HP Integrated Lights-Out 2 User Guide
Table Of Contents
- HP Integrated Lights-Out 2 User Guide
- Contents
- 1 Overview
- 2 Setting up iLO 2
- 3 Configuring iLO 2
- iLO 2 configuration overview
- Upgrading iLO 2 firmware
- Licensing
- User administration
- Configuring iLO 2 access
- Security
- Network
- SNMP/Insight Manager settings
- ProLiant BL p-Class configuration
- 4 Using iLO 2
- System status and status summary information
- iLO 2 Remote Console
- Remote Console overview and licensing options
- Remote Console settings
- IRC Fullscreen
- Integrated Remote Console option
- Multi-user access to the Integrated Remote Console
- Using Console Capture
- Using HP iLO Video Player
- Acquiring the Remote Console
- Remote Console
- Text-based remote console overview
- Virtual media
- Power management
- ProLiant BL p-Class Advanced management
- ProLiant BladeSystem HP Onboard Administrator
- 5 Directory services
- Overview of directory integration
- Benefits of directory integration
- Advantages and disadvantages of schema-free directories and HP schema directory
- Setting up Schema-free directory integration
- Setting up HP schema directory integration
- Features supported by HP schema directory integration
- Setting up directory services
- Schema documentation
- Directory services support
- Schema required software
- Schema installer
- Management snap-in installer
- Directory services for Active Directory
- Active Directory installation prerequisites
- Installing Active Directory on Windows Server 2008
- Directory services preparation for Active Directory
- Snap-in installation and initialization for Active Directory
- Example: Creating and configuring directory objects for use with iLO 2 in Active Directory
- Directory services objects
- Active Directory Lights-Out management
- Directory services for eDirectory
- User login using directory services
- Directory-enabled remote management
- HPQLOMIG directory migration utility
- Introduction to HPQLOMIG utility
- Compatibility
- HP Lights-Out directory package
- Using HPQLOMIG
- Finding management processors
- Upgrading firmware on management processors
- Selecting a directory access method
- Naming management processors
- Configuring directories when HP Extended schema is selected
- Configuring directories when schema-free integration is selected
- Setting up management processors for directories
- Directory services schema
- 6 HP Systems Insight Manager integration
- 7 Troubleshooting iLO 2
- iLO 2 POST LED indicators
- Event log entries
- Hardware and software link-related issues
- JVM support
- Login issues
- Login name and password not accepted
- Directory user premature logout
- iLO 2 Management Port not accessible by name
- iLO 2 RBSU unavailable after iLO 2 and server reset
- Inability to access the login page
- Inability to access iLO 2 using Telnet
- Inability to access virtual media or graphical remote console
- Inability to connect to iLO 2 after changing network settings
- Inability to connect to the iLO 2 Diagnostic Port
- Inability to connect to the iLO 2 processor through the NIC
- Inability to log in to iLO 2 after installing the iLO 2 certificate
- Firewall issues
- Proxy server issues
- Two-factor authentication error
- Troubleshooting alert and trap issues
- Troubleshooting directory issues
- Troubleshooting Remote Console issues
- Remote Console applet has a red X when running Linux client browser
- Inability to navigate the single cursor of the Remote Console to corners of the Remote Console window
- Remote Console no longer opens on the existing browser session
- Remote console text window not updating properly
- Remote Console turns gray or black
- Remote Serial Console troubleshooting
- Troubleshooting Integrated Remote Console issues
- Internet Explorer 7 and a flickering remote console screen
- Configuring Apache to accept exported capture buffers
- No console replay while server is powered down
- Skipping information during boot and fault buffer playback
- Out of Memory error starting Integrated Remote Console
- Session leader does not receive connection request when IRC is in replay mode
- Keyboard LED does not display correctly
- Inactive IRC
- IRC Failed to connect to server error message
- IRC toolbar icons do not update
- GNOME interface does not lock
- Repeating keys on the Remote Console
- Remote Console playback does not work when the host server is powered off
- Troubleshooting SSH and Telnet issues
- Troubleshooting terminal services issues
- Troubleshooting video and monitor issues
- Troubleshooting Virtual Media issues
- Troubleshooting iLO Video Player issues
- Troubleshooting Remote Text Console issues
- Troubleshooting miscellaneous issues
- Cookie sharing between browser instances and iLO 2
- Inability to access ActiveX downloads
- Inability to get SNMP information from HP SIM
- Incorrect time or date of the entries in the event log
- Inability to upgrade iLO 2 firmware
- iLO 2 network flash recovery
- Recovering from a bad iLO 2 flash image using network flash recovery
- Recovering from a bad iLO 2 flash image using the HP Smart Update Firmware DVD
- The iLO 2 firmware does not respond to SSL requests
- Testing SSL
- Resetting iLO 2
- Server name still present after ERASE utility is executed
- Troubleshooting a remote host
- 8 Technical support
- Acronyms and abbreviations
- Index
• The SSL Key Length button to choose between 2048 or 1024 bit private key length for CSR.
