HP iLO 4 User Guide Abstract This guide provides information about configuring, updating, and operating HP ProLiant Gen8 servers by using the HP iLO 4 firmware. This document is intended for system administrators, HP representatives, and HP Authorized Channel Partners who are involved in configuring and using HP iLO 4 and HP ProLiant Gen8 servers. This guide discusses HP iLO for HP ProLiant servers and HP ProLiant BladeSystem server blades.
© Copyright 2012, 2014 Hewlett-Packard Development Company, L.P Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents 1 Introduction to iLO....................................................................................14 Overview..............................................................................................................................14 HP iLO features......................................................................................................................14 iLO web interface.........................................................................................................
Administering directory groups............................................................................................48 Deleting a user or a directory group.....................................................................................50 Configuring iLO Federation Management..................................................................................50 iLO Federation Management network requirements.................................................................
Configuring general network settings....................................................................................91 Configuring IPv4 settings....................................................................................................94 Configuring IPv6 settings....................................................................................................96 Configuring SNTP settings...................................................................................................
Configuring NIC and TCP/IP settings.............................................................................132 Configuring DNS/DHCP settings...................................................................................133 Configuring global settings by using iLO RBSU................................................................134 Configuring serial CLI options by using iLO RBSU............................................................
Extracting the Active Health System log by using curl............................................................178 Clearing the Active Health System log................................................................................179 Using iLO diagnostics............................................................................................................179 Resetting iLO through the web interface..............................................................................
Virtual Media operating system information.........................................................................218 Operating system USB requirement................................................................................218 Using Virtual Media with Windows 7............................................................................218 Operating system considerations: Virtual Floppy/USB key................................................218 Changing diskettes......................................
iLO option.......................................................................................................................240 IPMI server management.......................................................................................................241 Using iLO with HP Insight Control server deployment ................................................................242 Using HP Enterprise Secure Key Manager with iLO....................................................................
Schema-free setup with HP Directories Support for ProLiant Management Processors.............258 Schema-free setup options............................................................................................259 Minimum login flexibility.........................................................................................259 Better login flexibility..............................................................................................259 Maximum login flexibility.............................
HP Directories Support for ProLiant Management Processors package.....................................287 Using HP Directories Support for ProLiant Management Processors.........................................287 Finding management processors...................................................................................287 Upgrading firmware on management processors.............................................................289 Selecting a directory access method.......................................
iLO Virtual Floppy media applet unresponsive......................................................................313 Troubleshooting SSH issues....................................................................................................313 Initial PuTTY input slow.....................................................................................................313 PuTTY client unresponsive..................................................................................................
9 Documentation feedback.........................................................................334 A iLO license options.................................................................................335 B FlexibleLOM support...............................................................................337 C Directory services schema.......................................................................339 HP Management Core LDAP OID classes and attributes.................................................
1 Introduction to iLO Overview The HP iLO Management Engine is a set of embedded management features that support the complete life cycle of the server, from initial deployment, to ongoing management, to service alerting and remote support. HP iLO is one feature of the HP iLO Management Engine. The HP iLO subsystem is a standard component of HP ProLiant servers that simplifies initial server setup, server health monitoring, power and thermal optimization, and remote server administration.
• Use iLO language packs to switch between English and another supported language. • Control iLO by using a remote management tool. iLO web interface The iLO web interface groups similar tasks for easy navigation and workflow. The interface is organized in a navigational tree view located on the left side of the page. The top-level branches are Information, iLO Federation, Remote Console, Virtual Media, Power Management, Network, Remote Support, and Administration.
NOTE: On servers that use the system RBSU, the iLO option ROM lists the installed license and the firmware version. This information is not listed in the option ROM on UEFI systems. iLO Mobile application The HP iLO Mobile application provides access to the Remote Console of your HP ProLiant server from your mobile device. The mobile application interacts directly with the iLO processor on HP ProLiant servers, providing total control of the server at all times as long as the server is plugged in.
2 Setting up iLO The iLO default settings enable you to use most features without additional configuration. However, the configuration flexibility of iLO enables customization for multiple enterprise environments. This chapter discusses the initial iLO setup steps. For information about additional configuration options, see “Configuring iLO” (page 36). Complete the initial setup steps: 1. Decide how you want to handle networking and security. For more information, see “Preparing to set up iLO” (page 17). 2.
For more information, see “Configuring a static IP address by using iLO RBSU” (page 20) and “Configuring a static IP address by using the iLO 4 Configuration Utility” (page 22). IMPORTANT: If you plan to use a static IP address, you must have the IP address before starting the iLO setup process. 3. What access security is required, and what user accounts and privileges are needed? iLO provides several options to control user access.
4. How do you want to configure iLO? iLO supports various interfaces for configuration and operation. This guide discusses the following interfaces: • Use iLO RBSU or the iLO 4 Configuration Utility when the system environment does not use DHCP, DNS, or WINS. For more information, see “Setting up iLO by using iLO RBSU or the iLO 4 Configuration Utility” (page 20). • Use the iLO web interface when you can connect to iLO on the network by using a web browser.
Figure 1 Corporate network diagram Main NIC Client PCs iLO Hub/Switch Corporate Network Main NIC iLO Management Client • In a dedicated management network, the iLO port is on a separate network, as shown in Figure 2 (page 20).
NOTE: To simplify installation, HP recommends using DNS or DHCP with iLO. To configure a static IP address: 1. Optional: If you access the server remotely, start an iLO remote console session. You can use the .NET IRC or Java IRC. 2. 3. Restart or power on the server. Press F8 in the HP ProLiant POST screen. The iLO RBSU screen appears. 4. Disable DHCP: a. Select Network→DNS/DHCP, and then press Enter. The Network Autoconfiguration window opens. b. Select DHCP Enable, as shown in Figure 3 (page 21).
5. Enter an IP address and subnet mask: a. Select Network→NIC and TCP/IP, and then press Enter. The Network Configuration window opens. b. Enter the appropriate information in the IP Address, Subnet Mask, and Gateway IP Address fields, as shown in Figure 4 (page 22). Figure 4 iLO RBSU Network Configuration window c. 6. Press F10 to save the changes. Select File→Exit to exit iLO RBSU. The changes take effect when you exit iLO RBSU.
Figure 5 iLO 4 Configuration Utility Network Configuration 5. Disable DHCP: a. Select DHCP Enable, and then press Enter. b. Select OFF, and then press Enter. 6. Enter an IP address, subnet mask, and gateway IP address: a. Select IP Address, and then press Enter. b. Type the IP address, and then press Enter. c. Select Subnet Mask, and then press Enter. d. Type the subnet mask address, and then press Enter. e. Select Gateway IP Address, and then press Enter. f.
Figure 6 Saving iLO configuration changes 8. Press Enter. The iLO 4 Configuration Utility notifies you that iLO must be reset in order for the changes to take effect, as shown in Figure 7 (page 24).
9. Press Enter. iLO resets, and the iLO session is automatically ended. You can reconnect in approximately 30 seconds. 10. Resume the normal boot process: a. Start the iLO remote console. The iLO 4 Configuration Utility is still open from the previous session. b. c. Press ESC several times to navigate to the System Configuration page. Press ESC to exit the System Utilities and resume the normal boot process.
5. 6. Enter the following user account details: • User name appears in the user list on the User Administration page. It does not have to be the same as the Login name. The maximum length for a user name is 39 characters. The user name must use printable characters. Assigning descriptive user names can help you to easily identify the owner of each login name. • Login name is the name you must use when logging in to iLO.
Figure 9 Editing user accounts 5. 6. 7. Select the user name that you want to edit, and then press Enter. Update the user name, login name, password, or user permissions, and then press F10 to save the changes. Select File→Exit to exit iLO RBSU. Removing user accounts To remove a local iLO user account: 1. Optional: If you access the server remotely, start an iLO remote console session. You can use the .NET IRC or Java IRC. 2. 3. Restart or power on the server. Press F8 in the HP ProLiant POST screen.
Figure 10 Removing user accounts 5. Select the user that you want to remove, and then press Enter. The iLO RBSU prompts you to confirm the request. 6. 7. Press Enter to confirm the request. Select File→Exit to exit iLO RBSU.
Figure 11 User Management screen 5. Select Add User, and then press Enter. The User Management→Add User screen appears, as shown in Figure 12 (page 29).
6. Select from the following iLO privileges. To enable a privilege, set it to YES. To disable a privilege, set it to NO. • Administer User Accounts—Enables a user to add, edit, and delete local iLO user accounts. A user with this privilege can change privileges for all users. If you do not have this privilege, you can view your own settings and change your own password. • Remote Console Access—Enables a user to remotely access the host system Remote Console, including video, keyboard, and mouse control.
Figure 13 User Management screen 5. Select Edit/Remove User, and then press Enter. The User Management→Edit/Remove User screen appears, as shown in Figure 14 (page 31). Figure 14 Editing or removing user accounts 6. Locate the user name that you want to edit or delete, select the Action menu for that user name, and then press Enter.
7. 8. 9. 10. 11. 12. Select one of the following, and then press Enter. • No Change—Returns you to the main menu. • Delete—Deletes this user. • Edit—Edits the user. Depending on your selection in step 7, do one of the following: • If you selected No Change, no further action is needed. • If you selected Delete, the user name is marked to be deleted when you save the changes on this page. • If you selected Edit, update the login name, password, or user permissions.
more advanced features. For licensing information and installation instructions, see “iLO licensing” (page 43). Installing the iLO drivers iLO is an independent microprocessor running an embedded operating system. The architecture ensures that the majority of iLO functionality is available, regardless of the host operating system. The iLO drivers enable software such as HPONCFG and the Agentless Management Service to communicate with iLO. Your OS and system configuration determine the driver requirements.
Microsoft device driver support When you are using Windows with iLO, the following drivers are available: • HP ProLiant iLO 3/4 Channel Interface Driver for Windows—This driver is required for the operating system to communicate with iLO. Install this driver in all configurations. • HP ProLiant iLO 3/4 Management Controller Driver Package for Windows—This package includes the following components: ◦ hpqilo3core provides iLO Management Controller Driver support.
1. Subscribe to the MCP. For instructions, see the following HP website: http://downloads.linux.hp.com/SDR/project/ mcp/. 2. 3. Enter the following command to update the repository cache: apt-get update. Enter the following command to install the HP System Health Application and Command Line Utilities: apt-get install hp-health.
3 Configuring iLO Typically, an advanced or administrative user who manages users and configures global and network settings configures iLO. This guide provides information about configuring iLO by using the iLO web interface and iLO RBSU or the iLO 4 Configuration Utility. TIP: You can perform many iLO configuration tasks by using XML configuration and control scripts or SMASH CLP.
download an iLO Online ROM Flash Component from the following HP website: http:// www.hp.com/support/ilo4. • HPONCFG—Use the HP Lights-Out Online Configuration Utility to configure iLO by using XML scripts. Download the iLO firmware image and the Update_Firmware.xml sample script. Edit the sample script with your setup details, and then run the script. Sample scripts are available at http://www.hp.com/support/ilo4. For more information about scripting, see the HP iLO 4 Scripting and Command Line Guide.
1. 2. Navigate to the technical support page on the HP website: http://www.hp.com/support. Select a country or region and a language. The HP Support page opens. 3. 4. Click the Drivers & Downloads link. In the search box, enter the server model that you are using (for example, DL360p). A list of servers is displayed. 5. Click the link for your server. The HP Support Center page for the server opens. 6. 7. 8. 9. Click the link for your server operating system.
Figure 15 Firmware Update page 3. 4. Click Browse (Internet Explorer or Firefox) or Choose File (Chrome), and then specify the location of the firmware image file in the File box. Click Upload to start the update process. The following message appears: Updating the iLO firmware will cause the iLO to reboot. This will terminate any connections to the iLO including Remote Console and Virtual Media. Updating other types of firmware will not cause iLO to reboot, but they may require a server reboot.
Using language packs Language packs enable you to easily switch the iLO web interface from English to a supported language of your choice. Language packs currently provide translations for the iLO web interface, .NET IRC, and Java IRC. Consider the following when using language packs: • You must have the Configure iLO Settings privilege to install a language pack. • You can install one additional language pack at a time.
Figure 16 Access Settings – Language page 4. 5. Click Browse (Internet Explorer or Firefox) or Choose File (Chrome) in the Upload Language Pack section. Select the downloaded language pack, and then click Open. The following message appears: Only one language pack is supported at a time. If a language pack is already installed, it will be replaced with this upload. iLO will automatically reboot after installing the new language pack. Are you sure you want to install now? 6. Click OK to continue.
Figure 17 Login page Language menu • From the toolbar located on the bottom right side of the iLO web interface, as shown in Figure 18 (page 42). Figure 18 Toolbar Language menu • From the Administration→Access Settings→Language page. For instructions, see “Configuring the current language settings” (page 42). Configuring the default language settings To set the default language for the users of this instance of the iLO firmware: 1.
3. Click OK to continue. iLO resets and closes your browser connection. It might take several minutes before you can re-establish a connection. iLO licensing HP iLO standard features are included in every HP ProLiant server to simplify server setup, engage health monitoring, monitor power and thermal control, and promote remote administration. HP iLO licenses activate functionality such as graphical Remote Console with multiuser collaboration, video record/playback, and many more advanced features.
When using an evaluation license, note the following: • The evaluation license activates and enables access to iLO licensed features. • The evaluation license key is a 10-seat key, meaning it can be used on 10 different servers. • When the evaluation period has expired, your iLO system will return to the standard functionality. • Only one evaluation license can be installed for each iLO system. The iLO firmware will not accept the reapplication of an evaluation license.
iLO supports up to 12 users with customizable access rights, login names, and advanced password encryption. Privileges control individual user settings, and can be customized to meet user access requirements. To support more than 12 users, you must have an iLO license, which enables integration with an unlimited number of directory-based user accounts. For more information about iLO licensing, see the following website: http://www.hp.com/go/ilo/licensing.
Table 1 Local user account privileges (continued) Icon Privilege Configure iLO Settings Administer User Accounts Viewing directory groups To view directory groups, navigate to the Administration→User Administration page, as shown in Figure 20 (page 45). The Directory Groups table shows the group DN, group SID, and the assigned privileges for the configured groups. Table 2 (page 46) lists the account privileges that can be activated for directory groups.
Figure 21 Add/Edit Local User page 3. 4. Provide the following details in the User Information section: • User Name appears in the user list on the User Administration page. It does not have to be the same as the Login Name. The maximum length for a user name is 39 characters. The user name must use printable characters. Assigning descriptive user names can help you to easily identify the owner of each login name. • Login Name is the name you use when logging in to iLO.
• Virtual Power and Reset—Enables a user to power-cycle or reset the host system. These activities interrupt the system availability. A user with this privilege can diagnose the system by using the Generate NMI to System button. • Virtual Media—Enables a user to use the Virtual Media feature on the host system. • Configure iLO Settings—Enables a user to configure most iLO settings, including security settings, and to remotely update the iLO firmware.
Figure 22 Add/Edit Directory Group page 3. Provide the following details in the Group Information section: • Group DN (Security Group DN)—DN of a group in the directory. Members of this group are granted the privileges set for the group. The specified group must exist in the directory, and users who need access to iLO must be members of this group. Enter a DN from the directory (for example, CN=Group1, OU=Managed Groups, DC=domain, DC=extension). Shortened DNs are also supported (for example, Group1).
System Utilities, or HPONCFG can still reconfigure iLO. Only a user who has the Administer User Accounts privilege can enable or disable this privilege. • 5. Login Privilege—Enables members of a group to log in to iLO. Do one of the following: • Click Add Group to add a new group. • Click Update Group to edit a group. Deleting a user or a directory group The privilege required for this procedure depends on the user account type.
peers to other peers, and so on until all of the data for the selected iLO Federation Management group is retrieved. Use the iLO web interface on each iLO system to configure group memberships and multicast preferences. The settings on the Group Configuration page apply to the local iLO system only. You must configure these settings separately on each iLO system that will use the iLO Federation Management features.
