HPE iLO 4 User Guide Abstract This guide provides information about configuring, updating, and operating HPE ProLiant Gen8 and Gen9 servers and HPE Synergy compute modules by using the HPE iLO 4 firmware. This document is intended for system administrators, Hewlett Packard Enterprise representatives, and Hewlett Packard Enterprise Authorized Channel Partners who are involved in configuring and using Hewlett Packard Enterprise servers that include iLO 4.
© Copyright 2012, 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Contents 1 Introduction........................................................................................................19 iLO overview.......................................................................................................................................19 iLO key features..................................................................................................................................19 iLO web interface..................................................................
Updating iLO or server firmware by using the iLO web interface..................................................37 Requirements for firmware update to take effect...........................................................................38 Language packs.................................................................................................................................38 Installing language packs.....................................................................................................
6 Configuring iLO access settings........................................................................61 iLO access settings.............................................................................................................................61 Configuring iLO service settings.........................................................................................................61 Service settings.....................................................................................................
Configuring a FIPS-validated environment with iLO......................................................................87 Enabling FIPS mode......................................................................................................................87 Disabling FIPS mode.....................................................................................................................88 HPE SSO.........................................................................................................
Configuring NIC failover..............................................................................................................110 Viewing iLO systems in the Windows Network folder.......................................................................110 9 Configuring iLO management settings............................................................112 iLO SNMP management...................................................................................................................
Supported service event types...............................................................................................138 Clearing the Service Event Log...................................................................................................138 Remote Support data collection........................................................................................................138 Sending data collection information..............................................................................
Temperature monitoring...............................................................................................................157 Viewing power information................................................................................................................158 Power Supply Summary details..................................................................................................158 Power Supplies list.....................................................................................
Marking an IML entry as repaired................................................................................................186 Adding a maintenance note to the IML........................................................................................187 Saving the IML to a CSV file........................................................................................................187 Clearing the IML....................................................................................................
Configuring group power capping.....................................................................................................207 Power capping considerations....................................................................................................208 Viewing group power capping information..................................................................................209 Power capping details..................................................................................................
Virtual Media operating system information......................................................................................232 Operating system USB requirement............................................................................................232 Configuring Windows 7 for use with iLO Virtual Media with Windows 7.....................................232 Operating system considerations: Virtual Floppy/USB key.........................................................233 Changing diskettes..........
Viewing the current power state..................................................................................................250 Current power state details....................................................................................................251 Viewing the server power history.................................................................................................251 Power history details..............................................................................................
Advanced IPMI tool usage on Linux............................................................................................270 Using iLO with HPE Insight Control server provisioning ..................................................................270 Using Enterprise Secure Key Manager with iLO..............................................................................270 Configuring key manager servers...............................................................................................
Schema-free nested groups (Active Directory only)....................................................................287 HPE Extended Schema directory authentication..............................................................................287 Process overview: Configuring the HPE Extended Schema with Active Directory.....................287 Prerequisites for configuring Active Directory with the HPE Extended Schema configuration....288 Directory services support..........................................
iLO management port not accessible by name...........................................................................323 iLO RBSU unavailable after iLO and server reset.......................................................................323 Unable to access the iLO login page...........................................................................................324 Unable to return to iLO login page after iLO reset.......................................................................
iLO .NET IRC will not start...........................................................................................................343 iLO .NET IRC cannot be shared..................................................................................................344 iLO .NET IRC will not start in Firefox...........................................................................................344 iLO .NET IRC will not start in Google Chrome..................................................................
Core class definitions........................................................................................................................365 Core attribute definitions...................................................................................................................366 Lights-Out Management specific LDAP OID classes and attributes................................................368 Lights-Out Management attributes...........................................................................
1 Introduction iLO overview iLO is a remote server management processor embedded on the system boards of HPE ProLiant servers and Synergy compute modules. iLO enables the monitoring and controlling of servers from remote locations. HPE iLO management is a powerful tool that provides multiple ways to configure, update, monitor, and repair servers remotely. iLO (Standard) comes preconfigured on HPE servers without an additional cost or license.
The following additional branches are available if your server type or configuration supports them: • If you have a ProLiant server blade, the BL c-Class branch is included. • If you have a Synergy compute module, the Synergy Frame branch is included. • If you have a ProLiant XL or SL server, the Chassis branch is included. • When a remote management tool is used with iLO, the branch is included.
ROM-based configuration utilities Depending on your server model, you can use iLO RBSU or the iLO 4 Configuration Utility to configure network parameters, global settings, and user accounts. On servers that support UEFI, such as the ProLiant DL580 Gen8 server, ProLiant Gen9 servers, and Synergy compute modules, use the iLO 4 Configuration Utility in the UEFI System Utilities. On servers that do not support UEFI, use the iLO RBSU.
For more information about the iLO RESTful API and the RESTful Interface Tool, see the following website: http://www.hpe.com/info/restfulapi.
2 Setting up iLO Preparing to set up iLO Before setting up an iLO management processor, you must decide how to handle networking and security. The following questions can help you configure iLO: 1. How should iLO connect to the network? 2. Will NIC Teaming be used with the Shared Network Port configuration? 3. How will iLO acquire an IP address? 4. What access security is required, and what user accounts and privileges are needed? 5.
Figure 2 Shared network connection HPE Server Management Clients Server NIC/iLO Shared Network Port Hub/Switch Management/ Production Network Production Clients NIC teaming with Shared Network Port configurations NIC teaming is a feature you can use to improve server NIC performance and reliability.
transmit server traffic and they ignore received traffic. This mode allows the iLO Shared Network Port to function correctly. Select the NIC/port iLO uses as the Preferred Primary Adapter. • Transmit Load Balancing (TLB)—The server transmits on multiple adapters but receives only on the primary adapter. This mode allows the iLO Shared Network Port to function correctly. Select the NIC/port iLO uses as the Preferred Primary Adapter.
More information iLO security features iLO user accounts Directory authentication and authorization iLO configuration tools iLO supports various interfaces for configuration and operation. This guide discusses the following interfaces: • Use iLO RBSU or the iLO 4 Configuration Utility when the system environment does not use DHCP, DNS, or WINS. • Use the iLO web interface when you can connect to iLO on the network by using a web browser.
Initial setup steps: Process overview The iLO default settings enable you to use most features without additional configuration. However, the configuration flexibility of iLO enables customization for multiple enterprise environments. This chapter discusses the initial iLO setup steps. 1. Connect iLO to the network. 2. If you are not using dynamic IP addressing, use the ROM-based setup utilities to configure a static IP address. 3.
2. 3. Restart or power on the server. Press F8 in the server POST screen. The iLO RBSU starts. 4. Disable DHCP: a. From the iLO RBSU screen, select Network→DNS/DHCP, and then press Enter. b. Select DHCP Enable. c. To set DHCP Enable to OFF, press the spacebar, and then press F10 to save the changes. 5. Enter the network settings: a. From the iLO RBSU screen, select Network→NIC and TCP/IP, and then press Enter. b.
10. Resume the normal boot process: a. Start the iLO remote console. The iLO 4 Configuration Utility is still open from the previous session. b. c. Press ESC several times to navigate to the System Configuration page. To exit the System Utilities and resume the normal boot process, press ESC. Managing local user accounts with the ROM-based setup utilities Adding user accounts (iLO RBSU) 1. 2. 3. Optional: If you access the server remotely, start an iLO remote console session.
More information iLO user privileges User account options Password guidelines Removing user accounts (iLO RBSU) 1. 2. 3. Optional: If you access the server remotely, start an iLO remote console session. Restart or power on the server. Press F8 in the server POST screen. The iLO RBSU starts. 4. 5. From the iLO RBSU screen, select User→Remove, and then press Enter. Select the user that you want to remove, and then press Enter. The iLO RBSU prompts you to confirm the request. 6. 7.
More information iLO user privileges User account options Password guidelines Editing or removing user accounts (iLO 4 Configuration Utility) 1. 2. 3. Optional: If you access the server remotely, start an iLO remote console session. Restart or power on the server. Press F9 in the server POST screen. The UEFI System Utilities start. 4. 5. 6. 7. 8. 9. 10. 11. From the System Utilities screen, select System Configuration→iLO 4 Configuration Utility→User Management→Edit/Remove User, and press Enter.
More information Login security iLO default credentials iLO default credentials The iLO firmware is configured with a default user name, password, and DNS name. Default user information is on the serial label pull tab attached to the server that contains the iLO management processor. Use these values to access iLO remotely from a network client by using a web browser.
The Management Controller Driver Package is required to support Automatic Server Recovery and the Insight Management Agents or Insight Management WBEM Providers (if installed). Linux driver and utility support When you use Linux with iLO, the following drivers and utilities are available: • System Health Application and Command Line Utilities (hp-health)—A collection of applications and tools that enables monitoring of fans, power supplies, temperature sensors, and other management events.
Driver and utility installation with the SPP See the following websites for information about using the SPP: • SPP documentation: http://www.hpe.com/info/spp/documentation • SPP Custom Download hosted service: http://www.hpe.com/servers/spp/custom Loading hp-health for SUSE Linux Enterprise Server and Red Hat Enterprise Linux Use the following command to load hp-health: rpm -ivh hp-health-.rpm Where is the Linux distribution and version,
3 Updating iLO firmware, language, and licensing Firmware updates Firmware updates enhance server and iLO functionality with new features, improvements, and security updates. You can update firmware by using an online or offline firmware update method. Online firmware update When you use an online method to update firmware, you can perform the update without shutting down the server operating system. Online firmware updates can be performed in-band or out-of-band.
Out-of-band firmware updates You can use the following out-of-band firmware update methods: • iLO web interface—Download a supported firmware file and install it by using the iLO web interface. You can update firmware for a single server or an iLO Federation group. • HPQLOCFG—Use this utility to update firmware by using XML scripts. Download the iLO or server firmware image and the Update_Firmware.xml sample script. Edit the sample script with your setup details, and then run the script.
3. Extract the BIN file. • For Windows components: Double-click the downloaded file, and then click the Extract button. Select a location for the extracted files, and then click OK. • For Linux components: Depending on the file format, enter one of the following commands: ◦ #sh ./CP00XXXX.scexe –unpack=/tmp/ ◦ #rpm2cpio hp-firmware-ilo4-2.xx-1x1.i386.rpm | cpio -id The name of the iLO firmware image file is similar to ilo4_.bin, where represents the firmware version.
4. To start the update process, click Upload. iLO notifies you that: 5. • When you update the iLO firmware, iLO will reboot automatically. • Some types of server firmware might require a server reboot, but the server will not reboot automatically. Click OK. The iLO firmware receives, validates, and then flashes the firmware image. If you navigate away from the Firmware Update page before the file upload is complete, the firmware update will not start. IMPORTANT: Do not interrupt a firmware update.
• For iLO 4 2.10 and earlier—You can install one language pack. Installing a new language pack replaces the currently installed language pack, regardless of the language pack version. • For iLO 4 2.20 and later—You can install multiple language packs. When version 2.20 or later of a language pack is installed, installing a new language pack (same language, v2.20 or later) replaces the installed language pack. • iLO 4 2.20 or later requires version 2.20 or later of the iLO language pack.
6. Select the language pack, and then click Open. iLO prompts you to confirm the installation. For iLO 4 2.10 and earlier: If you have a previously installed language pack, this language pack will replace it if you proceed with the installation. 7. 8. Click OK. Click Install. iLO installs the language pack, reboots, and closes your browser connection. It might take several minutes before you can re-establish a connection.
Configuring the default language settings Prerequisites Configure iLO Settings privilege Setting the default language Use this procedure to configure the default language for the users of this instance of the iLO firmware. 1. Navigate to the Administration→Access Settings→Language page. 2. Select a value in the Default Language menu. The available languages are English and any other language for which a language pack is installed. 3. Click Apply. iLO notifies you that the default language was changed.
3. 4. Internet Explorer only: If the browser language is not supported, then the OS language is used if iLO supports it and the required language pack is installed. If there is no cookie, and the browser or OS language is not supported, iLO uses the configured default language. For more information, see “Configuring the default language settings” (page 41).
To move between segments, press the Tab key or click inside a segment of the Activation Key box. The cursor advances automatically when you enter data into the segments of the Activation Key box. 3. Click Install. The EULA confirmation opens. The EULA details are available in the License Pack option kit. 4. Click OK. The license key is now enabled. For tips on troubleshooting license installation, see “License key installation errors” (page 356).
4 Managing user accounts and directory groups iLO user accounts iLO enables you to manage user accounts stored locally in secure memory and directory group accounts. Use MMC or ConsoleOne to manage directory-based user accounts. You can create up to 12 local user accounts with custom login names and advanced password encryption. Privileges control individual user settings, and can be customized to meet user access requirements.
System Utilities, or HPONCFG can still reconfigure iLO. Only a user who has the Administer User Accounts privilege can enable or disable this privilege. • Administer User Accounts—Enables a user to add, edit, and delete local iLO user accounts. A user with this privilege can change privileges for all users. If you do not have this privilege, you can view your own settings and change your own password. Adding local user accounts Prerequisites Administer User Accounts privilege Adding a user account 1. 2.
5. Select from the following privileges: • Administer User Accounts • Remote Console Access • Virtual Power and Reset • Virtual Media • Configure iLO Settings To select all of the available user privileges, click the select all check box. 6. To save the user account changes, click Update User. More information iLO user privileges Password guidelines User account options Deleting a user account Prerequisites Administer User Accounts privilege Deleting a user account 1. 2. 3. 4.
• • ◦ Do not use passwords that are made up of words found in a dictionary. ◦ Do not use passwords that contain obvious words, such as the company name, product name, user name, or login name. Use passwords with at least three of the following characteristics: ◦ One numeric character ◦ One special character ◦ One lowercase character ◦ One uppercase character The minimum length for an iLO user account password is set on the Access Settings page.
Directory group privileges The following privileges apply to directory groups: • • Login Privilege—Enables members of a group to log in to iLO. Remote Console Access—Enables users to access the host system Remote Console, including video, keyboard, and mouse control. • Virtual Media—Enables users to use the Virtual Media feature on the host system. • Virtual Power and Reset—Enables users to power-cycle or reset the host system. These activities interrupt the system availability.
More information Directory group privileges Directory group settings Editing directory groups Prerequisites Configure iLO Settings privilege Editing a directory group 1. 2. 3. 4. 5. Navigate to the Administration→User Administration page. Select a group in the Directory Groups section, and then click Edit.
Deleting a directory group Prerequisites Configure iLO Settings privilege Deleting a directory group 1. 2. 3. 4. 50 Navigate to the Administration→User Administration page. Select the check box next to the directory group that you want to delete. Click Delete. When prompted to confirm the request, click OK.
5 Configuring iLO Federation iLO Federation settings iLO uses multicast discovery, peer-to-peer communication, and iLO Federation groups to communicate with other iLO systems. When an iLO Federation page loads, a data request is sent from the iLO system running the web interface to its peers, and from those peers to other peers until all of the data for the selected group is retrieved. Configure the iLO Federation group and multicast settings on the Administration→iLO Federation page.
Configuring the multicast options for one iLO system at a time Use the following procedure to configure the multicast options for each iLO system that will be added to an iLO Federation group. If you use the default values, configuration is not required. You can use RIBCL scripts to view and configure multicast options for multiple iLO systems. For more information, see the iLO Federation user guide. Prerequisites Configure iLO Settings privilege Configuring the multicast options 1. 2. 3. 4. 5.
300 bytes. Select a value of 30 seconds to 30 minutes. The default value is 10 minutes. Selecting Disabled disables the iLO Federation features for the local iLO system. • IPv6 Multicast Scope—The size of the network that will send and receive multicast traffic. Valid values are Link, Site, and Organization. The default value is Site. • Multicast Time To Live (TTL)—Specifies the number of switches that can be traversed before multicast discovery stops. The default value is 5.
You can perform the following tasks for a local iLO system: • View group memberships. • Add and edit group memberships. • Remove group memberships.
You can also use RIBCL scripts to view information about groups. For more information, see the iLO Federation user guide. More information iLO Federation group privileges Adding iLO Federation group memberships (local iLO system) Prerequisites Configure iLO Settings privilege Adding a group membership 1. 2. 3. Navigate to the Administration→iLO Federation page. Click Join Group.
Editing iLO Federation group memberships (local iLO system) Prerequisites Configure iLO Settings privilege Editing a group membership 1. 2. 3. Navigate to the Administration→iLO Federation page. Select a group membership, and then click Edit to open the Add/Edit Federation Group page. To change the group name, enter a new name in the Group Name box. The group name can be 1 to 31 characters long. 4. To change the group key, enter a new value in the Group Key and Group Key Confirm boxes.
