background image

OpenLDAP authentication fails when configured with nested groups or
posixgroups

Symptom

OpenLDAP authentication fails when the directory is configured with nested groups or posixgroups.

Cause

iLO does not support nested groups or posixgroups with OpenLDAP.

Action

Configure iLO with a group in which the LDAP user has a direct membership. Make sure the OpenLDAP
directory group has an objectClass of the type groupOfNames.

iLO Zero Sign In fails after domain controller OS reinstall

Symptom

The iLO web interface 

Zero Sign In

 option does not work after the domain controller OS is reinstalled.

Cause

The key version number sequence is reset when the domain controller OS is reinstalled.

Action

Generate and install a new Kerberos keytab file.

Failed iLO login with Active Directory credentials

Symptom

User authentication fails when iLO is configured to use Active Directory.

Cause

There is a certificate problem:

• An SSL certificate is not installed on the Active Directory server.

• An old SSL certificate on the Active Directory server points to a previously trusted CA with the same

name as the CA in the current certificate. This situation might happen if a certificate service is added
and removed, and then added again.

You can verify this cause by checking the SSL Connection test results on the 

Directory Tests

 page.

Action

1.

Open the MMC.

2.

Add the certificates snap-in.

3.

When prompted, select 

Computer Account

 for the type of certificates you want to view.

4.

To return to the certificates snap-in, click 

OK

.

OpenLDAP authentication fails when configured with nested groups or

posixgroups

377

Summary of Contents for HPE iLO 5

Page 1: ...nd operating HPE ProLiant Gen10 servers and HPE Synergy compute modules by using the HPE iLO 5 firmware This document is intended for system administrators Hewlett Packard Enterprise representatives and Hewlett Packard Enterprise Authorized Channel Partners who are involved in configuring and using Hewlett Packard Enterprise servers that include iLO 5 ...

Page 2: ...ms are licensed to the U S Government under vendor s standard commercial license Links to third party websites take you outside the Hewlett Packard Enterprise website Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website Acknowledgments Microsoft and Windows are either registered trademarks or trademarks of Microsoft Co...

Page 3: ...with the iLO 5 Configuration Utility 25 Logging in to iLO for the first time 27 iLO default credentials 27 iLO licensed features 27 iLO driver support 28 Installing the iLO driver 28 Using the iLO web interface 30 iLO web interface 30 Supported browsers 30 Browser requirements 30 Configuring the Internet Explorer JavaScript setting 30 Logging in to the iLO web interface 31 Cookie sharing between b...

Page 4: ...52 Viewing processor information 53 Processor details 53 Viewing memory information 54 Advanced Memory Protection details 54 Memory Summary 56 Physical Memory Details 57 Logical Memory Details 57 Memory Details pane 58 Viewing network information 60 Physical Network Adapters 60 Logical Network Adapters 62 Viewing the device inventory 62 Device Inventory details 62 Device status values 63 Viewing P...

Page 5: ...Federation group memberships local iLO system 87 Adding iLO Federation group memberships multiple iLO systems 89 Configuring Enclosure iLO Federation Support 92 Using the iLO Federation features 92 Selected Group list 92 Exporting iLO Federation information to a CSV file 93 iLO Federation Multi System view 94 Viewing the iLO Federation Multi System Map 96 iLO Federation Group Virtual Media 96 iLO ...

Page 6: ...rial Port session 126 Viewing the iLO Virtual Serial Port log 126 Text based Remote Console Textcons 127 Customizing the Text based Remote Console 127 Using the Text based Remote Console 128 Using Linux with the Text based Remote Console 129 Using iLO Virtual Media 130 iLO Virtual Media 130 Virtual Media operating system information 131 Operating system USB requirement 131 Configuring Windows 7 fo...

Page 7: ...iguring the persistent mouse and keyboard 156 Viewing power information 157 Power Supply Summary details 157 Power Supplies list 159 Power Discovery Services iPDU Summary 160 Power Readings 161 Power Microcontroller 161 Battery Backup Unit details 161 Smart Storage Battery details 161 Power monitoring 162 High Efficiency Mode 162 Viewing fan information 162 Fan details 162 Fans 163 Temperature inf...

Page 8: ...st registration steps 191 Editing the web proxy settings Insight Online direct connect only 191 Registering for Insight Remote Support central connect 191 Unregistering from Insight Online direct connect 192 Unregistering from Insight Remote Support central connect 192 Remote support service events 193 Service event transmission 193 Using maintenance mode 193 Sending a test service event by using ...

Page 9: ...onfiguration 216 Viewing ESKM events 217 Clearing the ESKM log 217 Language packs 217 Selecting a language pack 218 Configuring the default language settings 218 Configuring the current iLO web interface session language 219 Uninstalling a language pack 219 How iLO determines the session language 219 Firmware verification 219 Configuring the firmware verification settings 220 Running a firmware ve...

Page 10: ...ma directory settings in iLO 252 Directory user contexts 253 Directory Server CA Certificate 254 Local user accounts with Kerberos authentication and directory integration 254 Running directory tests 254 Configuring encryption settings 257 Enabling the Production or HighSecurity security state 257 Enabling the FIPS and SuiteB security states 258 Connecting to iLO when using higher security states ...

Page 11: ...etails 295 Toggling the server UID LED 296 Viewing chassis information 296 Power Supplies list 296 Intelligent PDU details 297 Smart Storage Battery details 297 Using iLO with other software products and tools 299 iLO and remote management tools 299 Starting a remote management tool from iLO 299 Deleting a remote manager configuration 299 Using iLO with HPE OneView 300 Starting Intelligent Provisi...

Page 12: ...zational structure 327 How role access restrictions are enforced 328 User access restrictions 329 Role access restrictions 330 Tools for configuring multiple iLO systems at a time 332 User login using directory services 332 Directories Support for ProLiant Management Processors HPLOMIG 333 Configuring directory authentication with HPLOMIG 334 Discovering management processors 335 Optional Upgradin...

Page 13: ... HPE OneView 371 Unable connect to an iLO system with the iOS mobile app 372 iLO responds to pings intermittently or does not respond 372 Running an XML script with iLO fails 373 Directory issues 373 Logging in to iLO with Kerberos authentication fails 373 iLO credential prompt appears during Kerberos login attempt 374 iLO credential prompt appears during Kerberos login by name attempt 375 A direc...

Page 14: ... based Remote Console issues 392 Unable to view Linux installer in text based Remote Console 392 Unable to pass data through SSH terminal 392 VSP driven selection during the serial timeout window sends output to BIOS redirect instead of VSP 393 Scrolling and text appear irregular during BIOS redirection 393 Remote Support issues 393 SSL Bio Error during Insight RS registration 393 Server not ident...

Page 15: ...sole 404 Recovering an iLO license key 405 Agentless Management AMS and SNMP issues 406 AMS is installed but unavailable in iLO 406 Unable to get SNMP information in HPE SIM 406 Unable to receive HPE SIM alarms SNMP traps from iLO 406 Websites 407 Support and other resources 409 Accessing Hewlett Packard Enterprise Support 409 Accessing updates 409 Customer self repair 410 Remote support 410 Warra...

Page 16: ...re notifications through SNMP alerts remote syslogs and email alerts Learn more links Troubleshooting information for supported events is available on the Integrated Management Log page Active Health System Log Download the Active Health System log You can send the log file to Hewlett Packard Enterprise when you have an open support case or upload the log to the Active Health System Viewer iLO Fed...

Page 17: ...em Tuning Intelligent System Tuning for Gen10 servers consists of several features to increase server performance Jitter smoothing levels and balances frequency fluctuation in the processor Workload matching enables the use of preconfigured workload profiles to fine tune server resources Core boosting works with selected Intel processors to enable higher performance across more processor cores For...

Page 18: ... http www hpe com info redfish RESTful Interface Tool The RESTful Interface Tool iLOrest is a scripting tool that allows you to automate HPE server management tasks It provides a set of simplified commands that take advantage of the iLO RESTful API You can install the tool on your computer for remote use or install it locally on a server with a Windows or Linux Operating System The RESTful Interfa...

Page 19: ...improves performance and security because you can physically control which workstations are connected to the network A separate network also provides redundant access to the server when a hardware failure occurs on the production network In this configuration iLO cannot be accessed directly from the production network The Dedicated management network is the preferred iLO network configuration Figu...

Page 20: ...nditions The selected NIC teaming mode causes the switch that iLO is connected with to ignore traffic from the server NIC port that iLO is configured to share The selected NIC teaming mode sends all traffic destined for iLO to a NIC port other than the one that iLO is configured to share Because iLO and the server transmit and receive on the same switch port the selected NIC teaming mode must allo...

Page 21: ...electing a NIC teaming mode when your server uses another implementation of NIC teaming see NIC teaming constraints and the vendor documentation iLO IP address acquisition To enable iLO access after it is connected to the network the iLO management processor must acquire an IP address and subnet mask You can use a dynamic address or a static address Dynamic IP address A dynamic IP address is set b...

Page 22: ...e the iLO web interface when you can connect to iLO on the network by using a web browser You can also use this method to reconfigure an iLO management processor ROM based setup Use the iLO 5 Configuration Utility when the system environment does not use DHCP DNS or WINS Other configuration options not discussed in this guide follow Intelligent Provisioning To start Intelligent Provisioning press ...

Page 23: ...pts are available at the following website http www hpe com support ilo5 Initial setup steps Process overview The iLO default settings enable you to use most features without additional configuration However the configuration flexibility of iLO enables customization for multiple enterprise environments This chapter discusses the initial iLO setup steps Procedure 1 Connect iLO to the network 2 If y...

Page 24: ...access the server remotely start an iLO remote console session 2 Restart or power on the server 3 Press F9 in the server POST screen The UEFI System Utilities start 4 Click System Configuration 5 Click iLO 5 Configuration Utility 6 Disable DHCP a Click Network Options b Select OFF in the DHCP Enable menu The IP Address Subnet Mask and Gateway IP Address boxes become editable When DHCP Enable is se...

Page 25: ...signed to every user by default so it is not listed in the iLO 5 Configuration Utility You cannot assign the Recovery Set privilege through the iLO 5 Configuration Utility so it is not available in the list 6 Enter the user name and login name in the New User Name and Login Name boxes 7 Enter the password a Move the cursor to the Password box and then press Enter The Enter your new password box op...

Page 26: ...er 8 Modify the user account privileges To assign a privilege select YES in the menu next to the privilege name To remove a privilege select NO The Login privilege is assigned to every user by default so it is not available in the iLO 5 Configuration Utility You cannot assign the Recovery Set privilege through the iLO 5 Configuration Utility so it is not available in the list 9 Update as many user...

Page 27: ...ith a default user name password and DNS name The default information is on the serial label pull tab attached to the server that contains the iLO management processor Use these values to access iLO remotely from a network client by using a web browser User name Administrator Password A random eight character string DNS name ILOXXXXXXXXXXXX where the X characters represent the server serial number...

Page 28: ...d Hat Enterprise Linux 7 3 errata kernel 3 10 0 514 6 1 el7 Red Hat Enterprise Linux 6 9 and later hpilo is loaded automatically at startup On Ubuntu systems hpilo is loaded automatically at startup after the Linux Management Component Pack package is loaded VMware When you use VMware with iLO the following driver is available ilo This driver manages Agentless Management Service WBEM provider and ...

Page 29: ...ustom For VMware Download the iLO driver from the vibsdepot section of the Software Delivery Repository website http www hpe com support SDR Linux Follow the installation instructions provided with the software For Ubuntu Subscribe to the Linux Management Component Pack at http www hpe com support SDR Linux Setting up iLO 29 ...

Page 30: ...vaScript extensively This setting is not enabled by default in all versions of Internet Explorer To check or change this setting see Configuring the Internet Explorer JavaScript setting on page 30 Cookies Cookies must be enabled for certain features to function correctly Pop up windows Pop up windows must be enabled for certain features to function correctly Verify that pop up blockers are disable...

Page 31: ...entication More information iLO default credentials on page 27 Cookie sharing between browser instances and iLO When you browse to iLO and log in one session cookie is shared with all open browser windows that share the iLO URL in the browser address bar As a consequence all open browser windows share one user session Logging out in one window ends the user session in all the open windows Logging ...

Page 32: ...set the session cookie the following might occur User1 session behaves consistently with the privileges assigned to User2 User1 activity keeps User2 session alive but User1 session can time out unexpectedly Logging out of either window causes both sessions to end The next activity in the other window can redirect the user to the login page as if a session timeout or premature timeout occurred Clic...

Page 33: ...BL c Class branch is included If you have a Synergy compute module the Synergy Frame branch is included If you have a ProLiant XL server the Chassis branch is included When a remote management tool is used with iLO the Remote Management Tool Name branch is included Using the iLO controls iLO control icons When you log in to the iLO web interface the iLO controls are available from any iLO page Pow...

Page 34: ...he full page To access the Update Firmware and Upload to iLO Repository options click this icon These options are available on all Firmware OS Software tabs iLO navigation pane iLO has a collapsible navigation pane that is accessible from each page To toggle between showing and hiding the navigation pane click the icon in the top left corner of the iLO web interface To hide the navigation pane cli...

Page 35: ...nagement system 2 The name of the remote management tool is a link To start the remote management tool click the link Changing the language from the login page If a language pack is installed use the language menu on the login screen to select the language for the iLO session This selection is saved in a browser cookie for future use Prerequisites A language pack is installed Procedure 1 Navigate ...

Page 36: ...ystem serial number that is presented to host applications This value is displayed only when set by other software This value might affect operating system and application licensing The Serial Number Logical value is set as part of the logical server profile that is assigned to the system If the logical server profile is removed the serial number value reverts from the Serial Number Logical value ...

Page 37: ...ensity rack environments The possible states are UID ON UID OFF and UID BLINK If the iLO Service Port is in use UID BLINK status includes the Service Port status The possible values are UID BLINK Service Port Busy UID BLINK Service Port Error and UID BLINK Service Port Finished To turn the UID LED on or off click the UID Indicator icon click the UID control at the top of the iLO web interface wind...

Page 38: ...nect remote support but step 2 of the registration process is incomplete Not registered The server is not registered Unable to retrieve the HPE Remote Support information The registration status could not be determined Remote Support Registration Error A remote support connection error occurred Managing iLO sessions Prerequisites Administer User Accounts privilege Procedure 1 Navigate to the Infor...

Page 39: ...ee and then click the iLO Event Log tab 2 Optional Use the event log sort search and filter features to customize the log view The total number of recorded events is always displayed above the filter icon When filters are applied the number of events that meet the filter criteria is displayed below the filter icon 3 Optional To view the event details pane click an event Event log details ID The ev...

Page 40: ...ime when the first event of this type occurred This value is based on the date and time stored by the iLO firmware If iLO did not recognize the date and time when the event was first created NOT SET is displayed Event Code A unique identifier for an event within a given event class displayed in hexadecimal format Customizing the event log view Sorting events Click a column heading to sort the even...

Page 41: ...d to confirm the request click OK The event log is cleared of all previously logged information and an event is recorded in the log Integrated Management Log The IML provides a record of historical events that have occurred on the server Events are generated by the system ROM and by services such as the iLO driver Logged events include server specific information such as health and status informat...

Page 42: ...ne click an event IML details The first column on the left side of the web interface displays an active check box next to each event with Critical or Caution status Use this check box to select an event to mark as repaired ID The event ID number Events are numbered in the order in which they are generated By default the IML is sorted by the ID with the most recent event at the top A factory reset ...

Page 43: ...loss Immediate attention is needed Caution The event is significant but does not indicate performance degradation Informational The event provides background information Repaired An event has undergone corrective action Unknown The event severity could not be determined IML event pane details Initial Update The date and time when the first event of this type occurred This value is based on the dat...

Page 44: ...h box Marking an IML entry as repaired Use this feature to change the status of an IML entry from Critical or Caution to Repaired Prerequisites Configure iLO Settings privilege Procedure 1 Investigate and repair the issue 2 Click Information in the navigation tree and then click the Integrated Management Log tab 3 Select the log entry To select an IML entry click the check box next to the entry in...

Page 45: ...V Output window click Save and then follow the browser prompts to save or open the file Clearing the IML Prerequisites Configure iLO Settings privilege Procedure 1 Click Information in the navigation tree and then click the Integrated Management Log tab 2 Click 3 When prompted to confirm the request click OK The IML is cleared of all previously logged information and an event is recorded in the IM...

Page 46: ...data to Hewlett Packard Enterprise you agree to have the data used for analysis technical resolution and quality improvements The data that is collected is managed according to the privacy statement available at http www hpe com info privacy You can also upload the log to the Active Health System Viewer For more information see the Active Health System Viewer documentation at the following website...

Page 47: ...e a long time to download the entire Active Health System Log If you must upload the Active Health System Log for a technical issue Hewlett Packard Enterprise recommends downloading the log for the specific range of dates in which the problem occurred Procedure 1 Click Information in the navigation tree and then click the Active Health System Log tab The Active Health System Log is inaccessible wh...

