Download  Print this page

HP Integrated Lights-Out User Manual

Integrated lights-out firmware 1.91
Hide thumbs

Advertisement

HP Integrated Lights-Out

User Guide

for HP Integrated Lights-Out firmware 1.91
Part Number 382327-003
May 2007 (Third Edition)

Advertisement

Table of Contents
loading

  Related Manuals for HP Integrated Lights-Out

  Summary of Contents for HP Integrated Lights-Out

  • Page 1: User Guide

    HP Integrated Lights-Out User Guide for HP Integrated Lights-Out firmware 1.91 Part Number 382327-003 May 2007 (Third Edition)
  • Page 2 © Copyright 2005, 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 3: Table Of Contents

    New in this release of iLO .......................... 9 iLO overview ............................10 Typical usage ..........................10 HP ProLiant Essentials Rapid Deployment Pack Integration..............11 iLO browser interface overview ......................... 11 Supported server operating system software..................12 Supported browsers and client operating systems ................13 Linux browser configuration ......................
  • Page 4 Enabling and configuring VLAN using XML..................45 ProLiant BL p-Class configuration ....................... 45 ProLiant BL p-Class user requirements ....................45 Static IP bay configuration ......................45 HP BladeSystem setup ........................48 iLO security ..........................53 Security features............................53 General security guidelines........................53 Password guidelines ........................
  • Page 5 Directory services........................104 Overview of directory integration ......................104 Benefits of directory integration ....................... 104 Advantages and disadvantages of schema-free directories and HP schema directory ........105 Setup for Schema-free directory integration....................107 Active Directory preparation ......................108 Schema-free browser-based setup ....................109 Schema-free scripted setup......................
  • Page 6 Upgrading firmware on management processors ................147 Selecting a directory access method ....................148 Naming management processors ....................149 Configuring directories when HP Extended schema is selected ............150 Configuring directories when schema-free integration is selected ............151 Setting up management processors for directories................152 HPQLOMGC operation..........................
  • Page 7 Server name still present after ERASE utility is executed ..............185 Troubleshooting a remote host....................... 185 Directory services schema ......................186 HP Management Core LDAP OID classes and attributes................186 Core classes ..........................186 Core attributes ..........................186 Core class definitions ........................186 Core attribute definitions ......................
  • Page 8 Lights-Out Management attribute definitions ..................191 Technical support........................193 HP contact information ........................... 193 Before you contact HP..........................193 Acronyms and abbreviations...................... 194 Index............................200 Contents 8...
  • Page 9: Operational Overview

    The HP iLO management processor provides multiple ways to configure, update, operate, and manage servers remotely. The HP Integrated Lights-Out User Guide describes each feature and how to use the feature with the web-based interface and ROM-Based Setup Utility. The HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide describes the syntax and tools available to use iLO through a command line or scripted interface.
  • Page 10: Ilo Overview

    These examples illustrate how iLO is used to manage HP ProLiant servers from your office, home, or travel location. As you begin using iLO and defining your specific infrastructure requirements, refer to this guide for additional ways to simplify your remote server management needs.
  • Page 11: Hp Proliant Essentials Rapid Deployment Pack Integration

    CPQLOCFG is a Microsoft® Windows® utility that sends RIBCL scripts to iLO over the network. CPQLODOS is a DOS deployment utility (part of the HP SmartStart Scripting Toolkit) that runs on the host during SmartStart or RDP deployment.
  • Page 12: Supported Server Operating System Software

    Directory services (on page 104) Directory-enabled remote management (on page 134) Certificate services (on page 141) Lights-Out directories migration utilities (on page 143) HP Systems Insight Manager integration (on page 156) Troubleshooting iLO Directory services schema (on page 186) Supported server operating system software iLO is an independent microprocessor running an embedded operating system.
  • Page 13: Supported Browsers And Client Operating Systems

    This browser is supported on Microsoft® Windows® products. If you are using single-cursor mode in Remote Console or virtual media, Java™ JVM is required. HP supports Java™ 1.4.2. To download the recommended JVM for your system configuration, refer to the HP website (http://www.hp.com/servers/manage/jvm).
  • Page 14: Configuring Ilo

    Local on-line scripted setup using HPONCFG iLO RBSU HP recommends iLO RBSU to initially set up iLO and configure iLO network parameters for environments that do not use DHCP and DNS or WINS. RBSU provides the basic tools to configure iLO network settings and user accounts to get iLO on the network.
  • Page 15: Browser-Based Setup

    Make and save any necessary changes to the iLO configuration. Exit iLO RBSU. HP recommends using DNS or DHCP with iLO to simplify installation. If DNS/DHCP cannot be used, use the following procedure to disable DNS and DHCP and configure the IP address and the subnet mask: Restart or power up the server.
  • Page 16: Network Connection Overview

    iLO firmware detects the presence of RILOE II and automatically disables iLO functionality. Additionally, if iLO firmware detects the presence of the original RILOE, and iLO displays an invalid configuration message. To re-enable iLO functionality after a RILOE II is removed, use the Security Override Switch and iLO RBSU (on page 14).
  • Page 17: Configure The Ip Address

    This step is necessary only if you are using a static IP address. When using dynamic IP addressing, your DHCP server will automatically assign an IP address for iLO. HP recommends using DNS or DHCP with iLO to simplify installation...
  • Page 18: Installing Ilo Device Drivers

    Microsoft Windows NT, Windows 2000, and Windows Server 2003 Driver Support The device drivers that support the iLO are part of the PSP that is located on the HP website (http://www.hp.com/support) or on the SmartStart CD. Before you install the Windows® drivers, obtain the Windows®...
  • Page 19: Novell Netware Server Driver Support

    The PSP for Novell NetWare includes an installer that analyzes system requirements and installs all drivers. The PSP is available on the HP website (http://www.hp.com/support) and on the SmartStart CD. When updating iLO drivers, be sure iLO is running the latest version of the iLO firmware. The latest version can be obtained as a Smart Component from the HP website (http://www.hp.com/servers/lights-...
  • Page 20: Enabling Advanced Ilo Functionality

    –ivh hprsm-d.vv.v-pp.Linux_version.i386.rpm where: d is the Linux distribution and version and vv.v-pp are version numbers. For additional information, refer to the Software and Drivers website (http://www.hp.com/support). To remove the health and iLO drivers, use the following commands: rpm –e hprsm rpm –e hpasm...
  • Page 21: Licensing

    A free 60-day evaluation license is available for download on the HP website (http://h10018.www1.hp.com/wwsolutions/ilo/iloeval.html). The evaluation license activates and accesses iLO Advanced features. You can only install one evaluation license per iLO. After the evaluation period, an iLO Advanced license is required to continue using the advanced features. iLO Advanced features automatically deactivate when the evaluation license key expires.
  • Page 22: Activating Ilo Licensed Features Using A Browser

    Click Licensing to display the iLO Licensing activation screen. Enter the activation key in the space provided. Click Install. The EULA confirmation appears. The EULA details are available on the HP website (http://www.hp.com/servers/lights-out) and with the Advanced Pack License kit.
  • Page 23: User Administration

    User administration User Administration enables you to manage the user accounts stored locally in the secure iLO memory. Directory user accounts are managed using MMC or ConsoleOne snap-ins. Using the User Administration screen, you can add a new user, view or modify an existing user's settings, or delete a user. iLO supports up to 12 users with customizable access rights, login names and advanced password encryption.
  • Page 24: Global Settings

    Viewing or modifying an existing user's settings IMPORTANT: Only users with the Administer User Accounts privilege can manage other users on iLO. All users can change their own password using the View/Modify User feature. Log on to iLO using an account that has the Administer User Accounts privilege. Click Administration.
  • Page 25 You must have the Configure iLO Settings privilege to change these settings. Users that do not have the Configure iLO Settings privilege can only view assigned settings. To manage this privilege, use the Configure Local Device Settings in the directory administration snap-ins for directory users. The Global Settings option enables you to define the following functions: Idle Connection Timeout (minutes) Enable Lights-Out Functionality...
  • Page 26: Network Settings