Adding a group membership 1. Navigate to the iLO Federation→Group Configuration page. If no iLO Federation groups exist, this page displays the following message: There are no configured groups. Use the Administration→iLO Federation page to create a group. 2. Select a group from the Selected Group menu. All of the systems in the selected group will be added to the group you create on this page. 3. Enter the following information: • Group Name—The group name, which can be 1 to 31 characters long.
Prerequisites • Configure iLO Settings privilege • An iLO license that supports this feature is installed. For more information, see the following website: http://www.hpe.com/info/ilo/licensing. Creating a group 1. 2. Create a set of systems by using the filters on the iLO Federation pages. Navigate to the iLO Federation→Group Configuration page. The filters you apply when you create a set of systems are listed at the top of the page. To remove a filter, click the X icon.
7. To save the configuration, click Create Group. The group creation process takes a few minutes. The group will be fully populated within the amount of time configured for the Multicast Announcement Interval.
3. Select the Enable Enclosure iLO Federation Support check box, and then click Apply. TIP: You can also use the CLI to enable or disable the Enable Enclosure iLO Federation Support setting. To enable the setting, enter ENABLE ENCLOSURE_ILO_FEDERATION_SUPPORT. To disable the setting, enter DISABLE ENCLOSURE_ILO_FEDERATION_SUPPORT. For more information, see the Onboard Administrator CLI user guide. Verifying server blade support for iLO Federation 1. 2. 3.
6 Configuring iLO access settings iLO access settings You can modify iLO access settings, including service settings and access options. The values you enter on the Access Settings page apply to all iLO users. The default access settings values are suitable for most environments. The values you can modify on the Access Settings page allow customization of the iLO external access methods for specialized environments.
You can configure the following settings in the Service section on the Access Settings page. • Secure Shell (SSH) Access—Allows you to enable or disable the SSH feature. SSH provides encrypted access to the iLO CLP. The default value is Enabled. • Secure Shell (SSH) Port—The default value is 22. • Remote Console Port—The default value is 17990. • Web Server Non-SSL Port (HTTP)—The default value is 80. • Web Server SSL Port (HTTPS)—The default value is 443.
Access options You can configure the following settings in the Access Options section on the Access Settings page. Idle Connection Timeout (minutes) This setting specifies how long a user can be inactive before an iLO web interface or Remote Console session ends automatically. The iLO web interface and the Remote Console track idle time separately because each connection is a separate session. This setting has no effect on a Remote Console session if a Virtual Media device is connected.
The following settings are valid: • Enabled (default)—The iLO network is available and communications with operating system drivers are active. • Disabled—The iLO network and communications with operating system drivers are terminated when iLO Functionality is disabled. For ProLiant Gen8 servers only: To re-enable iLO functionality, disable iLO security with the system maintenance switch, and then use the iLO RBSU to set iLO Functionality to Enabled.
Serial Command Line Interface Status This setting enables you to change the login model of the CLI feature through the serial port. The following settings are valid: • Enabled-Authentication Required (default)—Enables access to the SMASH CLP command line from a terminal connected to the host serial port. Valid iLO user credentials are required. • Enabled-No Authentication—Enables access to the SMASH CLP command line from a terminal connected to the host serial port. iLO user credentials are not required.
Server Name This setting enables you to specify the host server name. You can assign this value manually, but it might be overwritten by the host software when the operating system loads. • You can enter a server name that is up to 49 bytes. • To force the browser to refresh and display the new value, save this setting, and then press F5. Server FQDN/IP Address This setting enables you to specify the server FQDN or IP address.
iLO login with an SSH client When you log in to iLO with an SSH client, the number of displayed login prompts matches the value of the Authentication Failure Logging option (3 if it is disabled). Your SSH client configuration might affect the number of prompts, because SSH clients also implement delays after a login failure.
7 Configuring the iLO security features iLO security features iLO provides the following security features: • User-defined TCP/IP ports. • User actions logged in the iLO Event Log. • Progressive delays for failed login attempts. • Support for X.509 CA signed certificates. • Support for securing iLO RBSU and the iLO 4 Configuration Utility. • Encrypted communication that uses SSL certificate administration. • Support for Kerberos authentication and directory services.
iLO security with the system maintenance switch The iLO security setting on the system maintenance switch provides emergency access to an administrator who has physical control over the server system board. Disabling iLO security allows login access with all privileges, without a user ID and password. The system maintenance switch is located inside the server and cannot be accessed without opening the server enclosure.
On a supported system, ROM decodes the TPM or TM record and passes the configuration status to iLO, the iLO RESTful API, the CLP, and the XML interface. Viewing the TPM or TM status Navigate to the Information→Overview page. TPM or TM status values • Not Supported—A TPM or TM is not supported. • Not Present—A TPM or TM is not installed. • Present (Gen8 servers)—This value indicates one of the following statuses: • ◦ A TPM or TM is installed and disabled. ◦ A TPM or TM is installed and enabled.
message is displayed during each delay; this behavior continues until a valid login occurs. This feature helps to prevent dictionary attacks against the browser login port. • iLO 4 version 2.20 and later—iLO can be configured to impose a delay after a configured number of failed login attempts. Each subsequent failed attempt increases the delay by the configured number of seconds. A message is displayed during each delay; this behavior continues until a valid login occurs.
The key must be a 2,048-bit DSA or RSA key. 8. Click Import Public Key. More information SSH keys Authorizing a new SSH key by using the CLI Prerequisites Administer User Accounts privilege Authorizing a new key with the CLI 1. 2. 3. 4. 5. 6. Generate a 2,048-bit DSA or RSA SSH key by using ssh-keygen, puttygen.exe, or another SSH key utility. Create the key.pub file. Verify that Secure Shell (SSH) Access is enabled on the Access Settings page. Use Putty.exe to open an SSH session using port 22.
iLO access settings Deleting SSH keys Prerequisites Administer User Accounts privilege Deleting an SSH key 1. 2. 3. 4. Navigate to the Administration→Security page. Click the Secure Shell Key tab. Select the check box to the left of the user for which you want to delete an SSH key. Click Delete Selected Key(s). The selected SSH key is removed from iLO. When an SSH key is deleted from iLO, an SSH client cannot authenticate to iLO by using the corresponding private key.
OvNWAAAAgFf6pvWaco3CDELmH0jT3yUkRSaDztpqtoo4D7ev7VrNPPjnKKKmpzHPmAKRxz3g5S80SfWSnWM3n/pekBa9QI9lH1r 3Lx4JoOVwTpkbwb0by4eZ2cqDw20KQ0A5J84iQE9TbPNecJ0HJtZH/K8YnFNwwYy2NSJyjLwA0TSmQEOW Administrator iLO legacy format The iLO legacy format keys are OpenSSH keys surrounded by the BEGIN/END headers needed for RIBCL. This format must be one line between the BEGIN SSH KEY and END SSH KEY text.
SSL certificate details • Issued To—The entity to which the certificate was issued • Issued By—The CA that issued the certificate • Valid From—The first date that the certificate is valid • Valid Until—The date that the certificate expires • Serial Number—The serial number that the CA assigned to the certificate Obtaining and importing an SSL certificate iLO allows you to create a Certificate Signing Request that you can send to a Certificate Authority to obtain a trusted SSL certificate to import
The CSR contains a public and private key pair that validates communications between the client browser and iLO. Key sizes up to 2,048 bits are supported. The generated CSR is held in memory until a new CSR is generated, iLO is reset to the factory default settings, or a certificate is imported. 6. 7. 8. Select and copy the CSR text. Open a browser window and navigate to a third-party CA. Follow the onscreen instructions and submit the CSR to the CA.
3. In the Import Certificate window, paste the certificate into the text box, and then click Import. iLO supports SSL certificates that are up to 3 KB (including the 609 bytes or 1,187 bytes used by the private key, for 1,024-bit and 2,048-bit certificates, respectively). 4. Reset iLO. For instructions, see “iLO diagnostics” (page 193).
Directory authentication and authorization The iLO firmware supports Kerberos authentication with Microsoft Active Directory. It also supports directory integration with an Active Directory server. When you configure directory integration, you can use the schema-free option or the HPE Extended Schema. The iLO firmware connects to directory services by using SSL connections to the directory server LDAP port.
• Kerberos KDC Server Port—The TCP or UDP port number on which the KDC is listening. The default value is 88. • Kerberos Keytab—A binary file that contains pairs of service principal names and encrypted passwords. In the Windows environment, you use the ktpass utility to generate the keytab file. Configuring schema-free directory settings in iLO 1. 2. 3. 4. 5. 6. 7. 8. 9. Navigate to the Administration→Security→Directory page.
5. 6. Enter the directory server port number in the Directory Server LDAP Port box. Enter the location of this iLO instance in the directory tree in the LOM Object Distinguished Name box. 7. Enter valid search contexts in one or more of the Directory User Context boxes. 8. Click Apply Settings. 9. To test the communication between the directory server and iLO, click Test Settings. 10. Optional: To configure directory groups, click Administer Groups to navigate to the User Administration page.
When you use user contexts, iLO attempts to contact the directory service by DN, and then applies the search contexts in order until login is successful. • Example 1—If you enter the search context ou=engineering,o=ab, you can log in as user instead of logging in as cn=user,ou=engineering,o=ab.
4. Click Start Test. Several tests begin in the background, starting with a network ping of the directory user by establishing an SSL connection to the server and evaluating user privileges. While the tests are running, the page refreshes periodically. You can stop the tests or manually refresh the page at any time. If a directory test reports the Failed status, see “Directory issues” (page 330).
• ◦ Failed—A specific subtest failed. Check the onscreen log to identify the problem. ◦ Warning—One or more of the directory tests reported a Warning status. Test—The name of each test. For more information about the directory tests, see “iLO directory tests” (page 83). • • Result—Reports status for a specific directory setting or an operation that uses one or more directory settings. These results are generated when a sequence of tests is run.
• Directory Administrator Login—If Directory Administrator Distinguished Name and Directory Administrator Password were specified, iLO uses these values to log in to the directory server as an administrator. These boxes are optional. • User Authentication—iLO authenticates to the directory server with the specified user name and password. If the test is successful, the supplied user credentials are correct. If the test fails, the user name and/or password is incorrect.
• 128-bit AESGCM with RSA, DH, and a AEAD MAC (DHE-RSA-AES128-GCM-SHA256) • 128-bit AES with RSA, DH, and a SHA256 MAC (DHE-RSA-AES128-SHA256) • 128-bit AES with RSA, DH, and a SHA1 MAC (DHE-RSA-AES128-SHA) • 128-bit AESGCM with RSA, and a AEAD MAC (AES128-GCM-SHA256) • 128-bit AES with RSA, and a SHA256 MAC (AES128-SHA256) • 128-bit AES with RSA, and a SHA1 MAC (AES128-SHA) • 168-bit 3DES with RSA, ECDH, and a SHA1 MAC (ECDHE-RSA-DES-CBC3-SHA) • 168-bit 3DES with RSA, DH, and a SHA1 MAC (EDH
FIPS mode is not the same as FIPS validated. FIPS validated refers to software that received validation by completing the Cryptographic Module Validation Program. To date, iLO 3 version 1.50 and iLO 4 version 2.11 are FIPS validated. It is important to decide if a FIPS-validated version of the iLO firmware is required for your environment, or if running iLO in FIPS mode will suffice.
Modifying the AES/DES encryption setting Prerequisites Configure iLO Settings privilege Modifying the AES/DES encryption setting 1. 2. 3. Navigate to the Administration→Security→Encryption page. Change the Enforce AES/3DES Encryption setting to Enabled or Disabled. To end your browser connection and restart iLO, click Apply. It might take several minutes before you can re-establish a connection. When changing the Enforce AES/3DES Encryption setting to Enabled, close all open browsers after clicking Apply.
Setting FIPS mode to enabled 1. Optional: Capture the current iLO configuration by using HPONCFG. For more information, see the iLO scripting and CLI guide. 2. 3. Navigate to the Administration→Security→Encryption page. Set FIPS mode to Enabled. CAUTION: Enabling FIPS mode resets critical iLO security settings to the factory default values, and clears all user and license data. 4. Click Apply. iLO prompts you to confirm the request. 5.
HPE SSO HPE SSO enables you to browse directly from an HPE SSO-compliant application (such as HPE SIM and HPE OneView) to iLO, bypassing an intermediate login step. To use this feature: • You must have a supported version of an HPE SSO-compliant application. • You might need iLO 4 1.20 or later. • Configure iLO to trust the SSO-compliant application. iLO contains support for HPE SSO applications to determine the minimum HPE SSO certificate requirements.
Single Sign-On Trust Mode options The Single Sign-On Trust Mode affects how iLO responds to HPE SSO requests. • Trust None (SSO disabled) (default)—Rejects all SSO connection requests • Trust by Certificate (most secure)—Enables SSO connections from an HPE SSO-compliant application by matching a certificate previously imported to iLO • Trust by Name—Enables SSO connections from an HPE SSO-compliant application by matching a directly imported IP address or DNS name.
Trusted certificate format The Base64-encoded X.509 certificate data resembles the following: -----BEGIN CERTIFICATE----- . . . several lines of encoded data . . . -----END CERTIFICATE----- Extracting the HPE SIM server certificate You can use the following methods to extract HPE SIM certificates. • Enter one of the following links in a web browser: ◦ For HPE SIM versions earlier than 7.
Trusted certificate and record details • Status—The status of the record. The possible status values follow: ◦ The record is valid. ◦ There is a problem with the trust settings or the iLO license. Possible reasons follow: – This record contains a DNS name, and the trust mode is set to Trust by Certificate (only certificates are valid). – Trust None (SSO disabled) is selected. – A valid license key is not installed. ◦ The record is not valid.
This is a private system. It is to be used solely by authorized users and may be monitored for all lawful purposes. By accessing this system, you are consenting to such monitoring. 3. Optional: To customize the security message, enter a custom message in the Security Message text box. The byte counter above the text box indicates the remaining number of bytes allowed for the message. The maximum is 1,500 bytes. TIP: 4. To restore the default text, click Use Default Message. Click Apply.
Remote Console Computer Lock options • Windows—Use this option to configure iLO to lock a managed server running a Windows operating system. The server automatically displays the Computer Locked dialog box when a Remote Console session ends or the iLO network link is lost. • Custom—Use this option to configure iLO to use a custom key sequence to lock a managed server or log out a user on that server. You can select up to five keys from the list.
from a trusted source. If a browser is not configured to trust an iLO processor, and this setting is Enabled, ClickOnce notifies you that the application cannot start. Prerequisites Configure iLO Settings privilege Configuring the Integrated Remote Console Trust setting 1. 2. 3. Navigate to the Remote Console→Security page. Select Enabled or Disabled for the IRC requires a trusted certificate in iLO setting. To save the changes, click Apply.
8 Configuring the iLO network settings iLO network settings iLO provides the following options for network connection: • iLO Dedicated Network Port—Uses an independent NIC that is dedicated to iLO network traffic only. When supported, this port uses an RJ-45 jack (labeled iLO) on the back of the server. • Shared Network Port LOM (nonblade servers only)—Uses a permanently installed NIC that is built into the server.
More information Configuring NIC and TCP/IP settings (iLO RBSU) Configuring the NIC settings IPv4 Summary details • DHCPv4 Status—Indicates whether DHCP is enabled for IPv4. • Address—The IPv4 address currently in use. If the value is 0.0.0.0, the IPv4 address is not configured. • Subnet Mask—The subnet mask of the IPv4 address currently in use. If the value is 0.0.0.0, no address is configured. • Default Gateway—The default gateway address in use for the IPv4 protocol. If the value is 0.0.0.
• ◦ Prefix Length—The address prefix length. ◦ Status—The address status. The possible values are Active (the address is in use by iLO), Pending (Duplicate Address Detection is in progress), or Failed (Duplicate Address Detection failed. The address is not in use by iLO). Default Gateway—The default IPv6 gateway address that is in use. For IPv6, iLO keeps a list of possible default gateway addresses.
• ◦ Verify that you can ping the iLO processor by IP address and by DNS/WINS name. ◦ Verify that NSLOOKUP resolves the iLO network address correctly and that no namespace conflicts exist. ◦ If you are using both DNS and WINS, verify that they resolve the iLO network address correctly. ◦ Flush the DNS name if you make any namespace changes. If you will use Kerberos authentication, ensure that hostname and domain name meet the prerequisites for using Kerberos.
• 1000BaseT, Half-duplex—Forces a 1 Gb connection that uses half duplex (not supported for BL c-Class servers) 1000BaseT, Half-duplex is not a standard setting, and few switches support it. If you use this setting, ensure that the switch is configured to support 1000BaseT, Half-duplex.
iLO network port configuration options The iLO subsystem provides the following options for network connection: • iLO Dedicated Network Port—Uses an independent NIC that is dedicated to iLO network traffic only. When supported, this port uses an RJ-45 jack (labeled iLO) on the back of the server. • Shared Network Port LOM—Uses a permanently installed NIC that is built into the server.