1. Navigate to the iLO Federation→Group Configuration page, as shown in Figure 23 (page 52). Figure 23 Group Configuration page 2. Configure the following options in the Multicast Options section: • iLO Federation Management—Select Enabled or Disabled. The default setting is Enabled. Selecting Disabled will disable the iLO Federation Management features for the local iLO system. • Multicast Discovery—Select Enabled or Disabled.
Viewing iLO Federation Management group memberships To view the group memberships of a local iLO system, navigate to the iLO Federation→Group Configuration page, as shown in Figure 23 (page 52). The Group Membership for this iLO table lists the name of each group that includes the local iLO system and the privileges granted to the group by the local iLO system. Table 3 (page 53) lists the available privileges. Table 3 Group privileges Login—Enables members of a group to log in to iLO.
5. • Virtual Power and Reset • Virtual Media • Configure iLO Settings • Login Privilege Click Add Group or Update Group to save the settings. Removing an iLO system from an iLO Federation Management group Use the following procedure to remove an iLO system from an iLO Federation Management group. TIP: You can use RIBCL XML scripts to remove a batch of iLO systems from a group. For more information, see the HP iLO 4 Scripting and Command Line Guide. 1. 2. 3.
Figure 24 iLO Federation Capable setting Configuring iLO access settings You can modify iLO access settings, including service, IPMI/DCMI, and access options. The values that you enter on the Access Settings page apply to all iLO users. You must have the Configure iLO Settings privilege to modify access settings. The default configuration is suitable for most operating environments.
1. Navigate to the Administration→Access Settings page, as shown in Figure 25 (page 56) Figure 25 Access Settings page 2. Update the following settings as needed: Table 4 Service settings Service setting Default value Secure Shell (SSH) Access Enables you to specify whether the SSH feature on iLO is enabled or disabled. SSH provides encrypted access to the iLO CLP. The default is Enabled.
Table 4 Service settings (continued) Service setting Default value If you customize the SNMP Trap Port value, some SNMP monitoring applications (such as HP SIM) might not work correctly with iLO unless those applications support the use of a nonstandard SNMP trap port. 3. Click Apply to end your browser connection and restart iLO. It might take several minutes before you can re-establish a connection.
Table 5 Access options Option Default value Description Idle Connection Timeout (minutes) 30 This setting specifies how long a user can be inactive, in minutes, before the iLO web interface and Remote Console session end automatically. The following settings are valid: 15, 30, 60, or 120 minutes, or Infinite. Inactive users are not logged out when this option is set to Infinite. Failure to log out of iLO by either browsing to a different site or closing the browser also results in an idle connection.
Table 5 Access options (continued) Option Default value Description Serial Command Line Interface Status Enabled-Authentication This setting enables you to change the login model of the CLI Required feature through the serial port. The following settings are valid: • Enabled-Authentication Required—Enables access to the iLO CLP from a terminal connected to the host serial port. Valid iLO user credentials are required.
Table 5 Access options (continued) Option Default value Description • Enabled-Every 3rd Failure—A failed login log entry is recorded after every third failed login attempt. • Enabled-Every 5th Failure—A failed login log entry is recorded after every fifth failed login attempt. • Disabled—No failed login log entry is recorded. For information about using this setting with SSH clients, see “Logging in to iLO by using an SSH client” (page 60). 4. Click Apply to end your browser connection and restart iLO.
• Encrypted communication that uses SSL certificate administration. For more information, see “Administering SSL certificates” (page 67). • Support for optional LDAP-based directory services. For more information, see “Directory services” (page 250). Some of these options are licensed features. For more information, see “iLO licensing” (page 43). General security guidelines General security guidelines for iLO follow: • For maximum security, configure iLO on a separate management network.
• For information about using RIBCL scripts to configure iLO RBSU or the iLO 4 Configuration Utility, see the HP iLO 4 Scripting and Command Line Guide. • For information about using the iLO Security Override Switch to access iLO RBSU or the iLO 4 Configuration Utility, see “iLO Security Override Switch administration” (page 62).
• iLO, if disabled when the switch is set, does not log out the user and complete the disable process until the power is cycled on the server. • The boot block is exposed for programming. • A warning message is displayed on iLO web interface pages, indicating that the switch is currently in use. • An iLO log entry records the use of the switch. When iLO boots after you set or clear the iLO Security Override Switch, an SNMP alert is sent if an SNMP Alert Destination is configured.
The directory also provides a central point of administration for iLO devices and users, and the directory can enforce a stronger password policy. iLO enables you to use local users, directory users, or both. The following directory configuration options are available: • A directory extended with HP schema • The directory default schema For more information about using directory authentication, see “Directory services” (page 250).
Z/axobbrHCj/2s66VA/554chkVimJT2IDRRKVkcV8OVC3nb4ckpfFEZvKkAWYaiF DLqRbHhh4qyRBIfBKQpvvhDj1aecdFbaO2UvZltMir4n8/E0hh19nfi3tjXAtSTV ---- END SSH2 PUBLIC KEY ---- • OpenSSH key format—These keys must be one line only.
Figure 27 Security–Secure Shell Key page 5. 6. 7. Select the check box to the left of the user to which you want to add an SSH key. Click Authorize New Key. Copy and paste the public key into the Public Key Import Data box as shown in Figure 28 (page 66). Figure 28 Public Key Import Data box The key must be a 2,048-bit DSA or RSA key. 8. Click Import Public Key. Authorizing a new key by using the CLI 1. 2. 3. Generate a 2,048-bit DSA or RSA SSH key by using ssh-keygen, puttygen.
6. Enter the following command: load sshkey type "oemhp_loadSSHkey -source " When you use this command: • The protocol value is required and must be HTTP or HTTPS. • The hostname and filename values are required. • The username:password and port values are optional. • oemhp_loadSSHkey is case-sensitive. The CLI performs a cursory syntax verification of the values you enter. You must visually verify that the URL is valid.
iLO security features. Users who have the Configure iLO Settings privilege can customize and import a trusted certificate. Viewing certificate information To view certificate information, navigate to the Administration→Security→SSL Certificate page.
Figure 30 Security–SSL Certificate Customization page 3. 4. Enter the following information in the Certificate Signing Request Information section. The required boxes are marked with an asterisk (*) in the iLO web interface.
8. Follow the onscreen instructions and submit the CSR to the CA. The CA will generate a certificate in the PKCS #10 format. 9. After you obtain the certificate, make sure that: • The CN matches the iLO FQDN. This is listed as the iLO Hostname on the Information→Overview page. • The certificate is generated as a Base64-encoded X.509 certificate, and is in the RAW format. • The first and last lines are included in the certificate. 10.
You must have the Configure iLO Settings privilege to change directory settings. This feature and many others are part of an iLO licensing package. For more information about iLO licensing, see the following website: http://www.hp.com/go/ilo/licensing. Configuring authentication and directory server settings 1. Navigate to the Administration→Security→Directory page, as shown in Figure 32 (page 71). Figure 32 Security - Directory page 2.
extended with the HP Extended Schema. User accounts and group memberships are used to authenticate and authorize users. After you enter and save the directory network information, click Administer Groups, and then enter one or more valid directory DNs and privileges to grant users access to iLO. • Kerberos Authentication—Enables Kerberos login. If Kerberos login is enabled and configured correctly, the HP Zero Sign In button appears on the login page.
• LOM Object Distinguished Name—Specifies where this iLO instance is listed in the directory tree (for example, cn=iLO Mail Server,ou=Management Devices,o=hp). This option is available when Use HP Extended Schema is selected. User search contexts are not applied to the LOM object DN when iLO accesses the directory server. • Directory User Contexts—These boxes enable you to specify common directory subcontexts so that users do not need to enter their full DNs at login.
1. Click Test Settings on the Security→Directory page. The Directory Tests page opens, as shown in Figure 33 (page 74). Figure 33 Directory Tests page This page displays the results of a series of simple tests designed to validate the current directory settings. Also, it includes a test log that shows test results and any detected issues. After your directory settings are configured correctly, you do not need to rerun these tests.
4. Click Start Test. Several tests begin in the background, starting with a network ping of the directory user by establishing an SSL connection to the server and evaluating user privileges. While the tests are running, the page refreshes periodically. You can stop the tests or manually refresh the page at any time. Viewing directory test results The Directory Test Results section shows the directory test status with the date and time of the last update.
Table 6 Directory tests (continued) Test Description 1. Verify that the configured directory server is the correct host. 2. Verify that iLO has a clear communication path to the directory server through port 636 (consider any routers or firewalls between iLO and the directory server). 3. Verify that any local firewall on the directory server is enabled to allow communications through port 636.
Table 6 Directory tests (continued) Test Description NOTE: You can enter a LOM Object Distinguished Name on the Security→Directory page only when Use HP Extended Schema is selected. This test is run even if LDAP Directory Authentication is disabled. If the tests is successful, iLO found the object that represents itself. If a failure occurs: 1. Verify that the LDAP FQDN of the LOM object is correct. 2.
• 128-bit AES with RSA, DHE, and a SHA1 MAC • 128-bit AES with RSA, and a SHA1 MAC • 168-bit 3DES with RSA, and a SHA1 MAC • 168-bit 3DES with RSA, DHE, and a SHA1 MAC iLO also provides enhanced encryption through the SSH port for secure CLP transactions. iLO supports AES256-CBC, AES128-CBC, and 3DESCBC cipher strengths through the SSH port.
The Encryption Settings page displays the current encryption settings for iLO. • Current Negotiated Cipher—The cipher in use for the current browser session. After you log in to iLO through the browser, the browser and iLO negotiate a cipher setting to use during the session. • Encryption Enforcement Settings—The current encryption settings for iLO: ◦ FIPS Mode—Indicates whether FIPS Mode is enabled or disabled for this iLO system.
2. Verify that a trusted certificate is installed. Using iLO in FIPS Mode with the default self-signed certificate is not FIPS compliant. For instructions, see “Obtaining and importing a certificate” (page 68). IMPORTANT: Some interfaces to iLO, such as supported versions of IPMI and SNMP, are not FIPS compliant and cannot be made FIPS compliant. For information about the iLO firmware versions that are FIPS validated, see the following document: http://csrc.nist.
Configuring iLO for HP SSO 1. Navigate to the Administration→Security→HP SSO page, as shown in Figure 35 (page 81). Figure 35 Security–Single Sign-On Settings page 2. 3. Make sure you have an iLO license key installed. Enable Single Sign-On Trust Mode by selecting Trust by Certificate, Trust by Name, or Trust All. The iLO firmware supports configurable trust modes, which enables you to meet your security requirements. The trust mode affects how iLO responds to HP SSO requests.
4. Configure iLO privileges for each role in the Single Sign-On Settings section. When you log in to an HP SSO-compliant application, you are authorized based on your HP SSO-compliant application role assignment. The role assignment is passed to iLO when SSO is attempted. For more information about each privilege, see “Administering users” (page 44). SSO attempts to receive only the privileges assigned in this section. iLO directory settings do not apply. Default privilege assignments are as follows: 5.
For information about how to extract an HP SIM certificate, see “Extracting the HP SIM server certificate” (page 83). For information about how to extract certificates from other HP SSO-compliant applications, see your HP SSO-compliant application documentation. Extracting the HP SIM server certificate You can use the following methods to extract HP SIM certificates. NOTE: iLO 4 1.20 or later might be required to install the larger certificates used with recent versions of HP SIM.
Table 7 HP trusted certificate status Icon Description The record is valid. There is a problem with the trust settings or the iLO license. Possible reasons follow: ◦ This record contains a DNS name, and the trust mode is set to Trust by Certificate (only certificates are valid). ◦ Trust None (SSO disabled) is selected. ◦ A valid license key is not installed. The record is not valid. Possible reasons follow: ◦ An out-of-date certificate is stored in this record.
1. Navigate to the Administration→Security→Remote Console page, as shown in Figure 36 (page 85). Figure 36 Remote Console Computer Lock Settings 2. Modify the Remote Console Computer Lock settings as required: • Windows—Use this option to configure iLO to lock a managed server running a Windows operating system. The server automatically displays the Computer Locked dialog box when a Remote Console session ends or the iLO network link is lost.
Table 8 Remote Console Computer Lock keys (continued) 3. BREAK - c x BACKSPACE . d y NUM PLUS / e z NUM MINUS 0 f Click Apply to save the changes. Configuring the Integrated Remote Console Trust setting (.NET IRC) The .NET IRC is launched through Microsoft ClickOnce, which is part of the Microsoft .NET Framework. ClickOnce requires that any application installed from an SSL connection be from a trusted source.
1. Navigate to the Administration→Security→Login Security Banner page, as shown in Figure 38 (page 87). Figure 38 Security–Login Security Banner Settings page 2. Select the Enable Login Security Banner check box. iLO uses the following default text for the Login Security Banner: This is a private system. It is to be used solely by authorized users and may be monitored for all lawful purposes. By accessing this system, you are consenting to such monitoring. 3.
4. Click Apply. The security message is displayed at the next login, as shown in Figure 39 (page 88). Figure 39 Security message example Configuring iLO network settings Use the tabs on the Network page to view and configure the iLO network settings. You must have the Configure iLO Settings privilege to view and change these settings.
Figure 40 Network Summary page (iLO Dedicated Network Port) The iLO Shared Network Port and the iLO Dedicated Network Port cannot operate simultaneously. If you enable the iLO Dedicated Network Port, you will disable the iLO Shared Network Port. If you enable the iLO Shared Network Port, you will disable the iLO Dedicated Network Port. The Network Summary page for the inactive port displays the message iLO is not configured to use this NIC..
The following features support the use of IPv6: • IPv6 Static Address Assignment • IPv6 SLAAC Address Assignment • IPv6 Static Route Assignment • Integrated Remote Console • OA Single Sign-On • Web Server • SSH Server • SNTP Client • DDNS Client • DHCPv6 Address Assignment • DHCPv6 DNS and NTP Configuration • RIBCL over an IPv6 connection • SNMP • HP SIM SSO • WinDBG Support • HPQLOCFG and HPLOMIG over an IPv6 connection • AlertMail • Remote Syslog • Scriptable Virtual M
The IPv6 Summary section displays the following information: • DHCPv6 Status—Indicates whether DHCP is enabled for IPv6. The following values are possible: ◦ Enabled—Stateless and Stateful DHCPv6 are enabled. ◦ Enabled (Stateless)—Only Stateless DHCPv6 is enabled. ◦ Disabled—DHCPv6 is disabled. • IPv6 Stateless Address Auto-Configuration (SLAAC)—Indicates whether SLAAC is enabled for IPv6. When SLAAC is disabled, the SLAAC link-local address for iLO is still configured because it is required.
Figure 41 Network General Settings page (iLO Dedicated Network Port) 3. Enter the following information in the iLO Hostname Settings section: • iLO Subsystem Name (Host Name)—The DNS name of the iLO subsystem (for example, ilo instead of ilo.example.com). This name can be used only if DHCP and DNS are configured to connect to the iLO subsystem name instead of the IP address.
4. Enter the following information in the NIC Settings section: • Select the Use iLO Dedicated Network Port, Use Shared Network Port – LOM, or Use Shared Network Port – Flexible LOM check box to enable or disable the iLO Dedicated Network Port or Shared Network Port. ◦ iLO Dedicated Network Port—Uses a NIC with a jack on the back of the server. The NIC handles iLO traffic only. ◦ Shared Network Port – LOM—Uses a NIC that is built into the server.
• Select or clear the Enable VLAN check box to enable or disable VLAN (Shared Network Port only). When the Shared Network Port is active and VLAN is enabled, the iLO Shared Network Port becomes part of a VLAN. All network devices with different VLAN tags will appear to be on separate LANs, even if they are physically connected to the same LAN. • 5. 6. If you enabled VLAN, enter a VLAN Tag (Shared Network Port only).
