HP Integrated Lights-Out 2 User Guide
Table Of Contents
- HP Integrated Lights-Out 2 User Guide
- Contents
- 1 Overview
- 2 Setting up iLO 2
- 3 Configuring iLO 2
- iLO 2 configuration overview
- Upgrading iLO 2 firmware
- Licensing
- User administration
- Configuring iLO 2 access
- Security
- Network
- SNMP/Insight Manager settings
- ProLiant BL p-Class configuration
- 4 Using iLO 2
- System status and status summary information
- iLO 2 Remote Console
- Remote Console overview and licensing options
- Remote Console settings
- IRC Fullscreen
- Integrated Remote Console option
- Multi-user access to the Integrated Remote Console
- Using Console Capture
- Using HP iLO Video Player
- Acquiring the Remote Console
- Remote Console
- Text-based remote console overview
- Virtual media
- Power management
- ProLiant BL p-Class Advanced management
- ProLiant BladeSystem HP Onboard Administrator
- 5 Directory services
- Overview of directory integration
- Benefits of directory integration
- Advantages and disadvantages of schema-free directories and HP schema directory
- Setting up Schema-free directory integration
- Setting up HP schema directory integration
- Features supported by HP schema directory integration
- Setting up directory services
- Schema documentation
- Directory services support
- Schema required software
- Schema installer
- Management snap-in installer
- Directory services for Active Directory
- Active Directory installation prerequisites
- Installing Active Directory on Windows Server 2008
- Directory services preparation for Active Directory
- Snap-in installation and initialization for Active Directory
- Example: Creating and configuring directory objects for use with iLO 2 in Active Directory
- Directory services objects
- Active Directory Lights-Out management
- Directory services for eDirectory
- User login using directory services
- Directory-enabled remote management
- HPQLOMIG directory migration utility
- Introduction to HPQLOMIG utility
- Compatibility
- HP Lights-Out directory package
- Using HPQLOMIG
- Finding management processors
- Upgrading firmware on management processors
- Selecting a directory access method
- Naming management processors
- Configuring directories when HP Extended schema is selected
- Configuring directories when schema-free integration is selected
- Setting up management processors for directories
- Directory services schema
- 6 HP Systems Insight Manager integration
- 7 Troubleshooting iLO 2
- iLO 2 POST LED indicators
- Event log entries
- Hardware and software link-related issues
- JVM support
- Login issues
- Login name and password not accepted
- Directory user premature logout
- iLO 2 Management Port not accessible by name
- iLO 2 RBSU unavailable after iLO 2 and server reset
- Inability to access the login page
- Inability to access iLO 2 using Telnet
- Inability to access virtual media or graphical remote console
- Inability to connect to iLO 2 after changing network settings
- Inability to connect to the iLO 2 Diagnostic Port
- Inability to connect to the iLO 2 processor through the NIC
- Inability to log in to iLO 2 after installing the iLO 2 certificate
- Firewall issues
- Proxy server issues
- Two-factor authentication error
- Troubleshooting alert and trap issues
- Troubleshooting directory issues
- Troubleshooting Remote Console issues
- Remote Console applet has a red X when running Linux client browser
- Inability to navigate the single cursor of the Remote Console to corners of the Remote Console window
- Remote Console no longer opens on the existing browser session
- Remote console text window not updating properly
- Remote Console turns gray or black
- Remote Serial Console troubleshooting
- Troubleshooting Integrated Remote Console issues
- Internet Explorer 7 and a flickering remote console screen
- Configuring Apache to accept exported capture buffers
- No console replay while server is powered down
- Skipping information during boot and fault buffer playback
- Out of Memory error starting Integrated Remote Console
- Session leader does not receive connection request when IRC is in replay mode
- Keyboard LED does not display correctly
- Inactive IRC
- IRC Failed to connect to server error message
- IRC toolbar icons do not update
- GNOME interface does not lock
- Repeating keys on the Remote Console
- Remote Console playback does not work when the host server is powered off
- Troubleshooting SSH and Telnet issues
- Troubleshooting terminal services issues
- Troubleshooting video and monitor issues
- Troubleshooting Virtual Media issues
- Troubleshooting iLO Video Player issues
- Troubleshooting Remote Text Console issues
- Troubleshooting miscellaneous issues
- Cookie sharing between browser instances and iLO 2
- Inability to access ActiveX downloads
- Inability to get SNMP information from HP SIM
- Incorrect time or date of the entries in the event log
- Inability to upgrade iLO 2 firmware
- iLO 2 network flash recovery
- Recovering from a bad iLO 2 flash image using network flash recovery
- Recovering from a bad iLO 2 flash image using the HP Smart Update Firmware DVD
- The iLO 2 firmware does not respond to SSL requests
- Testing SSL
- Resetting iLO 2
- Server name still present after ERASE utility is executed
- Troubleshooting a remote host
- 8 Technical support
- Acronyms and abbreviations
- Index
Encryption settings
You can view or modify the current encryption settings using the iLO 2 interface, CLP, or RIBCL.
To view or modify current encryption settings using the iLO 2 interface:
1. Click Administration>Security>Encryption.
The Encryption page appears, displaying the current encryption settings for iLO 2. Both the
current negotiated cipher and the encryption enforcement settings appear on this page.
• Current Negotiated Cipher displays the cipher in use for the current browser session.
After logging in to iLO 2 through the browser, the browser and iLO 2 negotiate a cipher
setting to use during the session. The Encryption page Current Negotiated Cipher section
displays the negotiated cipher.
Encryption Enforcement Settings displays the current encryption settings for iLO 2. Enforce
AES/3DES Encryption (if enabled) enables iLO 2 to only accept connections through the
browser and SSH interface that meet the minimum cipher strength. A cipher strength of
at least AES or 3DES must be used to connect to iLO 2 if this setting is enabled. Enforce
AES/3DES Encryption can be enabled or disabled.
2. To save changes, click Apply.
When changing the Enforcement setting to Enable, close all open browsers after clicking
Apply. Any browsers that remain open might continue to use a non-AES/3DES cipher.
To view or modify current encryption settings through the CLP or RIBCL, see the HP Integrated
Lights-Out Management Processor Scripting and Command Line Resource Guide at http://
h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&
lang=en&cc=us&docIndexId=64179&taskId=135&prodTypeId=18964&prodSeriesId=1146658.
Connecting to the iLO 2 using AES/3DES encryption
After enabling the Enforce AES/3DES Encryption setting, iLO 2 requires you to connect through
secure channels (web browser, SSH, or XML port) using a cipher strength of at least AES or 3DES.
To connect to iLO 2 through a browser, the browser must be configured with a cipher strength of
at least AES or 3DES. If the web browser is not using AES or 3DES ciphers, iLO 2 displays an
error message informing you to close the current connection and select the correct cipher.
See your browser documentation to select a cipher strength of at least AES or 3DES. Different
browsers use different methods of selecting a negotiated cipher. You must log out of iLO 2 through
the current browser before changing the browser cipher strength. Any changes made to the browser
cipher setting while logged in to iLO 2 might enable the browser to continue using a non-AES/3DES
cipher.
All client operating systems and browsers supported by iLO 2, support the iLO 2 AES/3DES
Encryption feature except when using Windows 2000 Professional with Internet Explorer. By
default, Windows 2000 Professional does not support AES or 3DES ciphers. If a client uses
Windows 2000 Professional, you must use another browser, or update the operating system.
Internet Explorer does not have a user-selectable cipher strength setting. You must edit the registry
to enable Internet Explorer to connect to iLO 2 when the Enforce AES/3DES Encryption setting is
enabled. To enable AES/3DES encryption in Internet Explorer, open the registry and set
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
FIPSAlgorithmPolicy to 1.
54 Configuring iLO 2