Other available methods for configuring the NIC settings • iLO RBSU (on servers that support iLO RBSU)—For more information, see “iLO ROM-based utilities” (page 141). • iLO 4 Configuration Utility (on servers that support the UEFI System Utilities)—For more information, see “iLO ROM-based utilities” (page 141). • XML scripting—For more information, see the iLO scripting and CLI guide. • SMASH CLP—For more information, see the iLO scripting and CLI guide.
• Use DHCPv4 Supplied DNS Servers—Specifies whether iLO uses the DHCP server-supplied DNS server list. If not, enter the DNS server addresses in the Primary DNS Server, Secondary DNS Server, and Tertiary DNS Server boxes. • Use DHCPv4 Supplied Time Settings—Specifies whether iLO uses the DHCPv4-supplied NTP service locations. • Use DHCPv4 Supplied WINS Servers—Specifies whether iLO uses the DHCP server-supplied WINS server list.
When using IPv6, note the following: • IPv6 is not supported in the Shared Network Port configuration. • If you downgrade the iLO firmware from version 1.30 or later to version 1.2x, the IPv6 settings will be reset to the default values. • For a list of the iLO features that support IPv6, see “iLO features that support IPv6” (page 105). Prerequisites Configure iLO Settings privilege Configuring the IPv6 settings 1. 2. 3. 4. 5. 6. 7. Navigate to the Network→iLO Dedicated Network Port page.
• Enable DHCPv6 in Stateful Mode (Address)—Select this check box to allow iLO to request and configure IPv6 addresses provided by a DHCPv6 server. ◦ • Use DHCPv6 Rapid Commit—Select this check box to instruct iLO to use the Rapid Commit messaging mode with the DHCPv6 server. This mode reduces DHCPv6 network traffic, but might cause problems if it is used in networks where more than one DHCPv6 server can respond and provide addresses.
The following features support the use of IPv6: • IPv6 Static Address Assignment • IPv6 SLAAC Address Assignment • IPv6 Static Route Assignment • IPv6 Static Default Gateway Entry • DHCPv6 Stateful Address Assignment • DHCPv6 Stateless DNS, Domain Name, and NTP Configuration • Integrated Remote Console • Onboard Administrator Single Sign-On • HPE SIM Single Sign-On • Web Server • SSH Server • SNTP Client • DDNS Client • RIBCL over IPv6 • SNMP • AlertMail • Remote Syslog •
• If you will use a DHCPv6-provided NTP service configuration, DHCPv6 Stateless Mode is enabled on the IPv6 tab. • For DHCPv6 time settings configurations only: The server is configured to use the iLO Dedicated Network Port. IPv6 is not supported in the Shared Network Port configuration. Configuring SNTP settings 1. 2. 3. 4. 5. 6. 7. Navigate to the Network→iLO Dedicated Network Port or Network→Shared Network Port page. Click the SNTP tab.
• Primary Time Server—Configures iLO to use a primary time server with the specified address. You can enter the server address by using the server FQDN, IPv4 address, or IPv6 address. • Secondary Time Server—Configures iLO to use a secondary time server with the specified address. You can enter the server address by using the server FQDN, IPv4 address, or IPv6 address. • Time Zone—Determines how iLO adjusts UTC time to obtain the local time, and how it adjusts for Daylight Savings Time (Summer Time).
This feature enables you to use a common preconfiguration for your ProLiant Gen9 servers. For example, if you have several servers, some might be installed in a data center where iLO is contacted through the iLO Dedicated Network Port. Other servers might be installed in a data center where iLO is contacted through the Shared Network Port. When you use iLO NIC auto-selection, you can install a server in either data center and iLO will select the correct network port.
Enabling iLO NIC auto-selection NIC auto-selection is disabled by default. Use the following procedure to enable NIC auto-selection: 1. Configure both iLO network ports. Before enabling and using the NIC auto-selection feature, both iLO network ports must be configured for their respective network environments. 2. Do one of the following: • Use the CLI command oemhp_nicautosel to configure NIC auto-selection.
The Properties window includes the following: ◦ Device Details—iLO software manufacturer and version information. To start the iLO web interface, click the Device weblog link. ◦ Troubleshooting Information—The iLO serial number, MAC address, UUID, and IP address.
9 Configuring iLO management settings iLO SNMP management With iLO 3 and earlier, SNMP management used the HPE Insight Management Agents running on the server operating system. With iLO 4, you can use either Agentless Management or the Insight Management Agents. The default configuration uses Agentless Management. Agentless Management uses out-of-band communication for increased security and stability.
Table 2 Information provided by Agentless Management and Insight Management Agents 1, 2 Insight Management Agents Component Agentless Management without Agentless Management with 1 1 AMS AMS Server health • Fans • Fans • Fans • Temperatures • Temperatures • Temperatures • Power supplies • Power supplies • Power supplies • Memory • Memory • Memory • CPU • CPU • CPU Storage 3 3 • Smart Array • Smart Array • Smart Array • SMART Drive Monitoring (connected to Smart Array) • SMART Driv
6 The data supplied by Agentless Management is not as extensive as the data supplied by the SNMP agents. 7 iLO 4 1.05 and later supports AMS-based OS logging for Linux (/var/log/messages for Red Hat and /var/log/syslog for SUSE Linux Enterprise Server, Debian, and Ubuntu), Windows, and VMware. iLO 4 1.10 and later supports Smart Array logging.
2. Click the Summary tab. AMS is listed in the Subsystems and Devices table. The possible values follow: • Not available—AMS is not available because it was not detected, the server is in POST, or the server is powered off. • OK—AMS is installed and running. Verifying AMS status: Windows 1. Open the Windows Control Panel. If the AMS Control Panel is present, then AMS is installed. 2. 3. Open the AMS Control Panel. Click the Service tab.
Nagios is an open source application that can be used to monitor computer systems, networks, and IT infrastructure. Download the plug-in from the Nagios website at https://exchange.nagios.org/. Configuring SNMP settings Prerequisites Configure iLO Settings privilege Configuring the SNMP settings 1. 2. 3. 4. 5. 116 Navigate to the Administration→Management page. On the SNMP Settings tab, select the SNMP setting to enable: Agentless Management or SNMP Pass-thru.
SNMP options • SNMP management configuration—Choose one of the following: ◦ Agentless Management (default)—Use SNMP agents running on iLO to manage the server. In this configuration, iLO fulfills SNMP requests sent by the client to iLO over the network. This setting does not affect alerts. ◦ SNMP Pass-thru—Use SNMP agents running on the host operating system to manage the server. SNMP requests sent by the client to iLO over the network are passed to the host operating system.
SNMPv3 authentication iLO 4 1.20 or later supports SNMPv3 authentication when you use the Agentless Management configuration. The following security features of SNMPv3 enable secure data collection from SNMP agents: • Message integrity prevents tampering during packet transmission. • Encryption prevents packet snooping. • Authentication ensures that packets are from a valid source. By default, SNMPv3 supports the User-based Security Model.
4. 5. Enter the SNMPv3 user options: • Security Name • Authentication Protocol • Authentication Passphrase • Privacy Protocol • Privacy Passphrase To save the user profile, click Apply. More information SNMPv3 user options SNMPv3 user options • Security Name—The user profile name. Enter an alphanumeric string of 1 to 32 characters. • Authentication Protocol—Sets the message digest algorithm to use for encoding the authorization passphrase.
Configuring the SNMP alert settings 1. 2. 3. 4. 5. Navigate to the Administration→Management page. On the SNMP Settings tab, scroll to the SNMP Alerts section. Configure the Trap Source Identifier by selecting iLO Hostname or OS Hostname.
example, the host 192.168.1.1, which has the subnet mask 255.255.252.0, has the broadcast address 192.168.1.1 | 0.0.3.255 = 192.168.3.255. • SNMPv1 Traps—When enabled, SNMPv1 traps are sent to the remote management systems configured in the SNMP Alert Destination(s) boxes. Using the AMS Control Panel to configure SNMP and SNMP alerts (Windows only) 1. 2. Open the Agentless Management Service Control Panel. Click the SNMP tab. 3. 4. Update the SNMP settings.
Table 3 SNMP traps SNMP trap name Description Cold Start Trap 0 SNMP has been initialized, the system has completed POST, or AMS has started. Authentication Failure Trap 4 SNMP has detected an authentication failure. cpqSeCpuStatusChange 1006 An uncorrectable machine check exception has been detected in a processor. cpqSeUSBStorageDeviceReadErrorOccurred 1010 A read error occurred on an attached USB storage device.
Table 3 SNMP traps (continued) SNMP trap name Description cpqHe3TemperatureOk 6042 The temperature status has been set to OK. cpqHe4FltTolPowerSupplyOk 6048 The fault-tolerant power supply condition has been reset to OK. cpqHe4FltTolPowerSupplyDegraded 6049 The fault-tolerant power supply condition has been set to Degraded. cpqHe4FltTolPowerSupplyFailed 6050 The fault-tolerant power supply condition has been set to Failed.
Table 3 SNMP traps (continued) SNMP trap name Description cpqSm2IrsCommFailure 9020 Communication with Insight Remote Support or Insight Online has failed. cpqHo2GenericTrap 11003 Generic trap. Verifies that the SNMP configuration, client SNMP console, and network are operating correctly. You can use the iLO web interface to generate this alert to verify receipt of the alert on the SNMP console. cpqHo2PowerThresholdTrap 11018 A power threshold has been exceeded.
This value sets the browser destination of the Insight Agent link on iLO pages. Enter the FQDN or IP address of the host server. The protocol (https://) and port number (:2381) are added automatically to the IP address or DNS name to allow access from iLO. If the URL is set through another method (for example, HPQLOCFG), click the browser refresh button to display the updated URL. 4. Select the Level of Data Returned. This setting controls the content of an anonymous discovery message received by iLO.
4. • SMTP Port • SMTP Server Optional: To send a test message to the configured email address, click Send Test AlertMail. This button is available only when AlertMail is enabled. 5. To save the changes, click Apply. AlertMail options • Email Address—The destination email address for iLO email alerts. This string can be up to 63 characters and must be in standard email address format. You can enter only one email address.
4. Optional: To send a test message to the configured syslog server, click Send Test Syslog. This button is available only when iLO Remote Syslog is enabled. 5. To save the changes, click Apply. Remote syslog options • Remote Syslog Port—The port number through which the Syslog server is listening. The default value is 514. • Remote Syslog Server—The IP address, FQDN, IPv6 name, or short name of the server running the Syslog service. This string can be up to 127 characters.
10 Managing remote support HPE embedded remote support iLO 4 includes the embedded remote support feature, which allows you to register supported servers for HPE remote support. You can also use iLO to monitor service events and remote support data collections. Connecting a server to Hewlett Packard Enterprise allows it to be remotely supported and to send diagnostic, configuration, telemetry, and contact information to Hewlett Packard Enterprise.
Figure 4 Insight Remote Support central connect Server Insight RS host server Firewall Device support Embedded remote support registration is supported for the following device types: Insight Online direct connect • ProLiant Gen8 servers • ProLiant Gen9 servers Insight Remote Support central connect • ProLiant Gen8 servers • ProLiant Gen9 servers If you use HPE OneView to manage your environment, use HPE OneView to register for remote support.
• • Configuration—During data collection, iLO collects data to enable proactive advice and consulting.
HPE Proactive Care services customers only: AMS installation is required in order to receive the following Proactive Care features: Proactive Scan Report and Firmware and Software Version Report. AMS is one way in which iLO can obtain the server name. If iLO cannot obtain the server name, the displayed server name in Insight Online and Insight RS is derived from the server serial number.
Registering for Insight Online direct connect When you register for Insight Online direct connect, you must complete steps in both the iLO web interface and the Insight Online portal. Prerequisites • Your environment meets the prerequisites for embedded remote support registration. • Configure iLO Settings privilege. • You have an HP Passport account. For more information, see http://www.hpe.com/info/ insightonline. Registering for Insight Online direct connect (step 1) 1. 2.
5. • Web Proxy Username • Web Proxy Password To accept the licensing terms and conditions, select the I accept the terms and conditions check box. You can view these documents at the following website: http://www.hpe.com/info/ SWLicensing. 6. Click Register. iLO notifies you that Step 1 of the registration process is finished, and prompts you to complete Step 2. Allow up to 5 minutes for your registration request to be fully processed. Registering for Insight Online direct connect (step 2) 1. 2.
Completing the post-registration steps 1. Optional: Send a test event to confirm the connection between iLO and HPE remote support. For instructions, see “Sending a test service event” (page 137). 2. Optional: If you want to receive email alerts about system events, configure AlertMail on the Administration→Management→AlertMail page in the iLO web interface. For more information, see “iLO AlertMail” (page 125).
3. Enter the Host server hostname or IP address and Port number. The default port is 7906. 4. Click Register. iLO notifies you that the registration process is finished. 5. Optional: Send a test event to confirm the connection between iLO and Insight Remote Support. For instructions, see “Sending a test service event” (page 137).
Unregistering a server from Insight Online direct connect 1. 2. 3. Navigate to the Remote Support→Registration page. Click Unregister. When prompted to confirm the request, click OK. iLO notifies you that the server is no longer registered. Unregistering from Insight Remote Support central connect 1. 2. Log in to the Insight RS Console.
4. Click Apply. iLO notifies you that maintenance mode is set. Maintenance mode ends automatically when the specified amount of time has passed. iLO notifies you when maintenance mode is cleared. TIP: To end maintenance mode early, select the Clear Maintenance Mode check box, and then click Apply. Sending a test service event You can send a test event to verify that your remote support configuration is working correctly. Prerequisites Configure iLO Settings privilege. Sending a test event 1. 2. 3.
• Destination—For Insight Remote Support central connect configurations, the host name or IP address and port of the Insight RS host server that received the service event. For Insight Online direct connect configurations, the value Insight Online is displayed. • Event Category—The category of the event that matches the Message ID description in the message registry.
Data collection information Depending on your remote support configuration, iLO or the Insight RS host server sends configuration information to Hewlett Packard Enterprise for analysis and proactive services in accordance with your warranty and service agreements. • For Insight Online direct connect, this data is transmitted every 30 days. You cannot edit or delete the data collection schedule.
Data Collection details • Last Data Collection Transmission—The date and time of the last data collection. • Last Data Collection Transmission Status—The status of the last data transmission. • Data Collection Frequency (days) (Insight Online direct connect only)—The frequency at which data is sent to Hewlett Packard Enterprise. • Next Data Collection Scheduled (Insight Online direct connect only)—The next date and time when data will be sent to Hewlett Packard Enterprise.
11 Managing iLO with the ROM-based utilities iLO ROM-based utilities You can use ROM-based utilities to configure iLO. The ROM-based utility embedded in the system ROM of your server depends on your server model. You can access the ROM-based utilities from the physical system console, or by using an iLO remote console session. • ProLiant Gen8 servers, except for the DL580 Gen8 server, have the iLO RBSU software embedded in the system ROM.
6. 7. 8. From the Advanced Autoconfiguration Setup and Status screen, view or update the advanced network settings. To save your changes, press F10. Select File→Exit. More information Advanced Network Options Configuring Network Options (iLO 4 Configuration Utility) 1. 2. 3. Optional: If you access the server remotely, start an iLO remote console session. Restart or power on the server. Press F9 in the server POST screen. The UEFI System Utilities start. 4. 5. 6. 7. 8. 9.
Network Options • MAC Address (read-only)—The MAC address of the selected iLO network interface. • Network Interface Adapter—Specifies the iLO network interface adapter to use. ◦ ON—Uses the iLO Dedicated Network Port. ◦ Shared Network Port—Uses the Shared Network Port. This option is only available on supported servers. ◦ OFF—Disables all network interfaces to iLO.
• Route 1, Route 2, and Route 3—If DHCP Routes is disabled, specifies the iLO static route destination, mask, and gateway addresses. • DNS from DHCP—Specifies whether iLO uses the DHCP server-supplied DNS server list. • DNS Server 1, DNS Server 2, DNS Server 3—If DNS from DHCP is disabled, specifies the primary, secondary, and tertiary DNS servers. • WINS from DHCP—Specifies whether iLO uses the DHCP server-supplied WINS server list.
4. 5. 6. 7. 8. 9. From the System Utilities screen, select System Configuration→iLO 4 Configuration Utility→Setting Options, and press Enter. View or update the access settings. Press F10. Press Esc until the main menu is displayed. Select Exit and Resume Boot in the main menu, and then press Enter. When prompted to confirm the request, press Enter to exit the utility and resume the boot process. More information Access options Viewing information about iLO by using the iLO 4 Configuration Utility 1. 2.