Page 48: ...nt special characters such as the ampersand must be preceded by the escape character See the command line environment documentation for more information To download the Active Health System Log for a range of dates curl https iLO_IP_address ahsdata ahs ahs from yyyy mm dd to yyyy mm dd k v u username password o filename ahs To download the Active Health System Log for the last seven days and add a...

Page 49: ...TTPS warnings will be ignored v Specifies verbose output u username password Specifies your iLO user account credentials o filename ahs Specifies the output file name and path case_no HPE support case number Specifies a Hewlett Packard Enterprise support case number to add to the log header Options for adding contact information to the downloaded log phone phone number Specifies a phone number to ...

Page 50: ...et of data is available in the log 6 Reboot the server Rebooting the server is required because some information such as the operating system name and version is logged at server startup Performing this step ensures that a complete set of data is available in the log Viewing iLO self test results The iLO Self Test Results section displays the results of internal iLO diagnostic tests including the ...

Page 51: ...RAM data Tests the subsystem that retains nonvolatile configuration data logs and settings Embedded Flash Tests the state of the system that can store configuration provisioning and service information Host ROM Checks the BIOS to determine whether it is out of date compared to the management processor Supported Host Checks the management processor firmware to determine whether it is out of date fo...

Page 52: ...ancy status Redundancy status is displayed for the following Fan Redundancy Power Status Subsystem and device status Summarized status information is displayed for the following Agentless Management Service BIOS Hardware Health Fans Memory Network Power Supplies nonblade servers only Processors Storage Temperatures Smart Storage Battery Status supported servers only Subsystem and device status val...

Page 53: ...f some subsystems display the status Unknown because the status cannot be updated when the server is powered off Not Installed The subsystem or device is not installed Viewing processor information The Processor Information page displays the available processor slots the type of processor installed in each slot and a summary of the processor subsystem If the server is powered off the system health...

Page 54: ...m 3 Optional To view additional memory details select a memory module The Memory Details pane is displayed Advanced Memory Protection details AMP Mode Status The status of the AMP subsystem Other Unknown The system does not support AMP or the management software cannot determine the status Not Protected The system supports AMP but the feature is disabled Protected The system supports AMP The featu...

Page 55: ...irroring The system is configured for mirrored memory protection All memory banks are duplicated in mirrored memory as opposed to only one for online spare memory If enough ECC errors occur the spare memory is activated and the memory that is experiencing the errors is disabled RAID XOR The system is configured for AMP with the XOR engine Advanced ECC The system is configured for AMP with the Adva...

Page 56: ...or board A3DC The system can be configured for A3DC AMP None The system cannot be configured for AMP Memory Summary The Memory Summary section shows a summary of the memory that was installed and operational at POST Location The slot or processor on which the memory board cartridge or riser is installed Possible values follow System Board There is no separate memory board slot All DIMMs are instal...

Page 57: ...le status and whether the module is in use Size The size of the memory module in MB Speed The memory module speed Technology The memory module technology Possible values follow Unknown Memory technology cannot be determined N A Not present Synchronous RDIMM UDIMM LRDIMM NVDIMM NVDIMM N R NVDIMM Logical Memory Details This section shows the HPE Scalable Persistent Memory devices that were configure...

Page 58: ...PE Memory modules Type The type of memory installed Possible values follow Other Memory type cannot be determined Board Memory module is permanently mounted not modular on a system board or memory expansion board DDR4 N A Memory module is not present Minimum Voltage The minimum voltage at which the memory module can operate Ranks The number of ranks in the memory module Error Correction The type o...

Page 59: ... name Manufacturer The memory module manufacturer Power Backup Unit Bays The number of battery backed unit bays that provide backup power to the logical DIMM Type The type of memory installed The only possible value for logical memory is Logical Minimum Voltage The minimum voltage at which the memory module can operate Ranks The number of ranks in the memory module Error Correction The type of err...

Page 60: ...fresh the data log out of iLO and then log back in Procedure 1 Click System Information in the navigation tree and then click the Network tab 2 Optional To expand or collapse the information on this page click Expand All or Collapse All respectively Physical Network Adapters Integrated and add in NICs and Fibre Channel adapters This section displays the following information about the integrated a...

Page 61: ...IPv6 Address For system NICs embedded and stand up the server IP address if available Status The port status Team Bridge If a port is configured for NIC teaming the name of the configured link between the physical ports that form a logical network adapter This value is displayed for system NICs embedded and stand up only Fibre Channel host bus adapters or converged network adapters The following i...

Page 62: ...ver is powered off the health status information on this page is current as of the last power on Health information is updated only when the server is powered on and POST is complete The following information is displayed only if AMS is installed and running on the server Firmware version and status of add in network adapters network attached storage details and Smart Storage Battery status If the...

Page 63: ...k System Information in the navigation tree and then click the Device Inventory tab 2 Move the cursor over the Location column for a listed PCI slot PCI slot tooltip details Type The PCI slot type Bus Width The PCI slot bus width Length The PCI slot length Characteristics 1 Information about the PCI slot for example voltage and other support information Characteristics 2 Information about the PCI ...

Page 64: ...attached logical drives and the physical drives that constitute the logical drives Hewlett Packard Enterprise and third party storage controllers that manage direct attached storage and the attached physical drives iLO 5 supports the following products HPE ML DL Server M 2 SSD Enablement Kit HPE 12G SAS Expander HPE Dual 8GB MicroSD EM USB Kit NVMe drives Smart Array controllers are listed first o...

Page 65: ...troller passed or failed A failed status indicates that the controller is not encrypted Encryption Critical Security Parameter NVRAM Status Indicates whether the controller successfully detected the critical security parameter NVRAM A failed status means that the controller is not encrypted The encryption settings for a Smart Array controller can be configured by using the Smart Storage Administra...

Page 66: ...fect the overall storage health status Only logical drives affect the storage health status The following information is listed for the physical drives attached to a Smart Array controller Physical drive port box and bay numbers Status Serial Number Model Media Type Capacity Location Firmware Version Drive Configuration Encryption Status Direct attached storage details Controllers This section pro...

Page 67: ...ware Version Controller Type Physical Drives This section provides information about physical drives attached to Hewlett Packard Enterprise and third party storage controllers When a physical drive has a Failed status this status does not affect the overall storage health status Only logical drives affect the storage health status Physical drive location Status Serial Number Model Media Type Capac...

Page 68: ...iLO Settings and Administer User Accounts The iLO Online ROM Flash Component and HPONCFG are examples of online in band firmware update methods Out of band Firmware is sent to iLO over a network connection Users with the Configure iLO Settings privilege can update firmware by using an out of band method If the system maintenance switch is set to disable iLO security any user can update firmware wi...

Page 69: ...tage of the HPLOMIG firmware update capabilities HPLOMIG can be used to discover multiple iLO processors and update their firmware in one step SMASH CLP Access SMASH CLP through the SSH port and use standard commands to view firmware information and update firmware For more information about SMASH CLP see the iLO scripting and CLI guide Offline firmware update When you use an offline method to upd...

Page 70: ... information see the SUM documentation You can access the iLO Repository and the Flash Firmware controls from all tabs on the Firmware OS Software page Updating iLO or server firmware by using the Flash Firmware feature You can update firmware from any network client by using the iLO web interface A signed file is required You can also initiate a component update from the iLO Repository page Prere...

Page 71: ...ta on the TPM or TM is suspended or backed up and then click OK The iLO firmware receives validates and then flashes the firmware image When you update the iLO firmware iLO reboots and closes your browser connection It might take several minutes before you can re establish a connection 8 For iLO firmware updates only To start working with the new firmware clear your browser cache and then log in t...

Page 72: ...res Procedure 1 Navigate to the following website http www hpe com support hpesc 2 To locate and download the iLO Online ROM Flash Component file follow the onscreen instructions Download a Windows or Linux component 3 Extract the BIN file For Windows components Double click the downloaded file and then click the Extract button Select a location for the extracted files and then click OK For Linux ...

Page 73: ...page displays firmware information for various server components If the server is powered off the information on this page is current as of the last power off Firmware information is updated only when the server is powered on and POST is complete Firmware types The firmware types listed on the Installed Firmware page vary based on the server model and configuration For most servers the system ROM ...

Page 74: ...Click OK The change will take effect after the next server reboot iLO Repository The iLO Repository is a secure storage area in the nonvolatile flash memory embedded on the system board This flash memory is called the iLO NAND Use SUM or iLO to manage signed software and firmware components in the iLO Repository iLO the UEFI BIOS SUM and other client software can retrieve these components and appl...

Page 75: ...cted and cannot be replaced by uploading a new component with the same name To replace a Recovery Set component log in with an account that has the Recovery Set privilege and then delete the recovery install set 7 Click OK The upload starts The upload status is displayed at the top of the iLO web interface Installing a component from the iLO Repository You can add a component to the installation q...

Page 76: ...t The component is not part of a queued task Procedure 1 Click Firmware OS Software in the navigation tree and then click the iLO Repository tab 2 Click the remove component icon iLO prompts you to confirm the request 3 Click Yes remove The component is removed Viewing iLO Repository summary and component details Procedure 1 Click Firmware OS Software in the navigation tree and then click the iLO ...

Page 77: ...sion without needing to find the original SPP To learn more about how iLO SUM and the BIOS work together to manage software and firmware see the SUM documentation Installing an install set You can add an install set to the installation queue from the Install Sets page When you add an install set to the installation queue iLO adds a task to the end of the installation queue for each component or co...

Page 78: ...ty and iLO can initiate the requested updates the update begins immediately Removing an Install Set Prerequisites Configure iLO Settings privilege for unprotected install sets Recovery Set privilege for removing the protected install set Procedure 1 Click Firmware OS Software in the navigation tree and then click Install Sets 2 Click the remove install set icon iLO prompts you to confirm the reque...

Page 79: ...stall set and then designate it as the System Recovery Set by using the iLO RESTful API For instructions see the SUM user guide Only one System Recovery Set can exist at a time Installation Queue The installation queue is an ordered list of components that were added to the queue individually or as parts of an install set Use SUM to manage the queue You can view queued tasks and add single compone...

Page 80: ...task could not complete Subsequent tasks will not run until this task is removed from the queue Complete The task completed successfully Pending The task will run when the software that initiates updates for the component type detects the installation request Name The task name Starts The task start date and time Expires The task expiration date and time Individual task details When you click an i...

Page 81: ...llowing lang_ language _ version lpk 3 Click Firmware OS Software in the navigation tree and then click Update Firmware The Flash Firmware controls appear 4 Click Browse Internet Explorer or Firefox or Choose Files Chrome 5 Select a language pack and then click Open 6 Optional To save a copy of the language pack file to the iLO Repository select the Also store in iLO Repository check box 7 Click F...

Page 82: ...ecommended third party software that was added manually or by using the SPP Name The name of the software Version The software version The versions of the displayed firmware components indicate the firmware versions available in the firmware flash components that are saved on the local operating system The displayed version might not match the firmware running on the server Description A descripti...

Page 83: ... servers in an iLO Federation group Group license installation Enter a license key to activate iLO licensed features on the servers in an iLO Federation group Group configuration Add iLO Federation group memberships for multiple iLO systems Any user can view information on iLO Federation pages but a license is required for using the following features Group Virtual Media Group power control Group ...

Page 84: ...TTP TCP default port 80 communication between iLO systems For networks with multiple VLANs configure the switches to allow multicast traffic between the VLANs For networks with Layer 3 switches For IPv4 networks Enable PIM on the switch and configure it for PIM Dense Mode For IPv6 networks Configure the switch for MLD snooping Configuring the multicast options for one iLO system at a time Use the ...

Page 85: ...Multicast Scope The size of the network that will send and receive multicast traffic Valid values are Link Site and Organization The default value is Site Multicast Time To Live TTL Specifies the number of switches that can be traversed before multicast discovery stops The default value is 5 iLO Federation groups iLO Federation group memberships for local iLO systems When you configure group membe...

Page 86: ...r and Reset Group members can power cycle or reset the host system These activities interrupt the system availability Virtual Media Group members can use scripted Virtual Media with the managed server Host BIOS Group members can configure the host BIOS settings by using the UEFI System Utilities Configure iLO Settings Group members can configure most iLO settings including security settings and ca...

Page 87: ...ederation group memberships local iLO system Viewing iLO Federation group memberships local iLO system Procedure Click iLO Federation in the navigation tree You can also use RIBCL scripts to view information about groups For more information see the iLO Federation user guide The Group Membership for this iLO table lists the name of each group that includes the local iLO system and the privileges g...

Page 88: ... Procedure 1 Click iLO Federation in the navigation tree The Setup tab displays the existing group memberships for the local iLO system 2 Select a group membership and then click Edit 3 To change the group name enter a new name in the Group Name box The group name can be 1 to 31 characters long 4 To change the group key select the Change Group Key check box then enter a new value in the Group Key ...

Page 89: ... in the DEFAULT group but with different privileges Prerequisites Configure iLO Settings privilege An iLO license that supports this feature is installed Procedure 1 Click iLO Federation in the navigation tree and then click the Group Configuration tab If no iLO Federation groups exist this page displays the following message There are no configured groups Use the iLO Federation Setup page to crea...

Page 90: ...reate a group that contains all servers with a specific version of the iLO firmware When you create a group from a list of filtered servers only the servers listed in the Affected Systems list at the time the group is created are added to the group If you configure servers that meet the filter criteria after the group is created they are not added to the group Prerequisites Configure iLO Settings ...

Page 91: ...ess takes a few minutes The group will be fully populated within the amount of time configured for the Multicast Announcement Interval Servers affected by a group membership change The Affected Systems section on the Group Configuration page provides the following details about the servers affected when you make a group membership change Server Name The server name defined by the host operating sy...

Page 92: ...played 3 Select the Enable Enclosure iLO Federation Support check box and then click Apply You can also use the CLI to enable or disable the Enable Enclosure iLO Federation Support option To enable the option enter ENABLE ENCLOSURE_ILO_FEDERATION_SUPPORT To disable the option enter DISABLE ENCLOSURE_ILO_FEDERATION_SUPPORT For more information see the Onboard Administrator CLI user guide Verifying ...

Page 93: ... remain persistent even when you log out of iLO Selected Group list filter criteria You can use the following criteria to filter the servers in a group Health status Click a health status link to select servers with a specific health status Model Click a server model number link to select servers matching the selected model Server name Click a server name to filter by an individual server Firmware...

Page 94: ... Federation information export options You can export the following information from the iLO Federation pages Systems with critical or degraded status Export this list from the Multi System View page iLO peers list Export this list from the Multi System Map page Affected systems list Export the list of systems affected by an iLO Federation action on the following pages Group Virtual Media Group Po...

Page 95: ...Group menu 3 Optional To filter the list of servers click a health status server model or server name link 4 Click Next or Previous if available to view more servers in the Critical and Degraded Systems list More information Exporting iLO Federation information to a CSV file on page 93 Critical and degraded server status details Server Name The server name defined by the host operating system Syst...

Page 96: ...responding quickly This value applies to the most recent query Node Count When an error occurs this value can indicate how much data might be missing A value of zero indicates that the most recent query timed out This value applies to the most recent query URL The URL for starting the iLO web interface for the listed peer IP The peer IP address iLO Federation Group Virtual Media Group Virtual Medi...

Page 97: ... it is manually ejected and the servers boot to it on all subsequent server resets if the system boot options are configured accordingly If a server in the group is in POST when you enable the Boot on Next Reset check box an error occurs because you cannot modify the server boot order during POST Wait for POST to finish and then try again 5 Click Insert Media iLO displays the command results Viewi...

Page 98: ... The UID LED helps you identify and locate a server especially in high density rack environments The possible states are UID ON UID OFF and UID BLINK iLO Hostname The fully qualified network name assigned to the iLO subsystem To open the iLO web interface for the server click the link in the iLO Hostname column IP Address The network IP address of the iLO subsystem To open the iLO web interface fo...

Page 99: ... change the power state of a group of servers do one of the following For servers that are in the ON or Reset state click one of the following buttons Momentary Press Press and Hold Reset Cold Boot For servers that are in the OFF state click the Momentary Press button The Press and Hold Reset and Cold Boot options are not available for servers that are in the OFF state 4 When prompted to confirm t...

Page 100: ...s about the servers affected when you initiate a Virtual Power Button action Server Name The server name defined by the host operating system Server Power The server power state ON or OFF UID Indicator The state of the UID LED The UID LED helps you identify and locate a server especially in high density rack environments The possible states are UID ON UID OFF and UID BLINK iLO Hostname The fully q...

Page 101: ...vidual server level or by another iLO Federation group affects a server other group power caps might allocate less power to that server When a power cap is set the average power reading of the grouped servers must be at or below the power cap value During POST the ROM runs two power tests that determine the peak and minimum observed power values Consider the values in the HPE Automatic Group Power...