Figure 42 IPv4 Settings page (iLO Dedicated Network Port) 3. Configure the following settings: • Enable DHCPv4—Enables iLO to obtain its IP address (and many other settings) from a DHCP server. ◦ Use DHCPv4 Supplied Gateway—Specifies whether iLO uses the DHCP server-supplied gateway. If DHCP is not used, enter a gateway address in the Gateway IPv4 Address box. ◦ Use DHCPv4 Supplied Static Routes—Specifies whether iLO uses the DHCP server-supplied static routes.
Use DHCPv4 Supplied Time Settings—Specifies whether iLO uses the DHCPv4-supplied NTP service locations. ◦ Use DHCPv4 Supplied WINS Servers—Specifies whether iLO uses the DHCP server-supplied WINS server list. If not, enter the WINS server addresses in the Primary WINS Server and Secondary WINS Server boxes. • IPv4 Address—The iLO IP address. If DHCP is used, the iLO IP address is supplied automatically. If DHCP is not used, enter a static IP address.
When using IPv6, note the following: • IPv6 is not supported in the Shared Network Port configuration. • If you downgrade the iLO firmware from version 1.30 or later to version 1.2x, the IPv6 settings will be reset to the default values. To configure the IPv6 settings: 1. Navigate to the Network→iLO Dedicated Network Port page. 2. Click the IPv6 tab, as shown in Figure 43 (page 97). Figure 43 IPv6 Settings page (iLO Dedicated Network Port) 3.
If communication fails using the first protocol, iLO automatically tries the second protocol. • Enable Stateless Address Auto Configuration (SLAAC)—Select this check box to enable iLO to create IPv6 addresses for itself from router advertisement messages. NOTE: • Enable DHCPv6 in Stateful Mode (Address)—Select this check box to allow iLO to request and configure IPv6 addresses provided by a DHCPv6 server. ◦ • iLO will create its own link-local address even when this option is not selected.
Configuring SNTP settings SNTP allows iLO to synchronize its clock with an external time source. Configuring SNTP is optional because the iLO date and time can also be synchronized from the following sources: • System ROM (during POST only) • Insight Management Agents (in the OS) • Onboard Administrator (blade servers only) To use iLO SNTP, you must have at least one NTP server available on your management network.
If a DHCPv6 address is not available for the primary or secondary address, a DHCPv4 address (if available) is used. • 4. Enter NTP server addresses in the Primary Time Server and Secondary Time Server boxes. You can enter the server addresses by using the server FQDN, IPv4 address, or IPv6 address. If you selected only Use DHCPv6 Supplied Time Settings, or if you entered a primary and secondary time server, select the server time zone from the Time Zone list.
FlexibleLOM adapter if Use Shared Network Port – Flexible LOM is selected. NIC numbering in the operating system can be different from system numbering. When using the iLO Shared Network Port, observe the following: • The iLO Shared Network Port is supported on all nonblade servers. • For the list of servers that support the iLO Shared Network Port FlexibleLOM feature, see “FlexibleLOM support” (page 337).
5. 6. Select Network→NIC and TCP/IP, and then press Enter. On the Network Configuration menu, press the spacebar to toggle the Network Interface Adapter setting to Shared Network Port – LOM or Shared Network Port – FlexibleLOM, as shown in Figure 45 (page 102). NOTE: The Shared Network Port option is available only on supported servers. Figure 45 iLO RBSU Network Configuration window 7. 8. Press F10 to save the configuration. Select File→Exit, and then press Enter.
Figure 46 Selecting the Network Interface Adapter NOTE: 7. 8. The Shared Network Port option is available only on supported servers. Select Shared Network Port, and then press Enter. Press F10 to save the changes. The iLO 4 Configuration Utility prompts you to confirm that you want to save all pending configuration changes. 9. Press Enter. The iLO 4 Configuration Utility notifies you that iLO must be reset in order for the changes to take effect.
5. Select Shared Network Port – LOM or Shared Network Port – FlexibleLOM from the Control menu in the NIC Settings section. NOTE: 6. The Shared Network Port feature is available on supported servers only. To use a VLAN, select the Enable VLAN check box. VLAN is only available for the Shared Network Port. When the Shared Network Port is activated and VLAN is enabled, the iLO Shared Network Port becomes part of a VLAN.
2. Optional: If you access the server remotely, start an iLO remote console session. You can use the .NET IRC or Java IRC. 3. 4. Restart or power on the server. Press F9 in the HP ProLiant POST screen. The System Configuration screen appears. 5. 6. Use the up or down arrow keys and the Enter key to navigate to the System Configuration→iLO 4 Configuration Utility→Network Options screen. Select Network Interface Adapter, and then press Enter.
11. Resume the normal boot process: a. Start the iLO remote console. The iLO 4 Configuration Utility is still open from the previous session. b. c. Press ESC several times to navigate to the System Configuration page. Press ESC to exit the System Utilities and resume the normal boot process. Enabling the iLO Dedicated Network Port through the web interface 1. 2. 3. 4. 5. 6. Connect the iLO Dedicated Network Port to a LAN from which the server is managed. Log in to the iLO web interface.
Table 9 Information provided by Agentless Management and Insight Management Agents Agentless Management with AMS1 Insight Management Agents1 Component Agentless Management without AMS Server health • Fans • Fans • Fans • Temperatures • Temperatures • Temperatures • Power supplies • Power supplies • Power supplies • Memory • Memory • Memory • CPU • CPU • CPU • Smart Array • Smart Array • Smart Array • SMART Drive Monitoring • SMART Drive Monitoring • SMART Drive Monitoring • Interna
• If you must run AMS with the Insight Management Agents on Linux systems, start the hp-ams daemon process first, and then decrease the number of traditional agents (for example, cmasm2d) running on the system. For more information about AMS on Linux systems, see the manpage for hpHelper, the AMS daemon process. • When you install AMS on Windows systems, the Agentless Management Service Control Panel is installed.
2. 3. Open the Agentless Management Service Control Panel. Click the Service tab. If AMS is enabled, the following message appears: Agentless Management Service (AMS) is enabled.
Figure 48 iLO Management – SNMP Settings page 3. 4. Select the SNMP setting: • Agentless Management (default)—Use SNMP agents running on iLO to manage the server. SNMP requests sent by the client to iLO over the network are fulfilled by iLO. This setting does not affect alerts. • SNMP Pass-thru—Use SNMP agents running on the host operating system to manage the server. SNMP requests sent by the client to iLO over the network are passed to the host operating system.
• SNMP Alert Destination(s)—The IP addresses or FQDNs of up to three remote management systems that will receive SNMP alerts from iLO. NOTE: Typically, you enter the HP SIM server console IP address in one of the SNMP Alert Destination(s) boxes. When SNMP Alert Destinations are configured using FQDN, and DNS provides both IPv4 and IPv6 addresses for those FQDNs, iLO will send traps to the address specified by the iLO Client Applications use IPv6 first setting on the network configuration IPv6 page.
Figure 50 Editing SNMPv3 users 4. 5. Enter the following information: • Security Name—The user profile name. Enter an alphanumeric string of 1 to 32 characters. • Authentication Protocol—Sets the message digest algorithm to use for encoding the authorization passphrase. The message digest is calculated over an appropriate portion of an SNMP message, and is included as part of the message sent to the recipient. Select MD5 or SHA.
Figure 51 Editing the SNMP alerts 3. Configure the Trap Source Identifier by selecting iLO Hostname or OS Hostname. This setting determines the host name that is used in the SNMP-defined sysName variable when iLO generates SNMP traps. The default setting is iLO Hostname. NOTE: The host name is an OS construct and does not remain persistent with the server when the hard drives are moved to a new server platform. The iLO sysName, however, remains persistent with the system board. 4.
Figure 52 Agentless Management Service Control Panel 3. Update the SNMP settings. For a description of the available settings, see “Configuring SNMP settings” (page 109) and “Configuring SNMP alerts” (page 112). 4. Optional: Click Send Test Trap to generate a test alert and send it to the TCP/IP addresses in the Trap Destination(s) boxes. Test alerts include an Insight Management SNMP trap and are used to verify the network connectivity of iLO in HP SIM.
Table 10 SNMP traps SNMP trap name Description Cold Start Trap 0 SNMP has been initialized, the system has completed POST, or AMS has started. Authentication Failure Trap 4 SNMP has detected an authentication failure. cpqDa6CntlrStatusChange 3033 A change has been detected in the status of the Smart Array controller. cpqDa6LogDrvStatusChange 3034 A change has been detected in the status of a Smart Array logical drive.
Table 10 SNMP traps (continued) SNMP trap name Description cpqHe5CorrMemReplaceMemModule 6064 Memory errors have been corrected, but the memory module should be replaced. cpqHe4FltTolPowerSupplyACpowerloss 6069 The fault-tolerant power supply in the specified chassis and bay reported AC power loss. cpqSm2ServerReset 9001 The server power has been reset. cpqSm2UnauthorizedLoginAttempts 9003 The maximum unauthorized login attempt threshold has been exceeded.
Enter the FQDN or IP address of the host server. The protocol (https://) and port number (:2381) are added automatically to the IP address or DNS name to allow access from iLO. If the URL is set through another method (for example, HPQLOCFG), click the browser refresh button to display the updated URL. 4. Select the Level of Data Returned. This setting controls the content of an anonymous discovery message received by iLO. The information returned is used for HP SIM HTTP identification requests.
3. 4. Enter the following information: • Email Address—The destination email address for iLO email alerts. This string can be up to 63 characters and should be in standard email address format. You can enter only one email address. • Sender Domain—The domain name specified in the sender (From) email address. The sender email address is formed by using the iLO name as host name, and the subject string as domain name.
2. 3. Select the Enable iLO Remote Syslog check box. Enter the following information: • Remote Syslog Port—The port number through which the Syslog server is listening. The default value is 514. • Remote Syslog Server—The IP address, FQDN, IPv6 name, or short name of the server running the Syslog service. This string can be up to 127 characters. On Linux systems, system events are logged by a tool called syslog. This tool should be installed on all Linux systems.
Figure 56 Insight Remote Support Direct Connect ProLiant • Firewall Central Connect—Register a server to communicate to HP through an HP Insight Remote Support centralized Hosting Device in your local environment. All configuration and service event information is routed through the Hosting Device. This information can be viewed by using the local HP Insight RS Console or the web-based view in HP Insight Online (if it is enabled in Insight RS).
When a server is registered for Insight Remote Support, iLO or the Insight RS Hosting Device sends Active Health System information to HP every 7 days, and sends configuration information every 30 days. The following information is sent to HP: • Registration—During server registration, iLO collects data to uniquely identify the server hardware. This data is sent to the Insight RS Hosting Device (Central Connect) or directly to HP (Direct Connect).
Prerequisites Before registering, verify that the following prerequisites are met: • A supported version of the iLO firmware is installed. Version 1.40 or later is required for Direct Connect Remote Support registration. Version 1.10 or later is required for Central Connect Remote Support registration. You can download the latest firmware from the following HP website: http://www.hp.com/ support/ilo4. For instructions, see “Updating firmware” (page 36).
1. Verify that the server meets the prerequisites for using the Insight Remote Support solution. For more information, see “Prerequisites” (page 122). 2. 3. Navigate to the Remote Support→Registration page. Select Register this server directly to HP. The page updates to show the Direct Connect registration options, as shown in Figure 58 (page 123). Figure 58 iLO Direct Connect Remote Support registration 4. Enter your HP Passport credentials in the HP Passport User Name and HP Passport Password boxes.
6. • Web Proxy Username • Web Proxy Password Select the I accept the terms and conditions of the HP Software License Agreement and the HP Insight Management Additional License Authorization check box. NOTE: 7. You can view these documents at http://www.hp.com/go/SWLicensing. Click Register. Clicking Register is Step 1 of a two-step registration process. Step 2 is completed in HP Insight Online.
12. Optional: If you want to receive email alerts about system events, configure AlertMail on the Administration→Management→AlertMail page. For more information, see “Configuring AlertMail settings” (page 117). You can also register a server for Direct Connect Remote Support by using the following: • XML configuration and control scripts. For instructions, see the HP iLO 4 Scripting and Command Line Guide. • Intelligent Provisioning. For instructions, see the HP Intelligent Provisioning User Guide.
Figure 59 iLO Central Connect Remote Support registration 4. Enter the Insight RS Hosting Device host name or IP address and port number. The default port is 7906. 5. Click Register. By registering, you agree to send registration, service events, configuration, and Active Health System data to HP. For more information about the type of data collected, see “Data collected by Insight Remote Support” (page 120). All data collected and sent to HP will be managed according to the HP Data Privacy Policy.
You can also register a server for Central Connect Remote Support by using the following: • XML configuration and control scripts. For instructions, see the HP iLO 4 Scripting and Command Line Guide. • Intelligent Provisioning. For instructions, see the HP Intelligent Provisioning User Guide. • Insight RS Console. For instructions, see the HP Insight Remote Support Monitored Devices Configuration Guide.
Insight Online (Direct Connect) or to the Insight RS Hosting Device (Central Connect) which forwards it to HP. When HP receives a service event, a support case is opened (if warranted). Using maintenance mode Use maintenance mode when you are performing maintenance on a server. In maintenance mode, any events or messages that are sent to Insight RS or Insight Online are flagged to indicate that the event requires no action. This helps HP to determine whether to open a support case. 1.
3. Click OK. The following messages appear: Test Service Event Transmission initiated Service Event transmission in progress. When the transmission is complete, the test event is listed in the Service Event Log, the Insight RS Console (Central Connect only), and Insight Online. If the test is successful, the Submit Status in the Service Event Log displays the text No Error. The Time Generated column in the Service Event Log shows the date and time based on the configured iLO time zone.
3. Click OK. The following message appears: Service Event Log has been cleared. Viewing and sending Remote Support data collection information Use the Remote Support→Data Collections page to view information about the data that is sent to HP when a server is registered for Insight Remote Support. You can also send data collection information manually from this page.
The following message appears: Are you sure you want to send a Data Collection? 3. Click OK. The following messages appear: Data Collection Transmission initiated. Data Collection Transmission in progress. When the transmission is complete, the Last Data Collection Transmission and the Last Data Collection Transmission Status are updated. The date and time are based on the configured iLO time zone.
Configuring iLO by using the ROM-based utilities Using the iLO RBSU HP ProLiant Gen8 servers that do not support UEFI include the iLO RBSU software, which is embedded in the system ROM. NOTE: On servers that do not support iLO RBSU, you can use the UEFI System Utilities. For more information, see “Using the UEFI System Utilities iLO 4 Configuration Utility” (page 136). This section provides general use instructions and instructions for configuring iLO with the iLO RBSU.
Figure 62 Network Configuration screen 5. View or update the following values, as needed: • MAC Address (read-only)—The MAC address of the selected iLO network interface. • Network Interface Adapter—Specifies the iLO network interface adapter to use. Select ON or OFF to enable or disable the iLO Dedicated Network Port. Select Shared Network Port to use the Shared Network Port. The Shared Network Port option is available only on supported servers.
2. 3. Restart or power on the server. Press F8 in the HP ProLiant POST screen. The iLO RBSU screen appears. 4. Select Network→DNS/DHCP. The Network Autoconfiguration screen appears, as shown in Figure 63 (page 134). Figure 63 Network Autoconfiguration screen 5. View or update the following values, as needed: • DHCP Enable—Configures iLO to obtain its IP address (and many other settings) from a DHCP server. • DNS Name—The DNS name of the iLO subsystem (for example, ilo instead of ilo.example.com).
Figure 64 Global iLO 4 Settings window 5. For each option that you want to change, select the option, and press the spacebar to toggle the setting to ENABLED or DISABLED. You can change the following settings: • iLO Functionality • iLO 4 ROM-Based Setup Utility • Require iLO 4 RBSU Login • Show iLO 4 IP during POST • Local Users For more information about the first four options in the list, see Table 5 (page 58).
Figure 65 iLO RBSU Configure iLO Command-Line Interface window 6. For each option that you want to change, select the option, and press the spacebar to toggle through the available settings. You can change the following settings: • Serial CLI Status • Serial CLI Speed (bits/second) For more information about these options, see Table 5 (page 58). 7. 8. Press F10 to save the settings. Select File→Exit to close iLO RBSU.