12 Using the iLO web interface iLO web interface You can use the iLO web interface to manage iLO. You can also use a Remote Console, XML configuration and control scripts, SMASH CLP, or the iLO RESTful API. For more information, see the iLO and iLO RESTful API documentation at the following website: http://www.hpe.com/info/ilo/docs. Browser support The iLO web interface requires a browser that meets the following requirements: • JavaScript—The iLO web interface uses client-side JavaScript extensively.
5. 6. 7. Set the Scripting→Active scripting setting to Enable. Click OK. Refresh your browser window. Logging in to the iLO web interface 1. Enter https://. You must access the iLO web interface through HTTPS (HTTP exchanged over an SSL encrypted session). 2. Do one of the following: • On the login page, enter a directory or local user account name and password, and then click Log In. • Click the Zero Sign In button.
The second login has effectively orphaned the first session by overriding the cookie generated during the User1 login. This behavior is the same as closing the User1 browser without clicking the Sign Out button. The User1 orphaned session is reclaimed when the session timeout expires. Because the current user frame is not refreshed unless the browser is forced to refresh the entire page, User1 can continue navigating by using the browser window.
click the icon. For all components except AMS, select a component to view more information about the component status. Starting a remote management tool from the login page 1. Navigate to the iLO login page. When iLO is under the control of a remote management tool, the iLO web interface displays a message similar to the following: This system is being managed by .
13 Viewing iLO overview and system information Viewing iLO overview information Navigate to the Information→Overview page. The iLO Overview page displays high-level details about the server and the iLO subsystem, as well as links to commonly used features. System information • Server Name—The server name defined by the host operating system. To navigate to the Access Settings page, click the Server Name link • Product Name—The product with which this iLO processor is integrated.
• Product ID—This value distinguishes between different systems with similar serial numbers. The product ID is assigned when the system is manufactured. You can change this value by using the system RBSU or the UEFI System Utilities during POST. • System ROM—The version of the active system ROM. • System ROM Date—The date of the active system ROM. • Backup System ROM—The version of the backup system ROM. If a system ROM update fails or is rolled back, the backup system ROM is used.
new state is selected while the UID LED is blinking, that state takes effect when the UID LED stops blinking. CAUTION: The UID LED blinks automatically to indicate that a critical operation is underway on the host, such as Remote Console access or a firmware update. Do not remove power from a server when the UID LED is blinking. • TPM Status or TM Status—The status of the TPM or TM socket or module. • Module Type—The TPM or TM type and specification version. The possible values are TPM 1.2, TPM 2.
The information that you can view depends on whether you are using Agentless Management or SNMP Pass-thru, and whether AMS is installed. For more information, see “iLO SNMP management” (page 112).
• Power Supplies (nonblade servers only) • Processors • Storage • Temperatures • Smart Storage Battery Status (supported servers only) • Agentless Management Service Subsystem and device status values The Health Summary page uses the following status values: • Redundant—There is a backup component for the device or subsystem. • OK—The device or subsystem is working correctly. • Not Redundant—There is no backup component for the device or subsystem.
Fan details The following details are displayed for each fan: • Fan—The fan name. • Location—For nonblade servers, the location in the server chassis is listed. For server blades, the virtual fan is listed with the location Virtual. • Status—The fan health status. For more information, see “Subsystem and device status values” (page 154). • Speed—The fan speed (percent). Fans The iLO firmware, in conjunction with the hardware, controls the operation and speed of the fans.
2. 3. Optional: Customize the graph display. • Select the 3D check box to display a three-dimensional graph. • Clear the 3D check box to display a two-dimensional graph. • Select Front View or Back View to display the sensors located at the front or back of the server. Optional: Move the mouse over a circle on the graph to view individual sensor details. The sensor ID, status, and temperature reading are displayed.
Temperature sensor details • Sensor—The ID of the temperature sensor, which also gives an indication of the sensor location. • Location—The area where the temperature is being measured. In this column, Memory refers to the following: ◦ Temperature sensors located on physical memory DIMMs. ◦ Temperature sensors located close to the memory DIMMs, but not located on the DIMMs. These sensors are located further down the airflow cooling path, near the DIMMs, to provide additional temperature information.
Additional policies are implemented after an excessive temperature condition is corrected, including returning the fan speed to normal, recording the event in the IML, turning off the LED indicators, and canceling shutdowns in progress (if applicable). Viewing power information Navigate to the Information→System Information page, and then click the Power tab. The information displayed on the Power Information page varies depending on the server type.
Possible Power Status values follow: • Redundant—Indicates that the power supplies are in a redundant state. If Power Discovery Services is integrated into the infrastructure, this value indicates whether the externally supplied power to the internal power supplies is redundant. • Not Redundant—Indicates that at least one of the power supplies or iPDUs (if Power Discovery Services is used) is not supplying power to the server.
Power Supplies list Some power supplies do not provide information for all of the values in this list. If a power supply does not provide information for a value, N/A is displayed. Bay The power supply bay number. Present Indicates whether a power supply is installed. The possible values are OK and Not Installed. Status The power supply status. The displayed value includes a status icon (OK, Degraded, Failed, or Other), and text that provides more information.
Flex Slot Battery Backup Unit The following information is displayed for supported servers with an installed Flex Slot Battery Backup Unit: • Charge—The current battery charge (percent). • Days Active—The number of calendar days that the battery has been installed in a powered server. • Battery Health—The battery health status (0 to 100 percent). Power capping and power metering are not supported on servers with an installed Flex Slot Battery Backup Unit.
Status The overall communication-link status and rack input power redundancy, as determined by the iPDU. Possible values follow: • iPDU Redundant—This Good status indicates that the server is connected to at least two different iPDUs. • iPDU Not Redundant—This Caution status indicates that the server is not connected to at least two different iPDUs. This status is displayed when one of the following conditions occurs: ◦ An iPDU link is not established for all power supplies.
The server must be powered on for the iLO firmware to determine the power microcontroller firmware version. Smart Storage Battery details The following details are displayed on servers that support the Smart Storage Battery. • Index—The battery index number. • Present—Whether a battery is installed. The possible values are OK and Not Installed. • Status—The battery status. The possible values are OK, Degraded, Failed, or Other. • Model—The battery model number.
If the server is powered off, the system health information on this page is current as of the last power off. Health information is updated only when the server is powered on and POST is complete. Processor details The following information is displayed for each processor: • Processor Name—The name of the processor. • Processor Status—The health status of the processor. • Processor Speed—The speed of the processor. • Execution Technology—Information about the processor cores and threads.
AMP Mode Status The status of the AMP subsystem. • Other/Unknown—The system does not support AMP, or the management software cannot determine the status. • Not Protected—The system supports AMP, but the feature is disabled. • Protected—The system supports AMP. The feature is enabled but not engaged. • Degraded—The system was protected, but AMP is engaged. Therefore, AMP is no longer available. • DIMM ECC (Error Correcting Code)—The system is protected by DIMM ECC only.
• Intersocket Mirroring—The system is configured for mirrored intersocket AMP between the memory of two processors or boards. • Intrasocket Mirroring—The system is configured for mirrored intrasocket AMP between the memory of a single processor or board. Supported AMP Modes The following modes are supported: • RAID-XOR—The system can be configured for AMP using the XOR engine.
Number of Sockets The number of present memory module sockets. Total Memory The capacity of the memory, including memory recognized by the operating system and memory used for spare, mirrored, or XOR configurations. Operating Frequency The frequency at which the memory operates. Operating Voltage The voltage at which the memory operates. Memory Details The Memory Details section shows the memory modules on the host that were installed and operational at POST.
• CPQ single width module • CPQ double width module • SIMM • PCMCIA • Compaq-specific • DIMM • Small outline DIMM • RIMM • SRIMM • FB-DIMM • DIMM DDR • DIMM DDR2 • DIMM DDR3 • DIMM DDR4 (supported servers only) • FB-DIMM DDR2 • FB-DIMM DDR3 • N/A—Memory module is not present. Size The size of the memory module, in MB. Maximum Frequency The maximum frequency at which the memory module can operate. Minimum Voltage The minimum voltage at which the memory module can operate.
• LRDIMM • NVDIMM • R-NVDIMM Viewing network information 1. 2. Navigate to the Information→System Information page, and then click the Network tab. Optional: To expand or collapse the information on this page, click Expand All or Collapse All, respectively. If the server is powered off, the health status information on this page is current as of the last power off. Health information is updated only when the server is powered on and POST is complete.
to the server host operating system, the iLO firmware cannot obtain current IP addresses (or other configuration settings) for these devices. • Description—A description of the physical network adapter, for example, Dedicated Network Port or Shared Network Port. This value is displayed for iLO adapters only. • Location—The location of the adapter on the system board. • Firmware—The version of the installed adapter firmware, if applicable.
Boot progress and boot targets The following information about the boot progress and boot targets is displayed when DCI connectivity is available: • Port—The configured virtual port number. • Boot Progress—The current boot status. • Boot Targets ◦ WWPN—The world wide port name. ◦ LUN ID—The logical unit number ID.
The following information is displayed only if AMS is installed and running on the server: Firmware version and status of add-in network adapters, network-attached storage details, and Smart Storage Battery status. If the iLO firmware cannot retrieve the network adapter product name or part number directly from the device, it attempts to collect that information from AMS. Device Inventory details • Location—The device install location. • Product Name—The device product name.
2. Move the cursor over the Location column for a listed PCI slot. PCI slot tool tip details • Type—The PCI slot type. • Bus Width—The PCI slot bus width. • Length—The PCI slot length. • Characteristics 1—Information about the PCI slot, for example, voltage and other support information. • Characteristics 2—Information about the PCI slot, for example, voltage and other support information. Viewing storage information 1. 2. 3.
Supported storage components The Storage Information page displays information about the following storage components: • Smart Array controllers, drive enclosures, the attached logical drives, and the physical drives that constitute the logical drives. • Hewlett Packard Enterprise and third-party storage controllers that manage direct-attached storage, and the attached physical drives. iLO 4 2.10 and later supports the following products: ◦ HPE ML/DL Server M.
top-level controller status changes to Major Warning or Degraded, depending on the failure type. If the controller hardware has a Failed status, the top-level controller status is Failed. • Controller Status—Controller hardware status (OK or Failed) • Serial Number • Model • Firmware Version • Controller Type • Cache Module Status • Cache Module Serial Number • Cache Module Memory • Encryption Status—Indicates whether encryption is enabled in the controller.
Logical Drives When the Logical View option is selected, the following information is listed for the logical drives attached to a Smart Array controller. • Logical drive number • Status • Capacity • Fault Tolerance • Logical Drive Type • Encryption Status Logical drives must be configured through the Smart Storage Administrator software before they can be displayed on this page.
• Drive Configuration • Encryption Status Direct-attached storage details iLO displays information about the following: • Controllers • Physical drives Controllers This section provides the following information about the Hewlett Packard Enterprise and third-party storage controllers that manage direct-attached storage.
When a physical drive has a Failed status, this status does not affect the overall storage health status. Only logical drives affect the storage health status. • Physical drive location • Status • Serial Number • Model • Media Type • Capacity • Location • Firmware Version • Drive Configuration • Encryption Status Viewing firmware information Navigate to the Information→System Information page, and then click the Firmware tab.
Firmware details The Firmware Information page displays the following information for each listed firmware type: • Firmware Name—The name of the firmware. • Firmware Version—The version of the firmware. • Location—The location of the component that uses the listed firmware. Viewing software information 1. 2. 3. Navigate to the Information→System Information page, and then click the Software tab.
HPE Software List details • Name—The name of the software. • Description—A description of the software. • Version—The software version. The versions of the firmware components displayed on this page indicate the firmware versions available in the firmware flash components that are saved on the local operating system (for example, the hp-firmware-ilo4 RPM on Linux systems). The displayed version might not match the firmware running on the server.
Installed Software details The Installed Software list displays the name of each installed software program.
14 Using the iLO logs iLO Event Log The event log provides a record of significant events recorded by iLO. Logged events include major server events such as a server power outage or a server reset, and iLO events such as unauthorized login attempts. Other logged events include successful or unsuccessful browser and Remote Console logins, virtual power and power-cycle events, clearing the log, and some configuration changes, such as creating or deleting a user and registering for remote support.
• Count—The number of times this event has occurred (if supported). In general, important events generate an event log entry each time they occur. They are not consolidated into one event log entry. When less important events are repeated, they are consolidated into one event log entry, and the Count and Last Update values are updated. Each event type has a specific time interval that determines whether repeated events are consolidated or a new event is logged.
Saving the event log to a CSV file Use a supported browser to export the event log to a CSV file. For Internet Explorer users only: This feature is supported with Internet Explorer 11 and later. 1. Navigate to the Information→iLO Event Log page. 2. Click View CSV. 3. In the CSV Output window, click Save, and then follow the browser prompts to save or open the file. 4. Click Close to close the window.
• Automatic shutdown started • Automatic shutdown canceled • Drive failure Viewing the IML 1. 2. Navigate to the Information→Integrated Management Log page. Optional: Use the IML filters to customize the log view. IML details • The first column on the left side of the web interface displays a check box next to each event with Critical or Caution status. Use this check box to select an event to mark as repaired.
To access troubleshooting information for selected events, click the link in the Description column. More information Configuring iLO SNTP settings IML icons iLO uses the following icons to indicate IML event severity: • Critical—The event indicates a service loss or an imminent service loss. Immediate attention is needed. • Caution—The event is significant but does not indicate performance degradation. • Informational—The event provides background information.
1. 2. 3. Investigate and repair the issue. Navigate to the Information→Integrated Management Log page. Select the log entry. To select an IML entry, click the check box next to the entry in the first column of the IML table. If a check box is not displayed next to an IML entry, that entry cannot be marked as repaired. 4. Click Mark as Repaired. The iLO web interface refreshes, and the selected log entry status changes to Repaired.
3. 4. In the CSV Output window, click Save, and then follow the browser prompts to save or open the file. Click Close to close the window. Clearing the IML Users with the Configure iLO Settings privilege can clear the IML of all previously logged information. 1. Navigate to the Information→Integrated Management Log page. 2. Click Clear IML. 3. When prompted to confirm the request, click OK.
15 Using the Active Health System Active Health System The Active Health System monitors and records changes in the server hardware and system configuration.
Downloading the Active Health System Log for a date range 1. Navigate to the Information→Active Health System Log page. The Active Health System Log is inaccessible when it is being used by Intelligent Provisioning or the Active Health System download CLI tool. 2. Enter the range of days to include in the log. The default value is seven days. a. Click the From box. A calendar is displayed. b. c. Select the range start date on the calendar. Click the To box. A calendar is displayed. d. 3.
The contact information that you provide will be treated in accordance with the Hewlett Packard Enterprise privacy statement. This information is not written to the log data stored on the server. 4. 5. 6. Click Download Entire Log. Save the file. If you have an open support case, you can email the log file to hpsupport_global@hpe.com. • Use the following convention for the email subject: CASE: . • Files that are larger than 15 MB must be compressed and uploaded to an FTP site.
Prerequisites Configure iLO Settings privilege Clearing the log 1. Navigate to the Information→Active Health System Log page. The Active Health System Log is inaccessible when it is being used by Intelligent Provisioning or the Active Health System download CLI tool. 2. 3. 4. Click Show Advanced Settings. Scroll to the Clear Log section, and then click the Clear button. When prompted to confirm the request, click OK. iLO notifies you that the log is being cleared. 5. Reset iLO.
16 Using the iLO diagnostics, reboot, and reset features iLO diagnostics The Diagnostics page displays the iLO self-test results and allows you to reset iLO, generate an NMI to the system, or configure redundant ROM. Viewing iLO self-test results The iLO Self-Test Results section displays the results of internal iLO diagnostic tests, including the test name, status, and notes. Navigate to the Information→Diagnostics page. Self-test details • The test status is listed in the Status column.
Prerequisites Configure iLO Settings privilege Resetting iLO 1. 2. 3. Navigate to the Information→Diagnostics page. Click Reset. When prompted to confirm the request, click OK. iLO resets and closes your browser connection. For other reset methods, see “Rebooting (Resetting) iLO” (page 195). Generating an NMI The Generate NMI to System feature enables you to stop the operating system for debugging.
Updating the ROM settings 1. Navigate to the Information→Diagnostics page. The Active ROM table shows the version and date of the active system ROM. The Backup ROM table shows the version of the backup ROM and the release date of the backup ROM bootblock (ProLiant Gen8 servers only). The backup ROM is typically the previously installed version. 2. 3. To swap the active ROM and the backup ROM, click Swap ROM. When prompted to confirm the request, click OK.
More information iLO diagnostics Resetting iLO (iLO 4 Configuration Utility) Rebooting iLO with the server UID button Resetting iLO (iLO 4 Configuration Utility) Prerequisite Configure iLO Settings privilege To reset iLO: 1. 2. 3. Optional: If you access the server remotely, start an iLO remote console session. Restart or power on the server. Press F9 in the server POST screen. The UEFI System Utilities start. 4.
