MS-DOS command-line tool that enables hex-formatted IPMI commands to be sent to an IPMI BMC that implements the KCS interface. You can download this tool from the Intel website at http://www.intel.com/design/servers/ ipmi/tools.htm.
5 Integrating HP Systems Insight Manager The iLO firmware is integrated with HP SIM in key operating environments, providing a single management console from a standard web browser. While the operating system is running, you can establish a connection to iLO by using HP SIM. Integration with HP SIM provides the following: • Support for SNMP trap delivery to an HP SIM console—The HP SIM console can be configured to forward SNMP traps to a pager or email address.
The iLO management processor is displayed as an icon on the same row as its host server. The color of the icon represents the status of the management processor. For a list of device statuses, see the HP Systems Insight Manager User Guide.
55000=iLO 3, ,true,false,com.hp.mx.core.tools.identification.mgmtproc.MgmtProcessorParser Reviewing iLO license information in HP SIM HP SIM displays the license status of the iLO management processors. You can use this information to determine how many and which iLO devices have an optional license installed. To view license information, select Deploy→License Manager. To ensure that the displayed data is current, run the Identify Systems task for your management processors.
6 Directory services This chapter describes how to configure iLO to use Kerberos login, schema-free directory authentication, and HP extended schema directory authentication. Directory integration benefits Directory integration with iLO provides the following benefits: • Scalability—The directory can be leveraged to support thousands of users on thousands of iLO processors. • Security—Robust user-password policies are inherited from the directory.
2. Is your configuration scalable? • No—Deploy an instance of the schema-free directory integration to evaluate whether this method meets your policy and procedural requirements. If necessary, you can deploy HP schema directory integration later. For more information, see “Schema-free directory integration” (page 166). • Yes—Use HP schema directory integration. For more information, see “Setting up HP extended schema directory integration” (page 170).
Generating a keytab This section describes how to generate a keytab file for iLO in a Windows environment. The iLO host name that you use for keytab generation must be identical to the configured iLO host name. iLO host names are case sensitive. 1. Use the ktpass command to generate a keytab and set the shared secret. The command is case sensitive and has special characters. ktpass -out iloname.keytab +rndPass -ptype KRB5_NT_SRV_HST -mapuser iloname$@example.net -princ HTTP/iloname.example.net@EXAMPLE.
Universal and global user groups (for authorization) To set permissions in iLO, you must create a group in the domain directory. Users who log in to iLO are granted the sum of the permissions for all groups of which they are a member. Only universal and global user groups can be used to set permissions. Domain local groups are not supported. Configuring iLO for Kerberos login This section describes the iLO requirements for Kerberos login.
Using XML configuration and control scripts The following sample scripts show how to set the iLO parameters for directories: • Set_Server_Name.xml shows how to set the iLO host name. • Mod_Schemaless_Directory.xml shows how to configure directory groups. • Mod_Network_Settings.xml shows how to configure SNTP settings. • Mod_Kerberos_Config.xml shows how to configure Kerberos-specific parameters. NOTE: You can download sample XML scripts from http://www.hp.com/support/ilo3.
1. Enable authentication in Internet Explorer: a. Select Tools→Internet Options. b. Click the Advanced tab. c. Scroll to the Security section. d. Verify that the Enable Integrated Windows Authentication option is selected. e. Click OK. 2. Add the iLO domain to the Intranet zone: a. Select Tools→Internet Options. b. Click the Security tab. c. Click the Local intranet icon. d. Click the Sites button. e. Click the Advanced button. f. Enter the site to add in the Add this website to the zone box.
Verifying single sign-on (HP Zero Sign In) configuration To verify that HP Zero Sign In is configured correctly: 1. Browse to the iLO login page (for example, http://iloname.example.net). 2. Click the HP Zero Sign In button. If a prompt for credentials appears, Kerberos authentication has failed and the system has reverted to NTLM authentication. Click Cancel, and then repeat the procedures in “Configuring single sign-on” (page 164). Login by name To verify that login by name is working properly: 1.
Using schema-free directory integration has the following disadvantage: • Group privileges are administered on each iLO. However, this disadvantage has minimal impact because group privileges rarely change, and the task of changing group membership is administered in the directory and not on each iLO. HP provides tools that enable you to make changes to a large number of iLOs at the same time.
5. 6. 7. Click Finish, and then click Close and OK to close the remaining dialog boxes. Expand Computer Configuration→Windows Settings→Security Settings→Public Key. Right-click Automatic Certificate Requests Settings, and select New→Automatic Certificate Request. The Automatic Certificate Request Setup wizard starts. 8. Click Next. 9. Select the Domain Controller template, and click Next. 10.
