HP Integrated Lights-Out 2 User Guide
Table Of Contents
- HP Integrated Lights-Out 2 User Guide
- Contents
- 1 Overview
- 2 Setting up iLO 2
- 3 Configuring iLO 2
- iLO 2 configuration overview
- Upgrading iLO 2 firmware
- Licensing
- User administration
- Configuring iLO 2 access
- Security
- Network
- SNMP/Insight Manager settings
- ProLiant BL p-Class configuration
- 4 Using iLO 2
- System status and status summary information
- iLO 2 Remote Console
- Remote Console overview and licensing options
- Remote Console settings
- IRC Fullscreen
- Integrated Remote Console option
- Multi-user access to the Integrated Remote Console
- Using Console Capture
- Using HP iLO Video Player
- Acquiring the Remote Console
- Remote Console
- Text-based remote console overview
- Virtual media
- Power management
- ProLiant BL p-Class Advanced management
- ProLiant BladeSystem HP Onboard Administrator
- 5 Directory services
- Overview of directory integration
- Benefits of directory integration
- Advantages and disadvantages of schema-free directories and HP schema directory
- Setting up Schema-free directory integration
- Setting up HP schema directory integration
- Features supported by HP schema directory integration
- Setting up directory services
- Schema documentation
- Directory services support
- Schema required software
- Schema installer
- Management snap-in installer
- Directory services for Active Directory
- Active Directory installation prerequisites
- Installing Active Directory on Windows Server 2008
- Directory services preparation for Active Directory
- Snap-in installation and initialization for Active Directory
- Example: Creating and configuring directory objects for use with iLO 2 in Active Directory
- Directory services objects
- Active Directory Lights-Out management
- Directory services for eDirectory
- User login using directory services
- Directory-enabled remote management
- HPQLOMIG directory migration utility
- Introduction to HPQLOMIG utility
- Compatibility
- HP Lights-Out directory package
- Using HPQLOMIG
- Finding management processors
- Upgrading firmware on management processors
- Selecting a directory access method
- Naming management processors
- Configuring directories when HP Extended schema is selected
- Configuring directories when schema-free integration is selected
- Setting up management processors for directories
- Directory services schema
- 6 HP Systems Insight Manager integration
- 7 Troubleshooting iLO 2
- iLO 2 POST LED indicators
- Event log entries
- Hardware and software link-related issues
- JVM support
- Login issues
- Login name and password not accepted
- Directory user premature logout
- iLO 2 Management Port not accessible by name
- iLO 2 RBSU unavailable after iLO 2 and server reset
- Inability to access the login page
- Inability to access iLO 2 using Telnet
- Inability to access virtual media or graphical remote console
- Inability to connect to iLO 2 after changing network settings
- Inability to connect to the iLO 2 Diagnostic Port
- Inability to connect to the iLO 2 processor through the NIC
- Inability to log in to iLO 2 after installing the iLO 2 certificate
- Firewall issues
- Proxy server issues
- Two-factor authentication error
- Troubleshooting alert and trap issues
- Troubleshooting directory issues
- Troubleshooting Remote Console issues
- Remote Console applet has a red X when running Linux client browser
- Inability to navigate the single cursor of the Remote Console to corners of the Remote Console window
- Remote Console no longer opens on the existing browser session
- Remote console text window not updating properly
- Remote Console turns gray or black
- Remote Serial Console troubleshooting
- Troubleshooting Integrated Remote Console issues
- Internet Explorer 7 and a flickering remote console screen
- Configuring Apache to accept exported capture buffers
- No console replay while server is powered down
- Skipping information during boot and fault buffer playback
- Out of Memory error starting Integrated Remote Console
- Session leader does not receive connection request when IRC is in replay mode
- Keyboard LED does not display correctly
- Inactive IRC
- IRC Failed to connect to server error message
- IRC toolbar icons do not update
- GNOME interface does not lock
- Repeating keys on the Remote Console
- Remote Console playback does not work when the host server is powered off
- Troubleshooting SSH and Telnet issues
- Troubleshooting terminal services issues
- Troubleshooting video and monitor issues
- Troubleshooting Virtual Media issues
- Troubleshooting iLO Video Player issues
- Troubleshooting Remote Text Console issues
- Troubleshooting miscellaneous issues
- Cookie sharing between browser instances and iLO 2
- Inability to access ActiveX downloads
- Inability to get SNMP information from HP SIM
- Incorrect time or date of the entries in the event log
- Inability to upgrade iLO 2 firmware
- iLO 2 network flash recovery
- Recovering from a bad iLO 2 flash image using network flash recovery
- Recovering from a bad iLO 2 flash image using the HP Smart Update Firmware DVD
- The iLO 2 firmware does not respond to SSL requests
- Testing SSL
- Resetting iLO 2
- Server name still present after ERASE utility is executed
- Troubleshooting a remote host
- 8 Technical support
- Acronyms and abbreviations
- Index
identity by providing both factors. You can store your digital certificates and private keys wherever
you choose, for example, on a smart card, USB token, or hard drive.