    Click Global Settings. Change global settings by entering your selections. After completing any parameter changes, click Apply to save the changes. For more information, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide. Network settings The Network Settings option enables you to view and modify the NIC IP address, subnet mask, and other TCP/IP-related settings.
  • Page 27 When you click Apply, iLO restarts, and your browser connection to iLO terminates. To re-establish a connection, wait 60 seconds before launching another web browser session and logging in. For more information, see the HP Integrated Lights-Out Scripting and Command Line Resource Guide. iLO diagnostic port configuration parameters The iLO Diagnostic Port on the front of ProLiant BL p-Class servers enables you to access and troubleshoot server issues by using a diagnostic cable.
  • Page 28: Snmp/Insight Manager Settings

    In the event that an iLO firmware update has failed, there are various recovery options. For all of these options, you need a current firmware image. HP does not recommended downgrading iLO firmware, and the version you have could be corrupt.
  • Page 29 Forward Insight Manager Agent SNMP Alerts Enable SNMP Pass-thru Enable p-Class Alert Fowarding (displayed on p-Class servers only) For more information, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide. To configure alerts: Log in to iLO using an account that has the Configure iLO Settings privilege.
  • Page 30: Directory Settings

    Web browser. Only users with the Update iLO Firmware privilege can upgrade the iLO firmware. The most recent firmware for iLO is available on the HP website. To upgrade the iLO firmware using a supported Web browser: Log on to iLO using an account that has the Configure iLO Settings privilege.
  • Page 31: Certificate Administration

    Serial Number is the serial number assigned to the certificate by the CA. The Importing a Certificate page displays information about how to import a certificate. For more information about importing certificates, see "Certificates (on page 54)" and the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide.
  • Page 32: Ssh Key Administration

    (the key will not be listed here if the local account does not exist.) Alternatively, you can authorize SSH keys for an HP SIM server by running the mxagentconfig tool from the HP SIM server, specifying the address and user credentials for iLO.
  • Page 33: Two-Factor Authentication Settings

    Two-Factor Authentication Settings This page displays the configuration of two-factor authentication settings and the trusted CA certificate information. It also provides a method of changing the configuration and importing or deleting a trusted CA certificate. The Enforce Two-Factor Authentication setting controls whether two-factor authentication will be used for user authentication during login.
  • Page 34: Hot-Plug Keyboard

    certificate is contained in the CRL or if the CRL cannot be downloaded for any reason, access is denied. The CRL distribution point must be available and accessible to iLO when Check Certificate Revocation is set to Yes. The Certificate Owner Field setting specifies which attribute of the client certificate to use when authenticating with the directory.
  • Page 35: Hot-Plug Keyboard Troubleshooting

    Only hot-plug a local keyboard after the operating system has booted. Do not hot-unplug the local keyboard before the operating system has booted. Hot-plugging or hot- unplugging of the local keyboard before the operating system boots can lead to unpredictable results.
  • Page 36: Terminal Services Pass-Through Option

    Terminal Services pass-through option Terminal Services is provided by the Microsoft® Windows® operating systems. The iLO Terminal Services pass-through option provides a connection between the Terminal Services server on the host system and the Terminal Services client on the client system. When the Terminal Services pass-through option is enabled, iLO firmware sets up a socket, listening by default on port 3389.
  • Page 37 Driver for Windows® 2000 and Windows® Server 2003 must be installed on the server that has the iLO. The service and iLO driver are available as Smart Components on the HP website and on the HP SmartStart CD. They are also part of the ProLiant Support Pack for Microsoft® Windows®...
  • Page 38: Enabling The Terminal Services Pass-Through Option

    Windows® 2000 Terminal Services port change If the Terminal Services port is changed, Windows® 2000 client must manually configure the Terminal Services Client Connection Manager. Start the Terminal Services Client Connection Manager, and create a new connection to the terminal server.
  • Page 39: Remote Console And Terminal Services Clients

    receive the warning message indicating the disconnection until approximately one minute later. During this one-minute period, the first Terminal Services session is available or active. This is normal behavior, but it is different than the behavior observed when both Terminal Services sessions are established by Windows®...
  • Page 40: Terminal Services Troubleshooting

    The Windows® operating system is shut down. The Windows® operating system locks-up. Terminal Services troubleshooting If you are experiencing problems with iLO Terminal Services Pass-through, check the following: Verify that Terminal Services is enabled on the host by selecting My Computer>Properties>Remote>Remote Desktop.
  • Page 41: Ilo Shared Management Port Features And Restrictions

    ProLiant server Minimum iLO firmware version DL385 G1 1.64 DL580 G3 1.64 ML370 G4 1.60 ML570 G3 1.64 When using the iLO Shared Network Port, flashing the iLO firmware through the XML interface will take approximately 7 minutes to complete. iLO Shared Management Port features and restrictions Only the iLO Shared Network Port or the iLO Dedicated Management NIC port can be used for iLO server management at one time.
  • Page 42: Enabling Ilo Shared Network Port Feature Through Ilo Rbsu

    When configured for iLO Shared Network Port, iLO's MTU is 320 bytes, and its DHCP request packets are split into multiple packets (using IP fragmentation). This may be a problem if your DHCP server is on a different subnet, and your DHCP relay agent (commonly your Layer 3 Ethernet Switch) does not support forwarding of fragmented DHCP frames.
  • Page 43: Re-Enabling The Dedicated Ilo Management Port

    NIC port 1. Re-enabling the dedicated iLO management port The iLO RBSU or XML scripting (described in the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide) must be used to re-enable the iLO dedicated NIC management port.
  • Page 44: Enabling And Configuring Vlan Using The Ilo Interface

    to be on the same VLAN. Regular network traffic traveling through the Shared network Ports could be on the same LAN, different LANs, different VLAN, and so on. To communicate with iLO through a client system, the client must be on the same VLAN as the iLO Shared Network Ports, and any network switches between the iLO Shared Network Port and the client must be IEEE 802.1q compliant.
  • Page 45: Enabling And Configuring Vlan Using Xml

    Enabling and configuring VLAN using XML You can enable or disable VLAN support through XML scripting using RIBCL. For more information, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide. ProLiant BL p-Class configuration ProLiant BL p-Class servers can be accessed and configured through the: iLO Diagnostic Port on the front of the server "Browser-based setup (on page 15)"...
  • Page 46 Static IP bay configuration automates the first step of BL p-Class blade deployment by enabling the iLO management processor in each blade slot to obtain a predefined IP address without relying on DHCP. iLO is immediately accessible for server deployment using virtual media and other remote administration functions.
  • Page 47 The Enable Static IP Bay Configuration Settings checkbox, available on the Network Settings tab (not shown), allows you to enable or disable Static IP Bay Configuration. The new Enable Static IP Bay Configuration Settings option is only available on blade servers. When Static IP Bay Configuration is enabled, all fields except iLO Subsystem Name are disabled.
  • Page 48: Hp Bladesystem Setup

    HP BladeSystem setup The HP BladeSystem setup wizard provides step-by-step instructions to simplify single blade setup without requiring DHCP or PXE. The HP BladeSystem Setup page launches after you authenticate to iLO from the front port. The server blade must be properly cabled for iLO connectivity. Connect to the server blade through the server blade I/O port, while the blade is in the rack.
  • Page 49 Virtual media connection Software installation iLO configuration screen This screen enables you to: Change the administrator password. HP recommends changing the default password. Change network configuration settings. The default settings are: Enable DHCP—Yes Enable Static IP Bay Configuration—No If connected to the blade in enclosure slot 1, you can enable Static IP Bay configuration to preconfigure the static address for other iLO processors in the enclosure.
  • Page 50 Click Next to save changes and continue. Verify Server RAID Configuration screen This step of the installation wizard enables you to verify and accept server RAID configuration settings. Verify the detected RAID level for the hard drives on the blade server displayed on the web page. Click Next to keep current RAID settings.
  • Page 51 If the operating system is already installed, changing the RAID level results in a loss of data. Connect Virtual Media screen This step of the installation wizard enables you to verify and accept the drive you will use during the installation of the operating system.
  • Page 52 Install Software screen This step of the installation wizard enables you to launch the Remote Console and install the operating system. To start the operating system installation process: Click Launch Software Installation to launch the Remote Console. iLO automatically initiates a server power-on or reboot to start the operating system installation through the previously selected virtual media.
  • Page 53: Ilo Security

    iLO security In this section Security features............................. 53 General security guidelines ........................53 Securing RBSU............................55 Encryption ............................. 56 Remote Console Computer Lock ....................... 56 User accounts ............................57 Two-factor authentication ........................58 Directory settings............................ 63 Security features iLO provides the following security features: User-defined TCP/IP ports ("Network settings"...
  • Page 54: Certificates

    Include at least three of the four following characteristics: At least one numeric character At least one special character At least one lowercase character At least one uppercase character Passwords issued for a temporary user ID, password reset, or a locked-out user ID should also conform to these standards.
  • Page 55: Ilo Security Override Switch Administration

    Security Override Switch. Setting the iLO Security Override Switch also enables you to flash the iLO boot block. HP does not anticipate that you will need to update the iLO boot block. If an iLO boot block update is ever required, physical presence at the server will be required to reprogram the boot block and reset iLO.
  • Page 56: Encryption

    If iLO RBSU is disabled, user access is prohibited. This prevents modification using the RBSU interface. RBSU Login Required (more secure) If RBSU login is required, then the active configuration menus are controlled by the authenticated user's access rights. RBSU Login Not Required (default) Anyone with access to the host during POST may enter the iLO RBSU to view and modify configuration settings.
  • Page 57: User Accounts

    SCRL LCK SYS RQ Click Apply to save changes. This feature can also be configured using scripting or command lines. For more information, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide. User accounts iLO supports the configuration of up to 12 local user accounts. Each of these accounts can be managed...
  • Page 58: Privileges

    Two-factor authentication iLO is a powerful tool for managing HP ProLiant servers. To prevent misuse of this tool, access to iLO requires reliable user authentication. The 1.80 firmware release provides a stronger authentication scheme for iLO using two factors of authentication.
  • Page 59 Obtain the public certificate of the user who needs access to iLO. Export this certificate in base64 encoded format to a file on your desktop, for example, Usercert.txt. Open the file CAcert.txt in Notepad, select all of the text, and copy by pressing the Ctrl+C keys. Login to iLO and browse to the Two-Factor Authentication Settings page.
  • Page 60: Two-Factor Authentication Login

    Click Import Trusted CA Certificate. Another page displays. Click the white text area so that your cursor is in the text area, and paste the clipboard by pressing the Ctrl+V keys. Click Import Root CA Certificate. The Two-Factor Authentication Settings page displays again, with information displayed under Trusted CA Certificate Information.
  • Page 61: Two-Factor Authentication User Certificates

    After you have selected a certificate, if the certificate is protected with a password or if the certificate is stored on a smart card, a second window appears prompting you to enter the PIN or password associated with the chosen certificate. The certificate is examined by iLO to ensure is was issued by the trusted CA by checking the signature against the CA certificate configured in iLO.
  • Page 62: Using Two-Factor Authentication With Directory Authentication

    In some cases, configuring two-factor authentication with directory authentication is complicated. iLO can use HP Extended schema or Default Directory schema to integrate with directory services. To ensure security when two-factor authentication is enforced, iLO uses an attribute from the client certificate as the directory user's login name.
  • Page 63: Directory Settings

    When using the HP Extended schema method, HP recommends selecting the SAN option on the Two- factor Authentication Settings page. Directory settings iLO connects to Microsoft®...
  • Page 64: Configuring Directory Settings

    Directory User Context 2 Directory User Context 3 Click Apply Settings to save any changes. For more information, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide. To test the communication between the directory server and iLO, click Test Settings. See "Directory tests (on page 65)"...
  • Page 65: Directory Tests

    Directory tests To validate current directory settings for iLO, click Test Settings on the Directory Settings page. The Directory Tests page appears. The test page displays the results of a series of simple tests designed to validate the current directory settings.
  • Page 66: Using Ilo

    Network Settings tag attached to the server containing the iLO management processor. Use these values to access iLO remotely from a network client using a standard Web browser. For security reasons, HP recommends changing the default settings after logging in to iLO for the first time.
  • Page 67: Status Summary

    The Server Status option provides comprehensive status information about the server, including: Server name associated with the iLO management processor The Server Name field reports host is unnamed if the HP Management Agents are not loaded on the host server.
  • Page 68: Ilo Event Log

    Server video mode Server keyboard and mouse type as emulated by the Remote Console SMBIOS data such as host platform, system ROM, processors, embedded MAC addresses, expansion slots, and memory modules present at POST iLO Event Log The iLO Event Log is a record of significant events detected by iLO. Logged events include major server events such as a server power outage or a server reset.
  • Page 69: Integrated Management Log

    To clear the <LOM_short_name: Click Clear Event Log to clear the event log of all previously logged information. Click OK to confirm that you want to clear the event log. A line indicating that the log has been cleared is logged. Integrated Management Log The IML is a record of significant events that have occurred to the host platform.
  • Page 70 NVRAM environment variables listing HP uses NVRAM to store server environment variable information, for example, host controller boot order. This information can be useful to HP engineers and advanced customers who have detailed knowledge of HP System Management architecture. Virtual NMI button The Virtual NMI button halts the operating system for debugging purposes.
  • Page 71: Remote Console

    iLO Self-Test results The results of the iLO Self-Test are displayed on the Server and iLO Diagnostics screen. All tested subsystems should display Passed under normal situations. Remote Console The Remote Console tab provides access to different views of the Remote Console and enables you to define keystroke sequences that will be transmitted to the remote host server at the press of a hot key.
  • Page 72: Remote Console Information Option

    For best performance, be sure to configure the host operating system display as described in "Optimizing performance for graphical Remote Console (on page 73)." Remote Console Information option The Remote Console Information option displays the Remote Console options available, as well as a link to download an updated Java™...
  • Page 73: Optimizing Performance For Graphical Remote Console

    Linux X Display Properties—On the X Preferences screen, set the font size to 12. Remote Console For Remote Console speed, HP recommends using a 700-MHz or faster client with 128 MB or more of memory. For the Remote Console Java™ applet execution, HP recommends using a single processor client.
  • Page 74 Alternatively, the HP online configuration utility (HPONCFG) automatically adjusts these settings. You can also edit high-performance mouse settings using the XML command MOD_GLOBAL_SETTINGS. For more information about using RIBCL, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide.
  • Page 75: Remote Console Hot Keys

    Deselect Enhanced pointer precision. To automate the setting of the optimal mouse configuration, download the Lights-Out Optimization utility from the HP website (http://www.hp.com/servers/lights-out). Click the Best Practices graphic, then click the Maximize Performance links. Red Hat Linux and SuSE Linux server settings...
  • Page 76 The Remote Console hot keys are active during a remote console session through the Remote Console applet and during a text remote console session through a telnet client. To define a Remote Console hot key: Click Remote Console Hot Keys in the Remote Console tab. Select the hot key you want to define and use the dropdown boxes to select the key sequence to be transmitted to the host server at the press of the hot key.
  • Page 77: Single- And Dual-Cursor Modes For Graphical Remote Console

    Links to download the required JVMs are available on the Remote Console Information screen. You will be redirected from the main site to the Java website (http://java.sun.com). HP recommends using the version specified in the Remote Console help pages. You can obtain the specified version for Microsoft®...
  • Page 78: Acquiring The Remote Console

    Acquiring the Remote Console When the Enable Remote Console Acquire setting on the Global Settings page is set to Yes, the Remote Console page displays the Acquire button. If you have opened the Remote Console page and are notified that another user is currently using Remote Console, clicking the Acquire button ends the other user's Remote Console session and starts a Remote Console session in your current window.
  • Page 79: Windows® Ems Console

    Linux user session through serial tty (ttyS0) System POST dialog (if BIOS serial console redirection is enabled) If Remote Console Data Encryption is enabled, the Virtual Serial Port data stream is encrypted as data is passed between the iLO system and the viewing applet. Serial port configuration displays the server configuration information, the available serial ports, and the virtual serial port status.
  • Page 80 To configure the server, you must configure the RBSU for the server: Set virtual serial port to Enable. Set the serial console port to Disable BIOS, or set it to the same port as an embedded serial port. Set the EMS console to Disable EMS, or set it to the same port as an embedded serial port. Set the Microsoft®...
  • Page 81: Virtual Serial Port And Linux

    Optional Parameters: -c CommandLine = <String>—Provides additional command line parameters to the selected debugger. If there are embedded spaces or dashes (-) enclose them in quotation marks. <String> = A series of characters. -e = <Boolean>—Turns on encryption for the communications link. Encryption only works with the telnet option in this version.
  • Page 82: Virtual Serial Port And Serial Break

    Console/EMS Support tab. Selecting this tab displays the EMS Console tab, which should be set to Remote. This enables both the Virtual Serial Port and the Windows® EMS Console. To begin a shell session on the configured UART, the appropriate Linux process must be started. This process can be started from the shell, but is usually configured in the /etc/inittab file to have the process available after the kernel has booted.
  • Page 83: Virtual Devices

    Virtual devices Within the Virtual Devices tab are the following options: Virtual power (on page 83) Power regulator for ProLiant (on page 84) Virtual media (on page 86) Virtual indicators (on page 95) Virtual serial port (on page 78) Virtual power The Virtual Power button enables control of the power state of the remote server and simulates pressing the physical power button on the server.
  • Page 84: Power Regulator For Proliant

    Exceeding the available power can cause loss of all servers in the rack, server failures, and loss or corruption of data. HP recommends correcting configuration or communication problems to ensure reliable operation.
  • Page 85 Some servers might support modifying the processor power level through the system RBSU. Consult your system's user guide for more information. Enable HP Dynamic Power Savings Mode sets the processor to dynamically set the power level based on usage.
  • Page 86: Virtual Media

    Click Apply to save the desired setting. A server reboot is required to invoke the new setting. If the server does not support the feature the message HP Power Regulator for ProLiant not supported by iLO on this server is displayed across the page.
  • Page 87 For maximum performance, HP recommends using the local image files stored either on the hard drive of your client computer or on a network drive accessible through a high-speed network link.
  • Page 88 RBSU which forces the Virtual Floppy to appear as drive A. To use Virtual USBKey during a Windows® installation as a driver diskette, change the boot order of the USB key drive in the system RBSU. HP recommends placing the USB key drive first in the boot order.
  • Page 89 NetWare 6.5 supports the use of USB diskette and key drives. See "Mounting USB Virtual Floppy/USBKey in NetWare 6.5 (on page 89)" for step-by-step instructions. Red Hat and SUSE Linux Linux supports the use of USB diskette and key drives. See "Mounting USB Virtual Media/USBKey in Linux (on page 89)"...
  • Page 90 NOTE: For best performance use image files. HP recommends using local image files stored either on the hard drive of your client PC or on a network drive accessible through a high- speed network link.
  • Page 91 Click Connect. To use an image file: From the Virtual CD/DVD-ROM section of the Virtual Media applet, select Local Image File. Enter the path or file name of the image in the text box or click Browse to locate the image file using the Choose Disk Image File dialog.
  • Page 92 On Windows® 2000 SP3 or later, My Computer on the host server displays an additional CD-ROM drive when the Virtual Media applet is connected. If the server operating system is up and running and you attempt to disconnect and reconnect within the Virtual Media applet, it can fail. The icon turns green, but the additional CD-ROM drive does not display in My Computer.
  • Page 93 Enter the path or file name in the text box or click Browse to select an existing image file or to change the directory in which the image file will be created. Click Create. The virtual media applet begins the process of creating the image file. The process is complete when the progress bar reaches 100%.
  • Page 94 To enable a multi-device connection, select the Enable Virtual Media multi-device connection checkbox. A multi-device connection only functions properly on server operating systems that support composite USB devices. For each session, an initial notice message box appears. To use a multi-device connection: From the Virtual Floppy/USBKey section, select Local Floppy Drive and select one of the following options: Select the drive letter of the desired physical floppy or USB key drive on your client PC from the...
  • Page 95: Virtual Indicators

    Virtual indicators The Unit ID LED is the blue LED on the HP server that is used for identifying systems in a rack full of servers. iLO enables you to view the status of the Unit ID LED and change the status using iLO Web pages.
  • Page 96 The server blade must be properly cabled for iLO connectivity. Connect to the server blade with one of the following methods: Through an existing network (in the rack)—This method requires you to install the server blade in its enclosure and assign it an IP address manually or using DHCP. Through the server blade I/O port In the rack—This method requires you to connect the local I/O cable to the I/O port and a client PC.
  • Page 97: Rack View

    Rack View The Rack View page presents an overview of all the enclosures and their contained blade servers, network components, and power supplies. A component, when present, is indicated by the ability to select the component from the Rack View. Blank or empty bays are not selectable. Component-specific information, such as blade name, IP address, and product type is displayed as you move the mouse cursor over each component.
  • Page 98 view data. Rack View functionality requires version 2.10 or later of the Server Blade and Power Management Module firmware to display correctly. Blade configuration and information The blade configuration option provides information regarding the identity, location, and network address of the blade selected on the Rack View page. To view these settings, select a blade component and select Configure on the Rack View (on page 97) page.
  • Page 99: Enclosure Information

    Enclosure information Enclosure information is specific to the selected enclosure. Information about a particular enclosure is viewed by selecting Details located on the enumerated enclosure headers. A limited amount of rack information is available, including: Rack Name Rack Serial Number A basic set of information is available for the enclosures that do not contain the blade into which you are logged in.
  • Page 100 Power enclosure information The Power Enclosure Information page provides diagnostic information regarding the power management module and the power components contained in the power enclosure. This information provides an overview on the health and condition of the power enclosure and the power components. The following fields are available: Rack Name Rack Serial Number...
  • Page 101 Power component information Selecting a power component on the Rack View (on page 97) page displays general location, status, power output, and temperature metrics for the selected power component in the power enclosure. The Status Information section provides the following information: Bay Number AC Input Power...
  • Page 102: Ilo Control Of Proliant Bl P-Class Server Leds

    Output Fail Network component information Network component information displays the status of the patch panel or interconnect switch that has been selected. The following information is available: Fuse A Fuse B Network Component Type iLO control of ProLiant BL p-Class server LEDs iLO can monitor BL p-Class servers through POST tracking and the Server Health LED.
  • Page 103: Proliant Bl P-Class Alert Forwarding

    Insufficient power notification iLO turns the Server Health LED solid red if iLO cannot power on the server because insufficient power is in the rack infrastructure. ProLiant BL p-Class alert forwarding iLO supports blade infrastructure SNMP traps on a pass-through basis. Reporting of blade infrastructure status by iLO does not require operating system support.
  • Page 104: Directory Services

    IP addresses. Groups are maintained in the directory, not on each iLO. RILOE and RILOE II only work with HP Extended schema. (Schema-free will be added to RILOE II at later date.) iLO, RILOE, and RILOE II will only work with eDirectory with HP Extended schema.
  • Page 105: Advantages And Disadvantages Of Schema-Free Directories And Hp Schema Directory

    Directories also enable flexible configuration. Some directory configuration practices work better with iLO than others. Before configuring iLO for directories, you must decide whether to use the schema-free directory or the HP schema directory integration methods. Answer the following questions to help evaluate you directory integration requirements: Can you apply schema extensions to your directory? No—Are you using Microsoft Active Directory?
  • Page 106 HP provides tools that enable changes to a large number of iLO to be made at the same time.
  • Page 107: Setup For Schema-Free Directory Integration

    Greater flexibility controlling access. For example, you can limit access to a time of day, or from a certain range of IP addresses. Groups and permissions are maintained in the directory, not on each iLO, and HP provides the snap-ins required for managing HP groups and targets for Active Directory Users and Computers, and eDirectory ConsoleOne.
  • Page 108: Active Directory Preparation

    Active Directory preparation The schema-free option is supported on the following operating systems: Microsoft® Active Directory Microsoft® Windows® Server 2003 Active Directory SSL must be enabled at the directory. To enable SSL, install a certificate for the domain in Active Directory.
  • Page 109: Schema-Free Browser-Based Setup

    Write a script that configures iLO for schema-free directories support and run it. The following script can be used as a template. <RIBCL VERSION="2.0"> <LOGIN USER_LOGIN="admin" PASSWORD="password"> <DIR_INFO MODE = "write"> <MOD_DIR_CONFIG> <DIR_ENABLE_GRP_ACCT value = "yes"/> <DIR_GRPACCT1_NAME value ="CN=Administrators,CN=Builtin,DC=HP,DC=com "/> <DIR_GRPACCT1_PRIV value = "1"/> Directory services 109...
  • Page 110: Schema-Free Hplomig-Based Setup

    Schema-free HPLOMIG-based setup HPLOMIG is the easiest way to set up a large number of LOM processors for directories. To use HPLOMIG, download the HPQLOMIG utility and additional documentation from the HP website (http://www.hp.com/servers/lights-out). HP recommends using HPLOMIG when configuring many LOM processors for directories.
  • Page 111: Schema-Free Nested Groups

    Many organizations have users and administrators arranged into groups. Having this arrangement of existing groups is convenient because you can associate them with one or more Integrated Lights-Out Management role objects. When the devices are associated with the role objects, you can use the administrator controls to access the Lights-Out devices associated with the role by adding or deleting members from the groups.
  • Page 112: Setting Up Directory Services

    "Directory services schema (on page 186)" "Directory-enabled remote management (on page 134)" Install Download the HP Lights-Out Directory Package containing the schema installer, the management snap-in installer, and the migrations utilities from the HP website (http://www.hp.com/servers/lights-out). Run the schema installer (on page 113) once to extend the schema.
  • Page 113: Schema Documentation

    2 1.1x After the schema has been extended, you can complete the directory services setup by using HP Lights- Out Directories Migration Utilities (on page 143). The migration utilities are included in the HP Lights-Out Directory Package. Version 1.13 of the Directories Migration Utility allows Lights-Out import and export and supports different user credentials for each Lights-Out processor.
  • Page 114: Schema Preview

    supported directory services. Additional files contain only product-specific schemas. The schema installer requires the use of the .NET framework. The installer includes three important screens: Schema Preview Setup Results Schema Preview The Schema Preview screen enables the user to view the proposed extensions to the schema. This screen reads the selected schema files, parses the XML, and displays it as a tree view.
  • Page 115 the form of secure authentication to be used. If selected, directory authentication using SSL is used. If not selected and Active Directory is selected, Windows NT® authentication is used. If not selected and eDirectory is selected, the administrator authentication and the schema extension will proceed using an unencrypted (clear text) connection.
  • Page 116: Management Snap-In Installer

    The following sections provide installation prerequisites, preparation, and a working example of Directory Services for Active Directory. HP provides a utility to automate much of the directory setup process. You can download the HP Directories Support for Management Processors on the HP website (http://h18004.www1.hp.com/support/files/lights-out/us/index.html).
  • Page 117 Download the Smart Component, which contains the installers for the schema extender and the snap- ins. The Smart Component can be downloaded from the HP website (http://www.hp.com/servers/lights-out). Run the schema installer application to extend the schema, which extends the directory schema with the proper HP objects.
  • Page 118 Example: Creating and configuring directory objects for use with iLO in Active Directory The following example shows how to set up roles and HP devices in an enterprise directory with the domain testdomain.local, which consists of two organizational units, Roles and RILOES.
  • Page 119 Directory Settings screen of the iLO. Click OK. Use the HP provided Active Directory Users and Computers snap-ins to create HP Role objects in the Roles organizational unit. Right-click the Roles organizational unit, select New then Object.
  • Page 120 Using the same procedure as in step 4, edit the properties of the remoteMonitors role, add the rib- email-server device to the Managed Devices list on the HP Devices tab, and add users to the remoteMonitors role using the Members tab. Then, on the Lights Out Management tab, select the box next to the Login.
  • Page 121: Directory Services Objects

    Add users to the role objects. Set the rights and restrictions of the role objects. Active Directory snap-ins The following sections discuss the additional management options available within Active Directory Users and Computers after the HP snap-ins have been installed. Directory services 121...
  • Page 122 HP Devices The HP Devices tab is used to add the HP devices to be managed within a role. Clicking Add enables you to browse to a specific HP device and add it to the list of member devices. Clicking Remove enables you to browse to a specific HP device and remove it from the list of member devices.
  • Page 123 IP/mask IP range DNS name Time restrictions You can manage the hours available for logon by members of the role by clicking Effective Hours in the Role Restrictions tab. In the Logon Hours pop-up window, you can select the times available for logon for each day of the week in half-hour increments.
  • Page 124 In the new restriction pop-up window, enter the information and click OK. The new restriction pop-up window displays. The DNS Name option allows you to restrict access based on a single DNS name or a subdomain, entered in the form of host.company.com or *.domain.company.com. Click OK to save the changes.
  • Page 125: Directory Services For Edirectory

    Example: Creating and configuring directory objects for use with LOM devices in eDirectory The following example shows how to set up roles and HP devices in a company called samplecorp, which consist of two regions, region1 and region2. Directory services 125...
  • Page 126 In this example, two organizational units are created, called "roles" and "hp devices", in each organizational unit, "region1" and "region2". Create LOM objects in the hp devices organizational units for several iLO devices using the HP provided ConsoleOne snap-ins tool.
  • Page 127 Set the rights for the role using the Lights Out Management Device Rights option on the HP Management tab. All users within the role have the rights assigned to the role on all of the iLO devices managed by the role. In this example, the users in the remoteAdmins role are given...
  • Page 128 Using the same procedure as in step 4, edit the properties of the remoteMonitors role: Add the three iLO devices within hp devices under region1 to the Managed Devices list on the Role Managed Devices option of the HP Management tab.
  • Page 129: Directory Services Objects For Edirectory

    The Role Managed Devices subtab under the HP Management tab is used to add the HP devices to be managed within a role. Clicking Add allows you to browse to the specific HP device and add it as a managed device.
  • Page 130 Members After user objects are created, the Members tab allows you to manage the users within the role. Clicking Add allows you to browse to the specific user you want to add. Highlighting an existing user and clicking Delete removes the user from the list of valid members. eDirectory Role Restrictions The Role Restrictions subtab allows you to set login restrictions for the role.
  • Page 131 DNS name Time restrictions You can manage the hours available for logon by members of the role by using the time grid displayed in the Role Restrictions subtab. You can select the times available for logon for each day of the week in half- hour increments.
  • Page 132 After a role is created, rights for the role can be selected. Users and group objects can now be made members of the role, giving the users or group of users the rights granted by the role. Rights are managed on the Lights Out Management Device Rights subtab of the HP Management tab. The available rights are: Login—This option controls whether users can to log in to the associated devices.
  • Page 133: User Login Using Directory Services

    The iLO login page Login Name field accepts all of the following: Directory users LDAP Fully Distinguished Names Example: CN=John Smith,CN=Users,DC=HP,DC=COM, or @HP.com NOTE: The short form of the login name by itself does not tell the directory which domain you are trying to access.
  • Page 134: Directory-Enabled Remote Management

    ("Directory services for eDirectory" on page 125). In general, you can use the HP provided snap-ins to create objects. It is useful to give the LOM device objects meaningful names, such as the device network address, DNS name, host server name, or serial number.
  • Page 135: Using Existing Groups

    Using existing groups Many organizations will have their users and administrators arranged into groups. In many cases, it is convenient to use the existing groups and associate the groups with one or more Lights-Out Management role objects. When the devices are associated with the role objects, the administrator controls access to the Lights-Out devices associated with the role by adding or deleting members from the groups.
  • Page 136: How Directory Login Restrictions Are Enforced

    The Admin role assigns all admin rights—Server Reset, Remote Console, and Login. How directory login restrictions are enforced Two sets of restrictions potentially limit a directory user's access to LOM devices. User access restrictions limit a user's access to authenticate to the directory. Role access restrictions limit an authenticated user's ability to receive LOM privileges based on rights specified in one or more Roles.
  • Page 137: User Restrictions

    Role time restrictions Administrators can place time restrictions on LOM roles. Users are granted the rights specified for the LOM devices listed in the role, only if they are members of the role and meet the time restrictions for that role.
  • Page 138: How User Time Restrictions Are Enforced

    DNS-based restrictions can limit access to a single, specific machine name or to machines sharing a common domain suffix. For example, the DNS restriction, www.hp.com, matches hosts that are assigned the domain name www.hp.com. However, the DNS restriction, *.hp.com, matches any machine originating from HP.
  • Page 139: Creating Multiple Restrictions And Roles

    Creating multiple restrictions and roles The most useful application of multiple roles includes restricting one or more roles so that rights do not apply in all situations. Other roles provide different rights under different constraints. Using multiple restrictions and roles enables the administrator to create arbitrary, complex rights relationships with a minimum number of roles.
  • Page 140: Using Bulk Import Tools

    Using bulk import tools Adding and configuring large numbers of LOM objects is time consuming. HP provides several utilities to assist in these tasks. Below is a brief description of the utilities available. HP Lights-Out Migration Utility The HP Lights-Out Migration utility, HPQLOMIG.EXE, imports and configures multiple LOM devices.
  • Page 141: Certificate Services

    Certificate services In this section Introduction to certificate services ......................141 Installing certificate services........................141 Verifying directory services........................141 Configuring Automatic Certificate Request....................142 Introduction to certificate services Certificate Services are used to issue signed digital certificates to network hosts. The certificates are used to establish SSL connections with the host and verify the authenticity of the host.
  • Page 142: Configuring Automatic Certificate Request

    If Certificate Services is not installed an error message appears. Configuring Automatic Certificate Request To specify that a certificate be issued to the server: Select Start>Run, and enter mmc. Click Add. Select Group Policy, and click Add to add the snap-in to the MMC. Click Browse, and select the Default Domain Policy object.
  • Page 143: Lights-Out Directories Migration Utilities

    HPQLOMGC operation ........................153 Introduction to Lights-Out migration utilities For customers with previously installed management processors, HP created two utilities to simplify the migration of these processors to management by directories. The two utilities are the HPQLOMIG utility and the HPQLOMGC utility. These utilities automate some of the migration steps necessary for the management processors to support Directory Services.
  • Page 144: Pre-Migration Checklist

    (http://www.hp.com/servers/lights-out). Apply the HP Lights-Out schema extensions to the directory. Create a role for the users of the management processor using the HP Lights-Out management snap- HP Lights-Out directory package All of the migration software, as well as the schema extender and management snap-ins, are packaged together in an HP Smart Component.
  • Page 145: Hpqlomig Operation

    IMPORTANT: Installing directory support for any management processor requires downloading the HP Smart Component. Refer to the "Pre-migration checklist (on page 144)" and the "HP Lights-Out directory package" sections for additional information. Extending the schema must be completed by a Schema Administrator.
  • Page 146 If you click Next, Back, or exit the application during discovery, operations on the current network address are completed, but those on subsequent network addresses are canceled. To start the process of discovering your management processors: Click Start and select Programs>Hewlett-Packard, Lights-Out Migration Utility to start the migration process.
  • Page 147: Upgrading Firmware On Management Processors

    IMPORTANT: HP recommends testing the upgrade process and verifying the results in a test environment before running the utility on a production network. An incomplete transfer of the firmware image to a management processor could result in having to locally reprogram the management processor using a floppy diskette.
  • Page 148: Selecting A Directory Access Method

    (with respect to schema usage) and how it will be configured. The Select Directory Access Method page helps to prevent an accidental overwrite of iLOs already configured for HP schema or those that have directories turned off. Lights-Out directories migration utilities 148...
  • Page 149: Naming Management Processors

    This page determines if the HP Extended schema, schema-free (default schema), or no directories support configuration pages follow. To configure the management processor for: Directory Services, refer to the "Configuring directories when HP Extended schema is selected (on page 150)" section.
  • Page 150: Configuring Directories When Hp Extended Schema Is Selected

    To change the names (optional), click Clear All Names and rename the management processors. After the names are correct, click Next. Configuring directories when HP Extended schema is selected The Configure Directory screen enables you to create a device object for each discovered management processor and to associate the new device object to a previously defined role.
  • Page 151: Configuring Directories When Schema-Free Integration Is Selected

    Login Name and Password—These fields are used to log in with an account that has domain administrator access to the directory. Container DN—After you have the network address, port, and login information, you can click Browse to navigate for the container and role distinguished name. The container Distinguished Name is where the migration utility will create all of the management processor objects in the directory.
  • Page 152: Setting Up Management Processors For Directories

    "John Smith" to log in using John Smith, rather than CN=John Smith,CN=Users, DC=RILOETEST2,DC=HP. The @ format is also supported. For example, @RILOETEST2.HP in a context field enables the user to log in using jsmith (assuming that jsmith is the user's short name).
  • Page 153: Hpqlomgc Operation

    IMPORTANT: Installing directory support for any management processor requires downloading the HP Smart Component. Refer to the "Pre-migration checklist (on page 144)" and the "HP Lights-Out directory package" sections for additional information. Extending the schema must be completed by a Schema Administrator.
  • Page 154: Launching Hpqlomgc Using Application Launch

    Execute the HPQLOMGC utility. Invoke the XML file to migrate the management processor. HPQLOMGC goes through three phases to complete the migration of a management processor. The firmware version is validated and updated if necessary. HPQLOMGC determines the type of management processor and the firmware level. If the firmware does not meet the minimum requirement ("Upgrading firmware on management processors"...
  • Page 155 -L <filename>—This switch defines where the log file is generated. This switch causes an error if an IP address is not designated. -Q—This switch is optional and sets the HPQLOMGC to Quiet mode. Click Next. A screen is displayed with options for naming the task, defining the query association, and setting a schedule for the task.
  • Page 156: Hp Systems Insight Manager Integration

    Systems Insight Manager provides a hyperlink on the server device page to launch and connect to iLO. HP Management Agents iLO, combined with HP Management Agents, provides remote access to system management information through the iLO browser-based interface. HP Systems Insight Manager integration 156...
  • Page 157: Systems Insight Manager Functional Overview

    The following sections give a summary of each function. For detailed information on these benefits and how to use Systems Insight Manager, see the HP Systems Insight Manager Technical Reference Guide, provided with Systems Insight Manager and available on the HP website (http://www.hp.com/go/hpsim).
  • Page 158: Systems Insight Manager Links

    The iLO management processor is displayed as an icon in the device list on the same row as its host server. The color of the icon represents the status of the management processor. For a complete list of device statuses, see the HP Systems Insight Manager Technical Reference Guide located on the HP website (http://www.hp.com/go/hpsim).
  • Page 159: Receiving Snmp Alerts In Systems Insight Manager

    NOTE: HP Insight Agents for iLO must be installed on the remote host server to enable management of iLO. Refer to "Installing iLO Device Drivers (on page 18)" for additional details about installing and configuring agents.
  • Page 160: Reviewing Advanced Pack License Information In Systems Insight Manager

    To view license information, click Deploy>License Manager>Manage Keys. To be sure the data is current, run the identify systems task for your management processors. Refer to the Systems Insight Manager documentation for additional details about initiating tasks. HP Systems Insight Manager integration 160...
  • Page 161: Troubleshooting Ilo

    ("Supported browsers and client operating systems" on page 13)." To download the recommended JVM for your system configuration, refer to the HP website (http://www.hp.com/servers/manage/jvm). iLO POST LED indicators During the initial boot of iLO, the POST LED indicators flash to display the progress through the iLO boot process.
  • Page 162 A runtime failure of iLO is indicated by HB and LED 7 remaining in either the On of Off state constantly. A runtime failure of iLO can also be indicated by a repeated flashing pattern on all eight LEDs. If a runtime error occurs, reset iLO.
  • Page 163: Event Log Entries

    The FEH codes are distinguished by the alternating flashing pattern of the number 99 plus the remainder of the error code. FEH Code Consistency Check Explanation 9902 TXAPICHK An RTOS function was called with an inappropriate value or from an inappropriate caller.
  • Page 164 Event log display Event log explanation Recoverable iLO error, code # Displays when a non-critical error has occurred in iLO and iLO has reset itself. If this problem persists, call customer support. SNMP trap delivery failure: IP address Displays when the SMNP trap does not connect to the specified IP address.
  • Page 165 Event log display Event log explanation Failed Console login – IP Address: IP address Displays when an unauthorized user has failed three login attempts using the Remote Console port. Added User: User Displays when a new entry is made to the authorized user list.
  • Page 166: Hardware And Software Link-Related Issues

    Event log display Event log explanation Virtual Serial Port session started by: User Displays when a Virtual Serial Port session is started. Virtual Serial Port session stopped by: User Displays when a Virtual Serial Port session is ended. Virtual Serial Port session login failure from: Displays when there is a login failure for a Virtual User Serial Port session.
  • Page 167: Login Name And Password Not Accepted

    Is the password complying with password restrictions? For example, are there case-sensitive characters in the password? Is an unsupported browser being used? Login name and password not accepted If you have connected to iLO but it does not accept your login name and password, you must verify that your login information is configured correctly.
  • Page 168: Ilo Rbsu Unavailable After Ilo And Server Reset

    iLO RBSU unavailable after iLO and server reset If the iLO processor is reset and the server is immediately reset, there is a small chance that the iLO firmware will not be fully initialized when the server performs its initialization and attempts to invoke the iLO RBSU.
  • Page 169: Inability To Connect To The Ilo Processor Through The Nic

    If you are using a client workstation that contains more than one enabled NIC, such as a wireless card and a network card, a routing issue might prevent you from accessing the diagnostic port. To resolve this issue: Have only one active NIC on the client workstation. For example, disable the wireless network card. Configure the IP address of the client workstation network to match the iLO Diagnostic Port network.
  • Page 170: Firewall Issues

    Firewall issues iLO communicates through several configurable TCP/IP ports. If these ports are blocked, the administrator must configure the firewall to allow for communications on these ports. Refer to the Global Settings option in the Administration tab to view or change port configurations. Two-factor authentication login failure When authentication fails, a similar page appears.
  • Page 171: Proxy Server Issues

    Proxy server issues If the Web browser software is configured to use a proxy server, it will not connect to the iLO IP address. To resolve this issue, configure the browser not to use the proxy server for the IP address of iLO. For example, in Internet Explorer, select Tools>Internet Options>Connections>LAN Settings>Advanced, and then enter the iLO IP address or DNS name in the Exceptions field.
  • Page 172: Authentication Code Error Message

    In the unlikely event that it is necessary, setting the iLO Security Override switch also enables you to flash the iLO boot block. The boot block is exposed until iLO is reset. HP recommends that you disconnect iLO from the network until the reset is complete.
  • Page 173: User Contexts Do Not Appear To Work

    User contexts do not appear to work Check with your network administrator. The full distinguished name of your user object must be in the directory. Your login name is what appears after the first CN=. The remainder of the distinguished name should appear in one of the user context fields.
  • Page 174: Mouse Issue Using Suse Linux

    Mouse issue using SuSE Linux United Linux 1.0 powered SuSE Linux Enterprise 8.0 users might experience mouse issues when rebooting with Remote Console. To correct this issue, select PS/2 mouse (Aux-port) type when prompted by YaST mouse configuration application in text mode. If iLO Remote Console is closed and use of the mouse wheel is desired on a wheel mouse connected to the server, run YaST2 Control Center and select Intelli/Wheel mouse (Aux-port).
  • Page 175: Linux Remote Console

    Linux Remote Console When using a Linux client machine with a JVM other than 1.4.2, you might experience some issues with Remote Console. For example, if you resize the Remote Console window, the entire window can turn gray. These issues are caused by the JVM. To correct this problem, use JVM 1.4.2. JVM 1.4.2 and 1.4.2_02 are different, and problems have been observed in 1.4.2_02 that do not occur in 1.4.2.
  • Page 176: Remote Console Text Window Not Updating Properly

    From Client-2, login to iLO and try to open a Remote Console session. The message Remote console is already opened by another session is displayed. This is expected because only one Remote Console session is supported at a time. Return to Client-1 and close the Remote Console session. From Client-2, click the Remote Console link with the old Remote Console applet still open.
  • Page 177: Ssh Text Support From A Remote Conosle Session

    Extended text configuration beyond the 80 x 25 configuration is not displayed correctly when using telnet or SSH. HP recommends configuring the text application in 80 x 25 mode or use the iLO Remote Console applet provided by the web interface.
  • Page 178: Video Applications Not Displaying In The Remote Console

    To correct this adjust the DOS® windows properties to limit its size to 80x25, before maximizing the DOS window. On the title bar of the DOS® window, right-click the mouse and select Properties and select Layout. On the Layout tab, change the Screen Buffer Size height to 25. Video applications not displaying in the Remote Console Some video applications, such as Microsoft®...
  • Page 179 logins can confuse the browser. This confusion can appear as an iLO issue is a manifestation of typical browser behavior. Several processes can cause a browser to open additional windows. Browser windows opened from within an open browser represent different aspects of the same program in memory. Consequently, each browser window shares properties with the parent, including cookies.
  • Page 180: How Do I Access Legacy Bl P-Class Pages

    These behaviors continue as long as the duplicate windows are open. All activities are attributed to the same user, using the last session cookie set. Displaying the current session cookie After logging in, you can force the browser to display the current session cookie by entering javascript:alert(document.cookie) in the URL navigation bar.
  • Page 181: Inability To Get Snmp Information From Systems Insight Manager

    The system ROM firmware revision date must be dated at least 6/1/05. If your system processor does not support the Power Regulator (different processor p-states), the Power Regulator page displays the HP Power Regulator for ProLiant not supported by iLO message.
  • Page 182 Complete this procedure on any server: Download the latest iLO firmware SoftPaq. Select the SoftPaq image for diskettes and save it to the hard drive. The SoftPaq can be downloaded from the HP website (http://www.hp.com/servers/lights-out). Execute the SoftPaq to create diskettes.
  • Page 183: Enclosure Bay Static Ip Changes Do Not Take Effect

    Press the Enter key at the ROMPaq welcome screen. A screen displays the devices in your server that can be upgraded. Use the cursors to select iLO Management and press the Enter key. A screen displays the firmware images that ROMPaq can install. Use the cursors to highlight the appropriate image and press the Enter key.
  • Page 184: Ilo Does Not Respond To Ssl Requests

    The new blade is from the factory and has not had auxiliary power applied to it. The new blade was previously using enclosure bay static IP and is being moved to this new enclosure where enclosure bay static IP has been configured. If either of these statements is false, the iLO network cannot use the customer-expected IP address identified in the enclosure bay static IP record.
  • Page 185: Rack View Does Not Display Components

    The HP Management Agents 5.40 and later have the ability to reset iLO. To reset iLO, select the Reset iLO option on the HP Management Agent Web page under the iLO section. You can also manually force the iLO management processor to reset by clicking Apply on the Network Settings page.
  • Page 186: Directory Services Schema

    Directory services schema In this section HP Management Core LDAP OID classes and attributes ................186 Lights-Out Management specific LDAP OID classes and attributes............... 190 HP Management Core LDAP OID classes and attributes Changes made to the schema during the schema setup process include changes to the:...
  • Page 187: Core Attribute Definitions

    HP products using directory-enabled management Class type Structural SuperClasses user Attributes hpqPolicyDN—1.3.6.1.4.1.232.1001.1.1.2.1 hpqRoleMembership—1.3.6.1.4.1.232.1001.1.1.2.2 Remarks None hpqRole 1.3.6.1.4.1.232.1001.1.1.1.2 Description This class defines Role objects, providing the basis for HP products using directory-enabled management. Class type Structural SuperClasses group Attributes hpqRoleIPRestrictions—1.3.6.1.4.1.232.1001.1.1.2.5 hpqRoleIPRestrictionDefault— 1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleTimeRestriction—1.3.6.1.4.1.232.1001.1.1.2.6 hpqTargetMembership—1.3.6.1.4.1.232.1001.1.1.2.3 Remarks...
  • Page 188 Remarks None hpqRoleMembership 1.3.6.1.4.1.232.1001.1.1.2.2 Description Provides a list of hpqTarget objects to which this object belongs. Syntax Distinguished Name—1.3.6.1.4.1.1466.115.121.1.12 Options Multi Valued Remarks None hpqTargetMembership 1.3.6.1.4.1.232.1001.1.1.2.3 Description Provides a list of hpqTarget objects that belong to this object. Syntax Distinguished Name—1.3.6.1.4.1.1466.115.121.1.12 Options Multi Valued Remarks...
  • Page 189 Remarks This attribute is only used on role objects. IP restrictions are satisfied when the address matches and general access is denied, and unsatisfied when the address matches and general access is allowed. Values are an identifier byte followed by a type-specific number of bytes specifying a network address.
  • Page 190: Lights-Out Management Specific Ldap Oid Classes And Attributes

    Lights-Out Management specific LDAP OID classes and attributes The following schema attributes and classes might depend on attributes or classes defined in the HP Management core classes and attributes. Lights-Out Management classes Class name Assigned OID hpqLOMv100 1.3.6.1.4.1.232.1001.1.8.1.1 Lights-Out Management attributes...
  • Page 191: Lights-Out Management Attribute Definitions

    None Lights-Out Management attribute definitions The following defines the Lights-Out Management core class attributes. hpqLOMRightLogin 1.3.6.1.4.1.232.1001.1.8.2.1 Description Login Right for HP Lights-Out Management products Syntax Boolean—1.3.6.1.4.1.1466.115.121.1.7 Options Single Valued Remarks Meaningful only on ROLE objects, if TRUE, members of the role are granted the right.
  • Page 192 1.3.6.1.4.1.232.1001.1.8.2.4 Description Remote Server Reset and Power Button Right for HP Lights- Out Management products Syntax Boolean—1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is only used on ROLE objects. If this attribute is TRUE, members of the role are granted the right.
  • Page 193: Technical Support

    In other locations, see the Contact HP worldwide (in English) webpage (http://welcome.hp.com/country/us/en/wwcontact.html). For HP technical support: In the United States, for contact options see the Contact HP United States webpage (http://welcome.hp.com/country/us/en/contact_us.html). To contact HP by phone: Call 1-800-HP-INVENT (1-800-474-6836). This service is available 24 hours a day, 7 days a week.
  • Page 194: Acronyms And Abbreviations

    Acronyms and abbreviations ACPI Advanced Configuration and Power Interface Address Resolution Protocol ASCII American Standard Code for Information Interchange Advanced Server Management Automatic Server Recovery certificate authority Common Gateway Interface Command Line Interface command line protocol Certificate Request certificate revocation list Distributed Authoring and Versioning Acronyms and abbreviations 194...
  • Page 195 Digital Signature Algorithm Emergency Management Services EULA end user license agreement fatal exception handler graphical user interface heartbeat HPONCFG HP Lights-Out Online Configuration utility HPQLOMGC HP Lights-Out Migration Command Line HPQLOMIG HP Lights-Out Migration Acronyms and abbreviations 195...
  • Page 196 ICMP Internet Control Message Protocol Integrated Lights-Out Integrated Management Log Internet Protocol ISIP Enclosure Bay Static IP Java Virtual Machine local-area network LDAP Lightweight Directory Access Protocol light-emitting diode Lights-Out Management least significant bit Media Access Control Master License Agreement Microsoft®...
  • Page 197 Multilink Point-to-Point Protocol maximum transmission unit network interface controller non-maskable interrupt NVRAM non-volatile memory PERL Practical Extraction and Report Language PKCS Public-Key Cryptography Standards POST Power-On Self Test ProLiant Support Pack remote access service RBSU ROM-Based Setup Utility Remote Desktop Protocol Remote Insight Board RIBCL Remote Insight Board Command Language...
  • Page 198 RILOE Remote Insight Lights-Out Edition RILOE II Remote Insight Lights-Out Edition II Rivest, Shamir, and Adelman public encryption key Remote Server Management SLES SUSE LINUX Enterprise Server SMASH System Management Architecture for Server Hardware SNMP Simple Network Management Protocol Secure Shell Secure Sockets Layer Transmission Control Protocol UART...
  • Page 199 Virtual Machine virtual private networking WINS Windows® Internet Naming Service extensible markup language Acronyms and abbreviations 199...
  • Page 200: Index

    LOM processor 14, 49, 110, 118, alert and trap problems 171, 181 125, 134, 140 alert messages 103 connection overview 16 alert testing 29 contacting HP 193 alerts 28 cookie behavior 179 American Standard Code for Information Interchange cookie sharing, browser instances 178 (ASCII) 188...
  • Page 201 185 domain/name login 172 hot-plug keyboard 34, 35 drive key, support 88 HP Extended schema 62, 105, 111, 115, 144, dual-cursor 77 Dynamic Host Configuration Protocol (DHCP) 26, HP Extended schema options 105 HP Lights-Out Migration Command Line...
  • Page 202 9 133, 137, 144, 186, 190 Novell NetWare 19 LDAP OID core classes and attributes 186 LDAP OID HP specific classes and attributes 190 license information, viewing 160 license key, installing 20, 22 operating systems supported 91, 108, 161...
  • Page 203 remote management overview 134 remote management structure 134 passwords 53 remote management, directory-enabled 134 phone numbers 193 required information 193 port matching 159 required software 12, 113 port settings 41, 43 requirements, Terminal Services 39 ports, Systems Insight Manager 159 resetting to defaults 184 POST error messages 161 restore factory presets 184...
  • Page 204 single-cursor 77 two-factor authentication, first time use 58 SLES procedures 83, 173, 174 two-factor authentication, login 60 Snap-In installer 116, 118, 121, 122, 125 two-factor authentication, setup 58 SNMP (Simple Network Management Protocol) 95, two-factor authentication, user certificates 61 103, 156, 159, 163, 171, 181, 198 SNMP alerts 28, 29, 103, 159, 171 SNMP settings 22, 28 universal serial bus (USB) 91, 92, 93, 198...
  • Page 205 VLAN, scripted configuration 45 VLAN, shared network port 43 Warning and alarm messages 38 warning messages, Terminal Services 38 website, HP 193 Windows server support 12, 13, 18 Windows® EMS Console, enabling 79 XML (Extensible Markup Language) 87 Index 205...