Performing a hardware iLO reboot with the server UID button When you initiate a hardware iLO reboot, the server hardware initiates the iLO reboot. To initiate a hardware iLO reboot, press and hold the UID button for 10 seconds or longer. The UID button/LED flashes blue 8 Hz/cycle per second to indicate that an iLO hardware reboot is in progress. CAUTION: Initiating a hardware iLO reboot does not make any configuration changes, but ends all active connections to iLO.
3. Press F9 in the server POST screen. The UEFI System Utilities start. 4. From the System Utilities screen, select System Configuration→iLO 4 Configuration Utility→Set to factory defaults, and press Enter. The iLO 4 Configuration Utility prompts you to select YES or NO. 5. 6. Select YES, and press Enter. When prompted to confirm the request, press Enter. iLO resets to the factory default settings. If you are managing iLO remotely, the remote console session is automatically ended.
17 Using iLO Federation iLO Federation features iLO Federation enables you to manage multiple servers from one system using the iLO web interface. When configured for iLO Federation, iLO uses multicast discovery and peer-to-peer communication to enable communication between the systems in an iLO Federation group.
After you select a group, you can filter the servers in the list to view server information or perform actions on a subset of the servers in the group. Selected Group list filters When you filter the list of servers: • The information displayed on iLO Federation pages applies to all of the servers in the selected group that meet the filter criteria. • The changes you make on iLO Federation pages apply to all of the servers in the selected group that meet the filter criteria.
iLO Federation information export options You can export the following information from the iLO Federation pages: • Systems with critical or degraded status—Export this list from the Multi-System View page. • iLO peers list—Export this list from the Multi-System Map page.
3. 4. Optional: To filter the list of servers, click a health status, server model, or server name link. Click Next or Previous (if available) to view more servers in the Critical and Degraded Systems list. Critical and degraded server status details • Server Name—The server name defined by the host operating system. • System Health—The server health status. • Server Power—The server power status (ON or OFF). • UID Indicator—The state of the server UID LED.
• URL—The URL for starting the iLO web interface for the listed peer. • IP—The peer IP address. More information Exporting iLO Federation information to a CSV file iLO Federation Group Virtual Media Group Virtual Media enables you to connect scripted media for access by the servers in an iLO Federation group. • Scripted media only supports 1.44 MB floppy disk images (IMG) and CD/DVD-ROM images (ISO). The image must be on a web server on the same network as the grouped iLO systems.
If this check box is not selected, the disk image will remain connected until it is ejected manually, and the servers will boot to it on all subsequent server resets, if the system boot options are configured accordingly. If a server in the group is in POST when you use the Boot on Next Reset check box, an error occurs because you cannot modify the server boot order during POST. Wait for POST to finish, and then try again. 5. Click Insert Media. iLO displays the command results.
2. Select a group from the Selected Group menu. The scripted media device that you eject will be disconnected from all of the systems in the selected group. 3. Click Eject Media in the Virtual Floppy Status section or the Virtual CD/DVD-ROM Status section.
2. Select a group from the Selected Group menu. iLO displays the grouped servers by power state with a counter that shows the total number of servers in each state. 3. To change the power state of a group of servers, do one of the following: • • For servers that are in the ON or Reset state, click one of the following buttons: ◦ Momentary Press ◦ Press and Hold ◦ Reset ◦ Cold Boot For servers that are in the OFF state, click the Momentary Press button.
system commands to complete a graceful operating system shutdown before you attempt to shut down by using the Virtual Power Button. • Press and Hold—The same as pressing the physical power button for 5 seconds and then releasing it. The servers in the selected group are powered off as a result of this operation. Using this option might circumvent a graceful operating system shutdown. This option provides the ACPI functionality that some operating systems implement.
When values are displayed in watts, click Show values in BTU/hr to change the display to BTU/hr. When values are displayed in BTU/hr, click Show values in Watts to change the display to watts. 5. Click Apply. Power capping considerations The Group Power Settings feature enables you to set dynamic power caps for multiple servers from a system running the iLO web interface. • When a group power cap is set, the grouped servers share power to stay below the power cap.
Viewing group power capping information Prerequisites An iLO license that supports this feature is installed. For more information, see the following website: http://www.hpe.com/info/ilo/licensing. Viewing group power capping information 1. 2. 3. Navigate to the iLO Federation→Group Power Settings page. Select a group from the Selected Group menu. Optional: When values are displayed in watts, click Show values in BTU/hr to change the display to BTU/hr.
iLO Federation Group Firmware Update The Group Firmware Update feature enables you to view firmware information and update the firmware of multiple servers from a system running the iLO web interface.
Server firmware file type details • When you update the system ROM, you must use a signed image or the signed ROMPAQ image: ◦ Signed image example: http:////P79_1.00_10_25_2013.signed.flash ◦ Signed ROMPAQ image example: http:////CPQPJ0612.A48 • The Power Management Controller, chassis firmware, and NVMe backplane files use the file extension .hex. For example, the file name might be similar to ABCD5S95.hex.
Obtaining supported server firmware image files Viewing firmware information 1. 2. Navigate to the iLO Federation→Group Firmware Update page. Select a group from the Selected Group menu. Firmware details The Firmware Information section displays the following information: • The number of servers with each supported firmware version. The percentage of the total number of servers with the listed firmware version is also displayed. • The flash status for the grouped servers.
Using iLO Federation group licensing The Group Licensing page displays the license status for members of a selected iLO Federation group. Use this page to enter an optional key to activate iLO licensed features. Viewing license information 1. 2. 3. Navigate to the iLO Federation→Group Licensing page. Select a group from the Selected Group menu. Optional: To filter the list of servers, click a license type or status link in the License Information section.
2. Optional: To filter the list of affected systems, click a license type or status link. If you install a license key on a server that already has a key installed, the new key replaces the installed key. If you do not want to replace existing licenses, click Unlicensed in the License Information Status table to install licenses only on servers that are unlicensed. 3. Enter the license key in the Activation Key box.
18 Using the iLO Remote Consoles Using the Integrated Remote Console The iLO Integrated Remote Console is a graphical remote console that can be used to control the display, keyboard, and mouse of the host server. The Integrated Remote Console provides access to the remote file system and network drives. With Integrated Remote Console access, you can observe POST boot messages as the remote host server restarts, and initiate ROM-based setup activities to configure the remote host server hardware.
• Do not run the Integrated Remote Console from the host operating system on the server that contains the iLO processor. • Hewlett Packard Enterprise recommends that users who log in to a server through the Integrated Remote Console logout before closing the console. • Pop-up blockers prevent the .NET IRC or Java IRC applet from running, so you must disable them before starting an Integrated Remote Console session.
Microsoft ClickOnce The .NET IRC is launched using Microsoft ClickOnce, which is part of the .NET Framework. ClickOnce requires that any application installed from an SSL connection must be from a trusted source. If a browser is not configured to trust an iLO system, and the IRC requires a trusted certificate in iLO setting is set to Enabled, ClickOnce displays the following error message: Cannot Start Application - Application download did not succeed...
5. If you are prompted to confirm that you want to run the application, click Run. If you do not click Run, the Java IRC will not start. 6. If a Security Warning dialog box is displayed, click Continue. If you do not click Continue, the Java IRC will not start. Starting the Java IRC (OpenJDK JRE) Use this procedure to start the Java IRC in environments with Linux and the OpenJDK JRE. 1. Navigate to the Remote Console→Remote Console page. 2.
system commands to complete a graceful operating system shutdown before you attempt to shut down by using the Virtual Power button. • Press and Hold—The same as pressing the physical power button for 5 seconds and then releasing it. The server is powered off as a result of this operation. Using this option might circumvent the graceful shutdown features of the operating system. This option provides the ACPI functionality that some operating systems implement.
2. Click Launch. A message notifies you that the .NET IRC is already in use. 3. Click Share. The session leader receives your request to join the .NET IRC session. If the session leader clicks Yes, you are granted access to the .NET IRC session with access to the keyboard and mouse. Console Capture (.NET IRC only) Console Capture allows you to record and play back video streams of events such as startup, ASR events, and sensed operating system faults.
◦ Play—Starts playback if the currently selected file is not playing or is paused. ◦ Record—Records your .NET IRC session. ◦ Progress Bar—Shows the progress of the video session. Viewing Server Startup and Server Prefailure sequences Prerequisites An iLO license that supports this feature is installed. For more information, see the following website: http://www.hpe.com/info/ilo/licensing. Viewing a startup or prefailure sequence 1. 2. Start the .NET IRC. Press the Play button.
3. 4. 5. The Save Video dialog box opens. Enter a file name and save location, and then click Save. When you are finished recording, press the Record button again to stop recording. Viewing saved video files Prerequisites An iLO license that supports this feature is installed. For more information, see the following website: http://www.hpe.com/info/ilo/licensing. Viewing a saved video file 1. 2. Start the .NET IRC. Press the Play button. The Playback Source dialog box opens. 3. 4.
Keys for configuring Remote Console hot keys Table 6 Keys for configuring hot keys ESC SCRL LCK 1 g L_ALT SYS RQ 2 h R_ALT F1 3 I L_SHIFT F2 4 j R_SHIFT F3 5 k L_CTRL F4 6 l R_CTRL F5 7 m L_GUI F6 8 n R_GUI F7 9 o INS F8 ; p DEL F9 = q HOME F10 [ r END F11 \ s PG UP F12 ] t PG DN SPACE ` u ENTER ' a v TAB , b w BREAK - c x BACKSPACE .
Using a text-based Remote Console iLO supports a true text-based Remote Console. Video information is obtained from the server, and the contents of the video memory are sent to the iLO management processor, compressed, encrypted, and forwarded to the management client application. iLO uses a screen-frame buffer that sends the characters (including screen positioning information) to text-based client applications.
2. 3. Restart or power on the server. Press F9 in the server POST screen. The system RBSU starts. 4. Set the Virtual Serial Port COM port. a. Select System Options, and then press Enter. b. Select Serial Port Options, and then press Enter. c. Select Virtual Serial Port, and then press Enter. d. Select the COM port you want to use, and then press Enter. e. Press ESC twice to return to the main menu. 5. Set the BIOS serial console port COM port. a. Select BIOS Serial Console & EMS, and then press Enter.
c. d. Select the Virtual Serial Port, and then press Enter. Press ESC. The main menu is displayed. 4. Set the BIOS Serial Console Baud Rate. a. Select BIOS Serial Console Baud Rate, and then press Enter. b. Select 115200, and then press Enter. NOTE: The iLO Virtual Serial Port does not use a physical UART, so the BIOS Serial Console Baud Rate value has no effect on the speed the iLO Virtual Serial Port uses to send and receive data. c. Press ESC. The main menu is displayed. 5.
After Linux is fully booted, a login console can be redirected to the serial port. • If configured, the /dev/ttyS0 and /dev/ttyS1 devices enable you to obtain serial TTY sessions through the iLO Virtual Serial Port. To begin a shell session on a configured serial port, add the following line to the /etc/inittab file to start the login process automatically during system boot.
Starting an iLO Virtual Serial Port session 1. Verify that the iLO Virtual Serial Port settings are configured in the iLO RBSU or UEFI System Utilities. For more information, see “Configuring the iLO Virtual Serial Port in the host system RBSU” (page 224) or “Configuring the iLO Virtual Serial Port in the UEFI System Utilities” (page 225). 2. Verify that the Windows or Linux operating system is configured for use with the iLO Virtual Serial Port.
When you use Textcons, the presentation of colors, characters, and screen controls depends on the client you are using, which can be any standard SSH client compatible with iLO.
Table 7 Character equivalents Character value Description Mapped equivalent 0x07 Small dot 0x0F Sun 0x10 Right pointer > 0x11 Left pointer < 0x18 Up arrow ^ 0x19 Down arrow v 0x1A Left arrow < 0x1B Right arrow > 0x1E Up pointer ^ 0x1F Down pointer v 0xFF Shaded block Blank space Using the Text-based Remote Console 1. Use SSH to connect to iLO. Make sure that the terminal application character encoding is set to Western (ISO-8859-1). 2. 3. Log in to iLO.
19 Using iLO Virtual Media iLO Virtual Media iLO Virtual Media provides a virtual device that can be used to boot a remote host server from standard media anywhere on the network. Virtual Media devices are available when the host system is booting. Virtual Media devices connect to the host server by using USB technology. When you use Virtual Media, note the following: • An iLO license key is required to use some forms of Virtual Media.
• If the host server operating system supports USB mass storage devices, the iLO Virtual CD/DVD-ROM is available after the host server operating system loads. ◦ You can use the Virtual CD/DVD-ROM when the host server operating system is running to upgrade device drivers, install software, and perform other tasks. ◦ Having the Virtual CD/DVD-ROM available when the server is running can be useful if you must diagnose and repair the NIC driver.
Operating system considerations: Virtual Floppy/USB key • Boot process and DOS sessions—During the boot process and DOS sessions, the virtual floppy device appears as a standard BIOS floppy drive (drive A). If a physically attached floppy drive exists, it is unavailable at this time. You cannot use a physical local floppy drive and a virtual floppy drive simultaneously. • Windows Server 2008 or later—Virtual Floppy/USB key drives appear automatically after Windows recognizes the USB device.
mount /dev/scd0 /media/cdrom1 For instructions, see “Mounting a USB Virtual Media CD/DVD-ROM on Linux systems” (page 234). Mounting a USB Virtual Media CD/DVD-ROM on Linux systems 1. 2. 3. 4. 5. Log in to iLO through the web interface. Start the .NET IRC or Java IRC. Select the Virtual Drives menu. Select the CD/DVD-ROM to use.
Changing the Virtual Media port 1. 2. 3. Navigate to the Virtual Media→Virtual Media page. Enter a new port number in the Virtual Media Port box. Click Change Port. The system prompts you to reset iLO. 4. Click OK. Viewing local media To view the connected local media devices, navigate to the Virtual Media→Virtual Media page.
NOTE: An error occurs if you try to enable the Boot on Next Reset check box when the server is in POST because you cannot modify the boot order during POST. Wait for POST to finish, and then try again. NOTE: Using the iLO Virtual Floppy to boot a remote host server is supported only on ProLiant Gen8 servers. It is not supported on ProLiant Gen9 servers or Synergy compute modules. 4. 5. Click Insert Media. Optional: To boot to the connected image now, click Server Reset to initiate a server reset.
Using an image file 1. 2. Start the .NET IRC or Java IRC. Click the Virtual Drives menu, and then select Image File Removable Media (.img files) or Image File CD-ROM/DVD (.iso files). The .NET IRC or Java IRC prompts you to select a disk image. 3. Enter the path or file name of the image file in the File name text box, or browse to the image file location, and then click Open. The virtual drive activity LED will show virtual drive activity.
4. 5. 6. Do one of the following: • If you will use a file, select the Media File option, and then click Browse and navigate to the file you want to use. • If you will use physical media, select the drive letter of the floppy disk, USB key, or CD-ROM in the Media Drive menu. Enter the path and file name for the image file in the Image File text box. Click Create. iLO notifies you when the image creation is complete. 7. 8. Click Close. Confirm that the image was created in the specified location.
The Virtual Folder is nonbootable and read-only; the mounted folder is static. Changes to the client folder are not replicated in the mounted folder. Setting up IIS for scripted Virtual Media Before you set up IIS for scripted Virtual Media, verify that IIS is operational. Use IIS to set up a simple website, and then browse to the site to verify that it is working correctly. Configuring IIS To configure IIS to serve diskette or ISO-9660 CD images for read-only access: 1.
Figure 5 Perl configuration example 7. 8. Verify that Web Service Extensions allows Perl scripts to execute. If not, click Web Service Extensions and set Perl CGI Extension to Allowed. Verify that the prefix variable in the helper application is set correctly. To view a sample helper application, see “Sample Virtual Media helper application” (page 240).
The helper script must transform the file parameter into a path relative to its working directory. This step might involve prefixing it with "../," or transforming an aliased URL path into the true path on the file system. The helper script requires write access to the target file. Diskette image files must have the appropriate permissions.
An error occurs if you try to change the server boot order when the server is in POST. You cannot modify the boot order during POST. If this error occurs, wait for POST to finish, and then try again. Configuring the server boot mode Servers that support the Unified Extensible Firmware Interface include the UEFI System Utilities software, which is embedded in the system ROM. On servers that support this feature, the iLO web interface Boot Order page includes the Boot Mode section.
• USB Storage Device • Hard Disk Drive • Network Device , where the server Ethernet card and additional NIC/FlexibleLOM cards are Network Device 1, Network Device 2, Network Device 3, and so on. In UEFI mode, select an option from the list of available boot devices. 3. Click Apply. iLO confirms that the boot order was updated successfully.