For more information, see “HP Directories Support for ProLiant Management Processors utility” (page 196). Schema-free setup options The schema-free setup options are the same, regardless of the method you use to configure the directory. To review the available methods, see “Schema-free setup using the iLO web interface” (page 168), “Schema-free setup using scripts” (page 168), and “Schema-free setup with HP Directories Support for ProLiant Management Processors” (page 168).
When you are using trustee or directory rights assignments to extend role membership, users must be able to read the object that represents the iLO device. Some environments require that the trustees of a role also be read trustees of the object to successfully authenticate users. Setting up HP extended schema directory integration When you are using HP schema directory integration, iLO supports both Active Directory and eDirectory. However, these directory services require that the schema be extended.
4. Manage a. Create a management device object and a role object by using the snap-in. b. Assign rights to the role object, as necessary, and associate the role with the management device object. c. Add users to the role object. For more information about managing the directory service, see “Directory-enabled remote management” (page 190). Examples are available in “Directory services for Active Directory” (page 174) and “Directory services for eDirectory” (page 182). 5.
Figure 85 Installer for Schema Extender and snap-ins You cannot run the schema installer on a domain controller that hosts Windows Server 2008 Core. For security and performance reasons, Windows Server 2008 Core does not use a GUI. To use the schema installer, you must install a GUI on the domain controller or use a domain controller that hosts an earlier version of Windows. Schema Extender Several .xml files are bundled with the Schema Extender.
Setup window You use the Setup window (Figure 87) to enter the appropriate information before extending the schema. The Directory Server section of the Setup window enables you to specify whether you will use Active Directory or eDirectory, and to set the computer name and the port to be used for LDAP communications. NOTE: When you are running the Schema Extender tool, you must use the Administrator login along with the domain name, for example, Administrator@domain.com or domain\ Administrator.
Figure 88 Results window Management snap-in installer The management snap-in installer installs the snap-ins required to manage iLO objects in a Microsoft Active Directory Users and Computers directory or Novell ConsoleOne directory.
• Installing directory services for iLO requires extending the Active Directory schema. An Active Directory schema administrator must extend the schema. • directory services for iLO uses LDAP over SSL to communicate with the directory servers. Before you install snap-ins and schema for Active Directory, read and have available the following documentation: ◦ Microsoft Knowledge Base Articles These articles are available at http://support.microsoft.com/.
8. Navigate to the iLO Dedicated Network Port or Shared Network Port General Settings page, and then enter the environment settings in the Domain Name and Primary DNS server boxes. For more information, see “Configuring iLO network settings” (page 69). NOTE: The LDAP component does not work with a Windows Server 2008 Core installation. Snap-in installation and initialization for Active Directory 1. 2. Run the snap-in installation application to install the snap-ins.
d. e. 3. Click OK. Repeat the process, creating a role for remote server monitors called remoteMonitors. Use the HP-provided Active Directory Users and Computers snap-ins to assign rights to the roles and associate the roles with users and devices. a. Right-click the remoteAdmins role in the Roles organizational unit in the testdomain.local domain, and then select Properties. The remoteAdmins Properties dialog box opens. b. Click the HP Devices tab, and then click Add. The Select Users dialog box opens.
After the snap-ins are installed, iLO objects and iLO roles can be created in the directory. By using the Active Directory Users and Computers tool, the user completes the following tasks: • Creates iLO and role objects • Adds users to the role objects • Sets the rights and restrictions of the role objects NOTE: After the snap-ins are installed, ConsoleOne and MMC must be restarted to show the new entries.
Figure 90 Members tab Role Restrictions tab The Role Restrictions tab (Figure 91) enables you to set the following restrictions for the role: • Time restrictions • IP network address restrictions: ◦ IP/mask ◦ IP range ◦ DNS name Figure 91 Role Restrictions tab Time restrictions You can manage the hours available for logon by members of the role by clicking Effective Hours on the Role Restrictions tab.
square by clicking it, or you can change a section of squares by clicking and holding the mouse button, dragging the cursor across the squares to be changed, and releasing the mouse button. The default setting is to allow access at all times. Figure 92 Logon Hours dialog box Enforced client IP address or DNS name access Access can be granted or denied to an IP address, IP address range, or DNS name. 1.
Figure 93 New IP/Mask Restriction window Lights Out Management tab After you create a role, you can select rights for the role. You can make users and group objects members of the role, giving the users or group of users the rights granted by the role. Rights are managed on the Lights Out Management tab (Figure 94). User rights to any iLO are calculated as the sum of all rights assigned by all roles in which the user is a member, and in which the iLO is a managed device.
