NEC iLO 5 User Manual

Express5800 series

Table of Contents

Quick Links

iLO 5

User's Guide

NEC Express Server

Express5800 Series

1. iLO

2. Setting up iLO

3. Using the iLO web interface

4. Viewing iLO information and logs

5. Viewing general system information

6. Managing firmware, software, and language packs

7. Configuring and using iLO Federation

8. iLO Integrated Remote Console

9. Using a text-based Remote Console

10. Using iLO Virtual Media

11. Using the power and thermal features

12. Configuring iLO network settings

13. Using the iLO administration features

14. Using the iLO security features

15. Configuring iLO management settings

16. IPMI server management

17. Managing iLO reboots, factory reset, and NMI

18. Troubleshooting

2017/10

Table of Contents

Summary of Contents for NEC iLO 5

Page 1 5 User’s Guide NEC Express Server Express5800 Series 1. iLO 2. Setting up iLO 3. Using the iLO web interface 4. Viewing iLO information and logs 5. Viewing general system information 6. Managing firmware, software, and language packs 7. Configuring and using iLO Federation 8.
Page 2 Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Links to third-party websites take you outside the NEC Corporation website. NEC Corporation has no control over and is not responsible for information outside the NEC Corporation website. Acknowledgments Microsoft...
Page 3: Table Of Contents
Contents 1. iLO ..................1 iLO key features ............................1 ROM-based configuration utility ........................2 iLO RESTful API ............................2 RESTful Interface Tool ........................... 2 iLO scripting and command line ........................2 2. Setting up iLO ..............4 Preparing to set up iLO ..........................4 Initial setup steps: Process overview......................
Page 4 Configuring iLO Federation .......................... 81 iLO Federation groups ..........................84 Managing iLO Federation group memberships (local iLO system) ..............86 Adding iLO Federation group memberships (multiple iLO systems) .............. 90 Using the iLO Federation features ....................... 94 iLO Federation Multi-System view........................ 96 iLO Federation Group Virtual Media ......................
Page 5 Administering SSH keys ..........................231 Directory authentication and authorization ....................240 Configuring encryption settings ........................248 NEC SSO ..............................250 Configuring the Login Security Banner ....................... 251 iLO security with the system maintenance switch ..................253 15. Configuring iLO management settings ....254 Agentless Management and AMS ......................
Page 7: Ilo
1. iLO iLO 5 is a remote server management processor embedded on the system boards of NEC Express servers. iLO enables the monitoring and controlling of servers from remote locations. iLO management is a powerful tool that provides multiple ways to configure, update, monitor, and repair servers remotely.
Page 8: Rom-Based Configuration Utility
IPMI—The iLO firmware provides server management based on the IPMI version 2.0 specification. • iLO RESTful API and RESTful Interface Tool (iLOrest)—iLO 5 includes the iLO RESTful API, which is Redfish API conformant • iLO Backup & Restore—Back up the iLO configuration and then restore it on a system with the same hardware configuration when replacing the motherboard etc.
Page 9 You can use the iLO scripting tools to configure multiple servers, to incorporate a standard configuration into the deployment process, and to control servers and subsystems. The iLO scripting and CLI guide describes the syntax and tools available for using iLO through a command line or scripted interface.
Page 10: Setting Up Ilo
In this configuration, both the NIC and the iLO port are connected to the production network. In iLO, this type of connection is called the Shared Network Port configuration. Certain NEC Corporation embedded NICs and add-on cards provide this capability. This connection enables access to iLO from anywhere on the network and reduces the amount of networking hardware and infrastructure required to support iLO.
Page 11 • There are some drawbacks to using this configuration. • With a shared network connection, traffic can hinder iLO performance. • During the server boot process and when the OS NIC drivers are loading and unloading, there are brief periods of time (2–8 seconds) when iLO cannot be reached from the network. After these short periods, iLO communication is restored and iLO will respond to network traffic.
Page 12 Transmit Load Balancing The server transmits on multiple adapters but receives only on the primary adapter. This mode allows the iLO Shared Network Port to function correctly. Select the NIC/port iLO uses as the Preferred Primary Adapter. Switch Assisted Load Balancing In this mode, there is no concept of primary and secondary adapters.
Page 13 Directory services Up to six directory groups can be configured in iLO. Use a directory to authenticate and authorize iLO access. This configuration enables an unlimited number of users and easily scales to the number of iLO devices in an enterprise. If you plan to use directory services, consider enabling at least one local administrator account for alternate access.
Page 14: Initial Setup Steps: Process Overview
3. If you will use the local accounts feature, use the ROM-based setup utilities to configure user accounts. 4. Configure a time zone to iLO. iLO 5 Firmware Version 1.15 Aug 17 2017 needs a time zone configuration to display a correct date and time.
Page 15 Procedure Optional: If you access the server remotely, start an iLO remote console session. Restart or power on the server. Press F9 in the server POST screen. The UEFI System Utilities start. Click System Configuration. Click BMC Configuration Utility. Disable DHCP: Click Network Options.
Page 16 Restart or power on the server. Press F9 in the server POST screen. The UEFI System Utilities start. Click System Configuration, click BMC Configuration Utility, click User Management, and then click Add User. Select the privileges for the new user. To assign a privilege, select YES in the menu next to the privilege name.
Page 17 The UEFI System Utilities start. Click System Configuration, click BMC Configuration Utility, click User Management, and then click Edit/Remove User. In the Action menu for the user you want to edit or remove, select Edit. The account properties are displayed. Update the Login Name.
Page 18: Logging In To Ilo For The First Time
DNS name—BMCXXXXXXXXXXXX, where the X characters represent the server serial number. IMPORTANT: NEC Corporation recommends changing the default password after you log in to iLO for the first time. If you reset iLO to the factory default settings, use the default iLO account credentials to log in after the reset.
Page 19: Ilo Drivers
iLO drivers iLO is an independent microprocessor running an embedded operating system. The architecture ensures that most iLO functionality is available, regardless of the host operating system. The iLO driver enables software such as the Agentless Management Service to communicate with iLO. The installed OS and system configuration determine the installation requirements.
Page 20 If Time Format on BIOS/Platform Configuration(RBSU) is Local time, set Unspecified Time Zone (GMT) to iLO Time Zone. BIOS/Platform Configuration(RBSU) : iLO Web Interface:...
Page 21 If Time Format on BIOS/Platform Configuration(RBSU) is Coordinated Universal Time (UTC), set same time zone parameter to iLO Time Zone. BIOS/Platform Configuration(RBSU) : iLO Web Interface: After setting, Click Apply and Click Reset. iLO will restart to apply the settings.
Page 22: Using The Ilo Web Interface
You can use the iLO web interface to manage iLO. You can also use a Remote Console, SMASH CLP, or the iLO RESTful API. Supported browsers iLO 5 supports the latest versions of the following browsers: • Microsoft Edge •...
Page 23: Logging In To The Ilo Web Interface
Logging in to the iLO web interface Procedure Enter https://<iLO host name or IP address>. When you access the iLO web interface, you must use HTTPS (HTTP exchanged over an SSL encrypted session). The iLO login page opens. If a login security banner is configured, the banner text is displayed in the NOTICE section.
Page 24 listed on the Session List page. For example, when User1 logs in, the web server builds the initial frames view, with User1 listed as the active user, menu items in the navigation pane, and page data in the right pane. When User1 clicks from link to link, only the menu items and page data are updated.
Page 25: Ilo Web Interface
windows, these windows are sharing iLO session. You can force the browser to refresh and reveal your true identity by pressing F5, selecting View > Refresh, or clicking the Refresh button. Best practices for preventing cookie-related issues • Start a new browser for each login by double-clicking the browser icon or shortcut. •...
Page 26: Changing The Language From The Login Page
• To view or modify the language settings, click the language icon, and then select Settings. • Health icon—Click this icon to view the overall health status for the server fans, temperature sensors, and other monitored subsystems. For all components except the Agentless Management Service (AMS), click a component to view additional details.
Page 28: Viewing Ilo Information And Logs
4. Viewing iLO information and logs Viewing iLO overview information Procedure Navigate to the Information page. The iLO Overview page displays high-level details about the server and the iLO subsystem, as well as links to commonly used features. System information details •...
Page 29 logical server profile that is assigned to the system. If the logical server profile is removed, the serial number value reverts from the Serial Number (Logical) value to the Server Serial Number value. If no Serial Number (Logical) value is set, this item is not displayed. •...
Page 30 If the iLO Service Port is in use, UID BLINK status includes the Service Port status. The possible values are UID BLINK (Service Port Busy), UID BLINK (Service Port Error), and UID BLINK (Service Port Finished). To turn the UID LED on or off, click the UID Indicator icon, click the UID control at the top of the iLO web interface window, or use the UID buttons on the server chassis.
Page 31: Managing Ilo Sessions
Managing iLO sessions Prerequisites Administer User Accounts privilege Procedure Navigate to the Information page, and then click the Session List tab. The Session List page displays information about the active iLO sessions. Optional: To disconnect one or more sessions, click the check box next to each session you want to disconnect, and then click Disconnect Session.
Page 32: Ilo Event Log
iLO Event Log The event log provides a record of significant events recorded by the iLO firmware. Logged events include major server events such as a server power outage or a server reset, and iLO events such as unauthorized login attempts. Other logged events include successful or unsuccessful browser and Remote Console logins, virtual power and power-cycle events, clearing the log, and some configuration changes, such as creating or deleting a user.
Page 33 default, the event log is sorted by the ID, with the most recent event at the top. • Severity—The importance of the detected event. • Description—The description identifies the component and detailed characteristics of the recorded event. If the iLO firmware is rolled back to an earlier version, the description UNKNOWN EVENT TYPE might be displayed for events recorded by the newer firmware.
Page 34 Show ISO Time—Display UTC time in ISO 8601 format. In iLO 5 Firmware Version 1.10 Jun 07 2017, when SNTP setting is not configured or when it is not used in an environment where can be synchronized with the time server, the following times are displayed.
Page 35 Searching for an event To search for events based on dates, event ID, or description text, click , and then enter text in the search box. Saving the event log to a CSV file Use a supported browser to export the event log to a CSV file. Procedure Click Information in the navigation tree, and then click the iLO Event Log tab.
Page 36 The event log is cleared of all previously logged information and an event is recorded in the log.
Page 37: Integrated Management Log
Integrated Management Log The IML provides a record of historical events that have occurred on the server. Events are generated by the system ROM and by services such as the iLO driver. Logged events include all server-specific events recorded by the iLO driver, including operating system information and ROM-based POST codes.
Page 38 IML details • The first column on the left side of the web interface displays an active check box next to each event with Critical or Caution status. Use this check box to select an event to mark as repaired. •...
Page 39 In general, important events generate an IML entry each time they occur. They are not consolidated into one event log entry. When less important events are repeated, they are consolidated into one IML entry, and the Count and Last Update values are updated. Each event type has a specific time interval that determines whether repeated events are consolidated or a new event is logged.
Page 40 Show ISO Time—Display UTC time in ISO 8601 format. In iLO 5 Firmware Version 1.10 Jun 07 2017, when SNTP setting is not configured or when it is not used in an environment where can be synchronized with the time server, the following times are displayed.
Page 41 Configure iLO Settings privilege Procedure Investigate and repair the issue. Click Information in the navigation tree, and then click the Integrated Management Log tab. Select the log entry. To select an IML entry, click the check box next to the entry in the first column of the IML table.
Page 42 Adding a maintenance note to the IML Use maintenance notes to create log entries about maintenance activities such as upgrades, system backups, periodic system maintenance, or software installations. Prerequisites Configure iLO Settings privilege Procedure Click Information in the navigation tree, and then click the Integrated Management Log tab.