The Two-Factor Authentication tab enables you to configure security settings and review, import,
or delete a trusted CA certificate. The Two-Factor Authentication Enforcement setting controls
whether two-factor authentication is used for user authentication during login. To require two-factor
authentication, click Enabled. To turn off the two-factor authentication requirement and allow login
with user name and password only, click Disabled. You cannot change the setting to Enabled if a
trusted CA certificate is not configured. To provide the necessary security, the following configuration
changes are made when two-factor authentication is enabled:
• Telnet Access: Disabled
• Secure Shell (SSH) Access: Disabled
• Serial Command Line Interface Status: Disabled
If Telnet, SSH, or Serial CLI access is required, re-enable these settings after two-factor authentication
is enabled. However, because these access methods do not provide a means of two-factor
authentication, only a single factor is required to access iLO 2 with Telnet, SSH, or Serial CLI.
When two-factor authentication is enabled, access by the CPQLOCFG utility is disabled because
CPQLOCFG does not meet all authentication requirements. However, the HPONCFG utility works
because administrator privileges on the host system are required to execute the utility.
A trusted CA certificate is required for two-factor authentication to function. You cannot change
the Two-Factor Authentication Enforcement setting to Enabled if a trusted CA certificate is not
configured. Also, you must map a client certificate to a local user account if local user accounts
are used. If iLO 2 is using directory authentication, client certificate mapping to local user accounts
is optional.
To change two-factor authentication security settings for iLO 2:
1. Log in to iLO 2 with an account that has the Configure iLO 2 Settings privilege.
2. Click Administration>Security>Two-Factor Authentication.
3. Change the settings by entering your selections in the fields.
4. To save the changes, click Applys.
The Certificate Revocation Checking setting controls whether iLO 2 uses the certificate CRL
distribution points attribute to download the latest CRL and verify revocation of the client certificate.
If the client certificate is contained in the CRL, or if you cannot download the CRL, access is denied.
The CRL distribution point must be available and accessible to iLO 2 when Certificate Revocation
Checking is set to Yes.
The Certificate Owner Field setting specifies which attribute of the client certificate to use when
authenticating with the directory. Only use the Certificate Owner Field setting if directory
authentication is enabled. Configuration of the Certificate Owner Field depends on the version of
directory support used, the directory configuration, and the certificate issuance policy of your
organization. If SAN is specified, iLO 2 extracts the User Principle Name from the Subject Alternative
Name attribute and then uses the User Principle Name when authenticating with the directory (for
example, username@domain.extension). For example, if the subject name is /DC=com/DC=domain/
OU=organization/CN=user, iLO 2 will derive
CN=user,OU=organization,DC=domain,DC=com.
Setting up two-factor authentication for the first time
When setting up two-factor authentication for the first time, you can use either local user accounts
or directory user accounts. For more information on two-factor authentication settings, see “Two-factor
authentication” (page 45).
Setting up local user accounts
46 Configuring iLO 2