HP Integrated Lights-Out 2 User Guide
Table Of Contents
- HP Integrated Lights-Out 2 User Guide
- Contents
- 1 Overview
- 2 Setting up iLO 2
- 3 Configuring iLO 2
- iLO 2 configuration overview
- Upgrading iLO 2 firmware
- Licensing
- User administration
- Configuring iLO 2 access
- Security
- Network
- SNMP/Insight Manager settings
- ProLiant BL p-Class configuration
- 4 Using iLO 2
- System status and status summary information
- iLO 2 Remote Console
- Remote Console overview and licensing options
- Remote Console settings
- IRC Fullscreen
- Integrated Remote Console option
- Multi-user access to the Integrated Remote Console
- Using Console Capture
- Using HP iLO Video Player
- Acquiring the Remote Console
- Remote Console
- Text-based remote console overview
- Virtual media
- Power management
- ProLiant BL p-Class Advanced management
- ProLiant BladeSystem HP Onboard Administrator
- 5 Directory services
- Overview of directory integration
- Benefits of directory integration
- Advantages and disadvantages of schema-free directories and HP schema directory
- Setting up Schema-free directory integration
- Setting up HP schema directory integration
- Features supported by HP schema directory integration
- Setting up directory services
- Schema documentation
- Directory services support
- Schema required software
- Schema installer
- Management snap-in installer
- Directory services for Active Directory
- Active Directory installation prerequisites
- Installing Active Directory on Windows Server 2008
- Directory services preparation for Active Directory
- Snap-in installation and initialization for Active Directory
- Example: Creating and configuring directory objects for use with iLO 2 in Active Directory
- Directory services objects
- Active Directory Lights-Out management
- Directory services for eDirectory
- User login using directory services
- Directory-enabled remote management
- HPQLOMIG directory migration utility
- Introduction to HPQLOMIG utility
- Compatibility
- HP Lights-Out directory package
- Using HPQLOMIG
- Finding management processors
- Upgrading firmware on management processors
- Selecting a directory access method
- Naming management processors
- Configuring directories when HP Extended schema is selected
- Configuring directories when schema-free integration is selected
- Setting up management processors for directories
- Directory services schema
- 6 HP Systems Insight Manager integration
- 7 Troubleshooting iLO 2
- iLO 2 POST LED indicators
- Event log entries
- Hardware and software link-related issues
- JVM support
- Login issues
- Login name and password not accepted
- Directory user premature logout
- iLO 2 Management Port not accessible by name
- iLO 2 RBSU unavailable after iLO 2 and server reset
- Inability to access the login page
- Inability to access iLO 2 using Telnet
- Inability to access virtual media or graphical remote console
- Inability to connect to iLO 2 after changing network settings
- Inability to connect to the iLO 2 Diagnostic Port
- Inability to connect to the iLO 2 processor through the NIC
- Inability to log in to iLO 2 after installing the iLO 2 certificate
- Firewall issues
- Proxy server issues
- Two-factor authentication error
- Troubleshooting alert and trap issues
- Troubleshooting directory issues
- Troubleshooting Remote Console issues
- Remote Console applet has a red X when running Linux client browser
- Inability to navigate the single cursor of the Remote Console to corners of the Remote Console window
- Remote Console no longer opens on the existing browser session
- Remote console text window not updating properly
- Remote Console turns gray or black
- Remote Serial Console troubleshooting
- Troubleshooting Integrated Remote Console issues
- Internet Explorer 7 and a flickering remote console screen
- Configuring Apache to accept exported capture buffers
- No console replay while server is powered down
- Skipping information during boot and fault buffer playback
- Out of Memory error starting Integrated Remote Console
- Session leader does not receive connection request when IRC is in replay mode
- Keyboard LED does not display correctly
- Inactive IRC
- IRC Failed to connect to server error message
- IRC toolbar icons do not update
- GNOME interface does not lock
- Repeating keys on the Remote Console
- Remote Console playback does not work when the host server is powered off
- Troubleshooting SSH and Telnet issues
- Troubleshooting terminal services issues
- Troubleshooting video and monitor issues
- Troubleshooting Virtual Media issues
- Troubleshooting iLO Video Player issues
- Troubleshooting Remote Text Console issues
- Troubleshooting miscellaneous issues
- Cookie sharing between browser instances and iLO 2
- Inability to access ActiveX downloads
- Inability to get SNMP information from HP SIM
- Incorrect time or date of the entries in the event log
- Inability to upgrade iLO 2 firmware
- iLO 2 network flash recovery
- Recovering from a bad iLO 2 flash image using network flash recovery
- Recovering from a bad iLO 2 flash image using the HP Smart Update Firmware DVD
- The iLO 2 firmware does not respond to SSL requests
- Testing SSL
- Resetting iLO 2
- Server name still present after ERASE utility is executed
- Troubleshooting a remote host
- 8 Technical support
- Acronyms and abbreviations
- Index
To test the communication between the directory server and iLO 2, click Test Settings. For more
information, see “Directory tests” (page 53).