• Virtual Media—Enables the user to access the iLO Virtual Media functionality. • Server Reset and Power—Enables the user to access the iLO Virtual Power button to remotely reset the server or power it down. • Administer Local User Accounts—Enables the user to administer accounts. Users can modify their account settings, modify other user account settings, add users, and delete users. • Administer Local Device Settings—Enables the user to configure the iLO management processor settings.
Figure 95 Directory objects sample 1. Create organizational units in each region. Each organizational unit must contain the LOM devices and roles specific to that region. In this example, two organizational units are created, roles and hp devices, in each organizational unit, region1 and region2. 2. Create LOM objects in the hp devices organizational units for several iLO devices by using the HP-provided ConsoleOne snap-in tool: a. Right-click hp devices in region1, and then select New→Object. b.
Figure 96 Select Object Subtype window d. e. 3. Select Lights Out Management Device, and then click OK. Repeat Step 2.a through Step 2.d to create the following LOM objects: • Create rib-nntp-server and rib-file-server-users1 in hp devices under region1 • Create rib-file-server-users2 and rib-app-server in hp devices under region2. Create HP role objects in the roles organizational units by using the HP-provided ConsoleOne snap-in tool: a.
e. Click the Members tab (Figure 99) and add users to the role by clicking the Add button on the Select Objects dialog box. Devices and users are now associated. f. Select the HP Management→Lights Out Management Device Rights tab (Figure 97 (page 185). Figure 97 Properties window g. Set the rights for the role, and then click Apply. Click Close to close the Properties window. In this example, the users in the remoteAdmins role receive full access to the iLO functionality.
Directory services objects for eDirectory One of the keys to directory-based management is proper virtualization of the managed devices in the directory service. This virtualization allows the administrator to build relationships between the managed device and users or groups within the directory service.
Figure 99 Select Objects dialog box • To remove a user, select the user name, and then click Delete.
Figure 100 Role Restrictions tab Time restrictions You can manage the hours available for logon by members of the role by using the time grid displayed on the Role Restrictions tab. You can select the times available for logon for each day of the week, in half-hour increments. You can change a single square by clicking it, or a section of squares by clicking and holding the mouse button, dragging the cursor across the squares to be changed, and releasing the mouse button.
Figure 101 Add New Restriction dialog box eDirectory Lights-Out Management After you create a role, you can select rights for the role. You can make users and group objects members of the role, giving them the rights granted by the role. Rights are managed on the Lights Out Management Device Rights option of the HP Management tab (Figure 102). Figure 102 Lights Out Management Device Rights tab The available rights are as follows: • Login—Controls whether users can log in to the associated devices.
• Virtual Media—Enables the user to access the iLO Virtual Media functionality. • Server Reset and Power—Enables the user to access the iLO Virtual Power button to remotely reset the server or power it down. • Administer Local User Accounts—Enables the user to administer accounts. Users can modify their account settings, modify other user account settings, add users, and delete users. • Administer Local Device Settings—Enables the user to configure the iLO management processor settings.
objects meaningful names, such as the device network address, DNS name, host server name, or serial number. • Configure Lights-Out management devices Every LOM device that uses the directory service to authenticate and authorize users must be configured with the appropriate directory settings. For information on the specific directory settings, see “Configuring authentication and directory server settings” (page 52).
Figure 103 Admin user Admin User Admin Role Server User Role The Admin role assigns all Admin rights: Server Reset, Remote Console, and Login (Figure 104). Figure 104 Admin role Admin User Admin Role Server User Role How directory login restrictions are enforced Two sets of restrictions can limit a directory user's access to LOM devices (Figure 105). • User access restrictions limit a user's access to authenticate to the directory.
Restricting roles Restrictions allow administrators to limit the scope of a role. A role grants rights only to users who satisfy the role restrictions. Using restricted roles results in users who have dynamic rights that can change based on the time of day or network address of the client. NOTE: When directories are enabled, access to a particular iLO is based on whether the user has read access to a role object that contains the corresponding iLO object.
range can be specified to grant or deny access to a single address. Addresses that fall within the low-to-high IP address range meet the IP address restriction. IP address and subnet mask restrictions IP address and subnet mask restrictions enable the administrator to specify a range of addresses that are granted or denied access. This format has similar capabilities as an IP address range, but might be more native to your networking environment.
Creating multiple restrictions and roles The most useful application of multiple roles is restricting one or more roles so that rights do not apply in all situations. Other roles provide different rights under different constraints. Using multiple restrictions and roles enables the administrator to create arbitrary, complex rights relationships with a minimum number of roles.