Changing the one-time boot status in UEFI mode 1. 2. Navigate to the Virtual Media→Boot Order page. Select an option from the Select One-Time Boot Option list. The following options are available: 3. 4. • No One-Time Boot • CD/DVD Drive • Floppy Drive (ProLiant Gen8 servers only) • USB Storage Device • Hard Disk Drive • Network Device , where the server Ethernet card is Network Device 1, and additional NIC/FlexibleLOM cards are Network Device 2, Network Device 3, and so on.
20 Using the power management features Server power-on with iLO 4 Nonblade servers Before the introduction of ProLiant Gen8 servers, some ProLiant servers (ML and DL) could be powered on through the power button within a few seconds after AC power was connected. If an AC power loss occurs on ProLiant Gen8 or Gen9 servers with iLO 4, approximately 30 seconds must elapse before the servers can power on again. If the power button is pressed during that time, it will blink, indicating a pending request.
The Thermal Shutdown option in the system RBSU or UEFI System Utilities allows you to disable the automatic shutdown feature. This configuration allows the disabling of automatic shutdown except in the most extreme conditions when physical damage might result. Power efficiency iLO enables you to improve power usage by using High Efficiency Mode. HEM improves the power efficiency of the system by placing the secondary power supplies in step-down mode.
• Not Enough Cooling—There is insufficient cooling available in the enclosure to cool the server. • Enclosure Busy—The enclosure is busy collecting information about the blade. If this error occurs after server insertion and auto power-on is enabled, iLO will continue to request power until it is allowed. Otherwise, press the momentary press button again. • Power Hold by Manager Profile (Synergy compute modules only)—HPE OneView has placed a power hold on this server.
• Reset—Forces the server to warm-boot: CPUs and I/O resources are reset. Using this option circumvents the graceful shutdown features of the operating system. • Cold Boot—Immediately removes power from the server. Processors, memory, and I/O resources lose main power. The server will restart after approximately 6 seconds. Using this option circumvents the graceful shutdown features of the operating system.
Power-On Delay settings On supported servers, choose from the following Power-On delay settings: • Minimum Delay—Power-on occurs after iLO startup is complete. • 15 Second Delay—Power-on is delayed by 15 seconds. • 30 Second Delay—Power-on is delayed by 30 seconds. • 45 Second Delay—Power-on is delayed by 45 seconds. • 60 Second Delay—Power-on is delayed by 60 seconds. • Random up to 120 seconds—The power-on delay varies and can be up to 120 seconds.
The bar graph displays the average values in blue and the peak values in red. The graph shows No cap set during a host power reset. • 20-Minute History Graph—Displays the power usage of the server over the previous 20 minutes. The iLO firmware collects power usage information from the server every 10 seconds. The bar graph displays the average values in blue and the peak values in red. Power metering is not supported on servers with an installed Flex Slot Battery Backup Unit.
2. Scroll to the Current State section. Current power state details The values displayed in the Current State table vary depending on the server type. • Present Power Reading—The current power reading from the server. This value is displayed for all servers. • Present Power Cap—The configured power cap for the server. This value is 0 if the power cap is not configured. This value is displayed for ML and DL servers, and server blades. • Power Input Voltage—The supplied input voltage for the server.
Meter graphs. This information will be displayed again after iLO collects information about the remaining installed power supplies. Power settings The Power Settings page enables you to view and control the power management features of the server. The power management features on this page vary based on the server configuration.
Configuring power caps Prerequisites • Configure iLO Settings privilege • An iLO license that supports this feature is installed. For more information, see the following website: http://www.hpe.com/info/ilo/licensing. • The server model supports power capping. See the server specifications for support information. Configuring a power cap 1. 2. 3. Navigate to the Power Management→Power Settings page. Select the Enable power capping check box.
• Power capping is not supported on all servers. For more information, check the server specifications. • You cannot use the iLO web interface to configure the power capping settings for SL servers and some XL servers. Use one of the following tools to configure the power capping settings for SL and XL servers: ◦ HPE ProLiant Power Interface Control Utility ◦ HPE Advanced Power Manager See the server Quickspecs at http://www.hpe.
Prerequisites Configure iLO Settings privilege Configuring the SNMP alert settings 1. 2. Navigate to the Power Management→Power Settings page. Select a value in the Warning Trigger list. The warning trigger determines whether warnings are based on peak power consumption, average power consumption, or if they are disabled. 3. 4.
21 Working with enclosures, frames, and chassis Using the Active Onboard Administrator OA is the enclosure management processor, subsystem, and firmware base that supports the HPE BladeSystem and all managed devices in the enclosure. The Active Onboard Administrator page allows you to view enclosure information, start the OA web interface, and toggle the enclosure UID LED. This page is displayed only when an enclosure is present.
2. If the OA supports multiple addresses, select the address to use from the options in the Onboard Administrator Address Selection table. Depending on the configuration, the following options might be available: 3. • IPv4 • IPv6 SLAAC • IPv6 Static • IPv6 DHCP Click Launch. The OA web interface starts in a new browser window. Toggling the enclosure UID LED To change the state of the enclosure UID LED where iLO is located, click the Toggle UID button.
Viewing frame information 1. 2. Navigate to the Synergy Frame→Frame Information page. Optional: To view server details, move the cursor over the server in the frame diagram. The Frame Information page provides information about the frame that contains the Synergy compute module that includes the iLO processor. Frame details • Frame health—The frame health status. This status is also displayed in the frame diagram. • Enclosure UID light—The state of the frame UID LED.
Server details The frame diagram displays the following details when you move the cursor over a server: • Server health status • Server host name • Server model • Server UID status Toggling the server UID LED To change the state of the server UID LED, click the server UID icon in the frame diagram. Viewing chassis information Navigate to the Chassis→Chassis Information page. The Chassis Information page is displayed for SL and XL servers.
• Input Voltage Lost • Fan Failure • High Input A/C Warning • Low Input A/C Warning • High Output Warning • Low Output Warning • Inlet Temperature Warning • Internal Temperature Warning • High Vaux Warning • Low Vaux Warning • Mismatched Power Supplies PDS Whether the installed power supply is enabled for Power Discovery Services. Power Discovery Services is an enhancement to the iPDU technology.
Firmware The installed power supply firmware. Intelligent Power Distribution Unit details The Intelligent Power Distribution Units section is displayed only if the chassis power supplies are connected to an iPDU. After iLO is reset, or when an iPDU is attached, it takes approximately 2 minutes for the iLO web interface to display the Intelligent Power Distribution Units table. This delay is due to the iPDU discovery process.
22 Using the Embedded User Partition iLO Embedded User Partition iLO 4 stores files such as Active Health System data and the Intelligent Provisioning software in nonvolatile flash memory that is embedded on the system board. This flash memory is called the iLO NAND. ProLiant Gen9 servers and Synergy compute modules with a 4 GB iLO NAND allow you to use a 1 GB nonvolatile flash memory partition as if it was an SD-card attached to the server.
Configuring the Embedded User Partition You can use the UEFI System Utilities, UEFI Shell, and RESTful Interface Tool to configure the Embedded User Partition. Configuring the Embedded User Partition (UEFI System Utilities) Use the following procedure to enable or disable the Embedded User Partition by using the UEFI System Utilities. 1. Optional: If you access the server remotely, start an iLO remote console session. 2. Restart or power on the server. 3. Press F9 in the server POST screen.
Configuring the Embedded User Partition boot settings You can use the UEFI System Utilities, UEFI Shell, RESTful Interface Tool, or iLO web interface to configure the Embedded User Partition boot settings. Configuring the Embedded User Partition boot order setting (iLO web interface) Use the following procedure to change the position of the Embedded User Partition in the Server Boot Order list. NOTE: 1. 2. This feature is not available when the Legacy BIOS boot mode is selected.
4. Click Apply. The following message appears: Successfully set one-time boot option. The Current One-Time Boot Option value is updated to show the selection. Configuring the Embedded User Partition boot order setting (UEFI System Utilities) Use the following procedure to change the position of the Embedded User Partition in the UEFI Boot Order list. NOTE: 1. 2. 3. This feature is not available when the Legacy BIOS boot mode is selected.
4. 5. From the System Utilities screen, select One Time Boot Menu, and then press Enter. From the One-Time Boot Menu screen, select the Embedded User Partition option, and then press Enter. The Embedded User Partition is listed with a name similar to the following: Internal Virtual USB 4 : Embedded User Partition. The server resumes the boot process and boots from the Embedded User Partition. For more information about the One-Time Boot Menu, see the UEFI System Utilities user guide.
23 Using iLO with other software products and tools Viewing Location Discovery Services information Prerequisites An iLO license that supports this feature is installed. For more information, see the following website: http://www.hpe.com/info/ilo/licensing. Viewing Location Discovery Services information Navigate to the Information→Location Discovery Services page. The information displayed on this page varies depending on the server type. This feature is not supported on Synergy compute modules.
Blade enclosures and BL server-specific data • Bay Number—The server bay in the enclosure. • Enclosure UUID—The enclosure universally unique identifier. • Enclosure U Height—The enclosure height, in U rack units. Possible values are between 1.00 and 50.00. • Enclosure Rack U Position—The rack U position that aligns with the base of the enclosure. Possible values are between 1 and 50. SL and XL server-specific data: • Bay Number—The server bay in the enclosure.
The agents can automatically provide the link to iLO, or you can manually enter the link on the Administration→Management page. Opening the System Management Homepage 1. Navigate to the Information→Insight Agent page. 2. Click the Insight Agent button. IPMI server management Server management through IPMI is a standard method for controlling and monitoring the server. The iLO firmware provides server management based on the IPMI version 2.
• FreeIPMI—A utility for managing and configuring devices that support the IPMI version 1.5 and version 2.0 specifications. You can download FreeIPMI from the following website: http://www.gnu.org/software/freeipmi/. • IPMIUTIL—A utility for managing and configuring devices that support the IPMI version 1.0, 1.5, and version 2.0 specifications. You can download IPMIUTIL from the following website: http://ipmiutil.sourceforge.
servers. It provides an integrated solution to encrypting HDD or SSD volumes by using 256-bit XTS-AES algorithms. • ESKM generates, stores, serves, controls, and audits access to data encryption keys. It enables you to protect and preserve access to business-critical, sensitive, data-at-rest encryption keys. • iLO manages the key exchange between the ESKM and the Smart Array controller. iLO uses a unique user account based on its own MAC address for communicating with the ESKM.
2. 3. Enter the following information: • Primary Key Server—The primary key server hostname, IP address, or FQDN and port. This string can be up to 79 characters long. • Secondary Key Server—The secondary key server hostname, IP address, or FQDN and port. This string can be up to 79 characters long. Optional: For configurations with a primary and secondary key server, select the Require Redundancy check box to check for server redundancy. Hewlett Packard Enterprise recommends enabling this option.
Testing the ESKM configuration After the key manager configuration is complete in iLO, you can use the Test ESKM Connections feature to verify the configuration settings. The tests confirm that iLO and the ESKM servers are set up to provide key management services for HPE Secure Encryption. During the test, iLO attempts the following tasks: • Connects to the primary ESKM server (and secondary ESKM server, if configured) by using SSL.
Deleting a remote manager configuration If you discontinue the use of a remote management tool in your network, you can remove the association between the tool and iLO. This feature is not supported on Synergy compute modules. IMPORTANT: Hewlett Packard Enterprise recommends that you remove the server from the remote management tool before you delete the remote manager configuration in iLO.
Server signatures (Synergy compute modules only) When HPE OneView manages a Synergy compute module, iLO generates a server signature that allows HPE OneView to manage unique network settings, virtual identifiers, and adapter settings. The server signature is refreshed and verified for compliance each time iLO starts. It includes information such as the frame bay and UUID, the HPE OneView domain IP address, and the server device signatures.
2. Log in to the HPE SIM server that you specified in Step 1, and discover the iLO processor. After you complete the discovery process, SSO is enabled for iLO. For more information about HPE SIM discovery tasks, see the HPE SIM user guide. More information HPE SSO iLO identification and association HPE SIM can identify an iLO processor and create an association between iLO and a server.
2. To discover iLO in HPE SIM, configure iLO as a managed device for HPE SIM. This configuration enables the NIC interface on iLO to function as a dedicated management port, isolating management traffic from the NIC interface for the remote host server. For instructions, see the HPE SIM user guide. For major events that are not cleared, iLO traps appear in All Events. To obtain more information about the event, click Event Type.
24 Kerberos authentication and Directory services Kerberos authentication with iLO Kerberos support enables a user to log in to iLO by clicking the Zero Sign In button on the login page instead of entering a user name and password. To log in successfully, the client workstation must be logged in to the domain, and the user must be a member of a directory group for which iLO is configured.
Preparing the domain controller for Kerberos support In a Windows Server environment, Kerberos support is part of the domain controller, and the Kerberos realm name is usually the domain name converted to uppercase letters. 1. Create and enable computer accounts in the domain directory for each iLO system. Create the user account in the Active Directory Users and Computers snap-in. For example: 2. 3. • iLO hostname: myilo • Parent domain name: somedomain.
Specifies the case-sensitive principal name. For example, HTTP/myilo.somedomain.net@SOMEDOMAIN.net. • The service type must use uppercase letters (HTTP). • The iLO hostname must use lowercase letters (myilo.somedomain.net). • The REALM name must use uppercase letters (@SOMEDOMAIN.NET). -mapuser Maps the principal name to the iLO system domain account. -out Specifies the file name for the .keytab file. kvno Override key version number. IMPORTANT: Do not use this parameter.
Example command SetSPN -A HTTP/myilo.somedomain.net myilo The SPN components are case sensitive. The primary (service type) must be in uppercase letters, for example, (HTTP). The instance (iLO hostname) must be in lowercase letters, for example, myilo.somedomain.net. The SetSPN command might display a message about not being able to set the UPN. This is acceptable because iLO is a service, not a user. You might be prompted to confirm the password change on the computer object.
• iLO Date/Time, SNTP Settings—The current date and time and the SNTP settings cannot be displayed through this interface. • Kerberos-specific configuration parameters—You can configure Kerberos parameters in the properties of the oemhp_dircfg1, target. For information about configuring the iLO parameters by using the CLI, CLP, or SSH, see the iLO scripting and command line guide.
3. 4. 5. 6. 7. 8. Click the Local intranet icon. Click Custom level. Scroll to the User Authentication section. Verify that the Automatic logon only in Intranet zone option is selected. Click OK to close the Security Settings — Local Intranet Zone window. Click OK to close the Internet Options dialog box. Enabling single-sign on in Firefox 1. Enter about:config in the browser location bar to open the browser configuration page.
• Single point of administration (HPE Extended Schema configuration)—You can use native administration tools like MMC to administer iLO users. • Immediacy—A single change in the directory rolls out immediately to associated iLO processors. This feature eliminates the need to script this process. • Simpler credentials—You can use existing user accounts and passwords in the directory without having to record a new set of credentials for iLO.
compared to the group configuration stored in iLO. If the directory user account is verified as a member of a configured iLO directory group, iLO login is successful. Advantages of schema-free directory integration: • Extending the directory schema is not required. • Minimal setup is required for users in the directory. If no setup exists, the directory uses existing users and group memberships to access iLO.
2. Install the root CA to enable SSL. iLO communicates with the directory only over a secure SSL connection. For information about using Certificate Services with Active Directory, see the Microsoft documentation. 3. 4. 5. Ensure that the directory DN of at least one user and the DN of a security group that contains that user are available. This information is used for validating the directory setup. Install an iLO Advanced license to enable Directory Service Authentication.
2. Use the set command (under oemhp_dirauth property) for the following directory settings values: • oemhp_dirauth—Enables or disables directory authentication. • oemhp_dirsrvaddr—Sets the directory server IP address or DNS name. The schema-free directory configuration requires a DNS name. • oemhp_ldapport—Sets the directory server port. • oemhp_usercntxt1—Sets the directory login search context 1. • oemhp_group1_name—Sets the Security group DN. • oemhp_group1_priv—Sets the group privileges.
2. Install a. Install an iLO Advanced license to enable directory service authentication. b. Download the Directories Support for ProLiant Management Processors package and install the utilities required by your environment. You can install the Schema extender, snap-ins, and the Directories Support for ProLiant Management Processors utility. c. d. 3. Run the Schema Extender to extend the schema. Install the appropriate snap-ins for your directory service on one or more management workstations.
2. Install the .NET Framework 2.0 on the target server. The .NET 2.0 Framework is used to install the Directories Support for ProLiant Management Processors software. 3. 4. 5. Double-click downloaded EXE file. Click Next. Select I accept the terms in the license agreement, and then click Next. The Directories Support window opens. 6. In the Directories Support window, click Schema Extender to install the schema extender software. a. In the Schema Extender setup wizard window, click Next. b.
the schema installer, you must install a GUI on the domain controller or use a domain controller that hosts an earlier version of Windows. • Snap-ins (x86) or Snap-ins (x64)—The management snap–in installer installs the snap-ins required to manage iLO objects in a Microsoft Active Directory Users and Computers directory or Novell ConsoleOne directory.