To access the iLO 4 Configuration Utility menu: 1. Optional: If you access the server remotely, start an iLO remote console session. You can use the .NET IRC or Java IRC. 2. 3. Restart or power on the server. Press F9 in the HP ProLiant POST screen. The System Utilities screen appears. 4. From the System Utilities screen, select System Configuration→iLO 4 Configuration Utility. The iLO 4 Configuration Utility screen appears, as shown in Figure 66 (page 137).
1. Optional: If you access the server remotely, start an iLO remote console session. You can use the .NET IRC or Java IRC. 2. 3. Restart or power on the server. Press F9 in the HP ProLiant POST screen. The System Utilities screen appears. 4. From the System Utilities screen, select System Configuration→iLO 4 Configuration Utility→Network Options. The Network Options screen appears, as shown in Figure 67 (page 138). Figure 67 Network Options screen 5.
• DNS Name—The DNS name of the iLO subsystem (for example, ilo instead of ilo.example.com). This name can be used only if DHCP and DNS are configured to connect to the iLO subsystem name instead of the IP address. 6. 7. 8. 9. • IP Address—The iLO IP address. If DHCP is used, the iLO IP address is supplied automatically. If DHCP is not used, enter a static IP address. • Subnet Mask—The subnet mask of the iLO IP network. If DHCP is used, the subnet mask is supplied automatically.
Figure 68 Advanced Network Options screen 5. 6. 7. 8. 9. View or update the following values, as needed: • Gateway from DHCP—Specifies whether iLO uses a DHCP server-supplied gateway. • Gateway #1, Gateway #2, and Gateway #3—If Gateway from DHCP is disabled, enter up to three iLO gateway IP addresses. • DHCP Routes—Specifies whether iLO uses the DHCP server-supplied static routes.
1. Optional: If you access the server remotely, start an iLO remote console session. You can use the .NET IRC or Java IRC. 2. 3. Restart or power on the server. Press F9 in the HP ProLiant POST screen. The System Utilities screen appears. 4. From the System Utilities screen, select System Configuration→iLO 4 Configuration Utility→Setting Options. The Setting Options screen appears. Figure 69 Setting Options screen 5.
• • Serial CLI Status—This setting enables you to change the login model of the CLI feature through the serial port. The following settings are valid: ◦ Enabled-Authentication Required—Enables access to the iLO CLP from a terminal connected to the host serial port. Valid iLO user credentials are required. ◦ Enabled-No Authentication Required—Enables access to the iLO CLP from a terminal connected to the host serial port. iLO user credentials are not required.
Figure 70 About screen This screen includes the following information: 5. 6. 7. • Firmware Date—The iLO firmware revision date. • Firmware Version—The iLO firmware version. • iLO CPLD Version—The iLO complex programmable logic device version. • Host CPLD Version—The ProLiant server complex programmable logic device version. • Serial Number—The iLO serial number. • RBSU Date—The iLO 4 Configuration Utility revision date. • PCI BUS—The PCI bus to which the iLO processer is attached.
4 Using iLO The main iLO features for a nonadministrative user are located in the Information, Remote Console, Virtual Media, Power Management, and BL c-Class sections of the navigation pane. This guide provides information about using iLO with the iLO web interface. TIP: You can also perform many iLO tasks by using XML configuration and control scripts or SMASH CLP.
1. Enter https://. The iLO login page opens. If iLO is configured to use the Login Security Banner feature, a security message is displayed on the login page. For information about configuring the Login Security Banner, see “Configuring the Login Security Banner” (page 86). 2. Enter an HP iLO user name and password, and then click Log In. Login problems might occur for the following reasons: • You have recently upgraded the iLO firmware.
Handling an unknown authority If the message Website Certified by an Unknown Authority is displayed, take the following action: 1. View the certificate to ensure that you are browsing to the correct management server (not an imposter). 2. • Verify that the Issued To name is your management server. Perform any other steps you feel necessary to verify the identity of the management server. • If you are not sure that this is the correct management server, do not proceed.
Viewing system information To view iLO overview information, navigate to the Information→Overview page, as shown in Figure 71 (page 147). Figure 71 iLO Overview page The Information section displays the following information: • Server Name—The server name defined by the host operating system. Click the Server Name link to navigate to the Administration→Access Settings page. • Product Name—The product with which this iLO processor is integrated.
• System ROM—The family and version of the active system ROM. • Backup System ROM—The date of the backup system ROM. The backup system ROM is used if a system ROM update fails or is rolled back. This value is displayed only if the system supports a backup system ROM. For information about using the backup system ROM, see “Using iLO diagnostics” (page 179). • Integrated Remote Console—Provides links to start the .
1. 2. 3. • Power down the server. Remove the top cover. Insert or remove the SD card. iLO Date/Time—The internal clock of the iLO subsystem. The iLO clock can be synchronized automatically with the network. Viewing the active iLO sessions To view the active iLO sessions, navigate to the Information→Overview page, as shown in Figure 71 (page 147).
Figure 72 System Information – Health Summary page Table 13 (page 150) lists the displayed health status values. Table 13 Health status values Value Description Redundant There is a backup component for the device or subsystem. OK The device or subsystem is working correctly. Not Redundant There is no backup component for the device or subsystem. Degraded The device or subsystem is operating at a reduced capacity.
Fan operation policies might differ from server to server based on fan configuration and cooling demands. Fan control takes into account the internal temperature of the system, increasing the fan speed to provide more cooling, and decreasing the fan speed if cooling is sufficient. In the event of a fan failure, some fan operation policies might increase the speed of the other fans, record the event in the IML, or turn LED indicators on.
from all of the installed server and nonserver blades to adjust the fans to provide the appropriate enclosure cooling. The following information is displayed for virtual fans: ◦ Location ◦ Status ◦ Speed Figure 74 (page 152) shows the Fan Information page for a blade server.
Viewing the temperature graph To view the temperature graph, navigate to the Information→System Information page, and then click the Temperatures tab, as shown in Figure 75 (page 153). Figure 75 Viewing the temperature graph Viewing the graph: • The circles on the graph correspond to the sensors listed in the Sensor Data table. • Move the mouse over a circle on the graph to view the sensor ID, status, and temperature reading.
When temperatures are displayed in Celsius, click the Show values in Fahrenheit button to change the display to Fahrenheit. When temperatures are displayed in Fahrenheit, click the Show values in Celsius button to change the display to Celsius. By default, sensors that are not installed are hidden. To view the missing sensors, click show missing sensors. When missing sensors are displayed, click hide missing sensors to hide them.
server increases the fan speed and initiates a graceful operating system shutdown. This ensures both data integrity and system safety. ◦ Critical—If temperatures are uncontrollable or rise quickly, the critical temperature threshold prevents system failure by physically shutting down the system before the high temperature causes an electronic component failure.
The information displayed on this page varies depending on the server type. • Rack servers (DL, ML)—The page displays the following sections: Power Supply Summary, Power Supplies, and HP Power Discovery Services iPDU Summary (if available). • Rack servers (SL)—The page displays the following sections: Power Supply Summary and Power Supplies. • Blade servers—The page displays the following sections: Power Readings and Power Microcontroller.
NOTE: When the iLO processor or the server is reset, the iPDU discovery process can take a few minutes to complete. ◦ High Efficiency Mode—The redundant power supply mode that will be used if redundant power supplies are configured. High Efficiency Mode improves the power efficiency of the server by placing the secondary power supplies in standby mode. When the secondary power supplies are in standby mode, primary power provides all DC power to the system.
• • ◦ Hotplug—Whether the power supply bay supports swapping the power supply when the server is powered on. If the value is Yes, and the power supplies are redundant, the power supply can be removed or replaced when the server is powered on. ◦ Model—The model number of the power supply. ◦ Spare—The part number of the spare power supply. ◦ Serial—The serial number of the power supply. ◦ Capacity—The capacity of the power supply (watts). ◦ Firmware—The installed power supply firmware.
• ◦ Part Number—The iPDU part number. ◦ Serial—The iPDU serial number. ◦ MAC Address—The MAC address of the iPDU network port. This value helps you to uniquely identify each connected iPDU, because each iPDU has a unique MAC address. ◦ iPDU Link—The iPDU HTTP address (if available). Click the link in this column to open the HP Intelligent Modular PDU web interface.
• Processor Speed—The speed of the processor • Execution Technology—Information about the processor cores and threads • Memory Technology—The processor memory capabilities • Internal L1 cache—The L1 cache size • Internal L2 cache—The L2 cache size • Internal L3 cache—The L3 cache size Viewing memory information The Memory Information page displays a summary of the system memory. When server power is off, AMP data is unavailable, and only memory modules present at POST are displayed.
• • ◦ Degraded Mirroring—The system is protected by AMP in the mirrored mode. One or more DIMM faults have been detected. ◦ On-line Spare—The system is protected by AMP in the hot spare mode. No DIMM faults have been detected. ◦ Degraded On-line Spare—The system is protected by AMP in the hot spare mode. One or more DIMM faults have been detected. ◦ RAID-XOR—The system is protected by AMP in the XOR memory mode. No DIMM faults have been detected.
◦ LockStep—The system can be configured for LockStep AMP. ◦ None—The system cannot be configured for AMP. Memory Summary This section shows a summary of the memory that was installed and operational at POST. • Location—The slot or processor on which the memory board, cartridge, or riser is installed. Possible values follow: ◦ System Board—There is no separate memory board slot. All DIMMs are installed on the motherboard. ◦ Board Number—There is a memory board slot available.
• Type—The type of memory installed. Possible values follow: ◦ Other—Memory type cannot be determined. ◦ Board—Memory module is permanently mounted (not modular) on a system board or memory expansion board. ◦ CPQ single width module ◦ CPQ double width module ◦ SIMM ◦ PCMCIA ◦ Compaq-specific ◦ DIMM ◦ Small outline DIMM ◦ RIMM ◦ SRIMM ◦ FB-DIMM ◦ DIMM DDR ◦ DIMM DDR2 ◦ DIMM DDR3 ◦ FB-DIMM DDR2 ◦ FB-DIMM DDR3 ◦ N/A—Memory module is not present.
◦ UDIMM ◦ LRDIMM Viewing network information The NIC Information page displays read-only information about the integrated and add-in NICs. If the server is powered off, the system health information on this page is current as of the last power off. Health information is updated only when the server is powered on and POST is complete. The server IP address, add-in network adapters, and server NIC status are displayed only if the Agentless Management Service is installed and running on the server.
Viewing storage information The Storage Information page displays information about HP Smart Array controllers, drive enclosures, the attached logical drives, and the physical drives that constitute the logical drives. If the server is powered off, the system health information on this page is current as of the last power off. Health information is updated only when the server is powered on and POST is complete. To expand or collapse the data, click Expand All or Collapse All, respectively.
3. Select one of the following options: • Logical View—Select this option to view configured logical drives and associated physical drives. This view does not show physical drives that are not configured as part of an array, or spare drives. Figure 81 (page 166) shows the logical storage view. Figure 81 Storage Information Logical View • Physical View—Select this option to view physical drives. This view does not show logical drives. Figure 82 (page 166) shows the physical storage view.
A description of each section on the Storage Information page follows. Controllers This section provides information about the HP Smart Array controllers. The top-level controller status is a combination of the controller hardware status and the status of cache modules, enclosures, and physical, logical, and spare drives associated with the controller.
The following status information is displayed for controllers that support encryption: • Encryption Status—The following values are possible: ◦ Enabled ◦ Not Enabled ◦ Enabled—Local Mode—This value is displayed when you do not use a remote key management server. • Encryption ASIC Status—Indicates whether the ASIC encryption self tests for the controller passed or failed. A failed status indicates that the controller is not encrypted.
When a physical drive has a Failed status, this status does not affect the overall storage health status. Only logical drives affect the storage health status.
Using the iLO Event Log The iLO Event Log provides a record of significant events detected by iLO. Logged events include major server events such as a server power outage or a server reset, and iLO events such as unauthorized login attempts. Other logged events include successful or unsuccessful browser and Remote Console logins, virtual power and power-cycle events, clearing the log, and some configuration changes, such as creating or deleting a user and registering for Insight Remote Support.
• Last Update—The date and time, as reported by the server clock, when the latest event of this type occurred. This value is based on the date and time stored by iLO. The iLO date and time can be synchronized through the following: ◦ System ROM (during POST) ◦ Insight Management Agents (in the OS) ◦ SNTP setting in iLO ◦ SNTP setting in OA (blade servers only) If iLO did not recognize the date and time when an event was updated, [NOT SET] is displayed.
1. Click the View CSV button. The iLO Event Log is displayed in a format that you can copy and paste into a text editor, as shown in Figure 85 (page 172). Figure 85 CSV Output window 2. 3. Copy the text displayed in the CSV Output window, and save it in a text editor as a *.csv file. Click Exit to close the window. Clearing the iLO Event Log Users with the Configure iLO Settings privilege can clear the iLO Event Log of all previously logged information. To clear the iLO Event Log: 1.
Examples of the types of information that the iLO processor records in the IML follow: • Fan inserted • Fan removed • Fan failure • Fan degraded • Fan repaired • Fan redundancy lost • Fans redundant • Power supply inserted • Power supply removed • Power supply failure • Power supplies redundancy lost • Power supplies redundant • Temperature over threshold • Temperature normal • Automatic shutdown started • Automatic shutdown canceled • Drive failure Viewing the IML To view
The log displays the following information: • id—The event ID number. Events are numbered in the order in which they are generated. By default, the log is sorted by the ID, with the most recent event at the top. A factory reset will reset the counter. • Severity—The importance of the detected event. Possible values follow: ◦ Informational—The event provides background information. ◦ Caution—The event is significant but does not indicate performance degradation.
2. 3. 4. Navigate to the Information→Integrated Management Log page. Select the log entry. Click Mark as Repaired. The iLO web interface refreshes, and the selected log entry status changes to Repaired. Adding a maintenance note to the IML Use the maintenance note feature to create a log entry that logs information about maintenance activities such as component upgrades, system backups, periodic system maintenance, or software installations.
Using the HP Active Health System The HP Active Health System monitors and records changes in the server hardware and system configuration. It assists in diagnosing problems and delivering rapid resolution when system failures occur. HP Active Health System does not collect information about your operations, finances, customers, employees, partners, or data center (for example, IP addresses, host names, user names, and passwords).
1. Navigate to the Information→Active Health System Log page, as shown in Figure 88 (page 177). Figure 88 Active Health System Log page 2. Enter the range of days to include in the log. The default setting is to include log information for the last 7 days. Click Reset range to default values to reset the dates. a. Click the From box. A calendar is displayed. b. c. Select the range start date on the calendar. Click the To box. A calendar is displayed. d. 3. Select the range end date on the calendar.
6. If you have an open case with HP Support, you can email the log file to HPSupport_Global@hp.com. Use the following convention for the email subject: CASE: . NOTE: Files that are larger than 15 MB must be compressed and uploaded to an FTP site. If needed, contact HP Support for FTP site information. Downloading the entire Active Health System log Use the following procedure to download the entire Active Health System log.
Where: • is the iLO IP address. • from=&to= represents the start and end date of the range of dates to include in the log. Enter dates in the format year-month-day, for example, 2013-07-29 for July 29, 2013. • –k specifies that HTTPS warnings will be ignored. • –v specifies verbose output. • -u : specifies your iLO user account credentials. • –o specifies the output file name and path.
Figure 89 Diagnostics page The Diagnostics page contains the following sections: • iLO Self-Test Results—This section displays the results of internal iLO diagnostics. ◦ The status of each self-test is listed in the Status column. Move the cursor over the status icons to view a tooltip description. If a status has not been reported for a test, the test is not listed. ◦ The tests that are run are system dependent. Not all tests are run on all systems.