Using bulk import tools Adding and configuring large numbers of LOM objects is time consuming. HP provides several utilities to assist with these tasks. • HP Lights-Out Migration utility The HP Lights-Out Migration utility imports and configures multiple LOM devices. It includes a GUI that provides a step-by-step approach to implementing or upgrading large numbers of management processors. HP recommends using this GUI method when upgrading several management processors.
• Windows 7 • Windows 2012 HP Directories Support for ProLiant Management Processors package The migration software, schema extender, and management snap-ins are included in the HP Directories Support for ProLiant Management Processors package. You can download the installer from http://www.hp.com/support/ilo3. To complete the migration of your management processors, you must extend the schema and install the management snap-ins before running the migration tool.
• Ranges can also be specified using a hyphen. For example, 192.168.0.2-10 is a valid range. A hyphen is supported only in the rightmost octet. • After you click Find, the utility begins pinging and connecting to port 443 (the default SSL port) to determine whether the target network address is a management processor. If the device does not respond to the ping or connect appropriately on port 443, the utility determines that it is not a management processor.
4. Enter your iLO login name and password, and then click Find. When the search is complete, the management processors are listed and the Find button changes to Verify, as shown in Figure 110 (page 199). Figure 110 Find Management Processors window You can also enter a list of management processors from a file by clicking Import. The file is a simple text file with one management processor listed per line.
Upgrading firmware on management processors The Upgrade Firmware page enables you to update the firmware on your iLO management processors. It also enables you to designate the location of the firmware image for each management processor by entering the path or clicking Browse. NOTE: Binary images of the firmware for the management processors must be accessible from the system that is running the migration utility. These binary images can be downloaded from http://www.hp.com/support/ilo3.
4. Click Upgrade Firmware. The selected management processors are upgraded. Although this utility enables you to upgrade hundreds of management processors, only 25 management processors are upgraded simultaneously. Network activity is considerable during this process. 5. After the upgrade is complete, click Next. During the firmware upgrade process, all buttons are deactivated to prevent navigation. You can still close the application by clicking the X at the top right of the page.
Naming management processors The Name the management processors window (Figure 113) enables you to name iLO management device objects in the directory and create corresponding device objects for all management processors to be managed.
role. For example, the directory defines a user as a member of a role (such as administrator) who has a collection of privileges on a specific device object, as shown in Figure 114 (page 203). The boxes on the Configure Directory window follow: • Network Address—The network address of the directory server, which can be a valid DNS name or IP address. • Port—The SSL port to the directory. The default port is 636. Management processors can communicate with the directory only by using SSL.
Figure 115 Entering the container distinguished name 3. Associate device objects with a member of a role by entering the role DN in the Role(s) DN box, or click Browse, as shown in Figure 116 (page 204).
4. Click Update Directory. The utility connects to the directory, creates the management processor objects, and adds them to the selected roles. 5. After the device objects have been associated with a role, click Next. The values you entered are displayed in the Configure Directory window (Figure 117). Figure 117 Configure Directory window 6. Define the user contexts. The user contexts define where the users who will log in to iLO are located in the LDAP structure.
Figure 118 Defining the user contexts 7. Click Configure, and then click Done when button is available. Configuring directories when schema-free integration is selected The boxes on the Configure Management Processors window (Figure 119) follow: • Network Address—The network address of the directory server, which can be a valid DNS name or IP address. • Login Name and Password—Enter the login name and password for an account that has domain administrator access to the directory.
Figure 119 Configure Management Processors window Setting up management processors for directories The last step in the migration process is to configure the management processors to communicate with the directory. The Set up Management Processors for Directories window (Figure 120) enables you to create user contexts. User contexts enable the user to use short names or user object names to log in, rather than the full DN.
Figure 120 Set up Management Processors for Directories window When you click Configure, the utility might display a message similar to the following: 3. 4. Click OK to continue. When the process is complete, click Done.
7 Troubleshooting iLO 3 POST LED indicators During the initial boot of iLO, the POST LED indicators flash to display the progress through the iLO boot process. After the boot process is complete, the HB LED flashes in one second intervals. LED indicators (1 through 6) light up after the system has booted to indicate a hardware failure. If a hardware failure is detected, reset iLO. For the location of the LED indicators, refer to the server documentation.
5. Set the Virtual Serial Port to COM 2. For detailed instructions, see the HP ROM-Based Setup Utility User Guide. 6. 7. Reboot the host server to access the selection menu for the Windows debug boot option. From the local test system, use PuTTY to connect to iLO and log in. This is a CLI connection to iLO. 8. Enter the IP address for the session host name. Use the default settings for an SSH session.