Schema Extender required information • • Directory Server ◦ Type—The directory server type. ◦ Name—The directory server name. ◦ Port—The port to use for LDAP communications. Directory Login ◦ Login Name—A user name to log in to the directory. A directory user name and password might be required to complete the schema extension. When you enter credentials, use the Administrator login along with the domain name, for example, Administrator@domain.com or domain\Administrator.
HP Devices tab This tab enables you to add the Hewlett Packard Enterprise devices to be managed within a role. Clicking Add enables you to navigate to a device and add it to the list of member devices. Selecting an existing device and clicking Remove removes the device from the list of valid member devices. Members tab After user objects are created, this tab enables you to manage the users within the role. Clicking Add enables you to navigate to the user you want to add.
Role Restrictions tab This tab enables you to set the following types of role restrictions: • Time restrictions—Click Effective Hours to select the times available for logon for each day of the week, in half-hour increments. You can change a single square by clicking it, or you can change a section of squares by clicking and holding the mouse button, dragging the cursor across the squares to be changed, and releasing the mouse button. The default setting is to allow access at all times.
both the remoteAdmins and remoteMonitors roles, they will have all available rights, because the remoteAdmins role has all rights. The available rights follow: • Login—Controls whether users can log in to the associated devices. • Remote Console—Enables users to access the iLO Remote Console. • Virtual Media—Enables users to access the iLO Virtual Media feature. • Server Reset and Power—Enables users to use the iLO Virtual Power button.
Configuration process overview 1. 2. 3. Install Active Directory and DNS. Install the root CA. Verify that version 2.0 or later of the .NET Framework is installed. The iLO LDAP component requires this software. The LDAP component does not work with a Windows Server Core installation. 4. 5. 6. 7. 8. 9. Install the latest Directories Support for ProLiant Management Processors software. Extend the schema by using the Schema Extender. Install the Hewlett Packard Enterprise LDAP component snap-ins.
4. Enter an appropriate name in the Name box. In this example, the DNS hostname of the iLO device, rib-email-server, is used as the name of the Lights-Out Management object. 5. Click OK. Create the Roles organizational unit and add role objects 1. 2. 3. 4. Create an organizational unit called Roles. Right-click the Roles organizational unit, and then select New HP Object. Select Role in the Create New Management Object dialog box. Enter an appropriate name in the Name box.
Directory-enabled remote management (HPE Extended Schema configuration) This section is for administrators who are familiar with directory services and the iLO product and want to use the HPE schema directory integration option for iLO. Directory-enabled remote management enables you to: • Create Lights-Out Management objects You must create one LOM device object to represent each device that will use the directory service to authenticate and authorize users.
but grant different rights. Sometimes it is useful to assign generic rights to the lesser role and include the LOM administrators in that role, as well as the administrative role. Figure 6 shows an example in which the Admin user gains the Login privilege from the User role, and advanced privileges are assigned through the Admin role.
Figure 8 Directory login restrictions User restrictions must be met to authenticate to the directory. Enforced by the directory server. User Client Workstation 12 9 6 9 Enforced by LOM. Directory Server 12 3 Role restrictions must be met to receive rights granted by one or more roles.
DNS-based restrictions can limit access to a specific machine name or to machines that share a common domain suffix. For example, the DNS restriction www.example.com matches hosts that are assigned the domain name www.example.com. However, the DNS restriction *.example.com matches any machine that originates from the example company. DNS restrictions might cause ambiguity because a host can be multihomed. DNS restrictions do not necessarily match one to one with a single system.
time restriction fails unless no time restrictions are specified for the role. The time is normally set when the host is booted. The time setting can be maintained by configuring SNTP, which allows the LOM device to compensate for leap years and minimize clock drift with respect to the host. Events, such as unexpected power loss or flashing LOM firmware, can cause the LOM device clock not to be set. The host time must be correct for the LOM device to preserve the time setting across firmware flashes.
the corporate subnet after hours. A more manageable solution is to restrict the Reset role and the General Use role, as shown in Figure 11 (page 302). Figure 11 Restricting the Reset and General Use roles Assigns Login privilege IP Restrictions: DENY except to corporate subnet General Use role User Server Reset role Assigns Virtual Power and Reset privilege AND Login privilege Time Restriction: Denied Monday through Friday, 8 a.m. to 5 p.m.
Directory users specified using the @ searchable form might be located in one of three searchable contexts, which are configured on the Security→Directory page. ◦ Username format (Active Directory) Example: John Smith Directory users specified using the username format might be located in one of three searchable contexts, which are configured on the Security→Directory page. • Local users—Enter the Login Name of your iLO local user account.
1 Windows Vista and Windows Server 2008 do not support TLS v1.1 or v1.2, even if the NET Framework version 4.5 is installed. Directories Support for ProLiant Management Processors Compatibility The Directories Support for ProLiant Management Processors utility operates on Microsoft Windows and requires the Microsoft .NET Framework v3.5 or later.
4. Enter an iLO login name and password, and then click Find. If you click Next, click Back, or exit the utility during discovery, operations on the current network address are completed, but operations on subsequent network addresses are canceled. When the search is complete, the management processors are listed and the Find button changes to Verify.
HPLOMIG management processor import list requirements You can import a simple text file with one management processor listed on each line. The supported columns, which are delimited with semicolons, follow: • Network Address • Product • F/W Version • DNS Name • TPM Status • User Name • Password • LDAP Status • Kerberos Status • License Type For example, one line in the text file might have the following information: 16.100.225.20;iLO;1.
Upgrading firmware 1. Navigate to the Upgrade Firmware on Management Processors window if it is not already open. 2. 3. Select the management processors to upgrade. For each selected management processor, click Browse, and then select a firmware image file. You can also manually enter the path to the firmware image. Click Upgrade Firmware. 4. The selected management processors are upgraded.
1. Navigate to the Select the Desired Configuration window if it is not already open. 2. Select the iLO management processors to configure. The selection filters help to prevent an accidental overwrite of iLOs that are already configured for HPE schema, or iLOs that have directories disabled. 3. 4. Select the directory, Kerberos, and local account settings in the Directory Configuration, Kerberos authentication, and Local accounts sections. Click Next.
Management processor selection methods Use the following methods to select iLO management processors to configure: • Click the check box next to each management processor in the list that you want to configure.
3. Click Create Names. The names appear in the Object Name column as they are generated. At this point, names are not written to the directory or the management processors. The names are stored until the next Directories Support for ProLiant Management Processors window is displayed. 4. 5. Optional: To change the names, click Clear Names, and rename the management processors. When the names are correct, click Next.
The boxes on the Configure Directory window follow: • Network Address—The network address of the directory server, which can be a valid DNS name or IP address. • Port—The SSL port to the directory. The default port is 636. Management processors can communicate with the directory only by using SSL. • Login Name and Password—Enter the login name and password for an account that has domain administrator access to the directory.
3. Associate device objects with a member of a role by entering the role DN in the Role(s) DN box, or click Browse to select a role DN. 4. Click Update Directory. The utility connects to the directory, creates the management processor objects, and adds them to the selected roles.
5. After the device objects have been associated with a role, click Next. The values you entered are displayed in the Configure Directory window. 6. Define the user contexts. The user contexts define where the users who will log in to iLO are located in the LDAP structure. You can enter the organizational unit DN or click Browse to select user contexts.
7. Click Configure, and then click Next when the button is available. 8. Optional: Test the directory settings. This feature is supported with HPLOMIG 4.80 and later, and iLO 4 2.40 and later. a. Select one or more iLO systems. b. In the Directory Test Controls section, enter the following: • Directory Administrator Distinguished Name and Directory Administrator Password—Searches the directory for iLO objects, roles, and search contexts. This user must have the right to read the directory.
For more information, see “Running directory tests” (page 81). 10. Click Done. Configuring management processors (Schema-free configuration only) After you click Next in the Select the Desired Configuration window, the next task is to configure the selected management processors to use the default directory schema. 1. Navigate to the Configure Management Processors window if it is not already open.
2. 3. 4. 5. Enter the directory server settings. Enter the security group DN. Select the iLO privileges you want to associate with the security group. Click Next. More information Management processor settings Management processor settings • Network Address—The network address of the directory server, which can be a valid DNS name or IP address. • Login Name and Password—Enter the login name (DN) and password for an account that has domain administrator access to the directory.
3. Click Configure. The migration utility connects to the selected management processors, and updates their configurations as specified. When you click Configure, the utility might display a message similar to the following: 4. 5. 6. Click OK. When the process is complete, click Next to open the Directory Tests screen. Optional: Test the directory settings. This feature is supported with HPLOMIG 4.80 and later, and iLO 4 2.40 and later. a. Select one or more iLO systems. b.
For more information, see “Running directory tests” (page 81). 8. Click Done.
25 Troubleshooting Using the iLO Virtual Serial Port with Windbg If you want to debug a server, you can use the iLO Virtual Serial Port feature with the Windows Windbg kernel debugger running on a local test system. Prerequisites PuTTY is installed on the local test system. You can download PuTTY from the following website: http://www.putty.org/. Debugging a server 1.
11. Go to the server console (or access the iLO Remote Console), and press Enter to boot the debug selection on the OS load menu. This step might take several minutes. 12. When you are finished debugging the host server, use PuTTY to connect to the CLI and turn off the debug socket to the Virtual Serial Port. Then, enter the following command: windbg_disable You can disconnect and reconnect the Windows debugger as long as you keep the iLO debug socket enabled.
Viewing the Preboot Health Summary • Use one of the following methods to access the Preboot Health Summary: • Press the UID button on the server. CAUTION: To use this feature, press and release the UID button. Holding it down at any time for more than 5 seconds initiates a graceful iLO reboot or a hardware iLO reboot. Data loss or NVRAM corruption might occur during a hardware iLO reboot. • Log in to the iLO web interface, and change the UID state to UID ON.
• Embedded Smart Array version number—This value is displayed only if server POST has successfully completed since the last auxiliary power cycle. • Critical events—The most recent Critical events from the IML are displayed, with the most recent event displayed first. Event log entries For a list of the errors that might appear in the iLO Event Log, see the error messages guide for your server at the following website: http://www.hpe.com/info/enterprise/docs.
Action Try the following: • Verify that the user account exists and has the Login privilege. • Ask a user with the Administer User Accounts privilege to change the account password. If a login attempt fails after the password change, ask the user to delete and re-add the user account. • Try to log in by using the default account information, which is on the serial label pull tab.
Cause The iLO firmware was not fully initialized when the server performed its initialization and tried to start the iLO RBSU. Action Reset the server a second time. Unable to access the iLO login page Symptom The iLO web interface login page will not load. Solution 1 Cause The SSL encryption level in the browser is not set to 128-bit or higher. The SSL encryption level in iLO is set to 128-bit or higher and cannot be changed. The browser and iLO encryption levels must be the same.
Action Verify that both sides of the connection (the NIC and the switch) have the same settings for transceiver speed autoselect, speed, and duplex. For example, if one side is autoselecting the connection, the other side must use the same setting. For information about configuring the iLO network settings, see “iLO network settings” (page 96). An iLO connection error occurs after an iLO firmware update Symptom You cannot connect to iLO after updating the firmware by using the web interface.
Action Do not install the iLO self-signed certificate in the browser certificate store. If you want to install a certificate, request a permanent certificate from a CA and import it into iLO. For instructions, see “Administering SSL certificates” (page 74). Unable to connect to iLO IP address Symptom Cannot connect to iLO via the iLO IP address. Cause The web browser is configured to use a proxy server. Action Configure the browser to connect to iLO without using the proxy server.
4. Click View Certificates. Click the Servers tab, and then delete any certificates related to iLO. 5. 6. 7. Click the Others tab, and then delete any certificates related to iLO. Click OK. Start Firefox and connect to iLO. NOTE: The steps in Solution 1 are based on Firefox ESR 24. The procedure to use might vary depending on the installed version of Firefox. Solution 2 Cause The installed certificate contains the same serial number as another certificate issued by the certificate authority. Action 1.
Solution 3 Action If you are using Chrome, complete the following procedure: 1. When the security warning appears, click Advanced. 2. Click Proceed to (unsafe). 3. Log in to iLO. 4. Optional: To prevent the certificate warning from appearing in future iLO web interface sessions, install an SSL certificate. Solution 4 Action 1. 2. 3. Navigate to the Administration→Security→SSL Certificate page. Obtain and import an SSL certificate. Reset iLO.
Action Use HPE OneView to refresh the frame that contains the server. Unable connect to an iLO system with the iOS mobile app Symptom The connection fails when you try to connect to an iLO system by using the iOS mobile app. Solution 1 Cause iLO is configured incorrectly or there is a local network problem. Action To confirm this cause, try to connect to iLO by using a laptop or desktop computer on the same network as iLO. If the connection fails, check the iLO and network configuration.
Solution 1 Cause iLO is configured to use the Shared Network Port, and NIC teaming is enabled for the NIC the Shared Network Port uses. In this configuration, network communications might be blocked in the following cases: • The selected NIC teaming mode causes the switch that iLO is connected with to ignore traffic from the server NIC/port that iLO is configured to share. • The selected NIC teaming mode sends all traffic destined for iLO to a NIC/port other than the one that iLO is configured to share.
Solution 2 Cause Kerberos login is configured incorrectly. Possible reasons follow: • The Kerberos realm that the client PC is logged in to does not match the Kerberos realm for which iLO is configured. • The key in the Kerberos keytab stored in iLO does not match the Active Directory key. • iLO is configured for an incorrect the KDC server address. • The date and time do not match between the client PC, the KDC server, and iLO. Set the date and time on these systems to the same value.
Cause The browser is not configured correctly for Kerberos login. Action iLO Credential prompt appears during Kerberos login by name attempt Symptom A credential prompt appears when a user tries to log in to iLO with a user name in Kerberos SPN format and the associated domain password. Cause The computer account for iLO is part of a child domain and the Kerberos configuration parameters reference the parent domain.
Action Ask the network administrator to verify the following: • The full DN of the user object exists in the directory. This information appears after the first CN= in the DN. • The remainder of the DN was added as a user context. User contexts are not case-sensitive, and any other characters, including spaces, are part of the user context.
2. Set the DNSHostName property to the iLO DNS name. For example: cn=iloname,ou=us,ou=clients,dc=example,dc=net iLO Zero Sign In fails after domain controller OS reinstall Symptom The iLO web interface Zero Sign In option does not work after the domain controller OS is reinstalled. Cause The key version number sequence is reset when the domain controller OS is reinstalled. Action Generate and install a new Kerberos keytab file.
Action Try the following actions: 1. Verify that the DNS server configured in iLO is correct. 2. Verify that the directory server FQDN is correct. 3. As a troubleshooting tool, use an IP address instead of the FQDN. 4. If the problem persists, check the DNS server records and network routing. Ping Directory Server test reports a failure Symptom The Ping Directory Server test reports the status Failed. Cause iLO pinged the directory server and did not receive a response. Action Try the following actions: 1.
Bind to Directory Server test reports a failure Symptom The Bind to Directory Server test reports the status Failed. Cause iLO failed to bind the connection with the specified user name or an anonymous bind. Action Try the following actions: 1. Verify that the directory server allows anonymous binding. 2. If you entered a user name in the test boxes, verify that the credentials are correct. 3. If you verified that the user name is correct, try using other user-name formats; for example, user@domain.
Cause Authorization failed with the provided user name and password. Action Try the following actions: 1. Verify that the specified user name is part of the specified directory group. 2. Check to see if access restrictions are configured for the specified user account. Directory User Contexts test reports a failure Symptom The Directory User Contexts test reports the status Failed.
Action Configure Firefox to accept cookies. For instructions on configuring Firefox, see the Firefox documentation. iLO Java IRC does not start Symptom The Java IRC fails to start when you do not accept the security warning and confirm that you want to run the application. Cause You cannot run the Java IRC without accepting the security warning and confirming that you want to run the application. Action 1. 2. 3. Click the Clear button in the Java Console window.
Solution 1 Action 1. 2. 3. 4. Close the .NET IRC or Java IRC. Navigate to the Power Management→Power Settings page. Clear the Enable persistent mouse and keyboard check box, and then click Apply. Start the .NET IRC or Java IRC again. Solution 2 Action Right-click and drag the mouse cursor outside the Remote Console window, and then drag it back inside. Solution 3 Action For the Java Applet only: 1. Shut down and exit your browser. 2. Open the Java Control Panel. 3.
Action 1. 2. 3. 4. 5. 6. 7. Make sure that Red Hat Enterprise Linux 5 or later is installed on the local client system. Install the latest version of Java and configure it to connect through the Firefox browser. Log in to the iLO web interface. Insert a USB key or floppy disk on the local client system. Verify that you can access the USB key or floppy disk. Open a Java IRC session. Select Virtual Drives→Image File Removable Media. The Choose Disk Image File dialog box opens. 8.
Action Adjust the following settings on the remote machine: • Increase the typematic delay—This setting controls the delay before a character repeats when you press and hold a key on the keyboard. • Decrease the typematic rate—This setting controls the rate at which a character repeats when you press and hold a key on the keyboard. NOTE: The exact name of the setting varies depending on the OS you are using. For more information about changing the typematic delay and rate, see your OS documentation.
Solution 1 Cause Multiple users are logged in to iLO. Action Try the following: • Reduce the number of simultaneous iLO user sessions. • Reset iLO. Solution 2 Cause A connected Virtual Media session is being used to perform a continuous copy operation. The continuous copy operation takes priority and, consequently, the .NET IRC loses synchronization.
File not present after copy from server to iLO Virtual Media USB key Symptom If you copy files from a target server to an iLO virtual drive, the files are not visible in Windows Explorer on the client computer. Cause File changes on an iLO Virtual Media USB key cannot be viewed in Windows Explorer by the user on the client computer. Windows Explorer keeps a cached copy of the files on the USB key. The iLO Remote Console does not notify the Windows Shell when the USB key is updated with file changes.
Action Clear the ClickOnce application cache by entering the following command from the Windows Command Prompt: rundll32 %windir%\system32\dfshim.dll CleanOnlineAppCache. iLO .NET IRC cannot be shared Symptom When you try to join a shared .NET IRC session, the Unable to connect dialog box appears with the message Unable to connect to shared IRC. This might be due to a firewall blocking port 17990. Action Try the following: • Make sure that there is a communication route between the session leader .
• Use a different browser. • Use the Standalone IRC, available at the following website: http://www.hpe.com/support/ hpesc. • Use the iLO mobile app. For more information, see http://www.hpe.com/info/ilo/mobileapp. iLO .NET IRC will not start in Google Chrome Symptom When you launch the .NET IRC in Google Chrome, the application fails to start. Cause Previous versions of Google Chrome could run the .NET IRC with an NPAPI plug-in that supported ClickOnce.
Action Try the following: • Right-click Internet Explorer, and then select Run as administrator. Start the iLO web interface, launch the Remote Console, and then boot to the USB key. • Plug the USB key directly into the server. Text-based Remote Console issues The following sections discuss items to be aware of when attempting to resolve text-based Remote Console issues.
Cause The /etc/grub.conf file includes an option for a serial timeout window (terminal --timeout=10 serial console). This option provides a window of time to select a keystroke on the VSP or on the VGA console, and then the menu is output to the corresponding device. The BIOS serial redirect intercepts VSP keystrokes during this timeout window. Action Do not press a key for a VSP-driven selection during the 10-second timeout or turn off BIOS redirection to the VSP.
Text is displayed incorrectly when using an SSH connection to iLO Symptom Extended text configuration beyond the 80 x 25 configuration is not displayed correctly when using SSH. Cause SSH access from the text-based Remote Console supports the standard 80 x 25 configuration of the text screen. This mode is compatible for the text-based Remote Console for most text-mode interfaces.
Server not identified by server name in Insight Online or Insight RS Symptom A server is not identified as in Insight Online or Insight RS. Instead, it is identified in Insight Online as _ and in Insight RS as . Cause The server was registered for remote support before iLO discovered the server name. Action 1. 2. 3. Do one of the following: • Verify that AMS is enabled and the operating system is running.
1. 2. 3. Verify the following: • For ProLiant Gen8 servers: iLO firmware 1.20 or later (Insight Remote Support central connect) or 1.40 or later (Insight Online direct connect) is installed. • For ProLiant Gen9 servers: iLO firmware 2.00 or later is installed. • AMS is enabled and the OS is running. • For Insight Remote Support central connect only: A supported version of Insight RS is installed on the host server. For more information, see http://www.hpe.com/support/ InsightRS-Support-Matrix.
Server health status is red in Insight RS or Insight Online Symptom A server that is registered for remote support is displayed with red status in Insight RS or Insight Online. Cause The server warranty expired. Action You must have a valid contract or warranty to receive remote support. You can continue to use the iLO features to monitor and manage your server, even after the warranty expires.
iLO Multi-System Map page displays a 502 error A timeout error is displayed on the iLO Multi-System Map page iLO Multi-System Map page displays a 403 error Configuring Enclosure iLO Federation Support iLO Federation network requirements iLO network settings iLO access settings A timeout error is displayed on the iLO Multi-System Map page Symptom The Multi-System Map page displays a Timed Out error for a peer of the local iLO system.
iLO Multi-System Map page displays a 403 error Symptom The Multi-System Map page shows a 403 Forbidden/Authorization error. Cause The group key on the local iLO system does not match the group key on a peer iLO system. Action Ensure that the group key matches for all iLO systems that are members of the selected group. iLO peers are not displayed on iLO Federation pages Symptom iLO peers (systems in the same group as the local iLO system) are not displayed on iLO Federation pages.
Firmware update issues Unsuccessful iLO firmware update Symptom The following issues occur when you try to update the iLO firmware: • iLO firmware is not responding. • iLO did not accept the firmware update request. • An iLO firmware update stopped before the update was complete. Solution 1 Cause A communication or network issue occurred. Action 1. 2. 3. Attempt to connect to iLO through the web browser. If you cannot connect, there is a communication issue. Attempt to ping iLO.
2. 3. 4. Open a command window. Change to the directory that contains HPONCFG. Enter the following command: • Windows: hponcfg /reset • Linux: hponcfg -r The user credentials are not required when you use HPONCFG from the server OS. 5. Retry the iLO firmware update. For information about using HPONCFG, see the iLO scripting and CLI guide. iLO network Failed Flash Recovery Most firmware upgrades finish successfully.
License key installation errors Symptom You see a License Key Error or a License Installation Failed message. Solution 1 Cause The key is not an iLO license key. Action Obtain an iLO license key, and then try again. Solution 2 Cause An evaluation key was submitted when a regular license was previously installed. Action None. iLO does not support installing an evaluation key when a regular key was previously installed. Solution 3 Cause The iLO date and time settings are incorrect.
For details about purchasing licenses, and for a list of licensed features, see the following website: http://www.hpe.com/info/ilo/licensing. Unable to get SNMP information in HPE SIM Symptom HPE SIM does not receive SNMP information that passes through iLO. Solution 1 Cause The iLO device drivers are not installed. The agents running on the managed server provide SNMP information to HPE SIM. For the agents to pass information through iLO, the iLO device drivers must be installed.
Action To remove the server name after the redeployment of a server, do one of the following: • To update the server name, load the Insight Management Agents. • Set iLO to the factory default settings by using iLO RBSU or the iLO 4 Configuration Utility. CAUTION: Name.
26 Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.
Lost license key recovery If an iLO license key is lost, send a replacement request and your proof of purchase to one of the following email addresses: • Americas: licensing.ams@hpe.com • Europe, Middle East, and Africa: licensing.emea@hpe.com • Asia-Pacific and Japan: licensing.apj@hpe.com Websites Website Link iLO 4 http://www.hpe.com/info/ilo/docs iLO licensing http://www.hpe.com/info/ilo/licensing iLO mobile app http://www.hpe.com/info/ilo/mobileapp ProLiant Gen8 servers http://www.hpe.
Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document.
A iLO license options HPE iLO standard and licensed features Table 8 (page 362) lists the features that are included with each iLO license.
Table 8 HPE iLO standard and licensed features (continued) iLO Standard for iLO iLO Standard BladeSystem iLO Essentials iLO Scale-Out Advanced iLO Advanced for BladeSystem Ships free with all servers that have iLO in them (except BL) All servers that have iLO in them (except BL) All ProLiant BladeSystem servers that have iLO in them Global Team Collaboration via Integrated Remote Console X X Integrated Remote Console Record and Playback X X X X X X X X Directory Service Authentication X X
Table 8 HPE iLO standard and licensed features (continued) Feature Platform support iLO Standard for iLO iLO Standard BladeSystem iLO Essentials iLO Scale-Out Advanced iLO Advanced for BladeSystem Ships free with all servers that have iLO in them (except BL) ProLiant Gen9 SL, BL, XL, DL 100 and 10 series, and ProLiant Gen8 DL 160, SL, XL, and 1 BL servers All servers that have iLO in them (except BL) All ProLiant BladeSystem servers that have iLO in them Smart Array Secure Encryption X X X iLO F
B Directory services schema This appendix describes the classes and attributes that are used to store Lights-Out management authorization data in the directory service. HPE Management Core LDAP OID classes and attributes Changes made to the schema during the schema setup process include changes to the following: • Core classes • Core attributes Core classes Class name Assigned OID hpqTarget 1.3.6.1.4.1.232.1001.1.1.1.1 hpqRole 1.3.6.1.4.1.232.1001.1.1.1.2 hpqPolicy 1.3.6.1.4.1.232.1001.1.1.1.
hpqRole OID 1.3.6.1.4.1.232.1001.1.1.1.2 Description This class defines role objects, providing the basis for Hewlett Packard Enterprise products that use directory-enabled management. Class type Structural SuperClasses group Attributes hpqRoleIPRestrictions - 1.3.6.1.4.1.232.1001.1.1.2.5 hpqRoleIPRestrictionDefault - 1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleTimeRestriction - 1.3.6.1.4.1.232.1001.1.1.2.6 hpqTargetMembership - 1.3.6.1.4.1.232.1001.1.1.2.3 Remarks None hpqPolicy OID 1.3.6.1.4.1.232.
hpqTargetMembership OID 1.3.6.1.4.1.232.1001.1.1.2.3 Description Provides a list of hpqTarget objects that belong to this object Syntax Distinguished Name - 1.3.6.1.4.1.1466.115.121.1.12 Options Multivalued Remarks None hpqRoleIPRestrictionDefault OID 1.3.6.1.4.1.232.1001.1.1.2.4 Description A Boolean that represents access by unspecified clients and that partially specifies rights restrictions under an IP network address constraint Syntax Boolean - 1.3.6.1.4.1.1466.115.121.1.
hpqRoleTimeRestriction OID 1.3.6.1.4.1.232.1001.1.1.2.6 Description A 7-day time grid, with 30-minute resolution, which specifies rights restrictions under a time constraint Syntax Octet String {42} - 1.3.6.1.4.1.1466.115.121.1.40 Options Single valued Remarks This attribute is used only on role objects. Time restrictions are satisfied when the bit that corresponds to the current local time of the device is 1 and unsatisfied when the bit is 0.
SuperClasses None Attributes hpqLOMRightConfigureSettings - 1.3.6.1.4.1.232.1001.1.8.2.1 hpqLOMRightLocalUserAdmin - 1.3.6.1.4.1.232.1001.1.8.2.2 hpqLOMRightLogin - 1.3.6.1.4.1.232.1001.1.8.2.3 hpqLOMRightRemoteConsole - 1.3.6.1.4.1.232.1001.1.8.2.4 hpqLOMRightServerReset - 1.3.6.1.4.1.232.1001.1.8.2.5 hpqLOMRightVirtualMedia - 1.3.6.1.4.1.232.1001.1.8.2.6 Remarks None Lights-Out Management attribute definitions The following tables define the Lights-Out Management core class attributes.
Syntax Boolean - 1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is used only on role objects. If this attribute is TRUE, members of the role are granted the right. hpqLOMRightLocalUserAdmin OID 1.3.6.1.4.1.232.1001.1.8.2.2 Description Local User Database Administration right for HPE Lights-Out Management products. Syntax Boolean - 1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is used only on role objects.
Glossary 3DES Triple DES, the Data Encryption Standard cipher algorithm. ABEND Abnormal end. ACPI Advanced Configuration and Power Interface. AES Advanced Encryption Standard. ALOM Advanced Lights Out Manager. AMP Advanced Memory Protection. AMS Agentless Management Service. API Application Programming Interface. ARP Address Resolution Protocol. ASR Automatic Server Recovery. BIOS Basic Input/Output System. BMC Baseboard management controller. CA Certificate authority.
FIPS Federal Information Processing Standard. FQDN Fully Qualified Domain Name. FSMO Flexible Single Master Operations. GMT Greenwich Mean Time. GRUB Grand Unified Bootloader. HEM High Efficiency Mode. HPE SIM HPE Systems Insight Manager. HPLOMIG Lights-Out Migration Utility, also called Directories Support for Management Processors. HPONCFG HPE Lights-Out Online Configuration Utility. HPQLOCFG HPE Lights-Out Configuration Utility ICMP Internet Control Message Protocol.
NMI Non-maskable interrupt. NTLM NT LAN Manager. NTP Network Time Protocol. NVMe Non-Volatile Memory Express. OA Onboard Administrator. OU Active Directory Organizational Units. PAL Programmable Array Logic. PDS Power Discovery Services. PIM Protocol-Independent Multicast. PKCS Public-key cryptography standards. POST Power-on self test. PuTTY A terminal emulator that can act as a client for the SSH, Telnet, rlogin, and raw TCP protocols and as a serial console client.
UEFI Unified Extensible Firmware Interface. UHCI Universal Host Controller Interface. UID Unit identification. UPN User principal name. UPnP Universal Plug and Play. UPS Uninterruptible Power Supply. USB Universal serial bus. A serial bus standard used to interface devices. USM User-based Security Model. UTC Coordinated Universal Time. UTP Unshielded twisted pair. UUID Universally unique identifier. VSP Virtual Serial Port. WBEM Web-Based Enterprise Management.
Index Symbols .
D data collection Active Health System, 129 privacy, 129 Remote Support, 129 schedule iLO, 139 sending iLO, 139 system configuration, 129 Dedicated Network Port enabling with iLO web interface, 99 DHCP IPv4 settings, 102 IPv6 settings, 103 diagnostics, 193 iLO self-test results, 193 NMI, 194 Directories Support for ProLiant Management Processors configuring directories with HPE Extended Schema, 310 Configuring directories with schema-free integration, 315 naming management processors, 309 Selecting a direct
IPv4, 102 Global iLO 4 Settings see access options graceful shutdown power, 245 groups see selected group list iLO Federation, 53 H health status viewing, 151 health summary device status, 153 redundancy, 153 status values, 154 subsystem status, 153 viewing, 153 hostname configuring, 98 hot keys Remote Console, 222 HPE Extended Schema configuration requirements, 288 HPE Extended Schema directory integration configuring, 287 HPE Insight Control software integration, 270 HPE schema directory integration over
setting up iLO, 27 troubleshooting, 323 iLO security system maintenance switch, 69 iLO Shared Network Port see network iLO web interface see web interface Insight Management Agents downloading, 114 installing, 114 integration, 124 overview, 112 using, 268 Integrated Management Log, 186 clearing, 188 maintenance note, 187 overview, 184 saving, 187 viewing, 185 integration Systems Insight Manager, 275 IP address configuring a static IP address, 27–28 IPv4, 102 IPv6, 103 viewing during POST, 144 IPMI tool usag
mobile app overview, 21 mouse configuring persistent mouse and keyboard, 255 multicast options configuring, 52 N network, 98 configuration summary, 96 configuring a VLAN, 100 configuring IPv4 settings, 102 configuring IPv6 settings, 103 configuring NIC settings, 99 connecting iLO, 27 enabling the Dedicated Network Port with iLO web interface, 99 enabling the Shared Network Port with iLO web interface, 100 IPv4 summary, 96 IPv6 Summary, 96 link state, 99 name service limitations, 98 namespace issues, 98 SNT
power switch, 218 sharing, 219 starting, 217 text-based, 224 troubleshooting, 337–338, 345, 356 using .
using iLO 4 Configuration Utility, 27 using iLO RBSU, 27 web interface, 31 Shared Network Port enabling with iLO web interface, 100 FlexibleLOM, 99 LOM, 99 Show iLO IP during POST configuring, 144 single sign-on configuring, 89 Kerberos, 282–283 privileges, 89 removing trusted certificates, 92 trust mode, 89 trusted certificates, 90 viewing trusted certificates, 91 smart storage battery, 163, 261 SNMP, 119 see also SNMP alerts configuring, 116 configuring alerts, 119, 121 configuring SNMPv3 users, 118 overv
Agentless Management Service, 358 blocked ports, 326 booting to DOS, 345 certificate error, 327 cookies, 147 directory integration, 330, 332 directory logout, 333 event log, 322 event log entry time stamps, 322 iLO access, 323 iLO Federation 403 error, 353 502 error, 352 iLO peer IP addresses, 353 peers not displayed, 353 query errors, 351 timeout error, 352 iLO Federation Management, 351 iLO firmware update, 354 iLO RBSU, 323 iLOconnection error, 325 Inactive .
enabling EMS Console, 227 iLO drivers, 32 WINS servers IPv4, 102 Z Zero Sign In Kerberos, 282–283 383