Page 102: ...Automatic Group Power Capping Settings This section shows the following details Measured Power Values The maximum available power peak observed power and minimum observed power Power Cap Value The power cap value if one is configured Current State This section includes the following details Present Power Reading The current power reading for the selected group Present Power Cap The total amount of...

Page 103: ... click a firmware version flash status or TPM or TM Option ROM Measuring status link CAUTION If you attempt to perform a system ROM or iLO firmware update on a server with a TPM or TM installed iLO prompts you to suspend or back up any software that stores information on the TPM or TM For example if you use drive encryption software suspend it before initiating a firmware update Failure to follow ...

Page 104: ... is also displayed The TPM or TM Option ROM Measuring status for the grouped servers The percentage of the total number of servers with the listed status is also displayed The number of servers with each system ROM version The percentage of the total number of servers with the listed system ROM version is also displayed Servers affected by a Group Firmware Update The Affected Systems list provides...

Page 105: ...ctivation Key box press the Tab key or click inside a segment of the box The cursor advances automatically when you enter data into the segments of the Activation Key box 6 Click Install The EULA confirmation dialog box opens The EULA details are available in the License Pack option kit 7 Click OK The License Information section is updated to show the new license details for the selected group Mor...

Page 106: ...ber of servers with each listed license type The percentage of the total number of servers with each listed license type is also displayed Status The number of servers with each listed license status The percentage of the total number of servers with each license status is also displayed The possible status values follow Evaluation A valid evaluation license is installed Expired An expired evaluat...

Page 107: ...b interface Download HPLOCONS from the following website http www hpe com support ilo5 iLO Mobile Application for iOS and Android devices Provides Integrated Remote Console access from your supported mobile phone or tablet For more information see http www hpe com info ilo mobileapp Integrated Remote Console usage information and tips Users with the Remote Console privilege can use the NET IRC and...

Page 108: ...to exit The Idle Connection Timeout specifies how long a user can be inactive before an Integrated Remote Console session ends automatically This value does not affect Integrated Remote Console sessions when a virtual media device is connected For more information about the Idle Connection Timeout see Access Settings When the mouse is positioned over the Integrated Remote Console window the consol...

Page 109: ...mozilla org Previous versions of Google Chrome could run the NET IRC with an NPAPI plug in that supported ClickOnce Google Chrome 42 and later does not support NPAPI based plug ins As a workaround use one of the following The NET IRC with a different browser The standalone NET IRC The Java IRC The iLO mobile app Starting the Integrated Remote Console Starting the NET IRC Prerequisites Remote Conso...

Page 110: ... The Launch tab displays the Remote Console launch options 2 Click the Web Start button Internet Explorer The browser prompts you to open the Java IRC JNLP file Firefox The browser prompts you to save the Java IRC JNLP file Chrome The browser downloads the Java IRC JNLP file 3 Open the JNLP file Internet Explorer Click the open prompt Firefox Save and open the downloaded JNLP file Chrome Open the ...

Page 111: ... Remote Console feature is enabled on the Access Settings page An iLO license that supports this feature is installed Your system meets the requirements for using the Java IRC Procedure 1 Click Information in the navigation tree and then click the Overview tab 2 Click the Java Web Start link Depending on your web browser you might need to open the downloaded file to start the Java IRC Acquiring th...

Page 112: ...ava IRC 3 Select one of the following options from the Remote Console Power Switch menu Momentary Press Press and Hold Cold Boot Reset The Press and Hold Reset and Cold Boot options are not available when the server is powered off Virtual Power Button options Momentary Press The same as pressing the physical power button If the server is powered off a momentary press will turn on the server power ...

Page 113: ...e client connection A dialog box for each access request opens on the session leader desktop identifying the requester user name and DNS name if available or IP address The session leader can grant or deny access If there is no response permission is denied Shared Remote Console does not support passing the session leader designation to another user or reconnecting a user after a failure To allow ...

Page 114: ...an save the captured video to your local drive by using the NET IRC The Server Startup file starts capturing when server startup is detected and stops when it runs out of space This file is overwritten each time the server starts The Server Prefailure file starts capturing when the Server Startup file is full and stops when iLO detects an ASR event The Server Prefailure file is locked when iLO det...

Page 115: ...ch tab displays the Remote Console launch options 2 Start the NET IRC 3 Press the Play button The Play button has a green triangle icon and it is located in the toolbar at the bottom of the Remote Console window 4 Select Server Startup or Server Prefailure 5 Click Start 6 Press the Play button again to stop playback Capturing video files with the Remote Console Use this procedure to capture video ...

Page 116: ...o define up to six hot keys to use during Remote Console sessions Each hot key represents a combination of up to five keys that are sent to the host server when the hot key is pressed Hot keys are active during Remote Console sessions that use the NET IRC Java IRC and the text based Remote Console If a hot key is not set for example Ctrl V is set to NONE NONE NONE NONE NONE this hot key is disable...

Page 117: ...yboard Keys for configuring Remote Console computer lock keys and hot keys on page 117 lists the keys you can use when you configure hot keys 3 Click Save Hot Keys iLO confirms that the hot key settings were updated successfully Keys for configuring Remote Console computer lock keys and hot keys The following keys are supported when you configure Remote Console hot keys and Remote Console computer...

Page 118: ...et Hot Keys iLO prompts you to confirm the request 3 Click OK iLO notifies you that the hot keys were reset Viewing configured remote console hot keys Java IRC only Prerequisites Remote Console privilege The Remote Console feature is enabled on the Access Settings page An iLO license that supports this feature is installed Procedure 1 Click Remote Console Media in the navigation tree The Launch ta...

Page 119: ...ver operating system when a Remote Console session ends or the iLO network link is lost Disabled default Use this option to disable the Remote Console Computer Lock feature When a Remote Console session ends or the iLO network link is lost the operating system on the managed server is not locked More information Keys for configuring Remote Console computer lock keys and hot keys on page 117 Config...

Page 120: ...le Media in the navigation tree and then click the Security tab 2 To enable or disable the IRC requires a trusted certificate in iLO setting click the toggle switch 3 To save the changes click Apply 120 iLO Integrated Remote Console ...

Page 121: ...a flow with a server serial port Using the remote console you can operate as if a physical serial connection exists on the remote server serial port The iLO Virtual Serial Port is displayed as a text based console but the information is rendered through graphical video data iLO displays this information through an SSH client when the server is in a pre operating system state enabling an unlicensed...

Page 122: ...Baud Rate menu select 115200 NOTE The iLO Virtual Serial Port does not use a physical UART so the BIOS Serial Console Baud Rate value has no effect on the speed the iLO Virtual Serial Port uses to send and receive data d For Windows users only In the EMS Console menu select the COM port that matches the selected Virtual Serial Port COM port 4 To save the changes and exit press F12 5 When prompted ...

Page 123: ...kernel vmlinux 2 6 18 164 e15 ro root dev sda9 console tty0 console ttyS1 115200 initrd initrd 2 6 18 164 e15 img After Linux is fully booted a login console can be redirected to the serial port If configured the dev ttyS0 and dev ttyS1 devices enable you to obtain serial TTY sessions through the iLO Virtual Serial Port 2 To begin a shell session on a configured serial port add the following line ...

Page 124: ... inittab file to start the login process automatically during system boot The following example initiates the login console on dev ttyS0 S0 2345 respawn sbin agetty 115200 ttyS0 vt100 6 Use SSH to connect to iLO and then use the iLO CLP command start system1 oemHPE_vsp1 to view a login session to the Linux operating system Configuring SuSE Linux Enterprise Server to use the iLO Virtual Serial Port...

Page 125: ...see your OS documentation If the EMS console is not enabled in the OS iLO displays an error message when you try to access the iLO Virtual Serial Port The Windows EMS serial port must be enabled through the UEFI System Utilities The configuration options allow you to enable or disable the EMS port and select the COM port iLO automatically detects whether the EMS port is enabled or disabled and det...

Page 126: ...ommand prompt channel 5 For Windows systems only to switch to the channel specified by the channel numberEnter ch si 6 When prompted enter the OS login credentials More information Configuring the iLO Virtual Serial Port in the UEFI System Utilities on page 122 Configuring Windows for use with the iLO Virtual Serial Port on page 125 Windows EMS Console with iLO Virtual Serial Port on page 125 View...

Page 127: ...em boot process POST Standard option ROMs Text boot loaders boot loaders without a frame buffer Linux operating system in VGA 80x25 mode DOS Other text based operating systems International language keyboards if the server and client systems have a similar configuration Line drawing characters when the correct font and code page are selected in the client application More information Boot Order on...

Page 128: ... speed 500 delay 10 Configuring character mapping In the ASCII character set CONTROL characters ASCII characters less than 32 are not printable and are not displayed These characters can be used to represent items such as arrows stars or circles Some of the characters are mapped to equivalent ASCII representations The following table lists the supported equivalents Table 1 Character equivalents Ch...

Page 129: ...run the Text based Remote Console on a Linux system that is configured to present a terminal session on the serial port This feature enables you to use a remote logging service You can log on to the serial port remotely and redirect output to a log file Any system messages directed to the serial port are logged remotely Some keyboard combinations that Linux requires in text mode might not be passe...

Page 130: ...sconnecting it The iLO Virtual CD DVD ROM is available at server boot time for supported operating systems Booting from a Virtual CD DVD ROM enables you to perform tasks such as deploying an operating system from network drives and performing disaster recovery of failed operating systems If the host server OS supports USB mass storage devices or secure digital devices the iLO Virtual Floppy USB ke...

Page 131: ...ng system requirements to consider when you are using the iLO Virtual Media features Operating system USB requirement To use Virtual Media devices your operating system must support USB devices including USB mass storage devices For more information see your operating system documentation During system boot the ROM BIOS provides USB support until the operating system loads Because MS DOS uses the ...

Page 132: ...able Protected Mode and then click Apply After you disable Protected Mode close all open browser instances and restart the browser Red Hat Enterprise Linux and SuSE Linux Enterprise Server Linux supports the use of USB diskette and key drives Changing diskettes When you are using a Virtual Floppy USB key on a client machine with a physical USB disk drive disk change operations are not recognized F...

Page 133: ...er mount dev scd0 media cdrom1 Operating system considerations Virtual Folder Boot process and DOS sessions The Virtual Folder device appears as a standard BIOS floppy drive drive A If a physically attached floppy drive exists it is unavailable at this time You cannot use a physical local floppy drive and the Virtual Folder simultaneously Windows A Virtual Folder appears automatically after Window...

Page 134: ...s click the Virtual Media Status link The Access Settings page is displayed 3 Optional To configure the Virtual Media port click the Virtual Media Port link The Access Settings page is displayed Viewing connected local media Prerequisites Virtual Media privilege The Virtual Media feature is enabled on the Access Settings page Procedure To view the connected local media devices click Remote Console...

Page 135: ...ia feature is enabled on the Access Settings page Procedure 1 Click Remote Console Media in the navigation tree and then click the Virtual Media tab 2 Enter the URL for the scripted media in the Scripted Media URL box in the Connect Virtual Floppy IMG files or Connect CD DVD ROM section ISO files 3 For CD DVD ROM only Select the Boot on Next Reset check box if you want the server to boot to this i...

Page 136: ...ttings page Procedure 1 Click Remote Console Media in the navigation tree and then click Virtual Media 2 To eject scripted media devices click the Force Eject Media button in the Virtual Floppy Virtual Folder Status or Virtual CD DVD ROM Status section For server blades without an iLO license that grants full Virtual Media privileges you cannot use the Force Eject Media option with a virtual media...

Page 137: ...enu and then select the drive letter of a floppy disk CD DVD ROM or USB key drive on your client PC The virtual drive activity LED will show virtual drive activity Using a virtual drive IMG or ISO Prerequisites Remote Console privilege The Remote Console feature is enabled on the Access Settings page An iLO license that supports this feature is installed Procedure 1 Click Remote Console Media in t...

Page 138: ... as a virtual drive and then click Connect The virtual drive activity LED does not show drive activity for URL mounted virtual media More information Setting up IIS for scripted Virtual Media on page 140 Create Media Image feature Java IRC only When you use Virtual Media performance is fastest when image files are used instead of physical disks You can use industry standard tools like DD to create...

Page 139: ...from an image file to a physical disk The Create Media Image feature enables you to copy the data from a disk image file to a floppy disk or USB key Only IMG disk image files are supported Copying data to a CD ROM is not supported You can copy disk image data to a floppy disk or USB key Prerequisites Remote Console privilege The Remote Console feature is enabled on the Access Settings page An iLO ...

Page 140: ...t and dismount a local or networked directory that is accessible through the client After you create a virtual image of a folder or directory the server connects to the image as a USB storage device You can browse to the server and transfer the files from the virtual image to the server The Virtual Folder is nonbootable and read only the mounted folder is static Changes to the client folder are no...

Page 141: ...figuring IIS for read write access Procedure 1 Install Perl for example ActivePerl 2 Customize the Virtual Media helper application as needed 3 Create a directory on your website for the Virtual Media helper script and then copy the script to that directory The sample script uses the directory name cgi bin but you can use any name 4 On the Properties page for your directory under Application Setti...

Page 142: ...or HTTPS user password Optional When present HTTP basic authorization is used servername Mandatory Either the host name or the IP address of the web server port Optional A web server on a nonstandard port path Mandatory The image file that is being accessed helper script Optional The location of the helper script on IIS web servers For detailed information about the INSERT_VIRTUAL_MEDIA command se...

Page 143: ...path on the file system The helper script requires write access to the target file Diskette image files must have the appropriate permissions Example usr bin perl use CGI use Fcntl The prefix is used to get from the current working directory to the location of the image file that you are trying to write my prefix c inetpub wwwroot my start end len decode my q new CGI Get CGI data my file q param f...

Page 144: ...binmode F sysseek F start SEEK_SET syswrite F decode len close F print Content Length 0 r n print r n 144 Using iLO Virtual Media ...

Page 145: ... button is disabled until iLO is ready to manage power The iLO firmware monitors and configures power thresholds to support managed power systems for example using Hewlett Packard Enterprise power capping technology Multiple system brownout blackout and thermal overloads might result when systems are allowed to boot before iLO can manage power The managed power state is lost because of AC power lo...

Page 146: ...e servers only When the system draws more than 70 of the maximum power output of the primary supplies the secondary supplies return to normal operation exit step down mode When power use drops below 60 capacity of the primary supplies the secondary supplies return to step down mode HEM enables you to achieve power consumption equal to the maximum power output of the primary and secondary power sup...

Page 147: ...press the momentary press button again Power Hold by Manager Profile Synergy compute modules only HPE OneView has placed a power hold on this server Enclosure Error Synergy compute modules only An enclosure error occurred For troubleshooting information see the error messages guide for your server Managing the server power The Virtual Power Button section on the Server Power page displays the curr...

Page 148: ...e operating system Cold Boot Immediately removes power from the server Processors memory and I O resources lose main power The server will restart after approximately 6 seconds Using this option circumvents the graceful shutdown features of the operating system Configuring the System Power Restore Settings The System Power Restore Settings section enables you to control system behavior after power...

Page 149: ...is delayed by 60 seconds Random up to 120 seconds The power on delay varies and can be up to 120 seconds The 15 30 45 and 60 second delay values are not supported on blade servers Viewing server power usage Power meter graphs display recent server power usage Power history information is not collected when the server is powered off When you view a graph that includes periods in which the server wa...

Page 150: ...tion for this graph every 10 seconds Last 24 hours Displays the power usage of the server over the last 24 hours The iLO firmware updates power usage information for this graph every 5 minutes Chart data Use the following check boxes to customize the data included in power meter graphs Power Cap The configured power cap during the sample Power cap data is displayed in red in power meter graphs A p...

Page 151: ...h to lock the display on a specific point on the graph When automatic refresh is running use the lock feature to show a data point that falls under a specific historical point along the x axis For example on the 20 minute graph you could lock the display at 10 minutes and every time the chart refreshes the values that occurred 10 minutes ago are displayed Viewing the current power state Procedure ...

Page 152: ... running for the specified time period the value is the average of all readings since the server booted Minimum Power The minimum power reading from the server for the specified time period If the server has not been running for the specified time period the value is the minimum of all readings since the server booted When multiple power supplies are removed from the server at the same time there ...

Page 153: ...ulator settings Dynamic Power Savings Mode Automatically varies processor speed and power usage based on processor utilization This option allows the reduction of overall power consumption with little or no impact to performance It does not require OS support Static Low Power Mode Reduces processor speed and power usage This option guarantees a lower maximum power usage value for the system Static...

Page 154: ...ue is the Minimum High Performance Cap threshold and it represents the maximum power that the server uses in the current configuration A power cap set to this value does not affect server performance Minimum Observed Power The minimum observed power for the server This value is the Minimum Power Cap threshold and it represents the minimum power that the server uses A power cap set to this value re...