• Non-Maskable Interrupt (NMI) button—This section contains the Generate NMI to System button, which enables you to stop the operating system for debugging. The Virtual Power and Reset privilege is required to generate an NMI. CAUTION: Generating an NMI as a diagnostic and debugging tool is used primarily when the operating system is no longer available. NMI is not used during normal operation of the server.
fixed value for each model that indicates the position of the contact relative to the bottom U position of the device. It is normally 0, but can be a positive value if the contact cannot be placed at the bottom U position of the device. The bottom-most U position occupied by the device is calculated by subtracting the U offset from the U position. To view Location Discovery Services information, navigate to the Information→Location Discovery Services page, as shown in Figure 90 (page 182).
• Enclosure U Height—The enclosure height, in U rack units. Possible values are between 1.00 and 50.00. • Enclosure Rack U Position—The rack U position that aligns with the base of the enclosure. Possible values are between 1 and 50. SL server-specific data: • Bay Number—The server bay in the enclosure. • SL Chassis UUID—The SL chassis universally unique identifier. • Chassis U Height—The chassis height, in U rack units. Possible values are between 1.00 and 50.00.
iLO 4 firmware version 1.40 and later supports the following iLO Federation Management features: • Group health status • Group Virtual Media • Group power control • Automatic Group Power Capping • Group firmware update For iLO Federation Management configuration instructions, see “Configuring iLO Federation Management” (page 50).
1. Navigate to the iLO Federation→Multi-System Map page, as shown in Figure 92 (page 185). Figure 92 Multi-System Map page 2. Select a group from the Selected Group menu. The following information is displayed for each iLO peer: • #—The peer number. • UUID—The server UUID. • Last Seen—The last communication from the server. • Last Error—A description of the most recent communication error between the listed server and the group. • URL—The URL to start the iLO web interface for the listed iLO.
1. Navigate to the iLO Federation→Multi-System View page, as shown in Figure 93 (page 186). Figure 93 Multi-System View page 2. Select a group from the Selected Group menu. TIP: To filter the list of servers by health status or server model, click a health status or server model link. The following information is displayed for the servers in the selected group: • Health—The number of servers in each listed health status.
Using the iLO Federation Management group power feature The Group Power feature enables you to manage the power of multiple servers from a system running the iLO web interface. This feature allows you to do the following: • Power off, reset, or power cycle a group of servers that are in the ON or Reset state. For more information, see “Changing the power state for multiple servers” (page 187). • Power on a group of servers that are OFF.
2. Select a group from the Selected Group menu. The grouped servers are listed by power state with a counter that shows the total number of servers in each state. All of the systems in the selected group will be affected by the changes you make on this page. For information about viewing the list of affected servers, see “Viewing servers affected by the Virtual Power Button” (page 188). 3.
• iLO—The fully qualified network name assigned to the iLO subsystem. Click the iLO link to open the iLO web interface for the server. • IP—The network IP address of the iLO subsystem. Click the iLO link to open the iLO web interface for the server. Click Next or Previous to view more servers in the list. Configuring iLO Federation Management group power settings The group power settings feature enables you to set dynamic power caps for your grouped servers.
During POST, the ROM runs two power tests that determine the peak and minimum observed power values. • • Use the Power Cap Thresholds as guidelines for configuring the Power Cap Value. ◦ Maximum Power Cap—The maximum power available for the servers in a group. The servers in a group must not exceed this value. ◦ Minimum High-Performance Cap—The maximum power that the servers in a group use in their current configuration. A power cap set to this value does not affect server performance.
5. Click Apply. Using the iLO Federation Management firmware update feature The Group Firmware Update feature enables you to update the firmware of multiple servers from a system running the iLO web interface. A license is required if you want to make changes on the Group Firmware Update page. For more information about iLO licensing, see the following website: http://www.hp.com/go/ilo/licensing.
Figure 96 Group Firmware Update page 4. Select a group from the Selected Group menu. All of the systems in the selected group will be affected by the changes you make on this page. 5. 6. Optional: Click a firmware version or status to filter the list of systems by firmware version or status. In the Firmware Update section, enter the URL to the firmware file on your web server, and then click the Update Firmware button.
Viewing affected systems This section provides the following details about the servers that will be affected by a firmware update. • Server—The server name defined by the host operating system. • ROM Version—The installed HP ProLiant System ROM. • iLO Version—The installed iLO firmware version. • iLO Address—The fully qualified network name assigned to the iLO subsystem. Click the iLO link to open the iLO web interface for the server. • IP—The network IP address of the iLO subsystem.
1. Navigate to the iLO Federation→Group Virtual Media page, as shown in Figure 97 (page 194). Figure 97 Group Virtual Media page 2. Select a group from the Selected Group menu. All of the systems in the selected group will be affected by the changes you make on this page. 3. 4. Enter the URL for the scripted media in the Scripted Media URL box in the Connect Virtual Floppy section (.img files) or the Connect CD/DVD-ROM section (.iso files).
Viewing affected systems This section provides the following details about the servers that will be affected by changes you make on the Group Virtual Media page. • Server Name—The server name defined by the host operating system. • Server Power—The server power state (ON or OFF). • UID Indicator—The state of the UID. The UID helps you identify and locate a system, especially in high-density rack environments. The possible states are UID ON, UID OFF, and UID BLINK.
Microsoft .NET Framework The .NET IRC requires one of the following versions of the Microsoft .NET Framework. You can use Windows Update to install the .NET Framework. • .NET Framework 3.5 Full (SP1 recommended) • .NET Framework 4.0 Full • .NET Framework 4.5 The .NET Framework versions 3.5 and 4.0 have two deployment options: Full and Client Profile. The Client Profile is a subset of the Full framework. The .NET IRC is supported with the Full framework only; the Client Profile is not supported.
Figure 98 Remote Console – Java page Click the Download button to navigate to the following website and download the Java software: http://www.java.com/en/. Recommended client settings Ideally, the remote server display resolution is the same or lower than that of the client computer. Higher resolutions transmit more information, reducing the overall performance. Use the following client and browser settings to optimize performance: • • Display properties ◦ Select an option greater than 256 colors.
When using the Remote Console, note the following: • The Java IRC is a signed Java applet. If you do not accept the Java IRC applet certificate, the Java IRC will not work. If you did not accept the certificate and you want to use the Java IRC: 1. Click the Clear button in the Java Console window. 2. Click the Close button to close the Java Console window. 3. Reset iLO. 4. Clear the browser cache. 5. Close the browser and open a new browser window. 6.
1. Navigate to the Remote Console page, and then click the Launch tab, as shown in Figure 99 (page 199). Figure 99 Remote Console – iLO Integrated Remote Console page 2. 3. Verify that your system meets the requirements for using the .NET IRC or Java IRC. Click the Launch button for the Remote Console that you want to use. If you attempt to open the Remote Console while it is in use, a warning message indicates that another user is using it.
2. Click the Acquire button. The other user is prompted to approve or deny permission to acquire the Remote Console, as shown in Figure 101 (page 200). Figure 101 Granting or denying permission to acquire the Remote Console If there is no response in 10 seconds, permission is granted. Using the Remote Console power switch To use the power switch, select one of the following options from the power switch menu: • Momentary Press—The same as pressing the physical power button.
The session leader can grant or deny access. If there is no response, permission is denied automatically. Shared Remote Console does not support passing the session leader designation to another user, or reconnecting a user after a failure. You must restart the Remote Console session to allow user access after a failure. During a Shared Remote Console session, the session leader has access to all Remote Console features, whereas all other users can access only the keyboard and mouse.
• Server Startup and Server Prefailure sequences are saved automatically in iLO memory. They will be lost during firmware upgrades, iLO reset, and power loss. You can save the captured video to your local drive by using the .NET IRC. • The Server Startup file starts capturing when server startup is detected, and stops when it runs out of space. This file is overwritten each time the server starts.
5. Press the Play button again to stop playback. The Save Capture dialog box opens, as shown in Figure 105 (page 203). Figure 105 Save Capture dialog box 6. Click Yes, and then follow the onscreen instructions to save the file. Capturing video files You can use Console Capture to manually capture video files of sequences other than Server Startup and Server Prefailure. 1. Start the .NET IRC. 2. Click the Record button. 3. The Save Video dialog box opens. 4.
the remote server. After you configure the hot key, press Ctrl+X in the Remote Console window whenever you want to use Alt+F4 on the remote server. Example 2: If you want to create a hot key to send the international AltGR key to the remote server, use R_ALT in the key list. Creating a hot key You must have the Configure iLO Settings privilege to create hot keys. 1. Navigate to the Remote Console→Hot Keys page, as shown in Figure 106 (page 204). Figure 106 Remote Console – Hot Keys page 2.
Table 15 Keys for configuring hot keys (continued) 3. END F11 \ s PG UP F12 ] t PG DN SPACE ` u ENTER ' a v TAB , b w BREAK - c x BACKSPACE . d y NUM PLUS / e z NUM MINUS 0 f Click Save Hot Keys. The following message appears: Remote Console Hot Keys settings successful. Resetting hot keys Resetting the hot keys clears all current hot-key assignments. 1. Navigate to the Remote Console→Hot Keys page, as shown in Figure 106 (page 204). 2. Click Reset Hot Keys. 3.
The iLO Virtual Serial Port is one type of iLO text-based remote console. The iLO Virtual Serial Port gives you a bidirectional data flow with a server serial port. Using the remote console, you can operate as if a physical serial connection exists on the remote server serial port. The iLO Virtual Serial Port is displayed as a text-based console, but the information is rendered through graphical video data.
Figure 107 Configuring the Virtual Serial Port COM port (system RBSU) 8. 9. Press ESC twice to return to the main menu. Select BIOS Serial Console & EMS, and then press Enter. NOTE: EMS is for Windows only. 10. Select BIOS Serial Console Port, and then press Enter. 11. Select the COM port that matches the value selected in step 5, and then press Enter, as shown in Figure 108 (page 208).
Figure 108 Configuring the BIOS Serial Console Port 12. Select BIOS Serial Console Baud Rate, and then press Enter. 13. Select 115200, and then press Enter, as shown in Figure 109 (page 208).
NOTE: The current implementation of the iLO Virtual Serial Port does not use a physical UART, so the BIOS Serial Console Baud Rate value will have no effect on the actual speed the iLO Virtual Serial Port will use to send and receive data from the system. 14. Select EMS Console, and then press Enter. 15. Select the COM port that matches the value selected in Step 7, and then press Enter, as shown in Figure 110 (page 209). Figure 110 Configuring the EMS Console 16. Exit the system RBSU.
6. Select the COM port you want to use, and then press Enter, as shown in Figure 111 (page 210) Figure 111 Configuring the Virtual Serial Port COM port (UEFI System Utilities) 7. 8. Press ESC twice to return to the main menu. Select BIOS Serial Console and EMS, and then press Enter. NOTE: EMS is for Windows only. 9. Select BIOS Serial Console Port, and then press Enter. 10. Select the COM port that matches the value selected in step 6, and then press Enter, as shown in Figure 112 (page 211).
Figure 112 Configuring the BIOS Serial Console Port (UEFI System Utilities) 11. Press ESC to return to the main menu. 12. Select BIOS Serial Console Baud Rate, and then press Enter. 13.
NOTE: The current implementation of the iLO Virtual Serial Port does not use a physical UART, so the BIOS Serial Console Baud Rate value will have no effect on the actual speed the iLO Virtual Serial Port will use to send and receive data from the system. 14. Press ESC to return to the main menu. 15. Select EMS Console, and then press Enter. 16. Select the COM port that matches the value selected in step 6, and then press Enter, as shown in Figure 114 (page 212).
Configuring the iLO Virtual Serial Port for Linux You can manage Linux servers remotely using console redirection. To configure Linux to use console redirection, you must configure the Linux boot loader (GRUB). The boot-loader application loads from the bootable device when the server system ROM finishes POST.
your operating system documentation. If the EMS console is not enabled in the operating system, iLO displays an error message when you try to access the iLO Virtual Serial Port. • The Windows EMS serial port must be enabled through the host system RBSU or the UEFI System Utilities. The configuration allows you to enable or disable the EMS port, and select the COM port. iLO automatically detects whether the EMS port is enabled or disabled, and detects the selection of the COM port.
2. Enable Secure Shell (SSH) Access and Virtual Serial Port Log on the Access Settings page. For instructions, see “Configuring iLO access settings” (page 55). 3. 4. 5. 6. Connect to the CLI through SSH. Use the vsp command to view iLO Virtual Serial Port activity. Enter ESC ( to exit. Enter vsp log to view the iLO Virtual Serial Port log. Using the Text-based Remote Console (Textcons) You can access the Text-based Remote Console (Textcons) using a licensed iLO system and SSH.
the changes become stable on the screen. You can control or disable smoothing by using the delay option. For example: textcons speed 500 delay 10 • To configure character mapping: In the ASCII character set, CONTROL characters (ASCII characters less than 32) are not printable and are not displayed. These characters can be used to represent items such as arrows, stars, or circles. Some of the characters are mapped to equivalent ASCII representations. Table 16 (page 216) lists the supported equivalents.
When you are using Virtual Media, note the following: • An iLO license key is required to use some forms of Virtual Media. For more information about iLO licensing, see the following website: http://www.hp.com/go/ilo/licensing. • You must have the Virtual Media privilege to use this feature. • Only one of each type of media can be connected at a time. • In an operating system, an iLO Virtual Floppy/USB key or Virtual CD/DVD-ROM behaves like any other drive.
• You can also access the Virtual Media feature using the .NET IRC or Java IRC, XML configuration and control scripts, or the SMASH CLP. • If the Virtual Floppy/USB key or Virtual CD/DVD-ROM capability is enabled, you cannot typically access the floppy drive or CD/DVD-ROM drive from the client operating system. CAUTION: To prevent file and data corruption, do not access the local media when you are using it as iLO Virtual Media.
Tools→Internet Options→Security, clear Enable Protected Mode, and then click Apply. After you disable Protected Mode, close all open browser instances and restart the browser. • Red Hat and SUSE Linux—Linux supports the use of USB diskette and key drives. Changing diskettes When you are using a Virtual Floppy/USB key on a client machine with a physical USB disk drive, disk-change operations are not recognized.
Operating system considerations: Virtual Folder • Boot process and DOS sessions—The Virtual Folder device appears as a standard BIOS floppy drive (drive A). If a physically attached floppy drive exists, it is unavailable at this time. You cannot use a physical local floppy drive and the Virtual Folder simultaneously. • Windows—A Virtual Folder appears automatically after Windows recognizes the mounting of the virtual USB device. You can use the folder the same way that you use a locally attached device.
4. Click OK. Viewing and ejecting local media When local Virtual Media is connected, the details are listed in the following sections: • • Virtual Floppy/USB Key/Virtual Folder Status ◦ Image Inserted—The Virtual Media type that is connected. Local media is displayed when local media is connected. ◦ Connected—Indicates whether a Virtual Media device is connected. Virtual CD/DVD-ROM Status ◦ Image Inserted—The Virtual Media type that is connected.
To eject scripted media devices, click the Eject Media button in the Virtual Floppy/Virtual Folder Status section or Virtual CD/DVD-ROM Status section. Using iLO Virtual Media from the Remote Console You can access Virtual Media on a host server by using the .NET IRC or Java IRC, the iLO web interface, XML configuration and control scripts, and the CLP. This section describes how to use the iLO Virtual Media feature with the .NET IRC or Java IRC.
Creating an iLO disk image file The iLO Create Media Image feature enables you to create disk image files from data in a file or on a physical disk. To create an ISO-9660 disk image file (.img or .iso): 1. Start the Java IRC. 2. Select Virtual Drives →Create Disk Image. The Create Media Image dialog box opens as shown in Figure 116 (page 223). Figure 116 Create Media Image dialog box 3. 4. 5. 6. Verify that the Disk>>Image button is displayed.
5. Enter the path and file name for the existing image file in the Image File text box. The Java IRC begins the process of copying the data from the image file to the disk. The following message is displayed: Creating disk, please wait... When the disk creation is complete, the following message is displayed: Disk was created successfully. 6. 7. Click Close to close the Create Media Image dialog box. Confirm that the files were copied to the specified location. Using a Virtual Folder (.