Page 43 Clearing the IML Prerequisites Configure iLO Settings privilege Procedure Click Information in the navigation tree, and then click the Integrated Management Log tab. Click When prompted to confirm the request, click OK. The IML is cleared of all previously logged information and an event is recorded in the IML.
Page 44: Active Health System
When the Active Health System Log is full, new data overwrites the oldest data in the log. When you download and send Active Health System data to NEC Corporation, you agree to have the data used for analysis, technical resolution, and quality improvements.
Page 45 It might take a long time to download the entire Active Health System Log. If you must upload the Active Health System Log for a technical issue, NEC Corporation recommends downloading the log for the specific range of dates in which the problem occurred.
Page 46 • Company name This information is not written to the log data stored on the server. Click Download Entire Log. Save the file. Clearing the Active Health System Log If the log file is corrupted, or if you want to clear and restart logging, use the following procedure to clear the Active Health System Log.
Page 47: Viewing Ilo Self-Test Results
Viewing iLO self-test results The iLO Self-Test Results section displays the results of internal iLO diagnostic tests, including the test name, status, and notes. The tests that are run are system-dependent. Not all tests are run on all systems. To see the tests that are performed on your system, view the list on the Diagnostics page.
Page 48 • Cryptographic—Tests security features. • NVRAM—Tests the subsystem that retains nonvolatile configuration data, logs, and settings. • Embedded Flash—Tests the state of the system that can store configuration, provisioning, and service information. • Power Management—Tests functions related to power measurement, power capping, and power management.
Page 49: Viewing General System Information
5. Viewing general system information Viewing health summary information The Health Summary page displays the status of monitored subsystems and devices. Depending on the server configuration, the information on this page varies. If the server is powered off, the system health information on this page is current as of the last power off.
Page 50 Subsystem and device status values The Health Summary page uses the following status values: • Redundant—There is a backup component for the device or subsystem. • OK—The device or subsystem is working correctly. • Not Redundant—There is no backup component for the device or subsystem. •...
Page 51: Viewing Processor Information
Viewing processor information The Processor Information page displays the available processor slots, the type of processor installed in each slot, and a summary of the processor subsystem. If the server is powered off, the system health information on this page is current as of the last power off.
Page 52: Viewing Memory Information
Viewing memory information The Memory Information page displays a summary of the system memory. When server power is off, AMP data is unavailable, and only memory modules present at POST are displayed. If the server is powered off, the system health information on this page is current as of the last power off.
Page 53 • Degraded Mirroring—The system is protected by AMP in the mirrored mode. One or more DIMM faults have been detected. • On-line Spare—The system is protected by AMP in the hot spare mode. No DIMM faults have been detected. • Degraded On-line Spare—The system is protected by AMP in the hot spare mode.
Page 54 protection in a single memory board. • Advanced ECC—The system can be configured for Advanced ECC. • Mirroring—The system can be configured for mirrored AMP. • On-line Spare—The system can be configured for online spare AMP. • LockStep—The system can be configured for LockStep AMP. •...
Page 55 NVDIMM-N • R-NVDIMM Logical Memory Details This section shows the NEC Scalable Persistent Memory devices that were configured and operational at POST. Location The processor and/or the region for the logical device. For example, PROC 1,2 Spanned Logical NVDIMM, or PROC 1 Logical NVDIMM 1.
Page 56 Memory Details pane Physical Memory Manufacturer The memory module manufacturer. Type The type of memory installed. Possible values follow: • Other—Memory type cannot be determined. • Board—Memory module is permanently mounted (not modular) on a system board or memory expansion board. •...
Page 57 Socket The memory module socket number. State The memory state. Vendor ID The memory vendor ID. Armed The current backup-ready status of the NVDIMM-N, if available. Last Operation The status of the last operation. Media Life The percentage of media life left. Logical Memory Name The memory module product name.
Page 58: Viewing Network Information
Viewing network information If the server is powered off, the health status information on this page is current as of the last power off. Health information is updated only when the server is powered on and POST is complete. To view a full set of data on this page, ensure that AMS is installed and running. The server IP address, add in network adapters, and the server NIC status are displayed only if AMS is installed and running on the server.
Page 59 On Windows servers: ◦ If the NIC has never been plugged in to a network, iLO displays the status Unknown. If the NIC has been plugged in to a network, and is now unplugged, iLO displays the status Link Down. On Linux servers: ◦...
Page 60 Logical Network Adapters This section displays the following information about network adapters that use NIC teaming to combine two or more ports into a single logical network connection: Adapter name—The name of the configured link between the physical ports that form the logical network adapter.
Page 61: Viewing The Device Inventory
This column displays the value Various when the actual part number of the listed device depends on internally installed graphics devices that differ by server model. • Assembly Number—The device part number (NEC Corporation devices) or the EEPROM Board Info data (third-party devices). •...
Page 62 Device status values The Device Inventory page uses the following status values: • OK—The device is working correctly. • Other—The device status could not be determined. No Supporting CPU—The CPU that supports the device slot is not installed. • Not Installed—A device is not installed. •...
Page 63: Viewing Storage Information
Viewing storage information If the server is powered off, the system health information on this page is current as of the last power off. Health information is updated only when the server is powered on and POST is complete. To view a full set of data on this page, ensure that AMS is installed and running. SAS/SATA controller information is displayed only if AMS is installed and running on the server.
Page 64 Dual 8GB MicroSD EM USB Kit ◦ NVMe drives ◦ Smart Array controllers are listed first on the page, followed by other NEC Corporation and third-party storage controllers. Smart Array details iLO displays information controllers, enclosures, logical drives, and physical drives.
Page 65 management server. • Encryption ASIC Status—Indicates whether the ASIC encryption self tests for the controller passed or failed. A failed status indicates that the controller is not encrypted. • Encryption Critical Security Parameter NVRAM Status—Indicates whether the controller successfully detected the critical security parameter NVRAM. A failed status means that the controller is not encrypted.
Page 66 • Controller Type Physical Drives This section provides information about physical drives attached to NEC Corporation and third- party storage controllers. When a physical drive has a Failed status, this status does not affect the overall storage health status. Only logical drives affect the storage health status.
Page 68: Managing Firmware, Software, And Language Packs
In-band Firmware is sent to iLO from the server host operating system. The iLO 5 Channel Interface Driver is required for in-band firmware updates. During a host-based firmware update, it does not verify user credentials or privileges because the host-based utilities require a root (Linux and VMware) or Administrator (Windows) login.
Page 69: Viewing And Updating Firmware From The Ilo Web Interface
• iLO web interface—Download a supported firmware file and install it by using the iLO web interface. You can update firmware for a single server or an iLO Federation group. • iLO RESTful API—Use the iLO RESTful API and a REST client such as the RESTful Interface Tool to update firmware.
Page 70 Updating iLO or server firmware by using the Flash Firmware feature You can update firmware from any network client by using the iLO web interface. A signed file is required. You can also initiate a component update from the iLO Repository page. Prerequisites Configure iLO Settings privilege Procedure...
Page 71 update, suspend or back up any software that stores information on the TPM or TM. For example, if you use drive encryption software, suspend it before initiating a firmware update. Failure to follow these instructions might result in losing access to your data. Do one of the following: •...
Page 72 The BIN file from the iLO Online ROM Flash Component is required for updating the iLO firmware with the Flash Firmware and Group Firmware Update features. Procedure Navigate to the following website: http://www.nec.com/express/. To locate and download the iLO Online ROM Flash Component file, follow the onscreen instructions. Download a Windows or Linux component.
Page 73: Viewing Installed Firmware Information
Viewing installed firmware information Procedure Click Firmware & OS Software in the navigation tree. The Installed Firmware page displays firmware information for various server components. If the server is powered off, the information on this page is current as of the last power off. Firmware information is updated only when the server is powered on and POST is complete.
Page 74 Firmware details The Installed Firmware page displays the following information for each listed firmware type: • Firmware Name—The name of the firmware. • Firmware Version—The version of the firmware. • Location—The location of the component that uses the listed firmware. Replacing the active system ROM with the redundant system ROM Prerequisites •...
Page 75: Ilo Repository
iLO Repository The iLO Repository is a secure storage area in the nonvolatile flash memory embedded on the system board. This flash memory is called the iLO NAND. Use SUM or iLO to manage signed software and firmware components in the iLO Repository. iLO, the UEFI BIOS, SUM, and other client software can retrieve these components and apply them to supported servers.
Page 76 • In the Local component signature file box, click Browse (Internet Explorer or Firefox) or Choose Files (Chrome), and then specify the location of the component signature file. • In the Remote component signature file URL box, enter the URL for a component signature file on an accessible web server.
Page 77 Click the install component icon next to the component you want to install. iLO notifies you that the component will be added to the end of the installation queue, and prompts you to confirm the request. Click Yes, add to the end of the queue. If the installation queue is empty, and iLO can initiate the component installation, the button is labeled Yes, install now.
Page 78 iLO Repository details iLO Repository storage details The Summary section of the iLO Repository page displays the following details about the iLO Repository storage use: • Capacity—Total iLO Repository storage capacity • In Use—Used storage • Free Space—Available iLO Repository storage •...
Page 79: Install Sets
Install Sets An install set is a group of components that can be applied to supported servers with a single command. Use SUM to create install sets. You can use iLO to view existing install sets in the iLO web interface. Saving an install set when you deploy from SUM keeps all the components on the iLO system for immediate use at a later time to restore or roll back a component version without needing to find the original SPP.
Page 80 Removing an Install Set Prerequisites • Configure iLO Settings privilege for unprotected install sets. • Recovery Set privilege for removing the protected install set. Procedure Click Firmware & OS Software in the navigation tree, and then click Install Sets. Click the remove install set icon iLO prompts you to confirm the request.
Page 81 System recovery set By default, a system recovery install set is included with every server. User accounts with the Recovery Set privilege can configure this install set. The following firmware components are included in the default system recovery set: • System ROM (BIOS) •...
Page 82: Installation Queue
Installation Queue The installation queue is an ordered list of components that were added to the queue individually or as parts of an install set. Use SUM to manage the queue. You can view queued tasks and add single components to the queue from the iLO web interface. When you add a component to the installation queue, it is added to the end of the queue.
Page 83 Name The task name. Starts The task start date and time. Expires The task expiration date and time. Individual task details When you click an individual task, the following details are displayed: • Name—The task name. • State—Task status. • Result—Task results, if available.
Page 84: Installing Language Packs
Prerequisites Configure iLO Settings privilege Procedure Download a language pack from the following website: http://www.nec.com/express/. To extract the contents, double-click the downloaded file. The language pack file name is similar to the following: lang_<language>_<version>.lpk. Click Firmware & OS Software in the navigation tree, and then click Update Firmware.
Page 85: Viewing Software Information