Page 155: ...he server will lose power when the battery is depleted Momentary Power Button Press When iLO detects that the server is running on battery power for at least 10 seconds it sends a momentary power button press to the server If the operating system is configured to react to the power button press the operating system initiates a shutdown Send Shutdown Message to OS When iLO detects that the server i...

Page 156: ...st be a multiple of 5 Configuring the persistent mouse and keyboard The Other Settings section on the Power Settings page allows you to enable or disable the persistent keyboard and mouse feature When this feature is enabled the iLO virtual keyboard and mouse are always connected to the iLO UHCI USB controller When this feature is disabled the iLO virtual keyboard and mouse are connected dynamical...

Page 157: ...lly equal to the sum of all active power supply outputs there might be some variance as a result of reading the individual power supplies This value is a guideline value and is not as accurate as the values presented on the Power Meter page For more information see Viewing server power usage on page 149 Power Management Controller Firmware Version The firmware version of the power management contr...

Page 158: ... is not applicable in this configuration Power Discovery Services Status The possible values follow Redundant The server is configured for a redundant iPDU configuration Not Redundant There are not sufficient iPDUs to support redundancy or the server power supplies are connected to the same iPDU N A No iPDUs were discovered When the iLO processor or the server is reset the iPDU discovery process m...

Page 159: ...ral Failure Over Voltage Failure Over Current Failure Over Temperature Failure Input Voltage Lost Fan Failure High Input A C Warning Low Input A C Warning High Output Warning Low Output Warning Inlet Temperature Warning Internal Temperature Warning High Vaux Warning Low Vaux Warning Mismatched Power Supplies PDS Whether the installed power supply is enabled for Power Discovery Services Hotplug Whe...

Page 160: ...link is not established for all power supplies Two or more power supplies are connected to the same iPDU The iPDU MAC address and serial number are identical for power supplies whose input power comes from the same iPDU If one power supply is waiting for a connection to be established the iPDU is listed as Not Redundant Waiting for connection This Informational status indicates one or more of the ...

Page 161: ...he bay where the battery backup unit is installed Present Whether a battery backup unit is installed The possible values are OK and Battery Failed and Replace Battery Status The battery backup unit status The possible values are OK Degraded Failed or Other Charge The battery backup unit charge level percent The possible charging status values are Fully Charged Discharging Charging Slow Charging an...

Page 162: ... to the system The power supplies are more efficient more DC output watts for each watt of AC input at higher output levels and the overall power efficiency improves High Efficiency Mode does not affect power redundancy If the primary power supplies fail the secondary power supplies immediately begin supplying DC power to the system preventing any downtime You can configure redundant power supply ...

Page 163: ...system and server Server blades use the enclosure fans to provide cooling because they do not have internal fans The enclosure fans are called virtual fans on the Fans tab The Virtual fan reading represents the cooling amount that a server blade or is requesting from the enclosure The server blade calculates the amount of required cooling by examining various temperature sensors and calculating an...

Page 164: ... gives an indication of the sensor location Location The area where the temperature is being measured In this column Memory refers to the following Temperature sensors on physical memory DIMMs Temperature sensors located close to the memory DIMMs but not on the DIMMs These sensors are located further down the airflow cooling path near the DIMMs to provide additional temperature information The ID ...

Page 165: ...g on the server requirements Policies usually include increasing fan speeds to maximum cooling logging temperature events in the IML providing a visual indication of events by using LED indicators and starting a graceful shutdown of the operating system to avoid data corruption Additional policies are implemented after an excessive temperature condition is corrected including returning the fan spe...

Page 166: ...connector To access the network settings select the active NIC in the navigation tree and then view or edit the network settings on the following pages Network Summary Network General Settings IPv4 Settings IPv6 Settings SNTP Settings If you select the inactive NIC a message notifies you that iLO is not configured to use that NIC Viewing the network configuration summary Procedure Depending on you...

Page 167: ...g values are possible Enabled Stateless and Stateful DHCPv6 are enabled Enabled Stateless Only Stateless DHCPv6 is enabled Disabled DHCPv6 is disabled IPv6 Stateless Address Auto Configuration SLAAC Indicates whether SLAAC is enabled for IPv6 When SLAAC is disabled the SLAAC link local address for iLO is still configured because it is required Address list This table shows the currently configured...

Page 168: ...d IPv6 Settings pages To use a static domain name when the iLO Shared Network port is selected disable the Use DHCPv4 Supplied Domain Name setting on the IPv4 Settings page 5 To save the changes click Apply 6 If you are finished configuring the iLO network settings on the General IPv4 IPv6 and SNTP tabs click Reset to restart the iLO processor It might take several minutes before you can re establ...

Page 169: ...ck Apply 7 If you are finished configuring the iLO network settings on the General IPv4 IPv6 and SNTP tabs click Reset to restart iLO It might take several minutes before you can re establish a connection Link State values Choose from the following Link State values when you enable the iLO Dedicated Network Port Automatic default Enables iLO to negotiate the highest supported link speed and duplex...

Page 170: ...ed configuring the iLO network settings on the General IPv4 IPv6 and SNTP tabs click Reset to restart iLO It might take several minutes before you can re establish a connection After iLO resets the Shared Network Port is active Any network traffic going to or originating from iLO is directed through the Shared Network Port LOM or FlexibleLOM port iLO network port configuration options The iLO subs...

Page 171: ...t 10 100 speed when the server is powered off To avoid this issue Hewlett Packard Enterprise recommends configuring the switch that the iLO Shared Network Port is connected to for auto negotiation If the switch port that iLO is connected to is configured for 1Gb s some copper iLO Shared Network Port adapters might lose connectivity when the server is powered off Connectivity will return when the s...

Page 172: ...sed enter a domain name in the Domain Name box on the Network General Settings page Use DHCPv4 Supplied DNS Servers Specifies whether iLO uses the DHCP server supplied DNS server list If not enter the DNS server addresses in the Primary DNS Server Secondary DNS Server and Tertiary DNS Server boxes Use DHCPv4 Supplied Time Settings Specifies whether iLO uses the DHCPv4 supplied NTP service location...

Page 173: ...erver address Enable WINS Server Registration Enable or disable this option to specify whether iLO registers its name with a WINS server Static Route Configuration settings Static Route 1 Setting Static Route 2 Setting and Static Route 3 Setting The iLO static route destination mask and gateway addresses If Use DHCPv4 Supplied Static Routes is enabled these values are supplied automatically If not...

Page 174: ... this option if you want iLO to use IPv6 first Disable this option if you want iLO to use IPv4 first If communication fails using the first protocol iLO automatically tries the second protocol Enable Stateless Address Auto Configuration SLAAC Enable this option to configure iLO to create IPv6 addresses for itself from router advertisement messages iLO creates its own link local address even when t...

Page 175: ... to specify whether iLO registers its IPv6 address and name with a DNS server Static IPv6 Address Configuration settings Static IPv6 Address 1 Static IPv6 Address 2 Static IPv6 Address 3 and Static IPv6 Address 4 Enter up to four static IPv6 addresses and prefix lengths for iLO Do not enter link local addresses Status information is displayed for each address Static Default Gateway Enter a default...

Page 176: ...dia CLI RIBCL key import over an IPv6 connection Authentication using LDAP and Kerberos over IPv6 iLO Federation IPMI Configuring iLO SNTP settings Prerequisites Configure iLO Settings privilege At least one NTP server is available on your management network If you will use a DHCPv4 provided NTP service configuration DHCPv4 is enabled on the IPv4 tab If you will use a DHCPv6 provided NTP service c...

Page 177: ...e DHCPv4 Supplied Time Settings Configures iLO to use a DHCPv4 provided NTP server address Use DHCPv6 Supplied Time Settings Configures iLO to use a DHCPv6 provided NTP server address NTP time propagation setting The name of this setting differs depending on the server type Propagate NTP Time to Host Determines whether the server time is synchronized with the iLO time during the first POST after A...

Page 178: ...iant server blades only Frame Link Module Synergy compute modules Primary and secondary NTP server addresses can be configured manually or through DHCP servers If the primary server address cannot be contacted the secondary address is used DHCP NTP address selection When you use DHCP servers to provide NTP server addresses the iLO Client Applications use IPv6 first setting on the IPv6 page control...

Page 179: ...hared Network Port until network activity is detected An iLO reset occurs each time iLO switches between network ports for testing purposes CAUTION If any of the physical NICs are connected to an unsecured network unauthorized access attempts might occur when iLO is alternating between the iLO network ports Hewlett Packard Enterprise strongly recommends that whenever iLO is connected to any networ...

Page 180: ...hen reset iLO The change to NIC auto selection does not take effect until iLO is reset Configuring NIC failover Procedure 1 Configure iLO NIC auto selection 2 Do one of the following a Use the CLI command oemhp_nicfailover to configure NIC failover b To configure the NIC failover features add the ILO_NIC_FAIL_OVER tag to your MOD_NETWORK_SETTINGS script and run the script For more information see ...

Page 181: ...llowing Device Details iLO manufacturer and version information To start the iLO web interface click the Device webpage link Troubleshooting Information The serial number MAC address UUID and IP address Configuring iLO network settings 181 ...

Page 182: ...nect Register a supported device directly with Insight Online without the need to set up an Insight Remote Support centralized host server in your local environment Insight Online will be your primary interface for remote support information Insight Online is a Hewlett Packard Enterprise Support Center feature that enables you to view your remotely monitored devices anywhere anytime It provides a ...

Page 183: ...n a server is registered for remote support iLO collects Active Health System and server configuration information and then iLO or the Insight RS host server sends this information to Hewlett Packard Enterprise Active Health System information is sent every seven days and configuration information is sent every 30 days The following information is included Registration During server registration i...

Page 184: ...re service HPE Proactive Care service customers must register their servers for remote support to receive the following Proactive Care features Proactive Scan Report and Firmware and Software Version Report The direct connect and central connect remote support options require the installation of AMS Configurations that use the System Management Assistant are not supported For more information see ...

Page 185: ...Partner ID is the Location ID assigned to the Channel Partner during the partner registration process If you do not know a Channel Partner ID contact the partner to obtain that information 5 Obtain the iLO hostname or IP address and login credentials login name and password You can use any local or directory based user account that has the Configure iLO Settings privilege 6 Set up ProLiant servers...

Page 186: ...e optional Download AMS from the following websites Hewlett Packard Enterprise Support Center All supported OS except Ubuntu http www hpe com info hpesc Software Delivery Repository Ubuntu http www hpe com support SDR Linux Procedure 1 Install the server hardware 2 Connect iLO to the network 3 Use Intelligent Provisioning to perform the initial server setup tasks During this process you can config...

Page 187: ... the Time Zone value is incorrect Insight Online will display incorrect time stamps for events and data collections 8 Verify that a DNS server is configured in iLO By default iLO is set to use DHCP to configure DNS servers and other network settings The DNS server is required for communication between iLO and Insight Online Insight Online direct connect network requirements Insight Online direct c...

Page 188: ...r supports the ProLiant servers you want to register For more information see the following website http www hpe com support InsightRS Support Matrix b Use the Insight RS console to configure the RIBCL protocol for ProLiant servers that will be registered for Insight Remote Support central connect c Optional If you will use HPE SIM with Insight RS configure the HPE SIM adapter For more information...

Page 189: ...tings privilege You have an HPE Passport account For more information see http www hpe com info insightonline The server you want to register is not in use as an Insight RS host server Procedure 1 Complete step 1 of Insight Online direct connect registration in the iLO web interface 2 Complete step 2 of Insight Online direct connect registration in Insight Online 3 Confirm that registration is com...

Page 190: ...complete registration for up to 15 devices at a time 5 Enter site and support information on the Step 2 Provide site and support information page and then click Next 6 Do one of the following on the Step 3 Provide HPE Authorized Channel Partner information page If Hewlett Packard Enterprise supports your IT infrastructure accept the default settings If a Hewlett Packard Enterprise Authorized Chann...

Page 191: ...xy settings Insight Online direct connect only If the web proxy settings change after a server is registered for remote support update the settings to enable the server to continue sending data to Hewlett Packard Enterprise Procedure 1 Click Remote Support in the navigation tree The Registration page is displayed 2 Update the following settings as needed Web Proxy Server Enter the hostname or IP a...

Page 192: ...he navigation tree 2 Click Unregister 3 When prompted to confirm the request click OK iLO notifies you that the server is no longer registered Unregistering from Insight Remote Support central connect Procedure 1 Log in to the Insight RS Console 2 Do one of the following To stop monitoring a server temporarily select the server on the Devices Device Summary tab in the Insight RS Console and then s...

Page 193: ...ent cannot be sent after three attempts An SNMP trap cpqSm2IrsCommFailure 9020 is generated This SNMP trap is defined in the cpqsm2 mib file The failure is logged in the Service Event Log The failure is logged in the iLO Event Log The service event is recorded in the Active Health System Log A failure message is recorded in the Active Health System Log Using maintenance mode Use maintenance mode w...

Page 194: ...e based on the configured iLO time zone Viewing a test service event by using Insight Online Procedure 1 Navigate to the following website http www hpe com info insightonline 2 Log in with your HPE Passport credentials 3 To view a summary of the recorded service events click Service events Insight Online converts the service event Time Generated value to Coordinated Universal Time UTC 4 To view te...

Page 195: ...e status of the event submission If the status is No error the event was submitted successfully Destination For Insight Remote Support central connect configurations the host name or IP address and port of the Insight RS host server that received the service event For Insight Online direct connect configurations the value Insight Online is displayed Event Category The category of the event that ma...

Page 196: ...support You can also use this page to send data collection information to Hewlett Packard Enterprise manually when a device configuration changes and you do not want to wait for the next scheduled data collection transmission Data collection information Depending on your remote support configuration iLO or the Insight RS host server sends configuration information to Hewlett Packard Enterprise for...

Page 197: ...ata Collection 3 When prompted to confirm the request click OK When the transmission is completed the Last Data Collection Transmission and Last Data Collection Transmission Status are updated The date and time are based on the configured iLO time zone Sending Active Health System reporting information Prerequisites Configure iLO Settings privilege Procedure 1 Click Remote Support in the navigatio...

Page 198: ...eporting Frequency days Insight Online direct connect only The frequency at which Active Health System data is sent to Hewlett Packard Enterprise Last Active Health System Reporting Transmission The date and time of the last Active Health System report Last Active Health System Reporting Transmission Status The status of the last data transmission Next Active Health System Reporting Scheduled Insi...

Page 199: ... registration of a ProLiant server that is used as an Insight RS host server If you register an active host server for Insight Online direct connect all the devices monitored by that host server will be unable to communicate with Hewlett Packard Enterprise to receive remote support Use this procedure to stop using a ProLiant server as a host server unregister the server from Insight Remote Support...

Page 200: ...device from Insight Remote Support central connect For example you might have an Insight RS host server set to the local time in Paris France and an iLO system set to the local time in California If you unregister the device from Insight Remote Support central connect at 5 p m local time in Paris France you must wait until 5 p m local time in California to register the device for Insight Online di...

Page 201: ...mote Support central connect If you do not wait the re registered device will not be displayed in Insight Online if enabled 3 Register the device for Insight Remote Support central connect Managing remote support 201 ...

Page 202: ...s up to six directory groups More information Directory authentication and authorization on page 249 Adding local user accounts Prerequisites Administer User Accounts privilege Procedure 1 Click Administration in the navigation tree The User Administration tab is displayed 2 Click New 3 Enter the following details Login Name User Name New Password and Confirm Password 4 Select from the following p...

Page 203: ...age as needed Login Name User Name 4 To change the password click the Change password check box and then update the New Password and Confirm Password values 5 Select from the following privileges Login Remote Console Virtual Power and Reset Virtual Media Host BIOS Configure iLO Settings Administer User Accounts Host NIC Host Storage Recovery Set 6 To select all available user privileges click the ...

Page 204: ...eges apply to user accounts Login Enables a user to log in to iLO Remote Console Enables a user to access the host system Remote Console including video keyboard and mouse control Users with this privilege can access the BIOS and therefore might be able to perform host based BIOS iLO storage and network configuration tasks Virtual Power and Reset Enables a user to power cycle or reset the host sys...

Page 205: ...ailable through the UEFI System Utilities iLO 5 Configuration Utility Login and Recovery Set The Host BIOS Host NIC and Host Storage privileges do not affect configuration through host based utilities Password guidelines Hewlett Packard Enterprise recommends that you follow these password guidelines when you create and edit user accounts When working with passwords Do not write down or record pass...

Page 206: ... Any combination of privileges that does not meet the Operator level is an IPMI User Operator An operator can perform system actions but cannot configure iLO or manage user accounts For IPMI Operator privileges Enable Remote Console Access Virtual Power and Reset and Virtual Media Any combination of privileges greater than Operator that does not meet the Administrator level is an IPMI Operator Adm...