Table 11 Event log entries (continued) Event log entry Description iLO reset iLO was reset. On-board clock set; was <#:#:#:#:#:#> The on-board clock was set. Server logged critical error(s) The server logged one or more critical errors. Event log cleared by: A user cleared the event log. iLO reset to factory defaults LO was reset to the default settings. iLO ROM upgrade to <#> The iLO ROM was upgraded. iLO reset for ROM upgrade iLO was reset for a ROM upgrade.
Table 11 Event log entries (continued) Event log entry Description Host server powered OFF by: A user powered off the host server. Host server powered ON by: A user powered on a host server. Virtual Floppy in use by: A user began using a virtual floppy. Remote Console login: A user logged in to a Remote Console session. Remote Console Closed A Remote Console session was closed.
Table 11 Event log entries (continued) Event log entry Description License removed by: An authorized user removed a license. License activation error by: A license activation error occurred. iLO RBSU user login: An authorized user logged in to iLO RBSU. Power on request received by: A power request was received from one of the following: • Power Button • Wake On LAN • Automatic Power On Virtual NMI selected by: An authorized user clicked the Virtual NMI button.
• If an administrator forgets the administrator account password, the administrator must use the Security Override Switch or use HPONCFG to establish an administrator account and password. For instructions, see the HP iLO 3 Scripting and Command Line Guide.
If the iLO processor is reset and the server is immediately reset, iLO firmware might not be fully initialized when the server performs its initialization and attempts to start the iLO RBSU. In this case, the iLO RBSU is unavailable, or the iLO option ROM code is skipped altogether. Unable to access the login page Solution: Verify that the SSL encryption level of your browser is set to 128 bits. The SSL encryption level in iLO is set to 128 bits and cannot be changed.
Unable to return to login page after an iLO flash or reset Solution: Clear the browser cache and restart the browser. Unable to access Virtual Media or graphical Remote Console Solution: You enable the iLO Virtual Media and graphical Remote Console features by installing an optional iLO license. If a license is not installed, a message informs you that these features are not available without a license.
4. 5. 6. Click Advanced in the Proxy server section. Enter the iLO IP address or DNS name in the Exceptions box. Click OK to save the changes. Blocked iLO ports Solution: iLO communicates through several configurable TCP/IP ports. If these ports are blocked, the administrator must configure the firewall to allow for communications on these ports. For information about viewing and changing the iLO port configuration, see “Configuring iLO access settings” (page 39).
Solution: Close and restart the web browser, or install your own certificates into iLO. Using the iLO Security Override Switch for emergency access Solution: The iLO Security Override Switch gives emergency access to the administrator who has physical control over the server system board. Setting the iLO Security Override Switch allows login access, with all privileges, without a user ID and password.
Principal names are case sensitive and must be entered as follows: HTTP/myilo.somedomain.net@SOMEDOMAIN.NET • The first part is uppercase (HTTP). • The middle part is lowercase (myilo.somedomain.net). • The last part is uppercase (@SOMEDOMAIN.NET). If you do not format the command exactly as shown, it will not work. Here is an example of the full ktpass.exe command: ktpass +rndPass -ptype KRB5_NT_SRV_HST -mapuser myilo$@somedomain.net -princ HTTP/myilo.somedomain.net@SOMEDOMAIN.NET -out myilo.
2. 3. 4. Navigate to the Power Management→Power Settings page. Clear the Enable persistent mouse and keyboard check box, and then click Apply. Start the .NET IRC or Java IRC again. Solution 2 (.NET IRC only): Some monitors do not support DirectDraw. For example, some USB VGA device drivers might disable DirectDraw on all monitors for Windows Vista and Windows 7 clients. The .NET IRC requires DirectDraw support. Solution 2 (Java IRC only): 1. Shut down and exit your browser. 2. Open the Java Control Panel.
Figure 122 Choose Disk Image File dialog box 8. Type or select the path of the USB key/floppy (/dev/disk) inserted in the client. You can also mount the USB key/floppy by label, as shown in Figure 123 (page 221). Figure 123 Mounting the USB key by label 9. Click OK. Caps Lock out of sync between iLO and Java IRC When you log in to the Java IRC, the Caps Lock setting might be out of sync between iLO and the Java IRC.
Num Lock out of sync between iLO and Shared Remote Console When you log in to a Shared Remote Console session, the Num Lock setting might be out of sync between iLO and some of the Remote Console sessions. Solution: Select Keyboard→Num Lock in the Remote Console to synchronize the Num Lock settings. Keystrokes repeat unintentionally during Remote Console session When you are using the .NET IRC or Java IRC, a keystroke might repeat unintentionally during a Remote Console session.
.NET IRC failed to connect to server iLO might display the message Failed to connect to server when it attempts to establish a .NET IRC session. The iLO .NET IRC client waits a specified amount of time for a connection to be established with iLO. If the client server does not receive a response in this amount of time, it displays an error message. Possible causes for this message include the following: • The network response is delayed.
Figure 124 .NET IRC launch dialog box Solution: 1. Open Internet Explorer. 2. Select Tools→Internet Options. The Internet Options window opens. 3. Click the Connections tab, and then click the LAN settings button. The Local Area Network (LAN) Settings window opens. 4. 5. 6. 7. Clear the Automatically detect settings check box. Optional: If needed, configure the proxy server settings. Close all of the browser windows. Restart the browser and start the .NET IRC. .
Troubleshooting SSH issues The following sections discuss troubleshooting SSH issues. Initial PuTTY input slow During the initial connection to iLO through a PuTTY client, input is accepted slowly for approximately 5 seconds. Solution: Change the configuration options in the client. Clear the Disable Nagle's algorithm check box in the low-level TCP connection options.
After you enter the command, the screen changes from graphics mode to text mode, displaying the screen. • For SLES, press F2 and the down arrow from the text console. The text mode is selected and the screen appears. Unable to pass data through SSH terminal If you use an SSH terminal to access the text console, SSH might intercept keystroke data and not pass the action to the text-based Remote Console. When this occurs, it appears as if the keystroke did not perform its function.
Cookie order During login, the login page builds a browser session cookie that links the window to the appropriate session in the iLO firmware. The firmware tracks browser logins as separate sessions listed in the Active Sessions section of the iLO Overview page. For example, when User1 logs in, the web server builds the initial frames view, with User1 listed in the top pane, menu items in the left pane, and page data in the lower right pane.
Unable to get SNMP information from HP SIM Solution: The agents running on the managed server supply SNMP information to HP SIM. For agents to pass information through iLO, iLO device drivers must be installed. For installation instructions, see “Installing the iLO drivers” (page 22). If you have installed the drivers and agents for iLO, verify that iLO and the management PC are on the same subnet. You can verify this quickly by pinging iLO from the management PC.
iLO network Failed Flash Recovery Most firmware upgrades finish successfully. In the unlikely event of server power loss during an iLO firmware upgrade, iLO might be recoverable when power is restored. When the computer is booting, the kernel performs image validation on the main image. If the image is corrupted or incomplete, the kernel enters Failed Flash Recovery. Failed Flash Recovery activates an FTP server within iLO. The FTP server enables you to send an image to iLO for programming.
2. If SSL is operating correctly on the domain controller (a certificate has been issued), you are prompted with a security message that asks whether you want to proceed with accessing the site or view the server certificate. Clicking Yes does not display a webpage, which is normal. This process is automatic, but might require rebooting. To avoid rebooting: a. Open the MMC. b. Add the certificates snap-in. c. When prompted, select Computer Account for the type of certificates you want to view. d.
4. Select File→Set Defaults. iLO RBSU prompts you to confirm the request. 5. Press F10 to continue. iLO RBSU displays the following message: After setting to factory defaults, iLO 3 will be reset and 6. this utility will exit. Press Enter. iLO resets and the server boot process finishes. NOTE: If a server has an installed iLO Advanced license when you perform this procedure, the iLO Advanced icon might be selected when the server boot process finishes.
Resolving a browser certificate error: Internet Explorer 1. Click the Continue to this website (not recommended) link, as shown in Figure 127 (page 232) Figure 127 Internet Explorer security certificate warning 2. 3. 4. 5. 6. Log in to the iLO web interface. Navigate to the Administration→Security→SSL Certificate page. Click Customize Certificate. Enter the following information in the Certificate Signing Request (CSR) Information section. The required boxes are marked with an asterisk (*) in the GUI.
10. Follow the onscreen instructions and submit the CSR to the CA. The CA will generate a certificate in the PKCS #10 format. 11. After you obtain the certificate, ensure the following: • The CN matches the iLO FQDN. This is listed as the iLO Hostname on the Information→Overview page. • The certificate is generated as a Base64-encoded X.509 certificate, and is in the RAW format. • The first and last lines are included in the certificate. 12.
Figure 129 Firefox Add Security Exception dialog box 3. Click Confirm Security Exception to resolve the security warning. The security exception is saved, and the iLO login screen appears. 4. Log in to iLO.
8 Support and other resources Information to collect before you contact HP Be sure to have the following information available before you contact HP: • Software product name • Hardware product model number • Operating system type and version • Applicable error message • Third-party hardware or software • Technical support registration number (if applicable) How to contact HP Use the following methods to contact HP technical support: • See the Contact HP worldwide website: http://www.hp.
HP authorized resellers For the name of the nearest HP authorized reseller, see the following sources: • In the United States, see the HP U.S. service locator website: http://www.hp.com/service_locator • In other locations, see the Contact HP worldwide website: http://www.hp.
9 Documentation feedback HP is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hp.com). Include the document title and part number, version number, or the URL when submitting your feedback.
A iLO license options Table 13 (page 238) lists the features that are included with each iLO license.
B Directory services schema This appendix describes the classes and attributes that are used to store Lights-Out management authorization data in the directory service. HP Management Core LDAP OID classes and attributes Changes made to the schema during the schema setup process include changes to the following: • Core classes • Core attributes Core classes Class name Assigned OID hpqTarget 1.3.6.1.4.1.232.1001.1.1.1.1 hpqRole 1.3.6.1.4.1.232.1001.1.1.1.2 hpqPolicy 1.3.6.1.4.1.232.1001.1.1.1.
hpqRole OID 1.3.6.1.4.1.232.1001.1.1.1.2 Description This class defines role objects, providing the basis for HP products that use directory-enabled management. Class type Structural SuperClasses group Attributes hpqRoleIPRestrictions - 1.3.6.1.4.1.232.1001.1.1.2.5 hpqRoleIPRestrictionDefault - 1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleTimeRestriction - 1.3.6.1.4.1.232.1001.1.1.2.6 hpqTargetMembership - 1.3.6.1.4.1.232.1001.1.1.2.3 Remarks None hpqPolicy OID 1.3.6.1.4.1.232.1001.1.1.1.
hpqTargetMembership OID 1.3.6.1.4.1.232.1001.1.1.2.3 Description Provides a list of hpqTarget objects that belong to this object Syntax Distinguished Name - 1.3.6.1.4.1.1466.115.121.1.12 Options Multivalued Remarks None hpqRoleIPRestrictionDefault OID 1.3.6.1.4.1.232.1001.1.1.2.4 Description A Boolean that represents access by unspecified clients and that partially specifies rights restrictions under an IP network address constraint Syntax Boolean - 1.3.6.1.4.1.1466.115.121.1.
hpqRoleTimeRestriction OID 1.3.6.1.4.1.232.1001.1.1.2.6 Description A 7-day time grid, with 30-minute resolution, which specifies rights restrictions under a time constraint Syntax Octet String {42} - 1.3.6.1.4.1.1466.115.121.1.40 Options Single valued Remarks This attribute is used only on role objects. Time restrictions are satisfied when the bit that corresponds to the current local time of the device is 1 and unsatisfied when the bit is 0.
Attributes hpqLOMRightConfigureSettings - 1.3.6.1.4.1.232.1001.1.8.2.1 hpqLOMRightLocalUserAdmin - 1.3.6.1.4.1.232.1001.1.8.2.2 hpqLOMRightLogin - 1.3.6.1.4.1.232.1001.1.8.2.3 hpqLOMRightRemoteConsole - 1.3.6.1.4.1.232.1001.1.8.2.4 hpqLOMRightServerReset - 1.3.6.1.4.1.232.1001.1.8.2.5 hpqLOMRightVirtualMedia - 1.3.6.1.4.1.232.1001.1.8.2.6 Remarks None Lights-Out Management attribute definitions The following tables define the Lights-Out Management core class attributes. hpqLOMRightLogin OID 1.3.6.1.4.
Options Single valued Remarks This attribute is used only on role objects. If this attribute is TRUE, members of the role are granted the right. hpqLOMRightLocalUserAdmin OID 1.3.6.1.4.1.232.1001.1.8.2.2 Description Local User Database Administration right for HP Lights-Out Management products. Syntax Boolean - 1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is used only on role objects. If this attribute is TRUE, members of the role are granted the right.
C OID support for certificates This appendix shows the OIDs supported by iLO certificates. Table 14 OIDs supported by iLO certificates rsaEncryption 1.2.840.113549.1.1.1 md2WithRSAEncryption 1.2.840.113549.1.1.2 md5WithRSAEncryption 1.2.840.113549.1.1.4 sha1WithRSAEncryption 1.2.840.113549.1.1.5 md2 1.2.840.113549.2.2 md5 1.2.840.113549.2.5 sha1 1.3.14.3.2.26 dsaEncryption 1.2.840.10040.4.1 sha1WithDSAEncryption 1.2.840.10040.4.3 pkcs7_data 1.2.840.113549.1.7.1 pkcs7_signedData 1.2.840.
Table 14 OIDs supported by iLO certificates (continued) ikeIntermediate 1.3.6.1.5.5.8.2.2 extensionRequest 1.2.840.113549.1.9.14 domainComponent 0.9.2342.19200300.100.1.
Glossary .NET IRC .NET version of the Integrated Remote Console. 3DES Triple DES, the Data Encryption Standard cipher algorithm. ABEND Abnormal End. ACPI Advanced Configuration and Power Interface. AES Advanced Encryption Standard. AMP Advanced Memory Protection. ARP Address Resolution Protocol. ASR Automatic Server Recovery. BMC Baseboard management controller. CA Certificate authority. CLP Command Line Protocol. CN Common Name. COM port Communication port.
iLO Integrated Lights-Out. IML Integrated Management Log. IPMI Intelligent Platform Management Interface. IRC Integrated Remote Console. ISO International Organization for Standardization. Java IRC Java version of the Integrated Remote Console. JRE Java Runtime Environment. KCS Keyboard Controller Style. KDC Key Distribution Center. KDE K Desktop Environment (for Linux). KVM Keyboard, video, and mouse. LDAP Lightweight Directory Access Protocol. LILO Linux Loader.
SNMP Simple Network Management Protocol. SNTP Simple Network Time Protocol. SPN Service Principal Name. SPP HP Service Pack for ProLiant. SSD Solid-State Drive. SSH Secure Shell. SSL Secure Sockets Layer. SSO Single Sign-On. SUM Software Update Manager. TPM Trusted Platform Module. UDP User Datagram Protocol. UHCI Universal Host Controller Interface. UID Unit Identification. UPN User Principal Name. UPS Uninterruptible Power Supply. USB Universal Serial Bus.
Index Symbols B .
troubleshooting logout, 218 troubleshooting user contexts, 218 directory settings authentication, 52 configuring, 51 directory server settings, 52 directory test controls, 58 Kerberos, 52 test results, 56 verifying, 54 directory tests results, 56 running, 54 test controls, 58 Directory-enabled remote management configuring, 190 overview, 190 requirements, 190 DNS name default value, 21 DNS servers IPv4, 74 IPv6, 76 documentation providing feedback on, 237 domain name configuring, 72 drivers see iLO drivers
VMware, 24 Windows, 23 iLO firmware downloading, 26 offline update, 26 online update, 25 in-band update, 25 out-of-band update, 26 troubleshooting firmware updates, 228 updating, 25, 27, 200 iLO Functionality configuring, 41, 89 iLO mobile app overview, 13 iLO RBSU, 231 access setting, 42, 89 configuring local user accounts, 89 configuring user accounts, 18 enabling the Dedicated Network Port, 83 enabling the Shared Network Port, 82 Global iLO 3 Settings, 89 login requirement, 89 network settings, 17 overvi
Linux configuring the Virtual Serial Port, 128 iLO drivers, 23 Text-based Remote Console, 131 login, 92 authentication failure, 42 default user account, 21 security, 46 security banner, 67 troubleshooting, 213, 214, 215, 216 unknown authority message, 93 logs iLO Event Log, 106 M maintenance note Integrated Management Log, 111 management settings configuring, 84 memory information viewing, 104 Microsoft ClickOnce requirement, 67 Microsoft software directory services for Active Directory, 174 migration util
Q quick setup, 14 R RBSU, 13, 125 see iLO RBSU see system RBSU see also iLO RBSU Remote Console .NET IRC requirements, 115 acquiring, 118 computer lock settings, 65 configuring trust settings (.NET IRC), 67 Console Capture, 120 creating hot keys, 122 idle connection timeout, 41 Inactive .NET IRC, 222 Java IRC requirements, 115 port, 39 power switch, 119 sharing, 119 starting, 116 text-based, 124 troubleshooting, 216, 219 using .
static IP address, 17 user accounts, 18, 46 using iLO RBSU, 16 web interface, 21 Shared Network Port enabling with iLO RBSU, 82 enabling with iLO web interface, 82 FlexibleLOM, 72 LOM, 72 overview, 80 Show iLO IP during POST configuring, 42, 89 single sign-on configuring, 61, 62 Kerberos, 164, 166 privileges, 62 removing trusted certificates, 65 trust mode, 62 trusted certificates, 64 viewing trusted certificates, 63 SNMP, 84 see also SNMP alerts access, 39 alert destinations, 85 configuring, 85 configuring
cookies, 226 directory integration, 214, 218 directory logout, 218 event log, 210 hardware and software links, 213 iLO access, 214 iLO firmware update, 228 iLO RBSU, 214 Inactive .