2. Verify that IIS can access the MIME type for the files you are serving. For example, if your diskette image files use the extension .img, you must add a MIME type for that extension. Use the IIS Manager to access the Properties dialog box of your website. On the HTTP Headers tab, click MIME Types to add MIME types. HP recommends adding the following types: .img application/octet-stream .
Inserting Virtual Media with a helper application When you are using a helper application with the INSERT_VIRTUAL_MEDIA command, the basic format of the URL is as follows: protocol://user:password@servername:port/path,helper-script where: • protocol—Mandatory. Either HTTP or HTTPS. • user:password—Optional. When present, HTTP basic authorization is used. • servername—Mandatory. Either the host name or the IP address of the web server. • port—Optional. A web server on a nonstandard port.
# # Decode the range # if ($range =~ m/([0-9A-Fa-f]+)-([0-9A-Fa-f]+)/) { $start = hex($1); $end = hex($2); $len = $end - $start + 1; } # # Decode the data (a big hexadecimal string) # $decode = pack("H*", $data); # # Write it to the target file # sysopen(F, $file, O_RDWR); binmode(F); sysseek(F, $start, SEEK_SET); syswrite(F, $decode, $len); close(F); print "Content-Length: 0\r\n"; print "\r\n"; Configuring Virtual Media Boot Order The Virtual Media Boot Order feature enables you to set the server boot opt
Changing the server boot order To change the boot order of floppy, CD/DVD-ROM, USB, hard disk, and network devices: 1. Navigate to the Virtual Media→Boot Order page, as shown in Figure 120 (page 228). Figure 120 Boot Order page When virtual media is connected, the iLO web interface displays the text Local Media next to the Virtual Floppy/USB key and Virtual CD/DVD-ROM text at the top of the page. 2.
2. Select an option from the Select One-Time Boot Option list. The following options are available: 3. 4. • No One-Time Boot • CD/DVD Drive • Floppy Drive • USB Storage Device • Hard Disk Drive • Network Device • Intelligent Provisioning • UEFI Target—This option is available on servers that support the UEFI System Utilities. When you select this option, you can select from the list of available boot devices in the Select UEFI Target Option list.
The iLO firmware monitors and configures power thresholds to support managed-power systems (for example, using HP power capping technology). Multiple system brownout, blackout, and thermal overloads might result when systems are allowed to boot before iLO can manage power. The managed-power state is lost because of AC power loss, so iLO must first boot to a restore state and allow power-on. Brownout recovery A brownout condition occurs when power to a running server is lost momentarily.
Using iLO Power Management iLO Power Management enables you to view and control the power state of the server, monitor power usage, and modify power settings. The Power Management menu has three options: Server Power, Power Meter, and Power Settings. Click the following link for a video demonstration of this feature: Using iLO Power Management. For more HP iLO videos, see the HP iLO University Videos website at http://www.hp.com/go/ ilo/videos.
2. Click one of the following buttons: • Momentary Press—The same as pressing the physical power button. If the server is powered off, a momentary press will turn the server power on. Some operating systems might be configured to initiate a graceful shutdown after a momentary press, or to ignore this event. HP recommends using system commands to complete a graceful operating system shutdown before you attempt to shut down by using the Virtual Power button.
4. • 60 Second Delay—Power-on is delayed by 60 seconds. • Random up to 120 seconds—The power-on delay varies and can be up to 120 seconds. Click Submit. Viewing server power usage The Power Meter page enables you to view the server power consumption over time. This feature and many others are part of an iLO licensing package. For more information about iLO licensing, see the following website: http://www.hp.com/go/ilo/licensing.
TIP: Move the mouse cursor over the graph to view the power usage for a specific point in time. When you are viewing the power-meter graphs, use the Display Options to control the information that is displayed. You can view minimum, average, peak, and cap power information. Select one or more of the following check boxes, and then click Refresh Page to update the graphs. • Min (static low)—The minimum value observed during a measurement period.
The values displayed in the Current State table vary depending on the server type: • Present Power Reading—The current power reading from the server. This value is displayed for all HP ProLiant server types. • Present Power Cap—The configured power cap for the server. This value is 0 if the power cap is not configured. This value is displayed for HP ProLiant ML, DL, and blade servers. • Power Input Voltage—The supplied input voltage for the server.
Configuring Power Regulator settings The HP Power Regulator for ProLiant feature enables iLO to dynamically modify processor frequency and voltage levels, based on operating conditions, to provide power savings with minimal effect on performance. The Power Settings page allows you to view and control the Power Regulator Mode of the server. To configure the Power Regulator settings: 1. Navigate to the Power Management→Power Settings page, as shown in Figure 125 (page 236). Figure 125 Power Settings page 2.
rebooting. Exit any ROM-based program that is running, allow POST to complete, and then try the operation again. 4. If iLO notified you that a reboot is required, reboot the server. Configuring power capping settings The Power Capping Settings section enables you to view measured power values, set a power cap, and disable power capping.
Configuring SNMP alert settings The SNMP Alert on Breach of Power Threshold section enables the sending of an SNMP alert when power consumption exceeds a defined threshold. To configure the SNMP alert settings: 1. Navigate to the Power Management→Power Settings page, as shown in Figure 125 (page 236). 2. Select a value in the Warning Trigger list. The warning trigger determines whether warnings are based on peak power consumption, average power consumption, or if they are disabled. 3.
Figure 126 Active Onboard Administrator page This page displays the following information and options: • MAC Address—The MAC address of the active OA. • System Health—The health of the active OA, as reported by the OA. A value of unknown means that the OA health has not been reported to iLO. • Blade Location—The location (enclosure bay) of the blade that is hosting the current iLO session. • Enclosure Name—The enclosure that the active OA is managing. You can change this value through the OA.
Enclosure bay IP addressing The First Time Setup Wizard prompts you to set up your enclosure bay IP addressing. For more information about the wizard, see the HP BladeSystem Onboard Administrator User Guide. Dynamic Power Capping for server blades Dynamic Power Capping is an iLO feature available for c-Class server blades, and is accessed through OA. Dynamic Power Capping is available only if your system hardware platform, BIOS (ROM), and power microcontroller firmware version support this feature.
Figure 127 Onboard Administrator page IPMI server management Server management through IPMI is a standard method for controlling and monitoring the server. The iLO firmware provides server management based on the IPMI version 2.
The KCS interface is accessible to the SMS software running on the local system. Examples of compatible SMS software applications follow: • IPMI version 2.0 Command Test Tool—A low-level MS-DOS command-line tool that enables hex-formatted IPMI commands to be sent to an IPMI BMC that implements the KCS interface. You can download this tool from the Intel website at http://www.intel.com/design/servers/ ipmi/tools.htm.
This feature and many others are part of an iLO licensing package. For more information about iLO licensing, see the following website: http://www.hp.com/go/ilo/licensing. For information about HP Secure Encryption and ESKM, see the HP Secure Encryption Installation and User Guide Configuring key manager servers To configure key manager servers in iLO: 1. Navigate to the Administration→Key Manager page, as shown in Figure 128 (page 243). Figure 128 Enterprise Secure Key Manager page 2. 3.
2. Enter the following information in the Key Manager Configuration section: • Group—The Local Group created on the ESKM for use with iLO user accounts and the keys iLO imports into the ESKM. When keys are imported, they are automatically accessible to all devices assigned to the same group. • ESKM Local CA Certificate Name (optional)—To ensure that iLO is communicating with a trusted ESKM server, enter the name of the local certificate authority certificate in ESKM.
Viewing Enterprise Secure Key Manager events 1. 2. Navigate to the Administration→Key Manager page. Scroll to the Enterprise Secure Key Manager Events section. Each event is listed with a time stamp and description. Viewing remote management tool information iLO 4 1.30 and later allows remote management through supported tools such as HP OneView. The association between iLO 4 and a remote management tool is configured by using the remote management tool.
Deleting a remote manager configuration If you discontinue the use of a remote management tool in your network, you can remove the association between the tool and iLO. IMPORTANT: HP recommends that you remove the server from the remote management tool before you delete the remote manager configuration in iLO. Do not delete the remote manager configuration for a tool that is still in use on the network and is managing the server that contains the current iLO system. 1. 2.
5 Integrating HP Systems Insight Manager The iLO firmware is integrated with HP SIM in key operating environments, providing a single management console from a standard web browser. While the operating system is running, you can establish a connection to iLO by using HP SIM. Integration with HP SIM provides the following: • Support for SNMP trap delivery to an HP SIM console—The HP SIM console can be configured to forward SNMP traps to a pager or email address.
The iLO management processor is displayed as an icon on the same row as its host server. The color of the icon represents the status of the management processor. For a list of device statuses, see the HP Systems Insight Manager User Guide.
55000=iLO 4, ,true,false,com.hp.mx.core.tools.identification.mgmtproc.MgmtProcessorParser Reviewing iLO license information in HP SIM HP SIM displays the license status of the iLO management processors. You can use this information to determine how many and which iLO devices have an optional license installed. To view license information, select Deploy→License Manager. To ensure that the displayed data is current, run the Identify Systems task for your management processors.
6 Directory services This chapter describes how to configure iLO to use Kerberos login, schema-free directory authentication, and HP extended schema directory authentication. Directory integration benefits Directory integration with iLO provides the following benefits: • Scalability—The directory can be leveraged to support thousands of users on thousands of iLO processors. • Security—Robust user-password policies are inherited from the directory.
2. Is your configuration scalable? • No—Deploy an instance of the schema-free directory integration to evaluate whether this method meets your policy and procedural requirements. If necessary, you can deploy HP schema directory integration later. For more information, see “Schema-free directory integration” (page 256). • Yes—Use HP schema directory integration. For more information, see “Setting up HP extended schema directory integration” (page 260).
User accounts A user account must be present and enabled in the domain directory for each user who is allowed to log in to iLO. Generating a keytab This section describes how to generate a keytab file for iLO in a Windows environment. The iLO host name that you use for keytab generation must be identical to the configured iLO host name. iLO host names are case sensitive. 1. Use the ktpass command to generate a keytab and set the shared secret. The command is case sensitive and has special characters.
Windows Vista To generate keytab files on Windows Vista, use Microsoft hotfix KB960830 and ktpass.exe version 6.0.6001.22331 or later. Universal and global user groups (for authorization) To set permissions in iLO, you must create a group in the domain directory. Users who log in to iLO are granted the sum of the permissions for all groups of which they are a member. Only universal and global user groups can be used to set permissions. Domain local groups are not supported.
5. Navigate to the Administration→Network→SNTP Settings page if you want to change the date and time. For Kerberos authentication to function properly, the date and time must be synchronized between the iLO processor, the KDC, and the client workstation. Set the date and time in iLO with the server, or obtain the date and time from the network by enabling the SNTP Settings feature in iLO. For more information, see “Configuring SNTP settings” (page 99).
Internet Explorer This section describes the procedure for enabling single sign-on with Internet Explorer. The following steps enable login if Active Directory is configured correctly for iLO, and iLO is configured correctly for Kerberos login. NOTE: This procedure is based on Internet Explorer 7. Newer browser versions might have different steps. 1. Enable authentication in Internet Explorer: a. Select Tools→Internet Options. b. Click the Advanced tab. c. Scroll to the Security section. d.
4. 5. 6. Enter the iLO DNS domain name (for example, example.net), and then click OK. Use the FQDN to browse to iLO (for example, iloname.example.net). Click the HP Zero Sign In button. Chrome No special settings are required for the Chrome browser. Verifying single sign-on (HP Zero Sign In) configuration To verify that HP Zero Sign In is configured correctly: 1. Browse to the iLO login page (for example, http://iloname.example.net). 2. Click the HP Zero Sign In button.
named User1, you can copy the DN of the domain administrator security group to iLO and give it full privileges. User1 would then have access to iLO. Using schema-free directory integration has the following disadvantage: • Group privileges are administered on each iLO. However, this disadvantage has minimal impact because group privileges rarely change, and the task of changing group membership is administered in the directory and not on each iLO.
5. 6. 7. Click Finish, and then click Close and OK to close the remaining dialog boxes. Expand Computer Configuration→Windows Settings→Security Settings→Public Key. Right-click Automatic Certificate Requests Settings, and select New→Automatic Certificate Request. The Automatic Certificate Request Setup wizard starts. 8. Click Next. 9. Select the Domain Controller template, and click Next. 10.
For more information, see “HP Directories Support for ProLiant Management Processors utility” (page 286). Schema-free setup options The schema-free setup options are the same, regardless of the method you use to configure the directory. To review the available methods, see “Schema-free setup using the iLO web interface” (page 258), “Schema-free setup using scripts” (page 258), and “Schema-free setup with HP Directories Support for ProLiant Management Processors” (page 258).
When you are using trustee or directory rights assignments to extend role membership, users must be able to read the object that represents the iLO device. Some environments require that the trustees of a role also be read trustees of the object to successfully authenticate users. Setting up HP extended schema directory integration When you are using HP schema directory integration, iLO supports both Active Directory and eDirectory. However, these directory services require that the schema be extended.
4. Manage a. Create a management device object and a role object by using the snap-in. b. Assign rights to the role object, as necessary, and associate the role with the management device object. c. Add users to the role object. For more information about managing the directory service, see “Directory-enabled remote management” (page 280). Examples are available in “Directory services for Active Directory” (page 264) and “Directory services for eDirectory” (page 272). 5.
Figure 131 Installer for Schema Extender and snap-ins You cannot run the schema installer on a domain controller that hosts Windows Server 2008 Core. For security and performance reasons, Windows Server 2008 Core does not use a GUI. To use the schema installer, you must install a GUI on the domain controller or use a domain controller that hosts an earlier version of Windows. Schema Extender Several .xml files are bundled with the Schema Extender.
Setup window You use the Setup window (Figure 133) to enter the appropriate information before extending the schema. The Directory Server section of the Setup window enables you to specify whether you will use Active Directory or eDirectory, and to set the computer name and the port to be used for LDAP communications. NOTE: When you are running the Schema Extender tool, you must use the Administrator login along with the domain name, for example, Administrator@domain.com or domain\ Administrator.
Figure 134 Results window Management snap-in installer The management snap-in installer installs the snap-ins required to manage iLO objects in a Microsoft Active Directory Users and Computers directory or Novell ConsoleOne directory.
• Installing directory services for iLO requires extending the Active Directory schema. An Active Directory schema administrator must extend the schema. • directory services for iLO uses LDAP over SSL to communicate with the directory servers. Before you install snap-ins and schema for Active Directory, read and have available the following documentation: ◦ Microsoft Knowledge Base Articles These articles are available at http://support.microsoft.com/.
8. Navigate to the iLO Dedicated Network Port or Shared Network Port General Settings page, and then enter the environment settings in the Domain Name and Primary DNS server boxes. For more information, see “Configuring iLO network settings” (page 88). NOTE: The LDAP component does not work with a Windows Server 2008 Core installation. Snap-in installation and initialization for Active Directory 1. 2. Run the snap-in installation application to install the snap-ins.
d. e. 3. Click OK. Repeat the process, creating a role for remote server monitors called remoteMonitors. Use the HP-provided Active Directory Users and Computers snap-ins to assign rights to the roles and associate the roles with users and devices. a. Right-click the remoteAdmins role in the Roles organizational unit in the testdomain.local domain, and then select Properties. The remoteAdmins Properties dialog box opens. b. Click the HP Devices tab, and then click Add. The Select Users dialog box opens.
After the snap-ins are installed, iLO objects and iLO roles can be created in the directory. By using the Active Directory Users and Computers tool, the user completes the following tasks: • Creates iLO and role objects • Adds users to the role objects • Sets the rights and restrictions of the role objects NOTE: After the snap-ins are installed, ConsoleOne and MMC must be restarted to show the new entries.
Figure 136 Members tab Role Restrictions tab The Role Restrictions tab (Figure 137) enables you to set the following restrictions for the role: • Time restrictions • IP network address restrictions: ◦ IP/mask ◦ IP range ◦ DNS name Figure 137 Role Restrictions tab Time restrictions You can manage the hours available for logon by members of the role by clicking Effective Hours on the Role Restrictions tab.
square by clicking it, or you can change a section of squares by clicking and holding the mouse button, dragging the cursor across the squares to be changed, and releasing the mouse button. The default setting is to allow access at all times. Figure 138 Logon Hours dialog box Enforced client IP address or DNS name access Access can be granted or denied to an IP address, IP address range, or DNS name. 1.
Figure 139 New IP/Mask Restriction window Lights Out Management tab After you create a role, you can select rights for the role. You can make users and group objects members of the role, giving the users or group of users the rights granted by the role. Rights are managed on the Lights Out Management tab (Figure 140). User rights to any iLO are calculated as the sum of all rights assigned by all roles in which the user is a member, and in which the iLO is a managed device.
• Virtual Media—Enables the user to access the iLO Virtual Media functionality. • Server Reset and Power—Enables the user to access the iLO Virtual Power button to remotely reset the server or power it down. • Administer Local User Accounts—Enables the user to administer accounts. Users can modify their account settings, modify other user account settings, add users, and delete users. • Administer Local Device Settings—Enables the user to configure the iLO management processor settings.
Figure 141 Directory objects sample 1. Create organizational units in each region. Each organizational unit must contain the LOM devices and roles specific to that region. In this example, two organizational units are created, roles and hp devices, in each organizational unit, region1 and region2. 2. Create LOM objects in the hp devices organizational units for several iLO devices by using the HP-provided ConsoleOne snap-in tool: a. Right-click hp devices in region1, and then select New→Object. b.
Figure 142 Select Object Subtype window d. e. 3. Select Lights Out Management Device, and then click OK. Repeat Step 2.a through Step 2.d to create the following LOM objects: • Create rib-nntp-server and rib-file-server-users1 in hp devices under region1 • Create rib-file-server-users2 and rib-app-server in hp devices under region2. Create HP role objects in the roles organizational units by using the HP-provided ConsoleOne snap-in tool: a.
e. Click the Members tab (Figure 145) and add users to the role by clicking the Add button on the Select Objects dialog box. Devices and users are now associated. f. Select the HP Management→Lights Out Management Device Rights tab (Figure 143 (page 275). Figure 143 Properties window g. Set the rights for the role, and then click Apply. Click Close to close the Properties window. In this example, the users in the remoteAdmins role receive full access to the iLO functionality.
Directory services objects for eDirectory One of the keys to directory-based management is proper virtualization of the managed devices in the directory service. This virtualization allows the administrator to build relationships between the managed device and users or groups within the directory service.
Figure 145 Select Objects dialog box • To remove a user, select the user name, and then click Delete.
Figure 146 Role Restrictions tab Time restrictions You can manage the hours available for logon by members of the role by using the time grid displayed on the Role Restrictions tab. You can select the times available for logon for each day of the week, in half-hour increments. You can change a single square by clicking it, or a section of squares by clicking and holding the mouse button, dragging the cursor across the squares to be changed, and releasing the mouse button.
Figure 147 Add New Restriction dialog box eDirectory Lights-Out Management After you create a role, you can select rights for the role. You can make users and group objects members of the role, giving them the rights granted by the role. Rights are managed on the Lights Out Management Device Rights option of the HP Management tab (Figure 148). Figure 148 Lights Out Management Device Rights tab The available rights are as follows: • Login—Controls whether users can log in to the associated devices.
• Virtual Media—Enables the user to access the iLO Virtual Media functionality. • Server Reset and Power—Enables the user to access the iLO Virtual Power button to remotely reset the server or power it down. • Administer Local User Accounts—Enables the user to administer accounts. Users can modify their account settings, modify other user account settings, add users, and delete users. • Administer Local Device Settings—Enables the user to configure the iLO management processor settings.
objects meaningful names, such as the device network address, DNS name, host server name, or serial number. • Configure Lights-Out management devices Every LOM device that uses the directory service to authenticate and authorize users must be configured with the appropriate directory settings. For information on the specific directory settings, see “Configuring authentication and directory server settings” (page 71).
Figure 149 Admin user Admin User Admin Role Server User Role The Admin role assigns all Admin rights: Server Reset, Remote Console, and Login (Figure 150). Figure 150 Admin role Admin User Admin Role Server User Role How directory login restrictions are enforced Two sets of restrictions can limit a directory user's access to LOM devices (Figure 151). • User access restrictions limit a user's access to authenticate to the directory.
Restricting roles Restrictions allow administrators to limit the scope of a role. A role grants rights only to users who satisfy the role restrictions. Using restricted roles results in users who have dynamic rights that can change based on the time of day or network address of the client. NOTE: When directories are enabled, access to a particular iLO is based on whether the user has read access to a role object that contains the corresponding iLO object.
range can be specified to grant or deny access to a single address. Addresses that fall within the low-to-high IP address range meet the IP address restriction. IP address and subnet mask restrictions IP address and subnet mask restrictions enable the administrator to specify a range of addresses that are granted or denied access. This format has similar capabilities as an IP address range, but might be more native to your networking environment.
Creating multiple restrictions and roles The most useful application of multiple roles is restricting one or more roles so that rights do not apply in all situations. Other roles provide different rights under different constraints. Using multiple restrictions and roles enables the administrator to create arbitrary, complex rights relationships with a minimum number of roles.
Using bulk import tools Adding and configuring large numbers of LOM objects is time consuming. HP provides several utilities to assist with these tasks. • HP Lights-Out Migration utility The HP Lights-Out Migration utility imports and configures multiple LOM devices. It includes a GUI that provides a step-by-step approach to implementing or upgrading large numbers of management processors. HP recommends using this GUI method when upgrading several management processors.
• Windows 7 • Windows 2012 HP Directories Support for ProLiant Management Processors package The migration software, schema extender, and management snap-ins are included in the HP Directories Support for ProLiant Management Processors package. You can download the installer from http://www.hp.com/support/ilo4. To complete the migration of your management processors, you must extend the schema and install the management snap-ins before running the migration tool.
• Ranges can also be specified using a hyphen. For example, 192.168.0.2-10 is a valid range. A hyphen is supported only in the rightmost octet. • After you click Find, the utility begins pinging and connecting to port 443 (the default SSL port) to determine whether the target network address is a management processor. If the device does not respond to the ping or connect appropriately on port 443, the utility determines that it is not a management processor.
4. Enter your iLO login name and password, and then click Find. When the search is complete, the management processors are listed and the Find button changes to Verify, as shown in Figure 156 (page 289). Figure 156 Find Management Processors window You can also enter a list of management processors from a file by clicking Import. The file is a simple text file with one management processor listed per line.
NOTE: Binary images of the firmware for the management processors must be accessible from the system that is running the migration utility. These binary images can be downloaded from http://www.hp.com/support/ilo4. The upgrade process might take a long time, depending on the number of management processors selected. The firmware upgrade of a single management processor can take as long as 5 minutes to complete.
programming of firmware, the application continues to run in the background and completes the firmware upgrade on all selected devices. Selecting a directory access method After you click Next in the Upgrade Firmware on Management Processors window, the Select the Desired Configuration window appears (Figure 158). You can select which management processors to configure (with respect to schema usage) and how to configure them.
To name the management processors, click the Object Name column and enter the name, or do the following: 1. Select Use iLO Names, Create Name Using Index, or Use Network Address. 2. Optional: Enter the text to add (suffix or prefix) to all names. 3. Click Create Names. The names appear in the Object Name column as they are generated. At this point, names are not written to the directory or the management processors.
• Container DN—After you have the network address, port, and login information, you can click Browse to search for the container DN. The container is where the migration utility will create the management processor objects in the directory. • Role DN—After you have the network address, port, and login information, you can click Browse to search for the role DN. The role is where the role to be associated with the device objects resides. The role must be created before you run this utility.
Figure 161 Entering the container distinguished name 3. Associate device objects with a member of a role by entering the role DN in the Role(s) DN box, or click Browse, as shown in Figure 162 (page 294). Figure 162 Entering the role distinguished name 4. Click Update Directory. The utility connects to the directory, creates the management processor objects, and adds them to the selected roles.
5. After the device objects have been associated with a role, click Next. The values you entered are displayed in the Configure Directory window (Figure 163). Figure 163 Configure Directory window 6. Define the user contexts. The user contexts define where the users who will log in to iLO are located in the LDAP structure. You can enter the organizational unit DN or click Browse.
7. Click Configure, and then click Done when button is available. Configuring directories when schema-free integration is selected The boxes on the Configure Management Processors window (Figure 165) follow: • Network Address—The network address of the directory server, which can be a valid DNS name or IP address. • Login Name and Password—Enter the login name and password for an account that has domain administrator access to the directory.
1. 2. Enter the user contexts, or click Browse. Click Configure. The migration utility connects to all selected management processors and updates their configurations as specified. The utility supports configuring 15 user contexts. To access the user context boxes, use the scroll bar. Figure 166 Set up Management Processors for Directories window When you click Configure, the utility might display a message similar to the following: 3. 4. Click OK to continue. When the process is complete, click Done.
7 Troubleshooting This chapter provides troubleshooting solutions for HP iLO. Kernel debugging Use the Windows Windbg kernel debugger from a local test system (usually a laptop) for a host server that you want to debug. This method uses the iLO Virtual Serial Port feature. NOTE: You must have PuTTY installed on your test system. You can download PuTTY from http:// www.putty.org/. 1. 2.
12. When you are finished debugging the host server, use PuTTY to connect to the CLI and turn off the debug socket to the Virtual Serial Port. Then, enter the following command: windbg_disable NOTE: You can disconnect and reconnect the Windows debugger as long as you keep the iLO debug socket enabled. Event log entries Table 17 (page 299) lists typical iLO event log entries. Table 17 Event log entries Event log entry Description Server power removed The server power was removed.
Table 17 Event log entries (continued) Event log entry Description Server reset SNMP trap alert The SNMP trap did not connect to the specified IP address. failed for: Illegal login SNMP trap alert failed for: The SNMP trap did not connect to the specified IP address. Diagnostic error SNMP trap alert failed for: The SNMP trap did not connect to the specified IP address.
Table 17 Event log entries (continued) Event log entry Description Security Override Switch Setting is On The system was booted with the Security Override Switch set to On. Security Override Switch Setting Changed to Off The system was booted with the Security Override Switch changed from On to Off. On-board clock set; was previously [NOT SET] The on-board clock was set. Displays the previous time or NOT SET if no time was set.
power is applied. If the DHCP request is not answered when iLO first boots, it will reissue the request at 90-second intervals. • The DHCP server must be configured to provide DNS and WINS name resolution. • In the iLO RBSU, you can press F1 on the Network Autoconfiguration page for advanced options for viewing the status of iLO DHCP requests.
iLO management port not accessible by name Solution: The iLO management port can register with a WINS server or DDNS server to provide the name-to-IP-address resolution required to access the iLO management port by name. The WINS or DDNS server must be up and running before the iLO management port is powered on, and the iLO management port must have a valid route to the WINS or DDNS server. In addition, the iLO management port must be configured with the IP address of the WINS or DDNS server.
1. 2. 3. 4. Navigate to Tools→Options in Firefox. Click Advanced. Click the Encryption tab. Click View Certificates. Click the Servers tab, and then delete any certificates related to iLO. 5. 6. 7. Click the Others tab, and then delete any certificates related to iLO. Click OK. Start Firefox and connect to iLO. NOTE: The steps in Solution 1 are based on Firefox ESR 17. The procedure to use might vary depending on the installed version of Firefox. Solution 2: 1. Close the Firefox application. 2.
NOTE: If a network connection is established, you might have to wait up to 90 seconds for the DHCP server request. Unable to log in to iLO after installing iLO certificate Solution: Do not install the iLO self-signed certificate in the browser certificate store. If you want to install the iLO certificate, request a permanent certificate from a CA and import it to iLO. For instructions, see “Administering SSL certificates” (page 67).
Table 18 Alerts (continued) Alert Description Browser login: The listed user logged in through a browser. Browser logout: The listed user logged out through a browser. Remote Console login: The listed user logged in to the Remote Console. Remote Console Closed A user closed the Remote Console. iLO Firmware upgrade started by The listed user started a firmware upgrade.
User contexts do not appear to work Solution: Check with your network administrator. The full DN of your user object must be in the directory. Your login name appears after the first CN=. The remainder of the DN must appear in one of the user context boxes. User contexts are not case sensitive, and any other characters, including spaces, are part of the user context. For information about entering directory user contexts, see “Configuring directory settings” (page 70).
faster than the iLO firmware can detect and display them. Typically, only the upper left corner of the text window is updated while the rest of the text window remains static. Solution: After the scrolling is complete, click Refresh to update the text window. Mouse or keyboard not working in .NET IRC or Java IRC Solution 1: When you open the .NET IRC or Java IRC and notice that the mouse or keyboard is not working, perform the following steps: 1. Close the .NET IRC or Java IRC. 2.
Figure 168 Choose Disk Image File dialog box 8. Type or select the path of the USB key/floppy (/dev/disk) inserted in the client. You can also mount the USB key/floppy by label, as shown in Figure 169 (page 309). Figure 169 Mounting the USB key by label 9. Click OK. Caps Lock out of sync between iLO and Java IRC When you log in to the Java IRC, the Caps Lock setting might be out of sync between iLO and the Java IRC.
Num Lock out of sync between iLO and Shared Remote Console When you log in to a Shared Remote Console session, the Num Lock setting might be out of sync between iLO and some of the Remote Console sessions. Solution: Select Keyboard→Num Lock in the Remote Console to synchronize the Num Lock settings. Keystrokes repeat unintentionally during Remote Console session When you are using the .NET IRC or Java IRC, a keystroke might repeat unintentionally during a Remote Console session.
.NET IRC failed to connect to server iLO might display the message Failed to connect to server when it attempts to establish a .NET IRC session. The iLO .NET IRC client waits a specified amount of time for a connection to be established with iLO. If the client server does not receive a response in this amount of time, it displays an error message. Possible causes for this message include the following: • The network response is delayed.
Figure 170 .NET IRC launch dialog box Solution: 1. Open Internet Explorer. 2. Select Tools→Internet Options. The Internet Options window opens. 3. Click the Connections tab, and then click the LAN settings button. The Local Area Network (LAN) Settings window opens. 4. 5. 6. 7. Clear the Automatically detect settings check box. Optional: If needed, configure the proxy server settings. Close all of the browser windows. Restart the browser and start the .NET IRC. .
.NET IRC launch is blocked by Google Chrome When you launch the .NET IRC in the Chrome browser, the application might fail to start. If the iLO system is using the default iLO SSL certificate, which is not a trusted certificate that is signed by a certificate authority, the iLO web interface starts the .NET IRC by using HTTP instead of HTTPS. Since the iLO web interface uses HTTPS, and the web interface starts the IRC by using HTTP, the Chrome browser displays a warning.
PuTTY client unresponsive When you are using a PuTTY client with the Shared Network Port, the PuTTY session might become unresponsive when a large amount of data is transferred or when you are using a Virtual Serial Port and Remote Console. Solution: Close the PuTTY client and restart the session. SSH text support from text-based Remote Console session SSH access from the text-based Remote Console supports the standard 80 x 25 configuration of the text screen.
client being used (SSH, HyperTerminal, or other terminal emulator) can resize the window to a size other than 80x24, scrolling becomes confused and the screen output appears garbled. To avoid this issue, configure the terminal emulator for a window size of exactly 80x24. Troubleshooting Remote Support issues The following sections discuss troubleshooting Remote Support issues.
installed. To update the Insight RS and Insight Online OS information, iLO must acquire the OS information from AMS. Suggested action: Complete the following procedure. 1. Verify the following: 2. • iLO firmware 1.20 or later is installed. • AMS is enabled and the operating system is running. • For Central Connect configurations only: Verify that Insight RS 7.0.8 or later is installed on the Hosting Device.
with the local iLO, it will be dropped its from its peer relationships after they expire, which should eliminate the query error. Suggested action 2: Check the Multi-System Map page for errors. The Multi-System Map page can help you to identify communication problems between iLO peers.