Page 207: ...owing privileges Login Remote Console Virtual Power and Reset Virtual Media Host BIOS Configure iLO Settings Administer User Accounts Host NIC Host Storage Recovery Set 5 To save the new directory group click Add Group Editing directory groups Prerequisites Configure iLO Settings privilege An iLO license that supports this feature is installed Procedure 1 Click Administration in the navigation tre...

Page 208: ...o the directory group that you want to delete 3 Click Delete 4 When prompted to confirm the request click OK Directory group options Each directory group includes a DN SID and account privileges For Kerberos login the SIDs of groups are compared to the SIDs for directory groups configured for iLO If a user is a member of multiple groups the user account is granted the privileges of all the groups ...

Page 209: ...Virtual Media feature on the host system Host BIOS Enables directory users to configure the host BIOS settings by using the UEFI System Utilities Configure iLO Settings Enables directory users to configure most iLO settings including security settings and to update the iLO firmware This privilege does not enable local user account administration After iLO is configured revoking this privilege from...

Page 210: ... when the server is in POST You cannot modify the boot order during POST If this error occurs wait for POST to finish and then try again Configuring the server boot mode Use the Boot Mode setting to define how the server looks for OS boot firmware You can select UEFI or the Legacy BIOS Prerequisites Configure iLO Settings privilege Procedure 1 Click Administration in the navigation tree and then c...

Page 211: ...type of media to boot on the next server reset without changing the predefined boot order The procedure to use depends on whether the server uses Legacy BIOS mode or UEFI mode Prerequisites Configure iLO Settings privilege Changing the one time boot status in Legacy BIOS mode Procedure 1 Click Administration in the navigation tree and then click the Boot Order tab 2 Select an option from the Selec...

Page 212: ...ist Embedded UEFI Shell When you select this option the server boots to an embedded shell environment that is separate from the UEFI System Utilities 3 If you selected UEFI Target in the Select One Time Boot Option list select a boot device from the Select UEFI Target Option list For example you might have a hard drive with two bootable partitions and you can use this option to select the bootable...

Page 213: ... in the navigation tree and then click the Licensing tab 2 Enter a license key in the Activation Key box To move between segments press the Tab key or click inside a segment of the Activation Key box The cursor advances automatically when you enter data into the segments of the Activation Key box 3 Click Install 4 The EULA confirmation opens The EULA details are available in the License Pack optio...

Page 214: ...enter Obtain access to software updates in the HPE Update Center Receive important product alerts Track your HPE product license keys in one place through the HPE licensing portal How do I register my iLO licenses 1 Locate the Entitlement Order Number EON on your License Entitlement Certificate or Licensing Confirmation Email 2 Enter the EON in the HPE Licensing Portal License key information For ...

Page 215: ...loyment user account that pre exists on the ESKM with administrator privileges For more information about the deployment user account see the HPE Smart Array Secure Encryption installation and user guide For information about HPE Smart Array Secure Encryption and ESKM see the HPE Smart Array Secure Encryption installation and user guide Configuring key manager servers Prerequisites Configure iLO S...

Page 216: ...O creates it If iLO is not a member of an ESKM Local Group it will try to create a group with the requested name If iLO is already a member of an ESKM Local Group it ignores the group entered in step 2 and uses the existing group assignment that is present on the ESKM Attempted group changes in iLO do not affect current key group permissions that are set on the ESKM If a new group assignment is ne...

Page 217: ...tion Each event is listed with a time stamp and description Clearing the ESKM log Prerequisites Configure iLO Settings privilege An iLO license that supports this feature is installed Procedure 1 Click Administration in the navigation tree and then click the Key Manager tab 2 Click Clear ESKM Log 3 When prompted to confirm the request click OK Language packs Language packs enable you to change the...

Page 218: ... an installed language pack Procedure Navigate to the login page and then select a language in the Language menu Click the Language icon at the top of any iLO web interface page and then select a language Click Administration in the navigation tree and then click the Language tab Click a language in the Installed Languages list Configuring the default language settings Use this procedure to config...

Page 219: ... the same computer using the same browser and you have not cleared the cookies the language setting of the last session with that iLO processor is used 2 If there is no cookie the current browser language is used if iLO supports it and the required language pack is installed 3 Internet Explorer only If the browser language is not supported then the OS language is used if iLO supports it and the re...

Page 220: ...5 days 6 Click Submit Firmware Verification scan options Enable Background Scan Enables or disables Firmware Verification scanning When enabled iLO scans the supported installed firmware for file corruption Integrity Failure Action Determines the action iLO takes when a problem is found during a Firmware Verification scan To log the results select Log Only To log the results and initiate a repair ...

Page 221: ...alth status Prerequisites An iLO license that supports this feature is installed Procedure Navigate to the Administration page and then click the Firmware Verification tab Firmware health status details Firmware Name The name of the installed firmware Firmware Version The firmware version Health The firmware health status State The firmware status The possible values follow Enabled The firmware is...

Page 222: ...configuration from a backup file after the reset to the factory default settings is complete Accidental or incorrect configuration change In some cases the iLO configuration might be changed incorrectly causing important settings to be lost This situation might occur if iLO is set to the factory default settings or user accounts are deleted To recover the original configuration restore the configu...

Page 223: ...ion tree and then click Backup Restore 2 Click Backup 3 Optional To password protect the backup file enter a password in the Backup file password box 4 Click Download The file is downloaded and this activity is recorded in the event log The file name uses the following format server serial number _ YYYYMMDD _ HHMM bak Restoring the iLO configuration Prerequisites Configure iLO Settings privilege A...

Page 224: ...e Administer iLO User Accounts privilege An iLO backup file exists The default iLO account credentials are available if you previously reset iLO to the factory default settings The iLO security state you want to use is configured When you configure the FIPS and SuiteB security states iLO is reset to the factory default settings If you do not configure these security states before performing a rest...

Page 225: ...ou do not use for example Remote Console or Virtual Media Use HTTPS for the Integrated Remote Console To configure this option enable the IRC requires a trusted certificate in iLO setting on the Remote Console Media page Security tab Key security features Configure iLO security features on the following web interface pages Access Settings Enable or disable iLO interfaces and features Customize the...

Page 226: ...n modify iLO access settings including service settings and access options The values you enter on the Access Settings page apply to all iLO users The default access settings values are suitable for most environments The values you can modify on the Access Settings page allow customization of the iLO external access methods for specialized environments You can configure the following iLO security ...

Page 227: ...listen for communication on the Web Server Non SSL Port or the Web Server SSL port The following features will not work when the web server is disabled RIBCL iLO RESTful API remote console iLO Federation and the iLO web interface When Web Server is disabled the ports configured for the Web Server Non SSL Port HTTP and Web Server SSL Port HTTPS are not detected in a security audit that uses a port ...

Page 228: ...fault SNMP trap port is 162 for SNMP alerts or traps If you customize the SNMP Trap Port some SNMP monitoring applications might not work correctly with iLO unless those applications support the use of a nonstandard SNMP trap port To use SNMP v3 with HPE SIM 7 2 or later change the SNMP Trap Port value to 50005 IPMI DCMI over LAN Allows you to send industry standard IPMI and DCMI commands over the...

Page 229: ...also results in an idle connection The iLO firmware supports a finite number of connections Misuse of the Infinite timeout option might make iLO inaccessible to other users Idle connections are recycled after they expire This setting applies to local and directory users Directory server timeout settings might pre empt the iLO setting Changes to the setting might not take effect immediately in curr...

Page 230: ...s the iLO configuration options in the UEFI System Utilities When this setting is disabled default login is not required when a user accesses the iLO configuration options in the UEFI System Utilities When this setting is enabled a login dialog box opens when a user accesses the iLO configuration options in the UEFI System Utilities When the FIPS and SuiteB security states are enabled iLO displays...

Page 231: ...Line Interface Speed Enables you to change the speed of the serial port for the CLI feature The following speeds in bits per second are valid 9600 default For Synergy compute modules only Ensure that this value is set to 9600 If you use another value you cannot access the Serial Command Line Interface from the Synergy Console and Composer CLI 19200 38400 The iLO configuration options in the UEFI S...

Page 232: ...ber of failed login attempts that are allowed before iLO imposes a login delay The following values are valid 1 3 5 or every failed login attempt The default setting is 1 which means that a login delay is not imposed until the second failed login attempt iLO login with an SSH client When you log in to iLO with an SSH client the number of displayed login prompts matches the value of the Authenticat...

Page 233: ...Port status You can also retrieve the Service Port status by using a REST client and the iLO RESTful API You cannot use the Service Port to boot any device within the server or the server itself You cannot access the server by connecting to the Service Port You cannot access the connected device from the server Downloading the Active Health System Log through the iLO Service Port Prerequisites The...

Page 234: ...ect a client to the Service Port the USB port labeled iLO on the front of the server The client NIC is assigned a link local address This process might take several seconds 2 Connect to iLO through a browser the CLI or a scripting utility by using the following IPv4 address 169 254 1 2 The same IP address is used when you connect a client to any server through the Service Port You cannot change th...

Page 235: ...ives when data is being copied the data might be corrupted If you insert a USB flash drive in the iLO Service Port when this setting is disabled the device is ignored Require authentication Requires you to enter an iLO user name and password in the command txt file when you use the iLO Service Port to download the Active Health System Log The default setting is disabled User credentials are not re...

Page 236: ...tility such as Microsoft DiskPart to delete and recreate the partition Not read protected Not bootable Mass storage devices are not supported on servers that do not have a NAND USB Ethernet adapters The iLO Service Port supports USB Ethernet adapters that contain one of the following chips by ASIX Electronics Corporation AX88772 AX88772A AX88772B AX88772C Hewlett Packard Enterprise recommends the ...

Page 237: ... be up to 255 characters long company optional The company that owns this server If you enter this value it is included in the downloaded file This value can be up to 255 characters long phone optional The phone number of a contact person for this server If you enter this value it is included in the downloaded file This value can be up to 39 characters long email optional The email address of a co...

Page 238: ... bit DSA or RSA key by using ssh keygen puttygen exe or another SSH key utility ECDSA 384 bit keys that use the NIST P 384 curve are required when iLO is configured to use the SuiteB security state 2 Create the key pub file 3 Click Security in the navigation tree and then click the Secure Shell Key tab 4 Select the check box to the left of the user to which you want to add an SSH key 5 Click Autho...

Page 239: ...ounts When an SSH key is deleted from iLO an SSH client cannot authenticate to iLO by using the corresponding private key Prerequisites Administer User Accounts privilege Procedure 1 Click Security in the navigation tree and then click the Secure Shell Key tab 2 In the Authorized SSH Keys list select the check box to the left of one or more user accounts 3 Click Delete Selected Key s The selected ...

Page 240: ...e key and has the same privileges The iLO firmware provides storage to accommodate SSH keys that have a length of 1 366 bytes or less If the key is larger than 1 366 bytes the authorization might fail If a failure occurs use the SSH client software to generate a shorter key If you use the iLO web interface to enter the public key you select the user associated with the public key If you use the iL...

Page 241: ...ser account in the iLO web interface Upload and associate your smartcard certificate with your account by using the controls on the Certificate Mappings page CAC authentication with LDAP directory support uses a service account to authenticate to the directory service and the user account must be present in the same domain as the configured directory server Additionally the user account must be a ...

Page 242: ...er certificate will be used to identify your directory user account 5 To save the Authentication Options and Directory User Certificate Name Mapping setting click the Apply button 6 Optional To import a Certificate Revocation List CRL enter a URL in the Revocation List URL box and then click Apply This step allows you to invalidate previously issued certificates that have been revoked The CRL size...

Page 243: ... distinguished name as the user name when searching for the user in the directory service For example a distinguished name appears as follows cn test user ou users dc domain dc com Use Certificate SAN RFC822 Name Uses the first SAN field of type rfc822Name which contains an email address as the username For example rfc822Name testuser domain com produces testuser domain com as the username Managin...

Page 244: ...hat have been revoked import a CRL Prerequisites Configure iLO Settings privilege An iLO license that supports this feature is installed Procedure 1 Click Security in the navigation tree and then click the CAC Smartcard tab 2 Type or paste a URL in the Import Revocation List section The CRL size limit is 100 KB and the CRL must be in DER format 3 Click Apply The CRL is added to the Certificate Rev...

Page 245: ...security state CAC Smartcard Authentication is enabled on the CAC Smartcard tab An iLO license that supports this feature is installed Procedure 1 Click Security in the navigation tree and then click the Certificate Mappings tab iLO displays a list of local user accounts with their associated SHA 256 certificate thumbprints 2 Select a user account by clicking the check box next to the Login Name 3...

Page 246: ... acts as its own CA By default iLO creates a self signed certificate for use in SSL connections This certificate enables iLO to work without additional configuration steps IMPORTANT Using a self signed certificate is less secure than importing a trusted certificate Hewlett Packard Enterprise recommends importing a trusted certificate to protect the iLO user credentials Viewing SSL certificate info...

Page 247: ...me CN 4 If you want the iLO IP addresses included in the CSR select the include iLO IP Address es check box This option is disabled by default because some CAs cannot accept this input When this option is enabled the iLO IP addresses will be included in the CSR Subject Alternative Name SAN extension 5 Click Generate CSR A message notifies you that a CSR is being generated and that the process migh...

Page 248: ...s this iLO subsystem is located City or Locality L The city or locality where the company or organization that owns this iLO subsystem is located Organization Name O The name of the company or organization that owns this iLO subsystem Organizational Unit OU Optional The unit within the company or organization that owns this iLO subsystem Common Name CN The FQDN of this iLO subsystem The FQDN is en...

Page 249: ... settings is one step in the process of configuring iLO to use a directory or Kerberos authentication Prerequisites for configuring authentication and directory server settings Procedure 1 Verify that your iLO user account has the Configure iLO Settings privilege 2 Install an iLO license that supports this feature 3 Configure your environment to support Kerberos authentication or directory integra...

Page 250: ...le Configuring schema free directory settings in iLO Prerequisites Your environment meets the prerequisites for using this feature Procedure 1 Click Security in the navigation tree and then click the Directory tab 2 Select Use Directory Default Schema from the LDAP Directory Authentication menu 3 Set Local User Accounts to enabled if you want to use local user accounts at the same time as director...

Page 251: ...ect DN when iLO accesses the directory server iLO Object Password Specifies the CAC LDAP service account password when CAC Smartcard authentication is configured and used with the schema free directory option Directory Server Address Specifies the network DNS name or IP address of the directory server The directory server address can be up to 127 characters If you enter the FQDN ensure that the DN...

Page 252: ...place an existing CA certificate a Click View in the Certificate Status text box b Click New in the Certificate Details window c Paste the Base64 encoded X 509 certificate data into the Import Certificate window and then click Import 9 Enter valid search contexts in one or more of the Directory User Context boxes 10 Click Apply Settings 11 To test the communication between the directory server and...

Page 253: ...unning directory tests on page 254 iLO directory groups on page 206 Directory user contexts You can identify the objects listed in a directory by using unique DNs However DNs can be long users might not know their DNs or users might have accounts in different directory contexts When you use user contexts iLO attempts to contact the directory service by DN and then applies the search contexts in or...

Page 254: ... if iLO cannot communicate with the directory server Access through local user accounts is enabled when directory support is disabled or an iLO license is revoked Running directory tests Directory tests enable you to validate the configured directory settings The directory test results are reset when directory settings are saved or when the directory tests are started Procedure 1 Click Security in...

Page 255: ...ly being performed in the background Click Stop Test to cancel the current tests or click Refresh to update the contents of the page with the latest results Using the Stop Test button might not stop the tests immediately Not Running Indicates that directory tests are current and that you can supply new parameters to run the tests again Use the Start Test button to start the tests and use the curre...

Page 256: ...ormat and queries the configured DNS server If the test is successful iLO obtained an IP address for the configured directory server If iLO cannot obtain an IP address for the directory server this test and all subsequent tests fail If the directory server is configured with an IP address iLO skips this test Ping Directory Server iLO initiates a ping to the configured directory server The test is ...

Page 257: ...t by using the administrator credentials to search for the container in the directory User login is the only way that you can test contexts that begin with the symbol A failure indicates that the container could not be located LOM Object Exists This test searches for the iLO object in the directory server by using the LOM Object Distinguished Name configured on the Security Directory page If the t...

Page 258: ...available Prerequisites Configure iLO Settings privilege If you plan to enable the optional SuiteB security state an iLO license that supports this feature is installed The default iLO user credentials are available Procedure 1 Optional Capture the current iLO configuration by using the iLO backup feature or HPONCFG For more information see iLO backup and restore or the iLO scripting and CLI guide...

Page 259: ... HPONCFG and you must have the following user privileges Login Configure iLO Settings and Administer User Accounts HPONCFG for Windows is not supported when iLO is configured to use the SuiteB security state For more information see iLO backup and restore or the iLO scripting and CLI guide 10 Optional If you restored the configuration set new passwords for local iLO user accounts and confirm that ...