If 5 minutes or more have passed since the page was updated, click update the page with the latest information. Product-related Software details This section lists all the product-related software on the managed server. The list includes NEC Corporation and NEC-recommended third-party software that was added manually or by using the SPP.
Page 86 Running Software details This section lists all the software that is running or available to run on the managed server. • Name—The name of the software. • Path—The file path of the software. Installed Software details The Installed Software list displays the name of each installed software program.
Page 87: Configuring And Using Ilo Federation
7. Configuring and using iLO Federation iLO Federation iLO Federation enables you to manage multiple servers from one system using the iLO web interface. When configured for iLO Federation, iLO uses multicast discovery and peer-to-peer communication to enable communication between the systems in an iLO Federation group. When an iLO Federation page loads, a data request is sent from the iLO system running the web interface to its peers, and from those peers to other peers until all data for the selected iLO Federation group is retrieved.
Page 88 Ensure that multicast traffic is enabled if the switches in your network include the option to enable or disable it. This configuration is required for iLO Federation and other NEC Corporation products to discover the iLO systems on the network.
Page 89 For iLO Federation Management, select Enabled or Disabled. For Multicast Discovery, select Enabled or Disabled. Enter a value for Multicast Announcement Interval (seconds/minutes). Select a value for IPv6 Multicast Scope. To ensure that multicast discovery works correctly, make sure that all iLO systems in the same group use the same value for IPv6 Multicast Scope.
Page 90: Ilo Federation Groups
iLO Federation groups iLO Federation group memberships for local iLO systems When you configure group memberships for a local iLO system, you specify the privileges that members of a group have for configuring the local managed server. For example, if you add the local iLO system to group1 and assign the Virtual Power and Reset privilege, the users of other iLO systems in group1 can change the power state of the managed server.
Page 91 • You can use the iLO RESTful API to configure group memberships. • NEC Corporation recommends installing the same version of the iLO firmware on iLO systems that are in the same iLO Federation group.
Page 92: Managing Ilo Federation Group Memberships (Local Ilo System)
Managing iLO Federation group memberships (local iLO system) Viewing iLO Federation group memberships (local iLO system) Procedure Click iLO Federation in the navigation tree. The Group Membership for this iLO table lists the name of each group that includes the local iLO system, and the privileges granted to the group by the local iLO system.
Page 93 Enter the following information: • Group Name—The group name, which can be 1 to 31 characters long. • Group Key—The group password, which can be from the configured minimum password length to 31 characters long. • Group Key Confirm—Confirm the group password. If you enter the name and key for an existing group, the local iLO system is added to that group.
Page 94 Editing iLO Federation group memberships Prerequisites Configure iLO Settings privilege Procedure Click iLO Federation in the navigation tree. The Setup tab displays the existing group memberships for the local iLO system. Select a group membership, and then click Edit. To change the group name, enter a new name in the Group Name box. The group name can be 1 to 31 characters long.
Page 95 If you updated the group name or group key, update them on the other systems in the affected group. Removing a local iLO system from an iLO Federation group Prerequisites Configure iLO Settings privilege Procedure Click iLO Federation in the navigation tree. The Setup tab shows the group membership for the local iLO system.
Page 96: Adding Ilo Federation Group Memberships (Multiple Ilo Systems)
Adding iLO Federation group memberships (multiple iLO systems) Adding an iLO Federation group based on an existing group Use this procedure to create an iLO Federation group with the same members as an existing group. For example, you might want to create a group that contains the same systems that are in the DEFAULT group, but with different privileges.
Page 97 If no iLO Federation groups exist, this page displays the following message: There are no configured groups. Use the iLO Federation Setup page to create a group. Select a group from the Selected Group menu. All of the systems in the selected group will be added to the group you create on this page. Enter the following information: •...
Page 98 Prerequisites • Configure iLO Settings privilege • An iLO license that supports this feature is installed. Procedure Create a set of systems by using the filters on the iLO Federation pages. Click iLO Federation in the navigation tree, and then click the Group Configuration tab. The filters you apply when you create a set of systems are listed at the top of the page.
Page 99 Servers affected by a group membership change The Affected Systems section on the Group Configuration page provides the following details about the servers affected when you make a group membership change: • Server Name—The server name defined by the host operating system. •...
Page 100: Using The Ilo Federation Features
Using the iLO Federation features Selected Group list All of the iLO Federation pages except for Setup have a Selected Group list. When you select a group from the Selected Group list: • The servers affected by a change on the Group Virtual Media, Group Power, Group Firmware Update, Group Licensing, and Group Configuration pages are listed in the Affected Systems table.
Page 101 Exporting iLO Federation information to a CSV file The following iLO Federation pages allow you to export information to a CSV file: • Multi-System View • Multi-System Map • Group Virtual Media • Group Power • Group Firmware Update • Group Licensing •...
Page 102: Ilo Federation Multi-System View
iLO Federation Multi-System view The Multi-System View page provides a summary of the server models, server health, and critical and degraded systems in an iLO Federation group. Viewing server health and model information Procedure Click iLO Federation in the navigation tree, and then click the Multi-System View tab. Select a group from the Selected Group menu.
Page 103 Systems list. More Information Exporting iLO Federation information to a CSV file Critical and degraded server status details • Server Name—The server name defined by the host operating system. • System Health—The server health status. • Server Power—The server power status (ON or OFF). •...
Page 104 Viewing the iLO Federation Multi-System Map The Multi-System Map page displays information about the peers of the local iLO system. The local iLO system identifies its peers through multicast discovery. When an iLO Federation page loads, a data request is sent from the iLO system running the web interface to its peers, and from those peers to other peers until all the data for the selected group is retrieved.
Page 105: Ilo Federation Group Virtual Media
iLO Federation Group Virtual Media Group Virtual Media enables you to connect scripted media for access by the servers in an iLO Federation group. • Scripted media only supports 1.44 MB floppy disk images (IMG) and CD/DVD-ROM images (ISO). The image must be on a web server on the same network as the grouped iLO systems. •...
Page 106 this disk image only on the next server reboot. The image will be ejected automatically on the second server reboot so that the servers do not boot to it twice. If this check box is not selected, the image remains connected until it is manually ejected, and the servers boot to it on all subsequent server resets, if the system boot options are configured accordingly.
Page 107 Servers affected by a Group Virtual Media action The Affected Systems section provides the following details about the servers affected when you initiate a Group Virtual Media action: • Server Name—The server name defined by the host operating system. • Server Power—The server power state (ON or OFF).
Page 108: Ilo Federation Group Power
iLO Federation Group Power The Group Power feature enables you to manage the power of multiple servers from a system running the iLO web interface. Use this feature to do the following: • Power off, reset, or power-cycle a group of servers that are in the ON or Reset state. •...
Page 109 Select a group from the Selected Group menu. iLO displays the grouped servers by power state with a counter that shows the total number of servers in each state. To change the power state of a group of servers, do one of the following: •...
Page 110 Momentary Press—The same as pressing the physical power button. Some operating systems might be configured to initiate a graceful shutdown after a momentary press, or to ignore this event. NEC Corporation recommends using system commands to complete a graceful operating system shutdown before you attempt to shut down by using the Virtual Power Button.
Page 111: Configuring Group Power Capping
Configuring group power capping Prerequisites • An iLO license that supports this feature is installed. • Each member of the selected iLO Federation group has granted the Configure iLO Settings privilege to the group. Procedure Click iLO Federation in the navigation tree, and then click the Group Power Settings tab. Select a group from the Selected Group menu.
Page 112 cap. More power is allocated to busy servers and less power is allocated to servers that are idle. • The power caps that you set for a group operate concurrently with the power caps that you can set on the Power Settings page for an individual server. •...
Page 113 Power Cap Value—The power cap value, if one is configured. ◦ • Current State—This section includes the following details: Present Power Reading—The current power reading for the selected group. ◦ Present Power Cap—The total amount of power allocated to the selected group. This ◦...
Page 114: Ilo Federation Group Firmware Update
• An iLO license that supports this feature is installed. Procedure Download the supported firmware from the NEC Corporation website: http://www.nec.com/express/. Save the firmware file to a web server. Click iLO Federation in the navigation tree, and then click the Group Firmware Update tab.
Page 115 The Flash Status section is updated and iLO notifies you that the update is in progress. When the update is complete, the Firmware Information section is updated. If a firmware image is not valid for a system or has a bad/missing signature, iLO rejects the image and the Flash Status section shows an error for the affected system.
Page 116 The Firmware Information section displays the following information: • The number of servers with each supported iLO firmware version. The percentage of the total number of servers with the listed firmware version is also displayed. • The flash status for the grouped servers. The percentage of the total number of servers with the listed status is also displayed.
Page 117: Installing License Keys (Ilo Federation Group)
Installing license keys (iLO Federation group) IMPORTANT: Do not use this function.
Page 118: Ilo Integrated Remote Console
Do not run the Integrated Remote Console from the host operating system on the server that contains the iLO processor. • NEC Corporation recommends that users who log in to a server through the Integrated Remote Console logout before closing the console. •...
Page 119: Net Irc Requirements
Windows users: Use the Java IRC Java Web Start application. ◦ Linux users with Oracle JRE: Use the Java IRC Java Web Start application. ◦ Linux users with OpenJDK JRE: Use the Java IRC applet. ◦ • The UID LED blinks when an Integrated Remote Console session is active. •...
Page 120 supported ClickOnce. Google Chrome 42 and later does not support NPAPI-based plug-ins. As a workaround, use one of the following: The .NET IRC with a different browser. ◦ The Java IRC. ◦...
Page 121: Starting The Integrated Remote Console
Starting the Integrated Remote Console Starting the .NET IRC Prerequisites • Remote Console privilege • The Remote Console feature is enabled on the Access Settings page. • An iLO license that supports this feature is installed. • Your system meets the requirements for using the .NET IRC. Procedure Click Remote Console &...
Page 122 • Chrome: The browser downloads the Java IRC JNLP file. Open the JNLP file. • Internet Explorer: Click the open prompt. • Firefox: Save and open the downloaded JNLP file. • Chrome: Open the downloaded JNLP file. If you are prompted to confirm that you want to run the application, click Run. If you do not click Run, the Java IRC will not start.
Page 123 Acquiring the Remote Console If another user is working in the Remote Console, you can acquire it from that user. Prerequisites • Remote Console privilege • The Remote Console feature is enabled on the Access Settings page. • An iLO license that supports this feature is installed. Procedure Click Remote Console &...
Page 124 Some operating systems might be configured to initiate a graceful shutdown after a momentary press, or to ignore this event. NEC Corporation recommends using system commands to complete a graceful operating system shutdown before you attempt to shut down by using the Virtual Power button.
Page 125 Using iLO Virtual Media from the Remote Console For instructions on using the Virtual Media feature from the Remote Console, see Remote Console Virtual Media. Shared Remote Console (.NET IRC only) Shared Remote Console allows the connection of multiple sessions on the same server. This feature can be used for activities such as training and troubleshooting.
Page 126: Console Capture (.Net Irc Only)
Console Capture (.NET IRC only) Console Capture allows you to record and play back video streams of events such as startup, and sensed operating system faults. iLO automatically captures the Server Startup and Server Prefailure sequences. You can manually start and stop the recording of console video. •...
Page 127 Select Server Startup or Server Prefailure. Click Start. Saving Server Startup and Server Prefailure video files Prerequisites • Remote Console privilege • The Remote Console feature is enabled on the Access Settings page. • An iLO license that supports this feature is installed. Procedure Click Remote Console &...
Page 128 The Launch tab displays the Remote Console launch options. Start the .NET IRC. Click the Record button. The Save Video dialog box opens. Enter a file name and save location, and then click Save. When you are finished recording, press the Record button again to stop recording. Viewing saved video files Prerequisites •...
Page 129: Remote Console Hot Keys
Remote Console hot keys The Program Remote Console Hot Keys page allows you to define up to six hot keys to use during Remote Console sessions. Each hot key represents a combination of up to five keys that are sent to the host server when the hot key is pressed. Hot keys are active during Remote Console sessions that use the .NET IRC, Java IRC, and the text-based Remote Console.
Page 130 Table 1: Keys for configuring hot keys SCRL LCK L_ALT SYS RQ R_ALT PRINT SCREEN L_SHIFT R_SHIFT L_CTRL R_CTRL L_GUI R_GUI HOME PG UP PG DN ENTER SPACE BREAK BACKSPACE NUM PLUS NUM MINUS Resetting hot keys Resetting the hot keys clears all current hot key assignments. Prerequisites Configure iLO Settings privilege Procedure...
Page 131 iLO prompts you to confirm the request. Click OK. iLO notifies you that the hot keys were reset. Viewing configured remote console hot keys (Java IRC only) Prerequisites • Remote Console privilege • The Remote Console feature is enabled on the Access Settings page. •...
Page 132: Configuring Remote Console Computer Lock Settings
Configuring Remote Console Computer Lock settings This feature locks the OS or logs a user out when a Remote Console session ends or the network link to iLO is lost. If you open a .NET IRC or Java IRC window when this feature is configured, the operating system will be locked when you close the window.
Page 133: Configuring The Integrated Remote Console Trust Setting (.Net Irc)
If a browser is not configured to trust an iLO processor, and this setting is enabled, ClickOnce notifies you that the application cannot start. NEC Corporation recommends installing a trusted SSL certificate and enabling the IRC requires a trusted certificate in iLO setting. In this configuration, the .NET IRC is launched by using an HTTPS connection.
Page 134: Using A Text-Based Remote Console
9. Using a text-based Remote Console iLO supports a true text-based Remote Console. Video information is obtained from the server, and the contents of the video memory are sent to the iLO management processor, compressed, encrypted, and forwarded to the management client application. iLO uses a screen-frame buffer that sends the characters (including screen positioning information) to text-based client applications.
Page 135 Configuring the iLO Virtual Serial Port in the UEFI System Utilities The following procedure describes the settings you must configure before you can use the iLO Virtual Serial Port. This procedure is required for both Windows and Linux systems. Procedure Access the UEFI System Utilities.
Page 136 Configuring Linux 6 to use the iLO Virtual Serial Port Procedure Configure GRUB based on the following configuration examples. NOTE: In the following configuration examples, ttyS0 and unit 0 are for com1 and ttyS1 and unit 1 are for com2. The following configuration example uses Red Hat Enterprise Linux 6 and com1: serial -unit=0 -speed=115200 terminal -timeout=10 serial console default=0...
Page 137 Configuring Red Hat Enterprise Linux 7 to use the iLO Virtual Serial Port Procedure Open /etc/sysconfig/grub with a text editor. This configuration example uses ttys0. • At the end of the line GRUB_CMD_LINELINUX, enter console=ttys0. • Remove rhgb quiet. • Enter the following parameters: GRUB_TIMEOUT=5 GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true...
Page 138 Windows EMS Console with iLO Virtual Serial Port iLO enables you to use the Windows EMS Console over the network through a web browser. EMS enables you to perform emergency management services when video, device drivers, or other OS features prevent normal operation and normal corrective actions from being performed. When using the Windows EMS Console with iLO: •...
Page 139 Starting an iLO Virtual Serial Port session Prerequisites • The iLO Virtual Serial Port settings are configured in the UEFI System Utilities. • The Windows or Linux operating system is configured for use with the iLO Virtual Serial Port. Procedure Start an SSH session.
Page 140 More Information Configuring iLO access options...
Page 141: 10. Using Ilo Virtual Media
For optimal performance, NEC Corporation recommends using image files stored on the ◦ hard drive of your client PC or on a network drive accessible through a high-speed network link.
Page 142 ◦ browser is running, or an image file stored on your local hard drive or network drive. For optimal performance, NEC Corporation recommends using image files stored on the ◦ hard drive of your client PC or on a network drive accessible through a high-speed network link.
Page 143: Virtual Media Operating System Information
A. To use a virtual USB key as a driver diskette during a Windows installation, change the boot order of the USB key drive. NEC Corporation recommends placing the USB key drive first in the boot order. Red Hat Enterprise Linux—Linux supports the use of USB diskette and key drives.
Page 144 Windows The Virtual CD/DVD-ROM appears automatically after Windows recognizes the mounting of the device. Use it as you would use a locally attached CD/DVD-ROM device. Linux The requirements for Red Hat Enterprise Linux follow: • Red Hat Enterprise Linux—On servers that have a locally attached CD/DVD-ROM, the Virtual CD/DVD-ROM device is accessible at /dev/cdrom1.
Page 145: Using Virtual Media From The Ilo Web Interface
Using Virtual Media from the iLO web interface The Virtual Media page allows you to perform the following tasks: • View or eject local media, including locally stored image files, floppy disks, USB keys, CDs/DVD- ROMs, and virtual folders. • View, connect, eject, or boot from scripted media.
Page 146 Local media details When local Virtual Media is connected, the details are listed in the following sections: Virtual Floppy/USB Key/Virtual Folder Status • Media Inserted—The Virtual Media type that is connected. Local Media is displayed when local media is connected. •...
Page 147 Prerequisites • Virtual Media privilege • The Virtual Media feature is enabled on the Access Settings page. Procedure Click Remote Console & Media in the navigation tree, and then click the Virtual Media tab. Enter the URL for the scripted media in the Scripted Media URL box in the Connect Virtual Floppy (IMG files) or Connect CD/DVD-ROM section (ISO files).
Page 148 Ejecting scripted media Prerequisites • Virtual Media privilege • The Virtual Media feature is enabled on the Access Settings page. Procedure Click Remote Console & Media in the navigation tree, and then click Virtual Media. To eject scripted media devices, click the Force Eject Media button in the Virtual Floppy/Virtual Folder Status or Virtual CD/DVD-ROM Status section.
Page 149: Remote Console Virtual Media
Remote Console Virtual Media You can access Virtual Media on a host server by using the Remote Console, the iLO web interface, the iLO RESTful API, and the CLP. This section describes how to use the Virtual Media feature with the .NET IRC or Java IRC. Virtual Drives The Virtual Drive feature supports the use of a physical floppy disk or CD/DVD-ROM, a USB key drive, an image file, or an image file through a URL.
Page 150 Enter the path or file name of the image file in the File name text box, or browse to the image file location, and then click Open. The virtual drive activity LED will show virtual drive activity. Using an image file through a URL (IIS/Apache) You can connect scripted media by using the .NET IRC or Java IRC.
Page 151 Procedure Click Remote Console & Media in the navigation tree. The Launch tab displays the Remote Console launch options. Start the Java IRC. Select Virtual Drives > Create Disk Image. The Create Media Image dialog box opens. Verify that the Disk>>Image button is displayed. If the button label is Image>>Disk, click the button to change it to Disk>>Image.
Page 152 Copying data from an image file to a physical disk The Create Media Image feature enables you to copy the data from a disk image file to a floppy disk or USB key. Only IMG disk image files are supported. Copying data to a CD-ROM is not supported.
Page 153 In the Browse For Folder window, select the folder you want to use, and then click OK. The Virtual Folder is mounted on the server with the name iLO Folder. Virtual folders Virtual folders enable you to access, browse to, and transfer files from a client to a managed server.
Page 154: Using The Power And Thermal Features
Using the power and thermal features Server power-on If an AC power loss occurs on a Express server with iLO 5, approximately 30 seconds must elapse before the server can power on again. If the power button is pressed during that time, it will blink, indicating a pending request.
Page 155: Power Efficiency
most extreme conditions when physical damage might result. More Information iLO drivers Power efficiency iLO enables you to improve power usage by using High Efficiency Mode(HEM). HEM improves the power efficiency of the system by placing the secondary power supplies in step-down mode. When the secondary supplies are in step-down mode, the primary supplies provide all DC power to the system.
Page 156 Some operating systems might be configured to initiate a graceful shutdown after a momentary press, or to ignore this event. NEC Corporation recommends using system commands to complete a graceful operating system shutdown before you attempt to shut down by using the Virtual Power button.
Page 157: Configuring The System Power Restore Settings
Configuring the System Power Restore Settings The System Power Restore Settings section enables you to control system behavior after power is lost. You can also configure these settings by using the UEFI System Utilities during POST. Prerequisites Configure iLO Settings privilege Procedure Click Power &...
Page 158: Viewing Server Power Usage
• Always Remain Off—The server remains off until directed to power on. • Restore Last Power State—Returns the server to the power state when power was lost. If the server was on, it powers on; if the server was off, it remains off. This option is the default setting.
Page 159 Select a graph type in the Graph Type menu. You can view a graph of the last 20 minutes or the last 24 hours. To view data for the measured values, move the cursor from side to side within the graph. Optional: To customize the graph display, select or clear the following check boxes: •...
Page 160 Power caps set for less than 50% of the difference between maximum power and idle ◦ power might become unreachable because of changes in the server. NEC Corporation does not recommend configuring power caps for less than 20%. Configuring a power cap that is too low for the system configuration might affect system performance.
Page 161 Viewing the current power state Procedure Click Power & Thermal in the navigation tree, and then click the Power Meter tab. The Power Status section displays the current power state details. Current power state details The values displayed in the Power Status section vary depending on the server type. The following values are possible: •...
Page 162 readings since the server booted. • Minimum Power—The minimum power reading from the server for the specified time period. If the server has not been running for the specified time period, the value is the minimum of all readings since the server booted. When multiple power supplies are removed from the server at the same time, there is a short time period in which iLO will not display information in the Power History section or in the Power Meter graphs.
Page 163: Power Settings
Power settings The Power Settings page enables you to view and control the power management features of the server. The power management features on this page vary based on the server configuration. Configuring the Power Regulator settings The Power Regulator feature enables iLO to modify processor frequency and voltage levels based on operating conditions to provide power savings with minimal effect on performance.
Page 164 If the server is off or in POST, the changes will not take effect until POST is complete. For the Dynamic Power Savings Mode, Static Low Power Mode, and Static High Performance Mode settings, iLO notifies you that the Power Regulator settings changed. For the OS Control Mode setting, iLO notifies you that you must reboot the server to complete the Power Regulator settings change.
Page 165 iLO notifies you that the change was successful. Power capping considerations • During POST, the ROM runs two power tests that determine the peak and minimum observed power values. Consider the values in the Power Capping Settings table when determining your power capping configuration.
Page 166 Click Apply. SNMP Alert on breach of power threshold options • Warning Trigger—Determines whether warnings are based on peak power consumption, average power consumption, or if they are disabled. • Warning Threshold—Sets the power consumption threshold, in watts. If power consumption exceeds this value for the specified time duration, an SNMP alert is triggered.
Page 167: Viewing Power Information
Viewing power information Procedure Click Power & Thermal in the navigation tree, and then click the Power tab. The information displayed on the Power Information page varies depending on the server type. The following sections are possible: • Power Supply Summary •...
Page 168 internal server power supplies. Possible Power Status values follow: • Redundant—Indicates that the power supplies are in a redundant state. • Not Redundant—Indicates that at least one of the power supplies is not providing power to the server. The most common reason for this status is a loss of input power to the power supply.
Page 169 Over Temperature Failure ◦ Input Voltage Lost ◦ Fan Failure ◦ High Input A/C Warning ◦ Low Input A/C Warning ◦ High Output Warning ◦ Low Output Warning ◦ Inlet Temperature Warning ◦ Internal Temperature Warning ◦ High Vaux Warning ◦...
Page 170 High Efficiency Mode High Efficiency Mode improves the power efficiency of the server by placing the secondary power supplies in standby mode. When the secondary power supplies are in standby mode, primary power provides all DC power to the system. The power supplies are more efficient (more DC output watts for each watt of AC input) at higher output levels, and the overall power efficiency improves.
Page 171: Viewing Fan Information
Viewing fan information The information displayed on the Fan Information page varies depending on the server configuration. If the server is powered off, the system health information on this page is current as of the last power off. Health information is updated only when the server is powered on and POST is complete.
Page 172 to provide more cooling, and decreasing the fan speed when cooling is sufficient. If a fan failure occurs, fan operation policies might increase the speed of the other fans, record the event in the IML, or turn on LED indicators. In non-redundant configurations, or redundant configurations where multiple fan failures occur, the system might be incapable of providing sufficient cooling to protect the server from damage and to ensure data integrity.
Page 173: Temperature Information
Temperature information The Temperature Information page includes a temperature graph and a table that displays the location, status, temperature, and threshold settings of temperature sensors in the server chassis. If the server is powered off, the system health information on this page is current as of the last power off.
Page 174 Temperature graph details When you view the temperature graph, the circles on the graph correspond to the sensors listed in the Sensor Data table. The color on the graph is a gradient that ranges from green to red. Green represents a temperature of 0°C and red represents the critical threshold.
Page 175 Temperature sensor details • Sensor—The ID of the temperature sensor, which also gives an indication of the sensor location. • Location—The area where the temperature is being measured. In this column, Memory refers to the following: Temperature sensors on physical memory DIMMs. ◦...
Page 176: Configuring Ilo Network Settings
Configuring iLO network settings iLO network settings iLO provides the following options for network connection: • iLO Dedicated Network Port—Uses an independent NIC that is dedicated to iLO network traffic only. When supported, this port uses an RJ-45 jack (labeled iLO) on the back of the server.
Page 177 Network configuration summary details • NIC in Use—The name of the active iLO network interface (iLO Dedicated Network Port or iLO Shared Network Port). • iLO Hostname—The fully qualified network name assigned to the iLO subsystem. By default, the hostname is ILO, followed by the system serial number and the current domain name.
Page 178 This section is displayed only for the iLO Dedicated Network Port. • DHCPv6 Status—Indicates whether DHCP is enabled for IPv6. The following values are possible: Enabled—Stateless and Stateful DHCPv6 are enabled. ◦ Enabled (Stateless)—Only Stateless DHCPv6 is enabled. ◦ Disabled—DHCPv6 is disabled. ◦...
Page 179: General Network Settings
General network settings Use the iLO Dedicated Network Port or iLO Shared Network Port Network General Settings page to configure the iLO Hostname and NIC settings. Configuring the iLO Hostname Settings Prerequisites Configure iLO Settings privilege Procedure Click iLO Dedicated Network Port or iLO Shared Network Port in the navigation tree. Click the General tab.
Page 180 iLO hostname and domain name limitations When you configure the iLO Hostname Settings, note the following: • Name service limitations—The subsystem name is used as part of the DNS name. DNS allows alphanumeric characters and hyphens. ◦ Name service limitations also apply to the Domain Name. ◦...
Page 181 settings when connected to the network. • 1000BaseT, Full-duplex—Forces a 1 Gb connection that uses full duplex (supported servers only). • 1000BaseT, Half-duplex—Forces a 1 Gb connection that uses half duplex (supported servers only). • 1000BaseT, Half-duplex is not a standard setting, and few switches support it. If you use this setting, ensure that the switch is configured to support 1000BaseT, Half-duplex.
Page 182 This NIC normally handles server network traffic, and it can be configured to handle iLO network traffic at the same time through a common RJ-45 connector. For information about the NICs your server supports, see the server system configuration guide at the following website: http://www.nec.com/express/. iLO network connection considerations •...
Page 183 Due to server auxiliary-power budget limitations, some 1Gb/s copper network adapters used for iLO Shared Network Port functionality might run at 10/100 speed when the server is powered off. To avoid this issue, NEC Corporation recommends configuring the switch that the iLO Shared Network Port is connected to for auto-negotiation.
Page 184 Configuring IPv4 settings Prerequisites Configure iLO Settings privilege Procedure Click iLO Dedicated Network Port or iLO Shared Network Port in the navigation tree, and then click the IPv4 tab. Configure the DHCPv4 settings. Configure the general IPv4 settings. Configure the DNS server information. Configure the WINS server information.
Page 185 Configure the Ping Gateway on Startup setting. To save the changes you made on the IPv4 Settings page, click Submit. If you are finished configuring the iLO network settings on the General, IPv4, IPv6, and SNTP tabs, click Reset to restart iLO. It might take several minutes before you can re-establish a connection.
Page 186 • Tertiary DNS Server—If Use DHCPv4 Supplied DNS Servers is enabled, this value is supplied automatically. If not, enter the Tertiary DNS Server address. • Enable DDNS Server Registration—Select or clear this check box to specify whether iLO registers its IPv4 address and name with a DNS server. WINS server settings •...
Page 187 Configuring IPv6 settings Use the iLO Dedicated Network Port IPv6 Settings page to configure the iLO IPv6 settings. IPv6 is not supported in the Shared Network Port configuration. Prerequisites Configure iLO Settings privilege Procedure Click iLO Dedicated Network Port in the navigation tree, and then click the IPv6 tab. Configure the DHCPv6 settings.
Page 188 Configure the DNS server settings. Configure the general IPv6 settings. To save the changes you made on the IPv6 Settings page, click Submit. If you are finished configuring the iLO network settings on the General, IPv4, IPv6, and SNTP tabs, click Reset to restart iLO. It might take several minutes before you can re-establish a connection.
Page 189 IPv6 iLO 5 supports IPv6 in the iLO Dedicated Network Port configuration. It is not supported with the Shared Network Port configuration. The IETF introduced IPv6 in response to the ongoing depletion of the IPv4 address pool. In IPv6, addresses are increased to 128 bits in length, to avoid an address shortage problem.
Page 190 • DDNS Client • SNMP • AlertMail • Remote Syslog • WinDBG Support • Scriptable Virtual Media • CLI key import over an IPv6 connection • Authentication using LDAP and Kerberos over IPv6 • iLO Federation • IPMI...
Page 191: Configuring Ilo Sntp Settings
Configuring iLO SNTP settings In iLO 5 Firmware Version 1.10 Jun 07 2017, when SNTP setting is not configured or when it is not used in an environment where can be synchronized with the time server, the following times are displayed.
Page 192 Do one of the following: • To use DHCP-provided NTP server addresses, enable Use DHCPv4 Supplied Time Settings, Use DHCPv6 Supplied Time Settings, or both. • Enter NTP server addresses in the Primary Time Server and Secondary Time Server boxes. If you selected only Use DHCPv6 Supplied Time Settings, or if you entered a primary and secondary time server, select the server time zone from the Time Zone list.
Page 193 IMPORTANT: For iLO 5 Firmware Version 1.15 Aug 17 2017 or earlier：Does not enable this option and leave it as default. Primary Time Server Configures iLO to use a primary time server with the specified address. You can enter the server address by using the server FQDN, IPv4 address, or IPv6 address.
Page 194 address (if available) is used for the primary time server and a DHCPv4-provided address (if available) is used for the secondary time server. To change the protocol-based priority behavior to use DHCPv4 first, clear the iLO Client Applications use IPv6 first check box. If a DHCPv6 address is not available for the primary or secondary address, a DHCPv4 address (if available) is used.
Page 195: Ilo Nic Auto-Selection
Enabling iLO NIC auto-selection NIC auto-selection support • iLO 5 can be configured to search both Shared Network Ports on servers that support this configuration. • iLO 5 supports NIC failover. When enabled, iLO automatically begins searching for a NIC connection when the current connection fails.
Page 196 tagging on the iLO portion of the shared NIC, and make sure that the VLAN is connected to a secure network. • When iLO searches for an active network port, the server UID LED is illuminated. If iLO is reset during the search, the UID LED flashes for 5 seconds and then is illuminated until an active port is selected or iLO is reset.
Page 197: Viewing Ilo Systems In The Windows Network Folder
Viewing iLO systems in the Windows Network folder If UPnP is configured, iLO systems on the same network as a Windows system are displayed in the Windows Network folder. Procedure • To start the web interface for an iLO system, right-click the icon in the Windows Network folder, and then select View device webpage.
Page 198: Using The Ilo Administration Features
Using the iLO administration features iLO user accounts iLO enables you to manage user accounts stored locally in secure memory. You can create up to 12 local user accounts with custom login names and advanced password encryption. Privileges control individual user settings, and can be customized to meet user access requirements.
Page 199 • Administer User Accounts • Host NIC • Host Storage • Recovery Set To select all available user privileges, click the select all check box. To save the new user, click Add User. Editing local user accounts Prerequisites Administer User Accounts privilege Procedure Click Administration in the navigation tree.
Page 200 Password and Confirm Password values. Select from the following privileges: • Login • Remote Console • Virtual Power and Reset • Virtual Media • Host BIOS • Configure iLO Settings • Administer User Accounts • Host NIC • Host Storage •...
Page 201 Storage, or Network settings through the iLO web interface or the iLO RESTful API. These privileges do not affect configuration through host-based utilities. Password guidelines NEC Corporation recommends that you follow these password guidelines when you create and edit user accounts. •...
Page 202 (no password) and a maximum of 39 characters. The default Minimum Password Length is eight characters. IMPORTANT: NEC Corporation does not recommend setting the Minimum Password Length to fewer than eight characters unless you have a physically secure management network that does not extend outside the secure data center.
Page 203 Administrator privileges: Enable all privileges. Viewing local user accounts Procedure Click Administration in the navigation tree. The User Administration tab is displayed. The Local Users table shows the login names, user names, and assigned privileges of each configured user. Optional: To view a privilege name, move the cursor over a privilege icon.
Page 204: Ilo Directory Groups
iLO directory groups iLO enables you to manage directory group accounts. Use MMC to manage directory- based user accounts. Adding directory groups Prerequisites • Configure iLO Settings privilege • An iLO license that supports this feature is installed. Procedure Click Administration in the navigation tree, and then click the Directory Groups tab. Click New.
Page 205 • Recovery Set To save the new directory group, click Add Group. Editing directory groups Prerequisites • Configure iLO Settings privilege • An iLO license that supports this feature is installed. Procedure Click Administration in the navigation tree, and then click the Directory Groups tab. Select a group in the Directory Groups section, and then click Edit.
Page 206 OU=Managed Groups, DC=domain, DC=extension). Shortened DNs are also supported (for example, Group1). The shortened DN is not a unique match. NEC Corporation recommends using the fully qualified DN. • Group SID (Security ID)—Microsoft Security ID is used for Kerberos and directory group authorization.
Page 207 System Utilities. • Configure iLO Settings—Enables directory users to configure most iLO settings, including security settings, and to update the iLO firmware. This privilege does not enable local user account administration. After iLO is configured, revoking this privilege from all users prevents reconfiguration with the iLO web interface, iLO RESTful API, or the CLI.
Page 208: Boot Order
Boot Order The Boot Order feature enables you to set the server boot options. Changes made to the boot mode, boot order, or one-time boot status might require a server reset. iLO notifies you when a reset is required. An error occurs if you try to change the server boot order when the server is in POST. You cannot modify the boot order during POST.
Page 209 to the Virtual Floppy/USB key and Virtual CD/DVD-ROM text at the top of the page. To move a device up or down in the boot order, select the device in the Server Boot Order list, and then click Up or Down. In Legacy BIOS mode, select from the following devices: •...
Page 210 Changing the one-time boot status Use the one-time boot status feature to set the type of media to boot on the next server reset, without changing the predefined boot order. The procedure to use depends on whether the server uses Legacy BIOS mode or UEFI mode. Prerequisites Configure iLO Settings privilege Changing the one-time boot status in Legacy BIOS mode...
Page 211 Changing the one-time boot status in UEFI mode Procedure Click Administration in the navigation tree, and then click the Boot Order tab. Select an option from the Select One-Time Boot Option list. The following options are available: • No One-Time Boot •...
Page 212 To use the additional options, do one of the following: • To load the ROM-based setup utility on the next server reset, click Boot to System Setup Utilities. • To reboot the server, click Server Reset. If a one-time boot option is specified, this setting takes precedence over the Server Boot Order value.
Page 213: Installing A License Key By Using A Browser
Installing a license key by using a browser Prerequisites Configure iLO Settings privilege Procedure Click Administration in the navigation tree, and then click the Licensing tab. Enter a license key in the Activation Key box. To move between segments, press the Tab key or click inside a segment of the Activation Key box.
Page 214 monitoring, monitor power and thermal control, and facilitate remote administration. iLO licenses activate functionality such as graphical Remote Console with multiuser collaboration, video record/playback, and many more features. License key information • One iLO license is required for each server on which the product is installed and used. Licenses are not transferable.
Page 215: Language Packs
If an installed language pack does not include the translation for a text string, the text is displayed in English. • When you update the iLO firmware, NEC Corporation recommends downloading the latest language pack to ensure that the language pack contents match the iLO web interface. Selecting a language pack...
Page 216 • Click Administration in the navigation tree, and then click the Language tab. Click a language in the Installed Languages list. Configuring the default language settings Use this procedure to configure the default language for the users of this instance of the iLO firmware.
Page 217 Procedure Click Administration in the navigation tree, and then click the Language tab. Click the trash can icon next to the language you want to remove. When prompted to confirm the request, click Yes, remove. iLO removes the selected language pack, reboots, and closes your browser connection. It might take several minutes before you can re-establish a connection.
Page 218: Ilo Backup & Restore
As with any computer system, backing up your data is a recommended practice to minimize the impact from failures. NEC Corporation recommends performing a backup each time that you update the iLO firmware. You might want to restore the iLO configuration in the following situations: Battery failure or removal Various configuration parameters are stored in the battery-powered SRAM.
Page 219 Information that is not restored Some information is not suitable to be restored. The information that cannot be restored is not part of the iLO configuration, but instead is related to the iLO or server system state. The following information is not backed up or restored: Security state Allowing a restore operation to change the iLO security state would defeat the principles of security and enforcement of security.
Page 220 Optional: To password protect the backup file, enter a password in the Backup file password box. Click Download. The file is downloaded and this activity is recorded in the event log. The file name uses the following format: <server serial number>_<YYYYMMDD>_<HHMM>.bak. Restoring the iLO configuration Prerequisites •...
Page 221 iLO prompts you to confirm the request. Click Restore. iLO reboots and closes your browser connection. It might take several minutes before you can reestablish a connection. Restoring the iLO configuration after system board replacement When you replace a system board, you can restore the configuration from the replaced system board.
Page 222: Using The Ilo Security Features
Using the iLO security features iLO security To access the security features that you can configure with the iLO web interface, click Security in the navigation tree. General security guidelines When you set up and use iLO, consider the following guidelines for maximizing security: •...
Page 223 Encryption Implement a higher security environment by changing the iLO security state from the default Production level to a stronger setting. NEC SSO Configure supported tools for single-sign-on with iLO. Login Security Banner Add a security notice to the iLO login page.
Page 224: Ilo Access Settings
iLO access settings You can modify iLO access settings, including service settings and access options. The values you enter on the Access Settings page apply to all iLO users. The default access settings values are suitable for most environments. The values you can modify on the Access Settings page allow customization of the iLO external access methods for specialized environments.
Page 225 Allows you to enable or disable the SSH feature. SSH provides encrypted access to the iLO CLP. Secure Shell (SSH) Port Sets the SSH port. The default value is 22. Web Server Allows you to enable or disable access through the iLO web server. If you set this value to disabled, iLO will not listen for communication on the Web Server Non- SSL Port or the Web Server SSL port.
Page 226 permitted. When SNMP access is disabled, most of the boxes on the SNMP Settings page are unavailable and will not accept input. SNMP Port Sets the SNMP port. The industry-standard (default) SNMP port is 161 for SNMP access. If you customize the SNMP Port value, some SNMP clients might not work correctly with iLO unless those clients support the use of a nonstandard SNMP port.
Page 227 you want to apply the changes and reset iLO. If iLO prompted you to confirm a settings change and reset, click OK to end your browser connection and reset iLO. Access options You can configure the following settings in the Access Options section on the Access Settings page.
Page 228 Enables or disables the iLO configuration options in the UEFI System Utilities. When this setting is enabled (default), the iLO configuration options are available when you access the UEFI System Utilities. When this setting is disabled, the iLO configuration options are not available when you access the UEFI System Utilities.
Page 229 Serial Command Line Interface Status Enables you to change the login model of the CLI feature through the serial port. The following settings are valid: • Enabled-Authentication Required (default)—Enables access to the SMASH CLP command line from a terminal connected to the host serial port. Valid iLO user credentials are required.
Page 230 Authentication Failure Logging Enables you to configure logging criteria for failed authentications. The following settings are valid: • Enabled-Every Failure—A failed login log entry is recorded after every failed login attempt. • Enabled-Every 2nd Failure—A failed login log entry is recorded after every second failed login attempt.
Page 231 iLO login with an SSH client When you log in to iLO with an SSH client, the number of displayed login prompts matches the value of the Authentication Failure Logging option (3 if it is disabled). Your SSH client configuration might affect the number of prompts, because SSH clients also implement delays after a login failure.
Page 232: Ilo Service Port
iLO Service Port The Service Port is a USB port with the label iLO on the front of Express servers. When you have physical access to a server, you can use the Service Port to do the following: Download the Active Health System Log to a supported USB flash drive. •...
Page 233 Connecting a client to iLO through the iLO Service Port Prerequisites • The iLO Service Port and USB Ethernet adapters options are enabled on the iLO Service Port page. • The client NIC is configured to support the Service Port feature. •...
Page 234 iLO Service Port options • iLO Service Port—Allows you to enable or disable the iLO Service Port. The default setting is enabled. When this feature is disabled, you cannot configure the features in the Mass Storage Options or Networking Options sections on this page. Do not disable the iLO Service Port when it is in use.
Page 235 System Log download. • Valid FAT32 partition table. • Not read-protected. • Not bootable. Mass storage devices are not supported on servers that do not have a NAND. USB Ethernet adapters The iLO Service Port supports USB Ethernet adapters that contain one of the following chips by ASIX Electronics Corporation: •...
Page 236 • The file must be in valid JSON format. NEC Corporation recommends using an online JSON formatter to verify the file syntax. A free utility is available at the following website: http://www.freeformatter.com/json- formatter.html. •...
Page 237: Administering Ssh Keys
Administering SSH keys The Secure Shell Key page displays the hash of the SSH public key associated with each user. Each user can have only one key assigned. Use this page to view, add, or delete SSH keys. Authorizing a new SSH key by using the web interface Prerequisites Administer User Accounts privilege Procedure...
Page 238 • The username:password and port values are optional. • oemNEC_loadSSHkey is case-sensitive. The CLI performs a cursory syntax verification of the values you enter. Visually verify that the URL is valid. The following example shows the command structure: oemNEC_loadSSHkey -source http://192.168.1.1/images/path/sshkey.pub Deleting SSH keys Use the following procedure to delete SSH keys from one or more user accounts.
Page 239 the public key. • If you use the iLO RESTful API to enter the public key, the user name is provided with the public key in the POST body. • If you use the CLI to enter the public key, the public key is linked to the user name that you entered to log in to iLO.
Page 240 By default, iLO creates a self-signed certificate for use in SSL connections. This certificate enables iLO to work without additional configuration steps. IMPORTANT: Using a self-signed certificate is less secure than importing a trusted certificate. NEC Corporation recommends importing a trusted certificate to protect the security of the iLO processor.
Page 241 Configure iLO Settings privilege Procedure Obtain a trusted certificate from a Certificate Authority (CA). Import the trusted certificate into iLO.
Page 242 Obtaining a trusted certificate from a CA Prerequisites Configure iLO Settings privilege Procedure Click Security in the navigation tree, and then click the SSL Certificate tab. Click Customize Certificate. On the SSL Certificate Customization page, enter the following: • Country (C) •...
Page 243 • Organization Name (O) • Organizational Unit (OU) • Common Name (CN) For more information, see CSR input details. If you want the iLO IP addresses included in the CSR, select the include iLO IP Address(es) check box. This option is disabled by default because some CAs cannot use this input. Click Generate CSR.
Page 244 10. After you obtain the certificate, make sure that: • The CN matches the iLO FQDN. This value is listed as the iLO Hostname on the Overview page. • The certificate is a Base64-encoded X.509 certificate. • The first and last lines are included in the certificate. Importing a trusted certificate Prerequisites Configure iLO Settings privilege...
Page 245 • State (ST)—The state where the company or organization that owns this iLO subsystem is located. • City or Locality (L)—The city or locality where the company or organization that owns this iLO subsystem is located. • Organization Name (O)—The name of the company or organization that owns this iLO subsystem.
Page 246: Directory Authentication And Authorization
Directory authentication and authorization The iLO firmware supports Kerberos authentication with Microsoft Active Directory. It also supports directory integration with an Active Directory or OpenLDAP directory server. When you configure directory integration, you can use the schema-free option. The iLO firmware connects to directory services by using SSL connections to the directory server LDAP port.
Page 247 Kerberos settings • Kerberos Authentication—Enables or disables Kerberos login. If Kerberos login is enabled and configured correctly, the Zero Sign In button appears on the login page. • Kerberos Realm—The name of the Kerberos realm in which the iLO processor operates. This value can be up to 128 characters.
Page 248 The directory server address can be up to 127 characters. If you enter the FQDN, ensure that the DNS settings are configured in iLO. NEC Corporation recommends using DNS round-robin when you define the directory server. • Directory Server LDAP Port—Specifies the port number for the secure LDAP service on the server.
Page 249 Do not disable local user access until you have validated access through Kerberos or a directory. • When you use Kerberos authentication or directory integration, NEC Corporation recommends enabling local user accounts and configuring a user account with administrator privileges. This account can be used if iLO cannot communicate with the directory server.
Page 250 Directory Administrator Distinguished Name and Directory Administrator Password boxes. NEC Corporation recommends that you use the same credentials that you used when creating the iLO objects in the directory. iLO does not store these credentials; they are used to verify the iLO object and user search contexts.
Page 251 Directory test input values Enter the following values when you run directory tests: • Directory Administrator Distinguished Name—Searches the directory for iLO objects, roles, and search contexts. This user must have the right to read the directory. • Directory Administrator Password—Authenticates the directory administrator. •...
Page 252 stop when the tests run to completion, when a test failure prevents further progress, or when the tests are stopped. Test results follow: ◦ Passed—The test ran successfully. If more than one directory server was tested, all servers that ran this test were successful. Not Run—The test was not run.
Page 253 This test binds the connection with the user name specified in the test controls. If no user is specified, iLO does an anonymous bind. If the test is successful, the directory server accepted the binding. Directory Administrator Login If Directory Administrator Distinguished Name and Directory Administrator Password were specified, iLO uses these values to log in to the directory server as an administrator.
Page 254: Configuring Encryption Settings
Configuring encryption settings IMPORTANT: For iLO 5 Firmware Version 1.15 Aug 17 2017 or earlier：Does not use encryption settings and leave it as default. If you change encryption settings, Express report service and Product Info Collection Utility etc. will not work.
Page 255 • 128-bit AES with RSA, DH, and a SHA1 MAC (DHE-RSA-AES128-SHA) • 128-bit AES-GCM with RSA, and an AEAD MAC (AES128-GCM-SHA256) • 128-bit AES with RSA, and a SHA256 MAC (AES128-SHA256) • 128-bit AES with RSA, and a SHA1 MAC (AES128-SHA) •...
Page 256: Nec Sso
NEC SSO NEC SSO enables you to browse directly from an NEC SSO-compliant application to iLO, bypassing an intermediate login step. To use this feature: • You must have a supported version of an NEC SSO-compliant application. • Configure iLO to trust the SSO-compliant application.
Page 257: Configuring The Login Security Banner
Configuring the Login Security Banner The Login Security Banner feature allows you to configure the security banner displayed on the iLO login page. For example, you could enter a message with contact information for the owner of the server. Prerequisites Configure iLO Settings privilege Procedure Click Security in the navigation tree, and then click Login Security Banner.
Page 258 The security message is displayed at the next login.
Page 259: Ilo Security With The System Maintenance Switch
iLO security with the system maintenance switch The iLO security setting on the system maintenance switch provides emergency access to an administrator who has physical control over the server system board. Disabling iLO security allows login access with all privileges, without a user ID and password, provided that iLO is configured to use the Production security state.
Page 260: Configuring Ilo Management Settings
Configuring iLO management settings Agentless Management and AMS Agentless Management uses out-of-band communication for increased security and stability. With Agentless Management, health monitoring and alerting is built into the system and begins working the moment a power cord is connected to the server. This feature runs on the iLO hardware, independent of the operating system and processor.
Page 261: Configuring Snmp Settings
Configuring SNMP settings The settings you configure on this page are for the default Agentless Management and AMS configuration. If you use the System Management Assistant and an OS-based SNMP service, similar settings must be configured on the host. Prerequisites Configure iLO Settings privilege Procedure Click Management in the navigation tree.
Page 262: Snmpv3 Authentication
SNMP options • System Location—A string of up to 49 characters that specifies the physical location of the server. • System Contact—A string of up to 49 characters that specifies the system administrator or server owner. The string can include a name, email address, or phone number. •...
Page 263 Prerequisites Configure iLO Settings privilege Procedure Click Management in the navigation tree. The SNMP Settings page is displayed. Select a user profile in the SNMPv3 Users section, and then click Edit. If user profiles are not configured, the Security Name column displays each profile with the value unset.
Page 264 DES. • Privacy Passphrase—Sets the passphrase used for encrypt operations. Enter a value of 8 to 49 characters. Deleting an SNMPv3 user profile Prerequisites Configure iLO Settings privilege Procedure Click Management in the navigation tree. The SNMP Settings page is displayed. Scroll to the SNMPv3 Users section.
Page 265 Enter a value in the SNMPv3 Engine ID box. This value must be a hexadecimal string of 6 to 32 characters, not counting the preceding 0x, and must be an even number of characters (for example, 0x01020304abcdef). Click Apply.
Page 266 Configuring SNMP alerts Prerequisites Configure iLO Settings privilege Procedure Click Management in the navigation tree. The SNMP Settings page is displayed. Scroll to the SNMP Alerts section. Configure the Trap Source Identifier by selecting iLO Hostname or OS Hostname. Enable or disable the following alert types: •...
Page 267 hard drives are moved to a new server platform. The iLO sysName, however, remains persistent with the system board. iLO SNMP Alerts Alert conditions that iLO detects independently of the host operating system can be sent to specified SNMP alert destinations. If this option is disabled, no traps will be sent to the configured SNMP alert destinations.
Page 268 Using the AMS Control Panel to configure SNMP and SNMP alerts (Windows only) Procedure Open the Agentless Management Service Control Panel. Click the SNMP tab. Update the SNMP settings. Optional: To generate a test alert and send it to the TCP/IP addresses in the Trap Destination(s) boxes, click Send Test Trap.
Page 269: Snmp Traps
SNMP traps SNMP traps lists the SNMP traps that you can generate with iLO 5. Table 3: SNMP traps Trap Trap name Description number Cold Start Trap SNMP has been initialized, the system has completed POST, or AMS has started.
Page 270 Trap Trap name Description number 2017 cpqSiHoodRemovedOnPowerOff System hood removed when server power was off. 3033 cpqDa6CntlrStatusChange A change has been detected in the status of the Smart Array controller. 3034 cpqDa6LogDrvStatusChange A change has been detected in the status of a Smart Array logical drive. 3038 cpqDa6AccelStatusChange A change has been detected in the...
Page 271 Trap Trap name Description number 6037 cpqHe3FltTolFanRedundancyLost The fault-tolerant fans have lost redundancy. 6038 cpqHe3FltTolFanInserted A fault-tolerant fan has been inserted. 6039 cpqHe3FltTolFanRemoved A fault-tolerant fan has been removed. 6040 cpqHe3TemperatureFailed Temperature exceeded on the server. 6041 cpqHe3TemperatureDegraded The temperature status has been set to Degraded, and the temperature is outside the normal operating range.
Page 272 The server power has been reset. 9003 cpqSm2UnauthorizedLoginAttempts The maximum unauthorized login attempt threshold has been exceeded. 9005 cpqSm2SelfTestError iLO 5 detected a self test error. 9012 cpqSm2SecurityOverrideEngaged iLO 5 detected that the security override jumper has been toggled to the engaged position. 9013...
Page 273 Trap Trap name Description number 9019 cpqSm2ServerPowerOnFailure A request was made to power on the server, but the server could not be powered on because of a failure condition. 9021 cpqSm2FirmwareValidationScanFailed Firmware validation failure happened on iLO/ IE/ SPS firmware 9022 cpqSm2FirmwareValidationScanErrorRepaired Firmware integrity scan issue...
Page 274 For more information about these SNMP traps, see the following MIB files in the MIB update kit: cpqida.mib Drive array cpqhost.mib Server host system details cpqhlth.mib Server health system cpqsm2.mib Integrated Lights-Out cpqide.mib IDE subsystem cpqscsi.mib SCSI system cpqiscsi.mib iSCSI system cpqnic.mib System NIC cpqstsys.mib...
Page 275: Ilo Alertmail
1.10 Jun 07 2017 Server Model: Express5800/R120h-2M System ROM: U30 06/14/2017 Server UUID: 01234567-89AB-CDEF-0123-4367890ABCDE PLEASE DO NOT REPLY TO THIS EMAIL. For more details about NEC iLO technology, visit: jpn.nec.com/express/ Enabling AlertMail Prerequisites • An iLO license that supports this feature is installed.
Page 276 MTA to deliver the email. This string can be up to 63 characters. IMPORTANT: For iLO 5 Firmware Version 1.10 Jun 07 2017：It is not able to perform name resolution on the IPv6 DNS server. When using in IPv6 environment, you set the SMTP Server with the IP address.
Page 277: Remote Syslog
Syslog feature is enabled in iLO, it can send its logs to the syslog server. IMPORTANT: For iLO 5 Firmware Version Aug 17 2017 or earlier：It is not able to perform name resolution on the IPv6 DNS server. When using in IPv6 environment, you set the Remote Syslog Server with the IP address.
Page 278 Disabling iLO Remote Syslog Prerequisites • An iLO license that supports this feature is installed. • Configure iLO Settings privilege Procedure Click Management in the navigation tree, and then click the Remote Syslog tab. Set the Enable iLO Remote Syslog option to disabled. To save the changes, click Apply.
Page 279: Ipmi Server Management
IPMI server management Server management through IPMI is a standard method for controlling and monitoring the server. The iLO firmware provides server management based on the IPMI version 2.0 specification, which defines the following: • Monitoring of system information such as fans, temperatures, and power supplies •...
Page 280 Advanced IPMI tool usage on Linux The Linux IPMI tool can communicate securely with the iLO firmware by using the IPMI 2.0 RMCP+ protocol. This feature is the ipmitool lanplus protocol feature. For example: To retrieve the iLO Event Log, enter: ipmitool -I lanplus -H <iLO ip address>...
Page 281: Managing Ilo Reboots, Factory Reset, And Nmi
17. Managing iLO reboots, factory reset, and Rebooting (resetting) iLO In some cases, it might be necessary to reset iLO; for example, if iLO is not responding to the browser. Using the Reset option does not make any configuration changes, but ends all active connections to the iLO firmware.
Page 282 The UEFI System Utilities start. From the System Utilities screen, click System Configuration, and then click BMC Configuration Utility. Select Yes in the Reset iLO menu. The BMC Configuration Utility prompts you to confirm the reset. Click OK. iLO resets and all active connections are ended. If you are managing iLO remotely, the remote console session is automatically ended.
Page 283 Performing a hardware iLO reboot with the server UID button When you initiate a hardware iLO reboot, the server hardware initiates the iLO reboot. Procedure To initiate a hardware iLO reboot, press and hold the UID button for 10 seconds or longer. CAUTION: Initiating a hardware iLO reboot does not make any configuration changes, but ends all active connections to iLO.
Page 284: Reset Ilo To The Factory Default Settings
Reset iLO to the factory default settings In some cases, you might need to reset iLO to the factory default settings. For example, you must reset iLO to the default settings when you disable FIPS mode. You can use the BMC Configuration Utility, the iLO RESTful API to perform this task.
Page 285 When prompted to confirm the request, click OK to exit the screen and resume the boot process. 10. Optional: Use the default iLO account information to log in to iLO after the reset.
Page 286: Generating An Nmi
Generating an NMI The Generate NMI to System feature enables you to stop the operating system for debugging. CAUTION: Generating an NMI as a diagnostic and debugging tool is used primarily when the operating system is no longer available. NMI is not used during normal operation of the server.
Page 287: Troubleshooting
Troubleshooting Using the iLO Virtual Serial Port with Windbg If you want to debug a server, you can use the iLO Virtual Serial Port feature with the Windows Windbg kernel debugger running on a local test system. Prerequisites PuTTY is installed on the local test system. You can download PuTTY from the following website: http://www.putty.org/.
Page 288 The ipport parameter is optional. The default port is 3002. You can add other windbg command-line parameters if necessary. NEC Corporation recommends using the -b parameter for the initial breakpoint. 11. Go to the server console (or access the iLO Remote Console), and press Enter to boot the debug selection on the OS load menu.
Page 289: Using The Server Health Summary
Using the Server Health Summary You can use iLO to display the Server Health Summary on an external monitor when the server is powered on or off. This feature is useful for troubleshooting when the server will not start up, and can also be used to view the server IP address and other health information.
Page 290 The server power status. Product Name The server model. Serial Number The server serial number. Product ID The product with which this iLO processor is integrated. iLO Firmware The installed iLO Firmware version. System ROM The installed system ROM version. Backup ROM The backup system ROM version.
Page 291: Incorrect Time Stamp On Ilo Event Log Entries
Incorrect time stamp on iLO Event Log entries Symptom iLO Event Log entries have an incorrect date or time. Cause The NTP server addresses or the time zone is configured incorrectly. Action Verify that the SNTP settings are configured correctly.
Page 292: Login And Ilo Access Issues
Login and iLO access issues iLO firmware login name and password not accepted Symptom An iLO firmware login attempt fails. Cause The user account information was entered incorrectly. Action Enter the correct user account information. Passwords are case-sensitive. User names are not case-sensitive. Uppercase and lowercase characters are treated the same (for example, Administrator is treated as the same user as administrator).
Page 293 Unable to access the iLO login page Symptom The iLO web interface login page will not load. Solution 1 Cause The SSL encryption level in the browser is not set to 128-bit or higher. The SSL encryption level in iLO is set to 128-bit or higher and cannot be changed. The browser and iLO encryption levels must be the same.
Page 294 setting. Unable to return to iLO login page after iLO reset Symptom The iLO login page will not open after an iLO reset. Action 1. Clear the browser cache and restart the browser. An iLO connection error occurs after an iLO firmware update Symptom You cannot connect to iLO after updating the firmware by using the web interface.
Page 295 The self-signed certificate has iLO in the certificate name, and the Issued By value includes the text Default Issuer. Do not install the iLO self-signed certificate in the browser certificate store. If you want to install a certificate, request a permanent certificate from a CA and import it into iLO. See the browser documentation for more information about working with certificates.
Page 296: Unable To Connect To Ilo Ip Address
Unable to connect to iLO IP address Symptom Cannot connect to iLO through the iLO IP address. Cause The web browser is configured to use a proxy server. Action 1. To connect to iLO without using the proxy server, add iLO to the list of proxy server exceptions.
Page 297 6. Click the Others tab, and then delete any certificates related to iLO. 7. Click OK. 8. Start Firefox and connect to iLO. Solution 2 Cause The installed certificate contains the same serial number as another certificate issued by the certificate authority.
Page 298 Solution 1 Action Click Advanced. Click Proceed to <iLO hostname or IP address> (unsafe). Log in to iLO. Solution 2 Action Navigate to the Administration > Security > SSL Certificate page. Obtain and import an SSL certificate. Reset iLO. Certificate error when navigating to iLO web interface with Firefox Symptom When you navigate to the iLO web interface with Firefox, a certificate error appears.
Page 299 iLO login page displays a Website Certified by an Unknown Authority message Cause The message Website Certified by an Unknown Authority is displayed when you navigate to the iLO login page. Action To ensure that you are browsing to the correct management server (not an imposter), view the certificate.
Page 300: Directory Issues
Directory issues Logging in to iLO with Kerberos authentication fails Symptom A Kerberos login attempt fails. Solution 1 Cause The client does not have a ticket or has an invalid ticket. Action 1. To lock the client PC and get a new ticket, press Ctrl+Alt+Del. Solution 2 Cause Kerberos login is configured incorrectly.
Page 301 1. Repair the DNS server. iLO credential prompt appears during Kerberos login attempt Symptom When a user clicks the Zero Sign In button, a credential prompt appears. Cause The browser is not configured correctly for Kerberos login. Action 1. Configure the browser to support Kerberos login. iLO credential prompt appears during Kerberos login by name attempt Symptom A credential prompt appears when a user tries to log in to iLO with a user name in Kerberos SPN...
Page 302 If the directory server is unavailable, log in with a local user account. Configured directory user contexts do not work with iLO login Symptom Directory user contexts are configured, but the login options they provide do not work. Cause The user object in the directory or the user context is not configured correctly. Action Verify that the full DN of the user object exists in the directory.
Page 303 1. Try again, and ensure that the principal name in the ktpass command is formatted correctly. Error when running Setspn for iLO Kerberos configuration Symptom An error occurred when running the Setspn command. Action Use MMC with the ADSIEdit snap-in, and find the computer object for iLO. Set the DNSHostName property to the iLO DNS name.
Page 304 There is a certificate problem: • An SSL certificate is not installed on the Active Directory server. • An old SSL certificate on the Active Directory server points to a previously trusted CA with the same name as the CA in the current certificate. This situation might happen if a certificate service is added and removed, and then added again.
Page 305 • Check to see if a firewall is active on the directory server. • Check for network routing issues. Connect to Directory Server test reports a failure Symptom The Connect to Directory Server test reports the status Failed. Cause iLO failed to initiate an LDAP connection with the specified directory server. Action •...
Page 306 • If you verified that the user name is correct, try using other user name formats; for example, user@domain.com, DOMAIN\username, username (called Display Name in Active Directory), or userlogin. • Verify that the specified user is allowed to log in and is enabled. Directory Administrator Login test reports a failure Symptom The Directory Administrator Login test reports the status Failed.
Page 307 • Check to see if access restrictions are configured for the specified user account. Directory User Contexts test reports a failure Symptom The Directory User Contexts test reports the status Failed. Cause When iLO used the provided Directory Administrator Distinguished Name to search for a specified user context, the container was not found in the directory.
Page 308: Remote Console Issues
Remote Console issues The following sections discuss troubleshooting Remote Console issues. IMPORTANT: Pop-up blocking applications, which prevent the automatic opening of new windows, prevent the Remote Console from running. Disable any pop-up blocking programs before you start the Remote Console. iLO Java IRC displays red X when Firefox is used to run Java IRC on Linux client Symptom...
Page 309 Cursor cannot reach iLO Remote Console window corners Symptom The mouse cursor cannot be moved to the corners of the Remote Console window. Action Right-click and drag the mouse cursor outside the Remote Console window, and then drag it back inside. iLO Remote Console text window not updated correctly Symptom When you use the Remote Console to display text windows that scroll at a high rate of speed,...
Page 310 it back inside. Mouse or keyboard not working in iLO Java IRC (Java Applet) Symptom The mouse or keyboard does not work in the Java IRC (Java Applet option). Solution 1 Action Close the Java IRC. Navigate to the Power Settings page. Clear the Enable persistent mouse and keyboard check box, and then click Apply.
Page 311 iLO .NET IRC sends characters continuously after switching windows Symptom When you switch to a different window, the .NET IRC sends characters continuously. Cause If you press a key during a .NET IRC session, and you switch windows, the key might remain pressed in the session.
Page 312 the Java IRC. Action To synchronize the Caps Lock settings, select Keyboard > Caps Lock in the Java IRC. Num Lock out of sync between iLO and Shared Remote Console Symptom When you log in to a Shared Remote Console session, the Num Lock setting might be out of sync between iLO and some of the Remote Console sessions.
Page 313 replay mode Symptom When a Remote Console session leader plays captured video data, a prompt is not displayed when another user requests to access or share the .NET IRC. Cause The request to access or share the .NET IRC timed out. Action Contact the other user or use the Remote Console acquire feature to take control of the .NET IRC.
Page 314 • Reset iLO.
Page 315 Solution 2 Cause A connected Virtual Media session is being used to perform a continuous copy operation. The continuous copy operation takes priority and, consequently, the .NET IRC loses synchronization. Eventually, the Virtual Media connection resets multiple times and causes the USB media drive for the OS to lose synchronization with the Virtual Media client.
Page 316 Explorer on the client computer. Cause File changes on an iLO Virtual Media USB key cannot be viewed in Windows Explorer by the user on the client computer. Windows Explorer keeps a cached copy of the files on the USB key. The iLO Remote Console does not notify the Windows Shell when the USB key is updated with file changes.
Page 317 Restart the browser and start the .NET IRC. iLO .NET IRC will not start Symptom When you start the .NET IRC, the Cannot Start Application dialog box appears with the message Application cannot be started. Contact the application vendor. Action 1.
Page 318 now. • Use a different browser. iLO .NET IRC will not start in Google Chrome Symptom When you launch the .NET IRC in Google Chrome, the application fails to start. Cause Previous versions of Google Chrome could run the .NET IRC with an NPAPI plug-in that supported ClickOnce.
Page 319: Ssh Issues
SSH issues Initial PuTTY input slow with iLO Symptom During the initial connection to iLO through a PuTTY client, input is accepted slowly for approximately 5 seconds. Action Verify that the client configuration options are correct. Clear the Disable Nagle's algorithm check box in the low-level TCP connection options. PuTTY client unresponsive with iLO Shared Network Port Symptom When you use a PuTTY client with the Shared Network Port, the PuTTY session becomes...
Page 320: Ilo Federation Issues
iLO Federation issues Query errors occur on iLO Federation pages Symptom When you open an iLO Federation page, iLO peers and associated data might be missing from the page, and the following error is displayed: Errors occurred during query, returned data may be incomplete or inconsistent.
Page 321 • Network configuration changes are preventing communication between the local iLO system and a peer. • The enclosure that contains the peer is not configured for iLO Federation support. Action • Remove or repair the failed peer. • Verify that the network is configured to allow communication between the iLO peers. iLO Multi-System Map page displays a 502 error Symptom The Multi-System Map page shows a 502 error.
Page 322 • Wait for twice the configured multicast interval, and then refresh the iLO Federation page. If an iLO system was reconfigured and can no longer communicate with the local iLO system, it will be dropped from its peer relationships after they expire. •...
Page 323: Firmware Update Issues
Firmware update issues Unsuccessful iLO firmware update Symptom The following issues occur when you try to update the iLO firmware: • iLO firmware is not responding. • iLO did not accept the firmware update request. • An iLO firmware update stopped before the update was complete. Solution 1 Cause A communication or network issue occurred.
Page 324 iLO network Failed Flash Recovery Most firmware upgrades finish successfully. In the unlikely event of server power loss during an iLO firmware upgrade, iLO might be recoverable when power is restored. When the iLO starts, the startup code performs image validation on the main image. If the image is corrupted or incomplete and it cannot be recovered automatically with the Secure Recovery feature, iLO enters Failed Flash Recovery mode.
Page 325: Licensing Issues
Licensing issues License key installation errors Symptom You see a License Key Error or a License Installation Failed message. Solution 1 Cause The key is not an iLO license key. Action Obtain an iLO license key, and then try again. Solution 2 Cause An evaluation key was submitted when a regular license was previously installed.
Page 326: Unable To Access Virtual Media Or Graphical Remote Console
Unable to access Virtual Media or graphical Remote Console Symptom The Virtual Media and graphical Remote Console features are unavailable. Cause You enable the iLO Virtual Media and graphical Remote Console features by installing an optional iLO license. If a license is not installed, a message informs you that these features are not available without a license.
Page 327: Ilo License Options
iLO license options Table 4 lists the features that are included with each iLO license. Table 4 iLO standard and licensed features License for License for License for Remote Remote Remote Onboard Management Management Management features (Advanced) (Scale-Out) (Essentials) Feature (Standard) N8115-33 N8115-34...
Page 328: Ports Used In Ilo
Ports used in iLO iLO uses the TCP/IP and UDP/IP ports listed below. Table 5 iLO uses the TCP/IP and UDP/IP ports Module name iLO Port # Direction Protocol Port # ⇔ Dynamic Secure Shell (SSH) Web Non-SSL ⇔ Dynamic NetBIOS-NS ⇔...
Page 329: Glossary
Glossary 3DES Triple DES, the Data Encryption Standard cipher algorithm. ABEND Abnormal end. ACPI Advanced Configuration and Power Interface. Advanced Encryption Standard. Active Health System (AHS) monitors the status/configuration of the server, and records it to a log file if any changes occur. AHS log is used for maintenance to investigate the failure.
Page 330 Software that can report the server failure to the contact center by E-mail or modem. Service This software is installed with NEC ESMPRO ServerAgentService to the server. Express Report Software that can report the server failure to the contact center by HTTPS. This Service (HTTPS) software is installed with NEC ESMPRO ServerAgentService to the server.
Page 331 A terminal emulator that can act as a client for the SSH, Telnet, rlogin, and raw TCP protocols and as a serial console client. RAID Report A service that monitors the RAID system of the server and sends information to NEC Service ESMPRO if the RAID system has a failure.
Page 332 configured as primary (master), the other as secondary (slave), each SATA drive is connected to its own interface. Secure Digital. Secure Hash Algorithm. System Insight Display (SID) is an optional product that can indicate the statuses of each device on motherboard. SLAAC Stateless address autoconfiguration.
Page 333 Virtual Serial Port. WBEM Web-Based Enterprise Management. WINS Windows Internet Name Service.
Page 335 NEC Express Server iLO 5 User’s Guide October 2017 NEC Corporation 7-1 Shiba 5-Chome, Minato-Ku Tokyo 108-8001, Japan © NEC Corporation 2017 The contents of this manual may not be copied or altered without the prior written permission of NEC Corporation.

NEC iLO 5 User Manual

1 Ilo

2 Setting up Ilo

3 Using the Ilo Web Interface

4 Viewing Ilo Information and Logs

5 Viewing General System Information

6 Managing Firmware, Software, and Language Packs

7 Configuring and Using Ilo Federation

8 Ilo Integrated Remote Console

9 Using a Text-Based Remote Console

10 Using Ilo Virtual Media

11 Using the Power and Thermal Features

12 Configuring Ilo Network Settings

13 Using the Ilo Administration Features

14 Using the Ilo Security Features

15 Configuring Ilo Management Settings

16 IPMI Server Management

17 Managing Ilo Reboots, Factory Reset, and NMI

18 Troubleshooting

Ilo License Options

Ports Used in Ilo

Glossary

Quick Links

Related Manuals for NEC iLO 5

Summary of Contents for NEC iLO 5

Table of Contents