Suggested action: Ensure that communication between the local iLO and the peer with the error is not blocked by an intermediate firewall or a change to the iLO network configuration and HTTP port setting. A 403 error is displayed on the Multi-System Map page Issue: The Multi-System Map page shows a 403 Forbidden/Authorization error. This error occurs when the group key on the local iLO does not match the group key on a peer iLO.
Shared instances When iLO opens another browser window (for example, the Remote Console or a help file), this window shares the same connection to iLO and the session cookie. The iLO web server makes URL decisions based on each request received. For example, if a request does not have access rights, it is redirected to the login page, regardless of the original request. Web server-based redirection, selecting File→New→Window, or pressing Ctrl+N opens a duplicate instance of the original browser.
Preventing cookie-related issues To prevent these issues: • Start a new browser for each login by double-clicking the browser icon or shortcut. • Click the Sign Out button to close the iLO session before you close the browser window. Unable to get SNMP information from HP SIM Solution: The agents running on the managed server supply SNMP information to HP SIM. For agents to pass information through iLO, iLO device drivers must be installed.
5. Retry the iLO firmware update. TIP: For information about using HPONCFG, see the HP iLO 4 Scripting and Command Line Guide. For information about other methods you can use to reset iLO, see the HP iLO 4 User Guide and the HP iLO Scripting and Command Line Guide. iLO network Failed Flash Recovery Most firmware upgrades finish successfully. In the unlikely event of server power loss during an iLO firmware upgrade, iLO might be recoverable when power is restored.
1. Open a browser and navigate to https://:636. You can use instead of , which accesses the DNS and determines which domain controller is handling requests for the domain. Test multiple domain controllers to verify that all of them have been issued a certificate. 2.
Resetting iLO by using the iLO 4 Configuration Utility If iLO is slow to respond, you can use the iLO 4 Configuration Utility Reset iLO menu to perform a reset. Resetting iLO does not make any configuration changes, but it ends all active connections to iLO. You must have the Configure iLO Settings privilege to reset iLO using this method. To reset iLO: 1. Optional: If you access the server remotely, start an iLO remote console session. You can use the .NET IRC or Java IRC. 2. 3.
Figure 175 Using the iLO 4 Configuration Utility to reset iLO When you reset iLO, the iLO 4 Configuration Utility is not available again until the next reboot. 6. Press Enter. iLO resets. If you are managing iLO remotely, the remote console session is automatically ended. 7. Resume the boot process: a. Optional: If you are managing iLO remotely, wait for the iLO reset to finish, and then start the iLO remote console. The UEFI System Utilities are still open from the previous session. b. c. d.
5. Press F10 to continue. iLO RBSU displays the following message: After setting to factory defaults, iLO 4 will be reset and 6. this utility will exit. Press Enter. iLO resets and the server boot process finishes. NOTE: If a server has an installed iLO Advanced license when you perform this procedure, the iLO Advanced icon might be selected when the server boot process finishes.
5. Select YES, and then press Enter. The iLO 4 Configuration Utility prompts you to confirm the reset request, as shown in Figure 177 (page 326). Figure 177 Set to factory defaults confirmation screen The iLO system is reset, and you cannot access the iLO 4 Configuration Utility until after the next system reboot. You can press Enter to confirm, or press Esc to cancel. 6. Press Enter. iLO resets to the factory default settings.
To remove the server name after the redeployment of a server, do one of the following: • Load the HP Insight Management Agents to update the server name. • Use the iLO RBSU or the iLO 4 Configuration Utility Reset to Factory Defaults feature to clear the server name. CAUTION: This procedure clears all iLO configuration information, not just the Server Name information. • Change the server name on the Administration→Access Settings→Access Options page in the iLO web interface.
6. • Organizational Unit (OU)—(Optional) The unit within the company or organization that owns this iLO subsystem • Common Name (CN)—The FQDN of this iLO subsystem Click Generate CSR. The following message is displayed: The iLO subsystem is currently generating a Certificate Signing Request (CSR). This may take 10 minutes or more. In order to view the CSR, wait 10 minutes or more, and then click the Generate CSR button again. 7. After 10 minutes or more, click the Generate CSR button.
Resolving a browser certificate error: Firefox 1. Click the I Understand the Risks link to expand the section, and then click Add Exception, as shown in Figure 179 (page 329). Figure 179 Firefox untrusted connection dialog box 2. In the Add Security Exception dialog box, enter https:// in the Location box, as shown in Figure 180 (page 329). Figure 180 Firefox Add Security Exception dialog box 3. Click Confirm Security Exception to resolve the security warning.
Resolving a browser certificate error: Chrome 1. When the security warning appears, click Proceed anyway, as shown in Figure 181 (page 330). Figure 181 Chrome security certificate warning 2. 3. Log in to iLO. Optional: To prevent the certificate warning from appearing in future iLO web interface sessions, Install an SSL certificate. For instructions, see step 3 through step 15 in the following procedure: “Resolving a browser certificate error: Internet Explorer” (page 327).
8 Support and other resources Information to collect before you contact HP Be sure to have the following information available before you contact HP: • Software product name • Hardware product model number • Operating system type and version • Applicable error message • Third-party hardware or software • Technical support registration number (if applicable) • Active Health System log For more information, see “Using the HP Active Health System” (page 176).
about HP products. For discussions related to iLO Advanced and iLO Advanced for BladeSystem software, see the Management Software and System Tools area. HP authorized resellers For the name of the nearest HP authorized reseller, see the following sources: • In the United States, see the HP U.S. service locator website: http://www.hp.com/service_locator • In other locations, see the Contact HP worldwide website: http://www.hp.
• HP Service Pack for ProLiant: http://www.hp.com/go/spp/documentation • HP iLO 4: http://www.hp.com/go/ilo/docs • HP iLO University videos: http://www.hp.com/go/ilo/videos • HP Systems Insight Manager: http://www.hp.com/go/hpsim • HP Onboard Administrator: http://www.hp.com/go/oa • HP VMware Vibs Depot:http://vibsdepot.hp.
9 Documentation feedback HP is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hp.com). Include the document title and part number, version number, or the URL when submitting your feedback.
A iLO license options Table 19 (page 335) lists the features that are included with each iLO license.
Table 19 iLO 4 license options (continued) iLO iLO Scale-Out1 Essentials iLO Advanced for iLO BladeSystem Advanced Advanced Power Management (Power History Graphs, Dynamic Power Capping) X X X Virtual Serial Port Record and Playback X X X X X Feature iLO Standard iLO Standard for BladeSystem Discovery Services HP Smart Array Secure Encryption X X X iLO Federation Management X X X 1 When an iLO Scale-Out license is applied to a blade server, it does not remove features that are avail
B FlexibleLOM support Table 20 (page 337) lists the servers that support the iLO Shared Network Port – FlexibleLOM feature.
Table 20 iLO Shared Network Port FlexibleLOM support (continued) Adapter model HP ProLiant Gen8 servers DL560 Gen8 SL230s Gen8 SL250s Gen8 SL270 Gen8 HP Ethernet 10 Gb 2-port 561FLR-T Adapter DL160 Gen8 DL360p Gen8 DL380p Gen8 DL385p Gen8 DL560 Gen8 HP Ethernet 1 Gb 4-port 366FLR Adapter DL160 Gen8 DL360p Gen8 DL380p Gen8 DL385p Gen8 DL560 Gen8 SL230s Gen8 SL250s Gen8 SL270s Gen8 338 FlexibleLOM support
C Directory services schema This appendix describes the classes and attributes that are used to store Lights-Out management authorization data in the directory service. HP Management Core LDAP OID classes and attributes Changes made to the schema during the schema setup process include changes to the following: • Core classes • Core attributes Core classes Class name Assigned OID hpqTarget 1.3.6.1.4.1.232.1001.1.1.1.1 hpqRole 1.3.6.1.4.1.232.1001.1.1.1.2 hpqPolicy 1.3.6.1.4.1.232.1001.1.1.1.
hpqRole OID 1.3.6.1.4.1.232.1001.1.1.1.2 Description This class defines role objects, providing the basis for HP products that use directory-enabled management. Class type Structural SuperClasses group Attributes hpqRoleIPRestrictions - 1.3.6.1.4.1.232.1001.1.1.2.5 hpqRoleIPRestrictionDefault - 1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleTimeRestriction - 1.3.6.1.4.1.232.1001.1.1.2.6 hpqTargetMembership - 1.3.6.1.4.1.232.1001.1.1.2.3 Remarks None hpqPolicy OID 1.3.6.1.4.1.232.1001.1.1.1.
hpqTargetMembership OID 1.3.6.1.4.1.232.1001.1.1.2.3 Description Provides a list of hpqTarget objects that belong to this object Syntax Distinguished Name - 1.3.6.1.4.1.1466.115.121.1.12 Options Multivalued Remarks None hpqRoleIPRestrictionDefault OID 1.3.6.1.4.1.232.1001.1.1.2.4 Description A Boolean that represents access by unspecified clients and that partially specifies rights restrictions under an IP network address constraint Syntax Boolean - 1.3.6.1.4.1.1466.115.121.1.
hpqRoleTimeRestriction OID 1.3.6.1.4.1.232.1001.1.1.2.6 Description A 7-day time grid, with 30-minute resolution, which specifies rights restrictions under a time constraint Syntax Octet String {42} - 1.3.6.1.4.1.1466.115.121.1.40 Options Single valued Remarks This attribute is used only on role objects. Time restrictions are satisfied when the bit that corresponds to the current local time of the device is 1 and unsatisfied when the bit is 0.
Attributes hpqLOMRightConfigureSettings - 1.3.6.1.4.1.232.1001.1.8.2.1 hpqLOMRightLocalUserAdmin - 1.3.6.1.4.1.232.1001.1.8.2.2 hpqLOMRightLogin - 1.3.6.1.4.1.232.1001.1.8.2.3 hpqLOMRightRemoteConsole - 1.3.6.1.4.1.232.1001.1.8.2.4 hpqLOMRightServerReset - 1.3.6.1.4.1.232.1001.1.8.2.5 hpqLOMRightVirtualMedia - 1.3.6.1.4.1.232.1001.1.8.2.6 Remarks None Lights-Out Management attribute definitions The following tables define the Lights-Out Management core class attributes. hpqLOMRightLogin OID 1.3.6.1.4.
Options Single valued Remarks This attribute is used only on role objects. If this attribute is TRUE, members of the role are granted the right. hpqLOMRightLocalUserAdmin OID 1.3.6.1.4.1.232.1001.1.8.2.2 Description Local User Database Administration right for HP Lights-Out Management products. Syntax Boolean - 1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is used only on role objects. If this attribute is TRUE, members of the role are granted the right.
Glossary 3DES Triple DES, the Data Encryption Standard cipher algorithm. ABEND Abnormal end. ACPI Advanced Configuration and Power Interface. AES Advanced Encryption Standard. ALOM Advanced Lights Out Manager. AMP Advanced Memory Protection. AMS Agentless Management Service. ARP Address Resolution Protocol. ASR Automatic Server Recovery. BIOS Basic Input/Output System. BMC Baseboard management controller. CA Certificate authority. CLP Command Line Protocol. CN Common Name.
FQDN Fully Qualified Domain Name. FSMO Flexible Single Master Operations. GMT Greenwich Mean Time. GRUB Grand Unified Bootloader. HEM High Efficiency Mode. HP SIM HP Systems Insight Manager. HPLOMIG HP Lights-Out Migration Utility, also called HP Directories Support for Management Processors. HPONCFG HP Lights-Out Online Configuration Utility. HPQLOCFG HP Lights-Out Configuration Utility. ICMP Internet Control Message Protocol. IDE Integrated Drive Electronics.
PKCS Public-Key Cryptography Standards. POST Power-on self test. PuTTY A terminal emulator that can act as a client for the SSH, Telnet, rlogin, and raw TCP protocols and as a serial console client. RBSU ROM-Based Setup Utility. RDRAM Rambus Dynamic Random Access Memory. RIBCL Remote Insight Board Command Language. RIMM Rambus In-line Memory Module. RPM RPM Package Manager. RSA An algorithm for public-key cryptography. SAID Service Agreement Identifier. SAS Serial Attached SCSI.
WINS 348 Glossary Windows Internet Name Service.
Index Symbols .
cookie behavior troubleshooting, 318 D data collection Active Health System, 120 privacy, 120 Remote Support, 120 system configuration, 120 data collections schedule iLO, 130 sending iLO, 130 Dedicated Network Port enabling with iLO 4 Configuration Utility, 104 enabling with iLO RBSU, 104 enabling with iLO web interface, 106 DHCP IPv4 settings, 94 IPv6 settings, 96 diagnostic tools using, 179 Directories Support for ProLiant Management Processors, 287 configuring directories with HP extended schema, 292 Co
troubleshooting with Remote Console, 307 firmware, 36 see also iLO firmware updating with iLO Federation Management, 191 viewing installed firmware, 169 FQDN configuring, 59 G gateway IP address IPv4, 94 Global iLO 4 Settings see access options graceful shutdown power, 230 H hardware and software links troubleshooting, 301 health status viewing, 148 health summary viewing, 149 hostname configuring, 91 hot keys Remote Console, 203 HP Insight Control software integration, 242 HP schema directory integration
integration Systems Insight Manager, 247 IP address configuring, 59 configuring a static IP address, 20, 22 IP address and subnet mask restrictions, 284 IPv4, 94 IPv6, 96 viewing during POST, 58, 134 IPMI/DCMI configuring, 57 server management, 241 user privileges, 48 IPv4, 88 see also network configuring, 94 DHCP, 94 DNS servers, 94 gateway address, 94 IP address, 94 ping gateway on startup, 94 static routes, 94 subnet mask, 94, 96 WINS servers, 94 IPv6, 88 see also network configuring, 96 DHCP, 96 DNS ser
connecting iLO, 19 enabling the Dedicated Network Port with iLO 4 Configuration Utility, 104 enabling the Dedicated Network Port with iLO RBSU, 104 enabling the Dedicated Network Port with iLO web interface, 106 enabling the Shared Network Port with iLO 4 Configuration Utility, 102 enabling the Shared Network Port with iLO RBSU, 101 enabling the Shared Network Port with iLO web interface, 103 IPv4 summary, 88 IPv6 Summary, 88 link state, 91, 106 name service limitations, 91 namespace issues, 91 Shared Netwo
iLO session ends during registration, 316 prerequisites, 122 server identification, 315 service events, 120 SSL Bio Error during registration, 315 system configuration, 120 troubleshooting server and OS name, 315 Remote Syslog configuring, 118 disabling, 119 enabling, 118 Require Login for iLO 4 Configuration Utility configuring, 58 Require Login for iLO RBSU configuring, 58, 134 requirements HP schema directory integration, 261 Virtual Media, 218 Reset to Factory Defaults, 326 resetting to defaults, 322 re
web interface, 32 Shared Network Port enabling with iLO 4 Configuration Utility, 102 enabling with iLO RBSU, 101 enabling with iLO web interface, 103 FlexibleLOM, 91 LOM, 91 overview, 100 Show iLO IP during POST configuring, 58, 134 single sign-on configuring, 80, 81 Kerberos, 254, 256 privileges, 81 removing trusted certificates, 84 trust mode, 81 trusted certificates, 82 viewing trusted certificates, 83 SNMP, 112 see also SNMP alerts access, 55 configuring, 109 configuring alerts, 112, 113 configuring SNM
TPM using, 63 traps troubleshooting, 305 troubleshooting, 298 alerts and traps, 305 blocked ports, 305 certificate error, 327 cookies, 318 directory integration, 302, 306, 307 directory logout, 307 event log, 299 hardware and software links, 301 iLO access, 303 iLO Federation Management, 316 iLO firmware update, 320 iLO RBSU, 303 Inactive .