Page 260: ...use the FIPS security state in iLO see Enabling the FIPS and SuiteB security states on page 258 It is important to decide if a FIPS validated version of iLO is required for your environment or if running iLO with the FIPS security state enabled will suffice Because of the lengthy validation process a FIPS validated version of iLO might have been superseded by a nonvalidated version with new featur...

Page 261: ...sing RIBCL scripts the iLO RESTful API or the iLO 5 Configuration Utility CAUTION When you reset iLO to the factory default settings all iLO settings are erased including user data license data configuration settings and logs If the server has a factory installed license key the license key is retained Events related to the reset are not logged to the iLO Event Log and Integrated Management Log be...

Page 262: ...actors The FIPS security state is not the same as FIPS validated FIPS validated refers to software that received validation by completing the Cryptographic Module Validation Program For more information see Configuring a FIPS validated environment with iLO on page 260 iLO enforces the use of AES ciphers over the secure channels including secure HTTP transmissions through the browser SSH port iLO R...

Page 263: ...CM MACs SuiteB AEAD_AES_256_GCM and AES256 GCM ciphers ecdh sha2 nistp384 key exchange AEAD_AES_256_GCM MAC SSL cipher and MAC support iLO provides enhanced security for remote management in distributed IT environments SSL encryption protects web browser data Encryption of HTTP data provided by SSL ensures that the data is secure as it is transmitted across the network When you log in to iLO throu...

Page 264: ...A 168 bit 3DES with RSA ECDH and a SHA1 MAC ECDHE RSA DES CBC3 SHA 168 bit 3DES with RSA DH and a SHA1 MAC EDH RSA DES CBC3 SHA 168 bit 3DES with RSA and a SHA1 MAC DES CBC3 SHA FIPS or HighSecurity TLS 1 2 is required for these security states 256 bit AES GCM with RSA ECDH and an AEAD MAC ECDHE RSA AES256 GCM SHA384 256 bit AES with RSA ECDH and a SHA384 MAC ECDHE RSA AES256 SHA384 256 bit AES GC...

Page 265: ...he SSO Trust Mode setting Hewlett Packard Enterprise recommends using the Trust by Certificate mode 3 Configure iLO privileges for each role in the Single Sign On Settings section 4 To save the SSO settings click Apply 5 If you selected Trust by Certificate or Trust by Name add the trusted certificate or DNS name to iLO For instructions see Adding trusted certificates on page 266 or Importing a di...

Page 266: ...application SSO user privileges When you log in to an HPE SSO compliant application you are authorized based on your HPE SSO compliant application role assignment The role assignment is passed to iLO when SSO is attempted SSO attempts to receive only the privileges assigned in the Single Sign On Settings section iLO directory settings do not apply The default privilege settings follow User Login o...

Page 267: ...s HPE SIM 7 4 or later Procedure Enter one of the following links in a web browser http HPE SIM name or network address 280 GetCertificate certtype sso https HPE SIM name or network address 50000 GetCertificate certtype sso All request parameters are case sensitive If you capitalize the lowercase certtype parameter the parameter will not be read and HPE SIM will return the default HPE SIM certific...

Page 268: ...ses or DNS names are valid Trust None SSO disabled is selected The certificate is not compliant with the configured iLO security state The certificate or record is not valid Possible reasons follow The certificate is out of date Check the certificate details for more information The iLO clock is not set or is set incorrectly The iLO clock must be in the certificate Valid from and Valid until range...

Page 269: ...e counter above the text box indicates the remaining number of bytes allowed for the message The maximum is 1 500 bytes TIP To restore the default text click Use Default Message 4 Click Apply The security message is displayed at the next login iLO security with the system maintenance switch The iLO security setting on the system maintenance switch provides emergency access to an administrator who ...

Page 270: ...and you disable iLO security All security authorization verifications are disabled If the host server is reset the ROM based configuration utility runs iLO is not disabled and might be displayed on the network as configured If iLO functionality is disabled iLO does not log out active users and complete the disable process until the power is cycled on the server A warning message is displayed on iL...

Page 271: ...rovided when AMS is installed Server health Fans Temperatures Power supplies Memory CPU NVDIMM N A Storage Smart Array SMART Drive Monitoring connected to Smart Array Internal and external drives connected to Smart Array Smart Storage battery monitoring supported servers only SMART Drive Monitoring connected to Smart Array Smart HBA and AHCI iSCSI Windows NVMe drives Network MAC addresses for embe...

Page 272: ...Service Control Panel is installed You can use the Control Panel to configure SNMP settings to enable or disable AMS and to remove AMS AMS writes operating system configuration information and critical events to the Active Health System Log Install the iLO Channel Interface Driver before installing AMS With iLO 5 AMS includes the optional System Management Assistant You can use the System Manageme...

Page 273: ... hpe com support SDR Linux 2 Install the software For instructions on using the SPP see the SPP documentation at http www hpe com info spp documentation For other download types follow the installation instructions provided with the software Verifying AMS installation Verifying AMS status iLO web interface Procedure 1 Click System Information in the navigation tree AMS is listed in the Subsystems ...

Page 274: ... Software Components The software installed on the host is listed The AMS component includes the string amsd The full name of the AMS component is different for each supported version of ESX ESXi 2 To verify that AMS is running enter the following command etc init d ams sh status Verifying AMS status Ubuntu Procedure 1 To verify that AMS is installed enter the following command dpkg l amsd 2 To ve...

Page 275: ...tion is passed from iLO to the OS Installation SMA is installed as part of the AMS package and it is disabled by default Enabling SMA Windows Use the default AMS configuration to pass information from the OS to iLO Enable SMA to pass information from iLO to the OS The standard configuration of AMS and SMA can be enabled at the same time Linux and VMware Use the default AMS configuration to pass in...

Page 276: ...anager b Select Add roles and features c Click Next in the Before You Begin section d Click Next in Installation Type section e Click Next in Server Selection section f Click Next in Server Roles section g Expand the Remote Server Administration section h Expand Feature Administration Tools i Ensure that SNMP Tools is selected j Select the check box to the left of the SNMP Service option k Click N...

Page 277: ...g command EnableSma bat f Entering the following commands in a command prompt window sc config sma start auto and net start sma Disabling the System Management Assistant Windows Procedure 1 Navigate to the Windows Services window 2 Right click the System Management Assistant and then select Properties 3 Select Disabled in the Startup type menu and then click OK 4 Right click the System Management ...

Page 278: ... configured to pass SNMP packets between the host and the SNMP clients Procedure 1 Configure the host to support AgentX subagents by adding the following line as the first noncomment line in the etc snmp snmpd conf file master agentx 2 Enable the System Management Assistant SuSE Linux Enterprise Server 12 and Red Hat Enterprise Linux 7 Enter the following command systemctl enable smad_rev systemct...

Page 279: ...must be configured on the host Prerequisites Configure iLO Settings privilege Procedure 1 Click Management in the navigation tree The SNMP Settings page is displayed 2 Enter the following values in the SNMP Settings section System Location System Contact System Role System Role Detail Read Community Trap Community SNMP Alert Destination s The SNMP Port value is read only on this page You can chang...

Page 280: ...pecified by the iLO Client Applications use IPv6 first setting on the IPv6 page If iLO Client Applications use IPv6 first is enabled traps will be sent to IPv6 addresses when available When iLO Client Applications use IPv6 first is disabled traps will be sent to IPv4 addresses when available SNMP Port The port used for SNMP communications This value is read only but can be modified on the Access S...

Page 281: ...eric string of 1 to 32 characters Authentication Protocol Sets the message digest algorithm to use for encoding the authorization passphrase The message digest is calculated over an appropriate portion of an SNMP message and is included as part of the message sent to the recipient Select MD5 or SHA Authentication Passphrase Sets the passphrase to use for sign operations Enter a value of 8 to 49 ch...

Page 282: ... value must be a hexadecimal string of 6 to 32 characters not counting the preceding 0x and must be an even number of characters for example 0x01020304abcdef 3 Click Apply Configuring SNMP alerts Prerequisites Configure iLO Settings privilege Procedure 1 Click Management in the navigation tree The SNMP Settings page is displayed 2 Scroll to the SNMP Alerts section 3 Configure the Trap Source Ident...

Page 283: ...ption is enabled and no valid trap destinations are configured Cold Start Trap is broadcast to a subnet broadcast address The Cold Start Trap is broadcast when any of the following conditions is met SNMP Alert Destinations are not configured iLO failed to resolve all the SNMP Alert Destinations to IP addresses The subnet broadcast address for an IPv4 host is obtained by performing a bitwise logica...

Page 284: ...SeUSBStorageDeviceReadErrorOccurred A read error occurred on an attached USB storage device 1011 cpqSeUSBStorageDeviceWriteErrorOccurred A write error occurred on an attached USB storage device 1012 cpqSeUSBStorageDeviceRedundancyLost USB storage device redundancy was lost 1013 cpqSeUSBStorageDeviceRedundancyRestored USB storage device redundancy was restored 1014 cpqSeUSBStorageDeviceSyncFailed T...

Page 285: ...DataTrap The Smart Array cache module has lost backup power 3040 cpqDa6AccelBatteryFailed The Smart Array cache module backup power has failed 3046 cpqDa7PhyDrvStatusChange A change has been detected in the status of a Smart Array physical drive 3047 cpqDa7SpareStatusChange A change has been detected in the status of a Smart Array spare drive 3049 cpqDaPhyDrvSSDWearStatusChange A change has been d...

Page 286: ...ding on the system configuration this system might be shut down 6042 cpqHe3TemperatureOk The temperature status has been set to OK 6048 cpqHe4FltTolPowerSupplyOk The fault tolerant power supply condition has been reset to OK 6049 cpqHe4FltTolPowerSupplyDegraded The fault tolerant power supply condition has been set to Degraded 6050 cpqHe4FltTolPowerSupplyFailed The fault tolerant power supply cond...

Page 287: ... cannot be identified 6074 cpqHePowerFailureError A device power failure has been detected 6075 cpqHeInterlockFailureError A device is missing or improperly seated on the system board 8029 cpqSs6FanStatusChange The storage enclosure fan status changed 8030 cpqSs6TempStatusChange The storage enclosure temperature status changed 8031 cpqSs6PwrSupplyStatusChange The storage enclosure power status cha...

Page 288: ... Firmware recovery failed 11003 cpqHo2GenericTrap Generic trap Verifies that the SNMP configuration client SNMP console and network are operating correctly You can use the iLO web interface to generate this alert to verify receipt of the alert on the SNMP console 11018 cpqHo2PowerThresholdTrap A power threshold has been exceeded 11020 cpqHoMibHealthStatusArrayChangeTrap A change in the health stat...

Page 289: ...te Insight Integrated Lights Out cpqide mib IDE subsystem cpqscsi mib SCSI system cpqiscsi mib iSCSI system cpqnic mib System NIC cpqstsys mib Storage systems cpqstdeq mib Server standard equipment cpqfca mib Fibre Channel array cpqsinfo mib System Information cpqstsys mib Smart Array storage iLO AlertMail iLO AlertMail enables you to configure iLO to send alert conditions detected independently o...

Page 290: ... can be up to 63 characters and must be in standard email address format You can enter multiple email addresses separated by a semicolon Sender Domain The domain name specified in the sender From email address The sender email address is formed by using the iLO name as the host name and the sender domain as the domain name This string can be up to 63 characters SMTP Port The port that the SMTP ser...

Page 291: ...yslog server click Send Test Syslog This button is available only when iLO Remote Syslog is enabled 5 To save the changes click Apply Remote syslog options Remote Syslog Server The IP address FQDN IPv6 name or short name of the server running the Syslog service To enter multiple servers separate the server IP address FQDN IPv6 name or short name with a semicolon You can enter up to 63 characters p...

Page 292: ...ts this feature is installed Configure iLO Settings privilege Procedure 1 Click Management in the navigation tree and then click the Remote Syslog tab 2 Set the Enable iLO Remote Syslog option to disabled 3 To save the changes click Apply 292 Disabling iLO Remote Syslog ...

Page 293: ...ess of the active OA System Health The health of the active OA as reported by the OA A value of unknown means that the OA health has not been reported to iLO Blade location The location enclosure bay of the blade that is hosting the current iLO session Enclosure name The enclosure that the active OA is managing You can change this value through the OA Rack name The rack that contains the enclosure...

Page 294: ...n Starts the iLO web interface Integrated Remote Console Starts the NET IRC Remote Console Starts the Java IRC Clicking a link on this page opens the requested iLO session in a new window that uses SSO which does not require an iLO user name or password If your browser settings prevent new windows from opening these links do not work correctly Viewing frame information Procedure 1 Click Synergy Fr...

Page 295: ...umber of the server in the frame Frame serial number The frame serial number Frame unique ID UUID The frame UUID Toggling the frame UID LED The UID LED status on this page updates automatically with a maximum delay of 30 seconds when the UID LED status changes To update the status immediately refresh the page Procedure To change the state of the frame UID LED click the frame UID icon in the frame ...

Page 296: ...for a value N A is displayed Bay The chassis power supply bay number Present Indicates whether a power supply is installed The possible values are OK and Not Installed Status The status of the power supply The displayed value includes a status icon OK Degraded Failed or Other and text that provides more information The possible values follow Unknown Good In Use Good Standby General Failure Over Vo...

Page 297: ... the power supply watts Firmware The installed power supply firmware Intelligent PDU details The Intelligent Power Distribution Units section is displayed only if the chassis power supplies are connected to an iPDU After iLO is reset or when an iPDU is attached it takes approximately 2 minutes for the iLO web interface to display the Intelligent Power Distribution Units table This delay is due to ...

Page 298: ... Status The battery status The possible values are OK Degraded Failed or Other Model The battery model number Spare The part number of the spare battery Serial Number The battery serial number Capacity The battery capacity Firmware The installed battery firmware version 298 Working with enclosures frames and chassis ...

Page 299: ...n iLO is under the control of a remote management tool use the following procedure to start the remote manager user interface from iLO Procedure 1 Click Remote Management Tool Name in the navigation tree 2 Click Launch The remote management tool starts in a separate browser window Deleting a remote manager configuration If you discontinue the use of a remote management tool in your network you can...

Page 300: ... best performance when using HPE OneView with iLO 5 Hewlett Packard Enterprise recommends that you do not delete or change these settings by using the iLO web interface Changing the device configuration from the iLO firmware could cause it to become out of synchronization with HPE OneView Server signatures Synergy compute modules only When HPE OneView manages a Synergy compute module iLO generates...

Page 301: ...e provides server management based on the IPMI version 2 0 specification which defines the following Monitoring of system information such as fans temperatures and power supplies Recovery capabilities such as system resets and power on off operations Logging capabilities for abnormal events such as over temperature readings or fan failures Inventory capabilities such as identification of failed ha...

Page 302: ...stem health Do not issue any IPMI commands through the KCS interface that might have a negative effect on health driver monitoring This restriction includes any command that sets or changes IPMI parameters such as Set Watchdog Timer and Set BMC Global Enabled Any IPMI command that simply returns data is safe to use such as Get Device ID and Get Sensor Reading Advanced IPMI tool usage on Linux The ...

Page 303: ...dd HPE SIM trusted servers 2 Log in to the HPE SIM server that you specified in the previous step and discover the iLO processor 3 After you complete the discovery process SSO is enabled for iLO For more information about HPE SIM discovery tasks see the HPE SIM user guide iLO identification and association HPE SIM can identify an iLO processor and create an association between iLO and a server You...

Page 304: ...O as a managed device for HPE SIM This configuration enables the NIC interface on iLO to function as a dedicated management port isolating management traffic from the NIC interface for the remote host server For instructions see the HPE SIM user guide For major events that are not cleared iLO traps appear in All Events To obtain more information about the event click Event Type Configuring iLO and...

Page 305: ...vers and the performance of Remote Console operations regardless of the state of the OS or hardware The deployment server enables you to use the power management features of iLO to power on power off or cycle power on the target server Each time a server connects to the deployment server the deployment server polls the target server to verify that an iLO device is installed If installed the server...

Page 306: ...actor authentication see the server operating system documentation Configuring Kerberos authentication Procedure 1 Configure the iLO host name and domain name 2 Install an iLO license to enable Kerberos Authentication 3 Prepare the domain controller for Kerberos support 4 Generate a Kerberos keytab file 5 Verify that your environment meets the Kerberos authentication time requirement 6 Configure K...

Page 307: ...s realm name is usually the domain name converted to uppercase letters Procedure 1 Create and enable computer accounts in the domain directory for each iLO system Create the user account in the Active Directory Users and Computers snap in For example iLO hostname myilo Parent domain name somedomain net iLO domain name fully qualified myilo somedomain net 2 Ensure that a user account exists in the ...