Directory tests
To validate current directory settings for iLO 2, click Test Settings on the Directory Settings page.
The Directory Tests page appears.
The test page displays the results of a series of simple tests designed to validate the current directory
settings. Additionally, it includes a test log that shows test results and any issues that have been
detected. After your directory settings are configured correctly, you do not need to rerun these
tests. The Directory Tests screen does not require you to be logged in as a directory user.
To verify your directory settings:
1. Enter the distinguished name and password of a directory administrator. A good choice would
be the same credentials used when creating the iLO 2 objects in the directory. These credentials
are not stored by iLO 2. They are used to verify the iLO 2 object and user search contexts.
2. Enter a test user name and password. Typically, this account would be intended to access the
iLO 2 being tested. It can be the same account as the directory administrator. However, the
tests cannot verify user authentication with a superuser account. These credentials are not
stored by iLO 2.
3. Click Start Test. Several tests begin in the background, starting with a network ping of the
directory user through establishing an SSL connection to the server and evaluating user
privileges as they would be evaluated during a normal login.
While the tests are running, the page periodically refreshes. At any time during test execution, you
can stop the tests or manually refresh the page. Consult the help link on the page for test details
and actions in the event of trouble.
Encryption
iLO 2 provides enhanced security for remote management in distributed IT environments. Web
browser data is protected by SSL encryption. SSL encryption of HTTP data ensures that the data is
secure as it is transmitted across the network. iLO 2 provides support for two of the strongest
available cipher strengths; the Advanced Encryption Standard (AES) and the Triple Data Encryption
Standard (3DES). iLO 2 supports the following cipher strengths:
• 256-bit AES with RSA, DHE and a SHA1 MAC
• 256-bit AES with RSA and a SHA1 MAC
• 128-bit AES with RSA, DHE and a SHA1 MAC
• 128-bit AES with RSA and a SHA1 MAC
• 168-bit Triple DES with RSA and a SHA1 MAC
• 168-bit Triple DES with RSA, DHE and a SHA1 MAC
iLO 2 also provides enhanced encryption through the SSH port for secure CLP transactions. iLO 2
supports AES128-CBC and 3DES-CBC cipher strengths through the SSH port.
If enabled, iLO 2 enforces the usage of these enhanced ciphers (both AES and 3DES) over the
secure channels, including secure HTTP transmissions through the browser, SSH port, and XML
port. When AES/3DES encryption is enabled, you must use a cipher strength equal to or greater
than AES/3DES to connect to iLO 2 through these secure channels. Communications and connections
over less secure channels (such as the Telnet port) are not affected by the AES/3DES encryption
enforcement setting.
By default, remote console data uses 128-bit RC4 bi-directional encryption. The CPQLOCFG utility
uses a 168-bit Triple DES with RSA and a SHA1 MAC cipher to securely send RIBCL scripts to iLO
2 over the network.
Security 53