• The Customized CSR radio button to choose between CSR with custom or default subject fields.
• The Country field for configuring the CSR subject country name.
• The State or Province field for configuring the CSR subject state name.
• The Organization Name field for configuring the CSR subject organization name.
• The Organization Unit field for configuring the CSR subject organization unit name.
• The City or Locality field for configuring the CSR subject city or locality name.
• The Common Name field for configuring the CSR subject common name.
The following options are available on the SSL Certificate tab:
• Apply Button – When you click the Apply button, custom CSR data is validated and stored in
iLO2. During the certificate generation request, the stored CSR settings are used by iLO2.
• Create Certificate Request – Use this button to create a certificate request. When you click
this button, a CR is created (in PKCS #10 format) that can be sent to a CA. This certificate
request is Base64-encoded. A CA processes this request and returns a response (X.509
certificate) that can be imported into iLO 2.
The CR contains a public/private key pair that validates communications between the client
browser and iLO 2. The generated CR is held in memory until a new CR is generated, iLO 2
is reset, or a certificate is imported by the generation process. You can generate the CR and
copy it to the client clipboard, leave the iLO 2 website to retrieve the certificate, and then
return to import the certificate.
When submitting the request to the CA, be sure to perform the following tasks:
1. Use the iLO 2 name as listed on the System Status screen as the URL for the server.
2. Request that the certificate is generated in the RAW format.
3. Include the Begin and End certificate lines.
Every time you click Create Certificate Request, a new certificate request is generated, even
though the iLO 2 name is the same. Generally SSL keys pairs are pre-generated. The CSR is
generated immediately on clicking the Create Certificate Request button. However, the
certificate request generation button is grayed out while the key generation is in progress. In
this scenario, you can close all active Remote Console sessions and try again later (around
2 minutes for a 1024-bit key, and 10 minutes for 2048-bit key).
• Import Certificate – Use this button when you are returning to the Certificate Administration
page with a certificate to import. Click Import Certificate to go directly to the Certificate Import
screen without generating a new CR. A certificate only works with the keys generated for the
original CR from which the certificate was generated. If iLO 2 has been reset, or another CR
was generated since the original CR was submitted to a CA, then a new CR must be generated
and submitted to the CA.
You can customize and create a CR or import an existing certificate using RIBCL XML commands.
These commands enable you to script and automate certificate deployment on iLO 2 servers instead
of manually deploying certificates through the browser interface. For more information, see HP
Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide at
http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?
contentType=SupportManual&lang=en&cc=us&docIndexId=64179&taskId=135&
prodTypeId=18964&prodSeriesId=1146658.
Two-factor authentication
Access to iLO 2 requires user authentication. This firmware release provides an enhanced
authentication scheme for iLO 2 using two factors of authentication: a password or PIN, and a
private key for a digital certificate. Using two-factor authentication requires that you verify your
Security 45