Page 308: ... instance KRB5_NT_SRV_HST type princ principal name Specifies the case sensitive principal name For example HTTP myilo somedomain net SOMEDOMAIN net The service type must use uppercase letters HTTP The iLO hostname must use lowercase letters myilo somedomain net The REALM name must use uppercase letters SOMEDOMAIN NET mapuser user account Maps the principal name to the iLO system domain account ou...

Page 309: ...etspn Syntax Setspn options Description The Setspn command displays modifies and deletes SPNs Parameters A SPN Specifies an SPN to add L Lists the current SPN for a system Example command SetSPN A HTTP myilo somedomain net myilo The SPN components are case sensitive The primary service type must be in uppercase letters for example HTTP The instance iLO hostname must be in lowercase letters for exa...

Page 310: ...do not support Kerberos login The procedures in this section enable login if Active Directory is configured correctly for iLO and iLO is configured correctly for Kerberos login Enabling single sign on in Internet Explorer The following procedure is based on Internet Explorer 11 Other browser versions might have different steps Procedure 1 Enable authentication in Internet Explorer a Select Tools I...

Page 311: ...f any options were changed in steps 1 3 close and restart Internet Explorer 5 Verify the single sign on configuration Enabling single sign on in Firefox Procedure 1 Enter about config in the browser location bar to open the browser configuration page The message This might void your warranty might be displayed 2 If the message This might void your warranty appeared click I accept the risk button 3...

Page 312: ...ol and associate them with users or user groups A change to a single role applies to all users and iLO devices associated with that role Single point of administration HPE Extended Schema configuration You can use native administration tools like MMC to administer iLO users Immediacy A single change in the directory rolls out immediately to associated iLO processors This feature eliminates the nee...

Page 313: ...uestions choose from the following options No Deploy an instance of the schema free directory integration to evaluate whether this method meets your policy and procedural requirements If necessary you can deploy an HPE Extended Schema configuration later Yes Use the HPE Extended Schema configuration Schema free directory authentication When you use the schema free directory authentication option u...

Page 314: ...up as long as the intended iLO users are group members Better login flexibility With this configuration you can log in to iLO by entering your login name and password You must be a member of a group that iLO recognizes At login time the login name and user context are combined to make the user DN To use this configuration enter the minimum login flexibility settings and at least one directory user...

Page 315: ...nother group to create a nested group In a schema free configuration users who are indirect members a member of a group that is a nested group of the primary group are allowed to log in to iLO Nested groups are not supported when you use CAC Smartcard authentication HPE Extended Schema directory authentication Using the HPE Extended Schema directory authentication option enables you to do the foll...

Page 316: ...oftware 4 Manage roles and objects a Use the snap ins to create a management device object and a role object b Assign rights to the role object as necessary and associate the role with the management device object c Add users to the role object 5 Handle exceptions The iLO utilities are easier to use with a single role If you plan to create multiple roles in the directory you might need to use dire...

Page 317: ...the NET Framework 3 5 or later on the target server The NET Framework 3 5 or later is used to install the Directories Support for ProLiant Management Processors software 3 Double click the downloaded EXE file 4 Click Next 5 Select I accept the terms in the license agreement and then click Next 6 In the Directories Support window click Schema Extender to install the schema extender software a In th...

Page 318: ...troller that hosts Windows Server Core For security and performance reasons Windows Server Core does not use a GUI To use the schema installer you must install a GUI on the domain controller or use a domain controller that hosts an earlier version of Windows Snap ins x86 or Snap ins x64 The management snap in installer installs the snap ins required to manage iLO objects in a Microsoft Active Dire...

Page 319: ...window and then click Next 4 In the Schema Preview window click Next 5 In the Setup window enter the following details Directory server type name and port Directory login information and SSL preference The Results window displays the results of the installation including whether the schema could be extended and what attributes were changed Schema Extender required information Directory Server Type...

Page 320: ...ory service User management of iLO requires the following basic objects in the directory service Lights Out Management object Role object User objects Each object represents a device user or relationship that is required for directory based management After the snap ins are installed iLO objects and iLO roles can be created in the directory By using the Active Directory Users and Computers tool th...

Page 321: ... an existing device and clicking Remove removes the device from the list of valid member devices Members tab After user objects are created this tab enables you to manage the users within the role Clicking Add enables you to navigate to the user you want to add Highlighting an existing user and clicking Remove removes the user from the list of valid members Kerberos authentication and Directory se...

Page 322: ...s at all times IP network address restrictions including IP mask IP range and DNS name Lights Out Management tab After you create a role use this tab to select rights for the role You can make users and group objects members of the role giving the users or group of users the rights granted by the role User rights to any iLO system are calculated as the sum of all rights assigned by all roles in wh...

Page 323: ...r settings NOTE The System Recovery Host NIC Host Storage and Host BIOS privileges are not available in the Schema Extender Setting a client IP address or DNS name restriction Procedure 1 From the By Default list on the Role Restrictions tab select whether to Grant or Deny access from all addresses except the specified IP addresses IP address ranges and DNS names 2 Select one of the following rest...

Page 324: ...ent requires this software The LDAP component does not work with a Windows Server Core installation 4 Install the latest Directories Support for ProLiant Management Processors software 5 Extend the schema by using the Schema Extender 6 Install the Hewlett Packard Enterprise LDAP component snap ins 7 Create the Hewlett Packard Enterprise device and role 8 Log in to iLO and enter the directory setti...

Page 325: ...terprise devices in an enterprise directory with the domain testdomain local This domain consists of two organizational units Roles and iLOs The steps in this section are completed by using the Hewlett Packard Enterprise provided Active Directory Users and Computers snap ins For more information about using the Active Directory snap ins see Managing roles and objects with the Active Directory snap...

Page 326: ...ick the remoteAdmins role in the Roles organizational unit in the testdomain local domain and then select Properties 2 In the remoteAdmins Properties dialog box click the HP Devices tab and then click Add 3 In the Select Users dialog box enter the Lights Out Management object rib email server in folder testdomain local iLOs 4 Click OK 5 Click Apply 6 Click the Members tab and add users by using th...

Page 327: ...Configure Lights Out management devices Every LOM device that uses the directory service to authenticate and authorize users must be configured with the appropriate directory settings In general you can configure each device with the appropriate directory server address LOM object DN and user contexts The server address is the IP address or DNS name of a local directory server or for more redundan...

Page 328: ...base role users For example an organization might have two types of users Administrators of the LOM device or host server and users of the LOM device In this situation it makes sense to create two roles one for the administrators and one for the users Both roles include some of the same devices but grant different rights Sometimes it is useful to assign generic rights to the lesser role and includ...

Page 329: ... proxy server When a user logs in to a LOM device as a directory user the LOM device attempts authentication to the directory as that user which means that address restrictions placed on the user account apply when the user accesses the LOM device When a proxy server is used the network address of the authentication attempt is that of the LOM device not that of the client workstation IPv4 address ...

Page 330: ...S based address restrictions consider your organizational security policies User time restrictions Time restrictions limit the ability of a user to log in authenticate to the directory Typically time restrictions are enforced using the time at the directory server If the directory server is located in a different time zone or if a replica in a different time zone is accessed time zone information ...

Page 331: ...ge when access is attempted across firewalls or through network proxies Either of these mechanisms can change the apparent network address of the client causing the address restrictions to be enforced in an unexpected manner Multiple restrictions and roles The most useful application of multiple roles is restricting one or more roles so that rights do not apply in all situations Other roles provid...

Page 332: ...g large numbers of LOM objects for Kerberos authentication and directory services is time consuming You can use the following utilities to configure several LOM objects at a time Directories Support for ProLiant Management Processors This software includes a GUI that provides a step by step approach to configuring Kerberos authentication and directory services with large numbers of management proc...

Page 333: ...name format might be located in one of three searchable contexts which are configured on the Directory page Local users Enter the Login Name of your iLO local user account Directories Support for ProLiant Management Processors HPLOMIG HPLOMIG is for customers who want to simplify the migration of iLO processors to management by directories The software automates some of the steps necessary for the...

Page 334: ...Windows Server 20081 4 0 or earlier Supported Not Supported 4 5 Supported Not Supported Windows 7 Windows Server 2008 R2 4 0 or earlier Supported Not Supported 4 5 Supported Supported Windows 8 Windows 8 1 Windows 10 Windows Server 2012 Windows Server 2012 R2 Microsoft Windows Server 2016 4 0 or earlier Supported Not Supported 4 5 Supported Supported 1 Windows Vista and Windows Server 2008 do not ...

Page 335: ...ement Processors 2 On the Welcome page click Next 3 In the Find Management Processors window enter the management processor search criteria in the Addresses box TIP You can also enter a list of management processors from a file by clicking Import and then selecting the file 4 Enter an iLO login name and password and then click Find If you click Next click Back or exit the utility during discovery ...

Page 336: ...g a hyphen For example 192 168 0 2 10 is a valid range A hyphen is supported only in the rightmost octet After you click Find HPLOMIG begins pinging and connecting to port 443 the default SSL port to determine whether the target network address is a management processor If the device does not respond to the ping or connect appropriately on port 443 the utility determines that it is not a managemen...

Page 337: ...ding on the number of selected management processors The firmware upgrade of a single management processor might take up to 5 minutes to complete IMPORTANT Hewlett Packard Enterprise recommends that you test the upgrade process and verify the results in a test environment before running HPLOMIG on a production network An incomplete transfer of the firmware image to a management processor might res...

Page 338: ... processors are upgraded simultaneously Network activity is considerable during this process If an upgrade fails a message is displayed in the Results column and the utility continues to upgrade the other selected management processors 5 After the upgrade is complete click Next Selecting directory configuration options After you click Next in the Upgrade Firmware on Management Processors window th...

Page 339: ...nly on page 344 If you selected an HPE Extended Schema configuration continue to Naming management processors HPE Extended Schema only on page 340 Management processor selection methods Use the following methods to select iLO management processors to configure Click the check box next to each management processor in the list that you want to configure To select iLO management processors that match...

Page 340: ... selected systems Naming management processors HPE Extended Schema only After you click Next in the Select the Desired Configuration window the next task is to name the iLO management device objects in the directory You can create names by using one or more of the following The network address The DNS name An index Manual creation of the name The addition of a prefix to all The addition of a suffi...

Page 341: ...w opens Continue with Configuring directories when HPE Extended Schema is selected on page 341 Configuring directories when HPE Extended Schema is selected After you click Next in the Name the management processors window the Configure Directory window enables you to create a device object for each discovered management processor and to associate the new device object with a previously defined rol...

Page 342: ...work Address Login Name and Password for the designated directory server 2 Enter the Container DN value or click Browse to select a container DN 3 Enter the Role s DN value or click Browse to select a role DN 342 Kerberos authentication and Directory services ...

Page 343: ...ates the management processor objects and adds them to the selected roles 5 After the device objects have been associated to roles click Next The values you entered are displayed in the Configure Directory window Kerberos authentication and Directory services 343 ...

Page 344: ...o search for the container DN The container is where the migration utility will create the management processor objects in the directory Role s DN After you have the network address port and login information you can click Browse to search for the role DN The role is where the role to be associated with the device objects resides The role must be created before you run this utility Password Specif...

Page 345: ...nt that has domain administrator access to the directory Security Group Distinguished Name The DN of the group in the directory that contains a set of iLO users with a common set of privileges If the directory name login name and password are correct you can click Browse to navigate to and select the group Privileges The iLO privileges associated with the selected group If the user is a member of ...

Page 346: ...rowse to select user contexts Up to 15 user contexts are supported 3 Click Configure 4 When the process is complete click Next The LDAP CA Certificate Import window opens 5 Continue with Importing an LDAP CA Certificate on page 346 Importing an LDAP CA Certificate After you click Next in the Set up Management Processors for Directories the next step is to import LDAP CA Certificates Procedure 1 Na...

Page 347: ...he Directory Tests window opens 4 Continue with Running directory tests with HPLOMIG optional on page 347 Running directory tests with HPLOMIG optional After you click Next in the LDAP CA Certificate Import the next step is to test the directory configuration Procedure 1 Navigate to the Directory Tests window if it is not already open Running directory tests with HPLOMIG optional 347 ...

Page 348: ...Test User Name and Test User Password Tests login and access rights to iLO This name does not need to be fully distinguished because user search contexts can be applied This user must be associated with a role for this iLO Typically this account is used to access the iLO processor being tested It can be the directory administrator account but the tests cannot verify user authentication with a supe...

Page 349: ...t management authorization data in the directory service HPE Management Core LDAP OID classes and attributes Changes made to the schema during the schema setup process include changes to the following Core classes Core attributes Core classes Class name Assigned OID hpqTarget 1 3 6 1 4 1 232 1001 1 1 1 1 hpqRole 1 3 6 1 4 1 232 1001 1 1 1 2 hpqPolicy 1 3 6 1 4 1 232 1001 1 1 1 3 Directory services...

Page 350: ...nagement core classes hpqTarget OID 1 3 6 1 4 1 232 1001 1 1 1 1 Description This class defines target objects providing the basis for Hewlett Packard Enterprise products that use directory enabled management Class type Structural SuperClasses user Attributes hpqPolicyDN 1 3 6 1 4 1 232 1001 1 1 2 1 hpqRoleMembership 1 3 6 1 4 1 232 1001 1 1 2 2 Remarks None hpqRole OID 1 3 6 1 4 1 232 1001 1 1 1 ...

Page 351: ...asses top Attributes hpqPolicyDN 1 3 6 1 4 1 232 1001 1 1 2 1 Remarks None Core attribute definitions The following tables define the HPE Management core class attributes hpqPolicyDN OID 1 3 6 1 4 1 232 1001 1 1 2 1 Description Distinguished name of the policy that controls the general configuration of this target Syntax Distinguished Name 1 3 6 1 4 1 1466 115 121 1 12 Options Single valued Remark...

Page 352: ...ess constraint Syntax Boolean 1 3 6 1 4 1 1466 115 121 1 7 Options Single valued Remarks If this attribute is TRUE IP restrictions will be satisfied for unexceptional network clients If this attribute is FALSE IP restrictions will be unsatisfied for unexceptional network clients hpqRoleIPRestrictions OID 1 3 6 1 4 1 232 1001 1 1 2 5 Description Provides a list of IP addresses DNS names domains add...

Page 353: ...er is 0x03 followed by the ASCII encoded DNS name DNS names can be prefixed with an ASCII 0x2A to indicate they must match all names that end with the specified string For example the DNS domain acme com is represented as 0x03 0x2A 0x2E 0x61 0x63 0x6D 0x65 0x2E 0x63 0x6F 0x6D General access is allowed hpqRoleTimeRestriction OID 1 3 6 1 4 1 232 1001 1 1 2 6 Description A 7 day time grid with 30 min...

Page 354: ...calUserAdmin 1 3 6 1 4 1 232 1001 1 8 2 2 hpqLOMRightConfigureSettings 1 3 6 1 4 1 232 1001 1 8 2 1 Lights Out Management class definitions The following table defines the Lights Out Management core class Table 5 hpqLOMv100 OID 1 3 6 1 4 1 232 1001 1 8 1 1 Description This class defines the rights and settings used with HPE Lights Out Management products Class Type Auxiliary SuperClasses None Attr...

Page 355: ...nly on role objects Syntax Boolean 1 3 6 1 4 1 1466 115 121 1 7 Options Single valued Remarks This attribute is used only on role objects If this attribute is TRUE members of the role are granted the right hpqLOMRightVirtualMedia OID 1 3 6 1 4 1 232 1001 1 8 2 6 Description Virtual Media right for Lights Out Management products Syntax Boolean 1 3 6 1 4 1 1466 115 121 1 7 Options Single valued Rema...

Page 356: ...1 3 6 1 4 1 1466 115 121 1 7 Options Single valued Remarks This attribute is used only on role objects If this attribute is TRUE members of the role are granted the right hpqLOMRightConfigureSettings OID 1 3 6 1 4 1 232 1001 1 8 2 1 Description Configure Devices Settings right for Lights Out Management products Syntax Boolean 1 3 6 1 4 1 1466 115 121 1 7 Options Single valued Remarks This attribut...

Page 357: ...r more information see http www hpe com info restfulapi Use IPMI For more information see the iLO IPMI user guide If none of these methods are available or working as expected you must power down the server and disconnect the power supplies Rebooting resetting the iLO processor with the web interface Prerequisites Configure iLO Settings privilege Procedure 1 Click Information in the navigation tre...

Page 358: ...he server UID button The UID button on supported servers can be used to initiate a manual reboot of iLO For more information about the UID button see the server user guide Performing a graceful iLO reboot with the server UID button When you initiate a graceful iLO reboot the iLO firmware initiates the iLO reboot Initiating a graceful iLO reboot does not make any configuration changes but ends all ...

Page 359: ... 5 Configuration utility see Resetting iLO to the factory default settings iLO 5 Configuration Utility on page 359 To use the iLO RESTful API see the iLO RESTful API documentation at the following website http www hpe com info restfulapi To use RIBCL scripts see the iLO scripting and command line guide Resetting iLO to the factory default settings iLO 5 Configuration Utility CAUTION When you reset...

Page 360: ...tion will not be displayed in the iLO web interface until the server OS reboot is complete Generating an NMI The Generate NMI to System feature enables you to stop the operating system for debugging CAUTION Generating an NMI as a diagnostic and debugging tool is used primarily when the operating system is no longer available NMI is not used during normal operation of the server Generating an NMI d...

Page 361: ...ng settings Disable EMS and BIOS Serial Console Set the Virtual Serial Port to COM 2 6 To access the selection menu for the Windows debug boot option reboot the server 7 From the local test system use PuTTY to connect to iLO and log in 8 Enter the IP address for the session host name Use the default settings for an SSH session When the PuTTY iLO CLI session opens a user login window opens unless t...

Page 362: ...to display the Server Health Summary on an external monitor when the server is powered on or off This feature is useful for troubleshooting when the server will not start up and can also be used to view the server IP address and other health information Prerequisites The server has a UID button An external monitor is connected Procedure 1 Press the UID button on the server CAUTION Press and releas...

Page 363: ...status Product Name The server model Serial Number The server serial number Product ID The product with which this iLO processor is integrated iLO Firmware The installed iLO Firmware version System ROM The installed system ROM version Backup ROM The backup system ROM version iLO CPLD The installed iLO CPLD version System CPLD The installed system CPLD version Server Health Summary details 363 ...

Page 364: ...that might appear in the iLO Event Log see the error messages guide for your server at the following website http www hpe com info EIL Incorrect time stamp on iLO Event Log entries Symptom iLO Event Log entries have an incorrect date or time Cause The NTP server addresses or the time zone is configured incorrectly Action Verify that the SNTP settings are configured correctly USB key attached to iL...

Page 365: ...gement port is not accessible by name Cause The iLO management port can register with a WINS server or DDNS server to provide the name to IP address resolution required to access the iLO management port by name The environment is not configured to support accessing the iLO management port by name Action 1 Verify that your environment meets the following requirements The WINS or DDNS server must be...

Page 366: ...C teaming is enabled for the NIC the Shared Network Port uses In this configuration network communications might be blocked in the following cases The selected NIC teaming mode causes the switch that iLO is connected with to ignore traffic from the server NIC port that iLO is configured to share The selected NIC teaming mode sends all traffic destined for iLO to a NIC port other than the one that ...

Page 367: ...or more information see the ROM based system utility documentation Ping the IP address of the NIC from a separate network workstation Attempt to connect with a browser by entering the IP address of the NIC as the URL You can see the iLO login page from this address Reset iLO If a network connection is established you might have to wait up to 90 seconds for the DHCP server request Unable to log in ...

Page 368: ...wser is configured to use a proxy server Action To connect to iLO without using the proxy server add iLO to the list of proxy server exceptions See the browser documentation for instructions iLO TCP IP communication fails Symptom iLO communications fail Cause A firewall is preventing iLO communications through one or more TCP IP ports Action Configure the firewall to allow communications on the po...

Page 369: ...he certificate authority Action 1 Close Firefox 2 Navigate to the Firefox AppData folder and then delete all of the db files in all of the Firefox directories The AppData folder is typically in the following location C Users user name AppData Local Mozilla Firefox Certificate error when navigating to iLO web interface with Internet Explorer Symptom When you navigate to the iLO web interface with I...

Page 370: ... the Administration Security SSL Certificate page 2 Obtain and import an SSL certificate 3 Reset iLO Certificate error when navigating to iLO web interface with Firefox Symptom When you navigate to the iLO web interface with Firefox a certificate error appears Solution 1 Action 1 Click I Understand the Risks and then click Add Exception 2 In the Add Security Exception dialog box enter https iLO ho...

Page 371: ...ed to the correct management server do not proceed You might be browsing to an imposter and giving your login credentials to that imposter when you log in Contact the administrator To cancel the connection exit the certificate window and then click No or Cancel 2 After verifying the items in the previous step choose from the following options Accept the certificate temporarily for this session Acc...

Page 372: ...t 443 and the Remote Console port uses port 17990 Configure iLO to work with the exceptions allowed by most firewalls Typically firewalls allow exceptions for addresses on ports 80 and 443 Change the iLO web server Non SSL Port from the default value 80 to another value and then configure the Remote Console port to use port 80 You can configure the iLO port values on the Access Settings page in th...

Page 373: ...LO the session does not start or terminates unexpectedly Cause iLO is configured to use the Shared Network Port and NIC teaming is enabled for the NIC the Shared Network Port uses In this configuration network communications might be blocked in the following cases The selected NIC teaming mode causes the switch that iLO is connected with to ignore traffic from the server NIC port that iLO is confi...

Page 374: ...he date and time on these systems must not differ by more than 5 minutes Action Verify that your environment meets the requirements for Kerberos support Solution 3 Cause There is a problem with the directory user account Possible problems follow The iLO computer account does not exist in Active Directory or the account is disabled The user logged in to the client PC is not a member of a universal ...

Page 375: ...sion ends prematurely Cause Network errors can cause iLO to conclude that a directory connection is no longer valid If iLO cannot detect the directory it ends the directory connection Any attempt to continue using the terminated connection redirects the browser to the login page This issue might occur in the following situations The network connection is terminated The directory server is shut dow...

Page 376: ...firmware queries the directory for user permissions This periodic query keeps the directory connection active and prevents a user from being logged out based on the directory timeout settings Action Change the Idle Connection Timeout setting Failure generating Kerberos keytab file for iLO Zero Sign In configuration Symptom When you try to generate a keytab file with ktpass the process fails Cause ...

Page 377: ...enerate and install a new Kerberos keytab file Failed iLO login with Active Directory credentials Symptom User authentication fails when iLO is configured to use Active Directory Cause There is a certificate problem An SSL certificate is not installed on the Active Directory server An old SSL certificate on the Active Directory server points to a previously trusted CA with the same name as the CA ...

Page 378: ...rect As a troubleshooting tool use an IP address instead of the FQDN If the problem persists check the DNS server records and network routing Ping Directory Server test reports a failure Symptom The Ping Directory Server test reports the status Failed Cause iLO pinged the directory server and did not receive a response Action Check to see if a firewall is active on the directory server Check for n...

Page 379: ... test reports a failure Symptom The Bind to Directory Server test reports the status Failed Cause iLO failed to bind the connection with the specified user name or an anonymous bind Action Verify that the directory server allows anonymous binding If you entered a user name in the test boxes verify that the credentials are correct If you verified that the user name is correct try using other user n...

Page 380: ...to see if access restrictions are configured for the specified user account User Authorization test reports a failure Symptom The User Authorization test reports the status Failed Cause Authorization failed with the provided user name and password Action Verify that the specified user name is part of the specified directory group Check to see if access restrictions are configured for the specified...

Page 381: ...ns discuss troubleshooting Remote Console issues IMPORTANT Pop up blocking applications which prevent the automatic opening of new windows prevent the Remote Console from running Disable any pop up blocking programs before you start the Remote Console iLO Java IRC displays red X when Firefox is used to run Java IRC on Linux client Symptom The Java IRC displays a red X icon when you run the Java IR...

Page 382: ...emote Console window and then drag it back inside iLO Remote Console text window not updated correctly Symptom When you use the Remote Console to display text windows that scroll at a high rate of speed the text window might not be updated correctly Cause This issue might occur when video updates happen faster than the iLO firmware can detect and display them Typically only the upper left corner o...

Page 383: ... the Java IRC 2 Navigate to the Power Settings page 3 Clear the Enable persistent mouse and keyboard check box and then click Apply 4 Start the Java IRC again Solution 2 Action Right click and drag the mouse cursor outside the Remote Console window and then drag it back inside Solution 3 Action 1 Close the browser window and exit the browser 2 Open the Java Control Panel 3 Navigate to the Java Run...

Page 384: ...ormation Symptom When the Firefox browser is used the Java IRC might display incorrect floppy drive and USB key device information Cause The client OS or Java software might be out of date Action 1 Make sure that Red Hat Enterprise Linux 6 or later is installed on the local client system 2 Install the latest version of Java and configure it to connect through the Firefox browser 3 Log in to the iL...

Page 385: ... Remote Console Keystrokes repeat unintentionally during iLO Remote Console session Symptom A keystroke repeats unintentionally during a Remote Console session Solution 1 Cause A network issue might be causing network latency Action Identify and fix problems that might cause network latency Solution 2 Cause The remote system settings are causing a delay Action 1 Adjust the following settings on th...

Page 386: ...the state of the Remote Console keyboard Cause The client keyboard LED does not reflect the true state of the Remote Console keyboard lock keys The Caps Lock Num Lock and Scroll Lock keys are fully functional when you use the keyboard options in the Remote Console Action No action needed iLO NET IRC becomes inactive or disconnects Symptom The iLO NET IRC becomes inactive or disconnects during peri...

Page 387: ...iled to connect to server when it attempts to establish a NET IRC session Solution 1 Cause The network response is delayed The iLO NET IRC client waits a specified amount of time for a connection to be established with iLO If the client server does not receive a response in this amount of time it displays an error message Action Correct the network delay and retry the NET IRC connection Solution 2...

Page 388: ...3 Make file changes to the connected device copy delete and so on 4 To ensure that all data is updated on the device unmount the device from the target server 5 Disconnect the device by using the Virtual Devices menu in the NET IRC Do not use Windows Explorer to refresh the contents of the USB key 6 Use the Safely Remove Hardware feature to eject the device from the client computer 7 Remove the de...

Page 389: ...ession leader NET IRC client and each shared NET IRC client Make sure that the firewall settings on all clients allow an inbound connection to the Remote Console port the default port is 17990 iLO NET IRC will not start in Firefox Symptom When you launch the NET IRC in Mozilla Firefox the application might fail to start Cause If the iLO system uses the default iLO SSL certificate not a signed trus...

Page 390: ...wing website http www hpe com support hpesc Use the iLO mobile app For more information see http www hpe com info ilo mobileapp Unable to boot to DOS using a USB key mounted with the iLO Remote Console Symptom An error occurs when you try to boot to a DOS bootable USB key that is mounted by using the iLO Remote Console If the USB key is 2 GB or less the following message is displayed Attempting Bo...

Page 391: ... PuTTY client unresponsive with iLO Shared Network Port Symptom When you use a PuTTY client with the Shared Network Port the PuTTY session becomes unresponsive Cause A large amount of data is being transferred or you are using a Virtual Serial Port and Remote Console Action Close the PuTTY client and restart the session Text is displayed incorrectly when using an SSH connection to iLO Symptom Exte...

Page 392: ...than the one that iLO is configured to share Action Ensure that your Shared Network Port configuration follows the NIC teaming guidelines Text based Remote Console issues Unable to view Linux installer in text based Remote Console Symptom The Linux installer screen is not displayed when you install Linux from the text based Remote Console Cause The screen is in graphics mode Action For most versio...

Page 393: ...n selection during the 10 second timeout or disable BIOS redirection to the VSP Scrolling and text appear irregular during BIOS redirection Symptom During BIOS redirection scrolling and text are not displayed correctly When you enter commands in the ROM based utility text might overwrite itself on the bottom line of the terminal window Cause The BIOS expects and controls a fixed 80x24 character wi...

Page 394: ...ame Action 1 Do one of the following Verify that AMS is enabled and the operating system is running Update the Server Name on the Access Settings page in the iLO web interface For Windows systems only Start the operating system Insight Online and Insight RS will use the Windows computer name to identify the server 2 If you had an active Insight Online session when you performed Step 1 click the re...

Page 395: ... collection transmission the OS name and version are listed on the Insight Online Device Configuration Details page Connection error during Insight Online direct connect registration Symptom The following error occurs when you try to register a server for Insight Online direct connect Cannot connect to remote host Cause The DNS settings are not configured correctly in iLO Action Verify that the DN...

Page 396: ...e the Server Name on the Access Settings page in the iLO web interface For Windows systems only Start the operating system Insight Online and Insight RS will use the Windows computer name to identify the server 2 If you had an active Insight Online session when you performed Step 1 click the refresh button to update the Insight Online view with the server information Server information is overwrit...

Page 397: ...s Unknown Action Click the refresh button in Insight Online Insight Online direct connect stopped working on a server with a replaced system board Symptom A server that was registered for Insight Online direct connect had the system board replaced and the remote support connection is no longer working Cause The server system board was replaced and the server is no longer recognized by Insight Onli...

Page 398: ...anty in Insight RS Solution 1 Cause Invalid information was entered on the Site Information page in the Hosting Device Setup Wizard Action Verify that you entered valid information on the Site Information page Solution 2 Cause You did not enter a Country Region in your HPE Passport account Action Update your HPE Passport account to include a Country Region Service events and collections display an...

Page 399: ...ill be dropped from its peer relationships after they expire Check the Multi System Map page for errors This page can help you identify communication problems between iLO peers If you are using server blades in a BladeSystem enclosure verify that Enclosure iLO Federation Support is configured on the Enclosure Settings Network Access Protocols page in the Onboard Administrator web interface You mus...

Page 400: ...tor web interface You must have Onboard Administrator 4 11 or later to configure this setting This configuration is required to allow peer to peer communication between the server blades in an enclosure iLO Multi System Map page displays a 502 error Symptom The Multi System Map page shows a 502 error Cause The listed peer rejected a request from the local iLO system Action Ensure that a communicat...

Page 401: ...You must have Onboard Administrator 4 11 or later to configure this setting This configuration is required to allow peer to peer communication between the server blades in an enclosure Verify that the switches in the network are configured to allow communication between iLO peers Ensure that a communication path exists between the local iLO system and the peer with the error An intermediate firewa...

Page 402: ...n 2 Action Try a different firmware update method iLO firmware update error Symptom iLO notifies you that the last attempt to update the firmware was unsuccessful Cause An incorrect file was used to update the iLO firmware Action To reset the flash process click and then try the firmware update again with the correct firmware file If you do not clear the error the same error might occur even when ...

Page 403: ...e A network client can connect to the FTP server The user name for the connection is test and the password is flash To send a firmware image to iLO use the FTP client PUT command After receiving the image iLO validates the image If the image is a complete signed and valid firmware image the kernel begins programming the FLASH partition After the image is programmed into the FLASH partition iLO res...

Page 404: ... installed Action None iLO does not support installing an evaluation key when a regular key was previously installed Solution 3 Cause The iLO date and time settings are incorrect Action Check the iLO date and time settings and then try again Solution 4 Cause The license key entered is incorrect Action Check for errors in the license key and then try again Unable to access Virtual Media or graphica...

Page 405: ...ngs the system board was replaced or the license key was accidentally replaced Action Restore the license key and other configuration information from a backup file 1 Click Administration in the navigation tree and then click Backup Restore 2 Click Restore 3 Depending on your browser click Browse or Choose File and then navigate to the backup file 4 If the backup file is password protected enter t...

Page 406: ...not receive SNMP information that passes through iLO Cause iLO and the management PC are not on the same subnet Action 1 Ping iLO from the management PC to verify that iLO and the management PC are on the same subnet 2 If the ping is unsuccessful correct the network configuration Unable to receive HPE SIM alarms SNMP traps from iLO Symptom HPE SIM does not receive SNMP traps from iLO Action 1 Log ...

Page 407: ... mobileapp Active Health System Viewer http www hpe com servers ahsv Intelligent System Tuning http www hpe com info ist HPE ProLiant Gen10 servers http www hpe com info proliantgen10 docs HPE ProLiant Gen10 and HPE Synergy compute module troubleshooting http www hpe com info Gen10 troubleshooting UEFI System Utilities http www hpe com info ProLiantUEFI docs SUM http www hpe com info sum docs SPP ...

Page 408: ...HPE OneView http www hpe com info oneview docs OA http www hpe com support oa docs HPE SIM http www hpe com info insightmanagement sim docs 408 Websites ...

Page 409: ...rd party products or components Accessing updates Some software products provide a mechanism for accessing software updates through the product interface Review your product documentation to identify the recommended software update method To download product updates Hewlett Packard Enterprise Support Center www hpe com support hpesc Hewlett Packard Enterprise Support Center Software downloads www ...

Page 410: ...wlett Packard Enterprise which will initiate a fast and accurate resolution based on your product s service level Hewlett Packard Enterprise strongly recommends that you register your device for remote support If your product includes additional remote support details use search to locate that information Remote support and Proactive Care information HPE Get Connected www hpe com services getconne...

Page 411: ... such as REACH Regulation EC No 1907 2006 of the European Parliament and the Council A chemical information report for this product can be found at www hpe com info reach For Hewlett Packard Enterprise product environmental and safety information and compliance data including RoHS and REACH see www hpe com info ecodata For Hewlett Packard Enterprise environmental information including company prog...

Reviews: