HP Integrated Lights-Out User Guide July 2004 (Sixth Edition) Part Number 238882-006...
Part Number 238882-006 Audience Assumptions This document is for the person who installs, administers, and troubleshoots servers and storage systems. HP assumes you are qualified in the servicing of computer equipment and trained in recognizing hazards in products with hazardous energy levels.
Contents Operational Overview New in This Version ... 15 Usage Model ... 16 Network Connection Overview... 16 Supported Server Operating System Software... 17 Supported Browsers ... 18 Linux Browser Configuration... 19 Configuring Linux Font Size ... 19 Configuring iLO iLO Configuration Options ... 21 iLO RBSU ...
User Guide Integrated Lights-Out Logging in to iLO for the First Time Using a Browser... 40 Progressive Delays for Failed Browser Login Attempts... 44 Help ... 44 System Status ... 45 Status Summary... 45 iLO Status... 45 Server Status ... 46 iLO Event Log ...
Terminal Services Troubleshooting... 115 HP ProLiant Essentials Rapid Deployment Pack Integration ... 116 Telnet Support... 116 Using Telnet ... 117 Supported Key Sequences ... 118 Secure Shell ... 123 Using Secure Shell... 123 iLO Supported SSH Features... 124 iLO Shared Network Port ... 125 iLO Shared Network Port Requirements ...
User Guide Integrated Lights-Out Active Directory Installation Prerequisites... 153 Directory Services Preparation for Active Directory... 154 Snap-In Installation and Initialization for Active Directory ... 156 Example: Creating and Configuring Directory Objects for Use with iLO in Active Directory157 Directory Services Objects ... 162 Active Directory Lights-Out Management ...
Pre-Migration Checklist... 206 HP Lights-Out Directory Package ... 207 HPQLOMIG Operation... 208 Finding Management Processors ... 208 Upgrading Firmware on Management Processors ... 210 Naming Management Processors... 212 Configuring Directories ... 213 Setting Up Management Processors for Directories ... 215 HPQLOMGC Operation ...
User Guide Integrated Lights-Out Batch Processing Using the Lights-Out Configuration Utility... 247 Lights-Out Configuration Utility Parameters... 247 Lights-Out DOS Utility Overview of the Lights-Out DOS Utility... 249 CPQLODOS Recommended Usage... 250 CPQLODOS General Guidelines... 250 Command Line Arguments ... 250 RIBCL XML Commands for CPQLODOS ...
RIBCL Parameter ... 273 RIBCL Runtime Errors... 273 LOGIN ... 274 LOGIN Parameters ... 274 LOGIN Runtime Errors ... 274 USER_INFO ... 275 USER_INFO Parameter... 275 USER_INFO Runtime Error... 275 ADD_USER... 276 ADD_USER Parameters... 276 ADD_USER Runtime Errors... 278 DELETE_USER ... 279 DELETE_USER Parameter...
User Guide Integrated Lights-Out GET_GLOBAL_SETTINGS Runtime Errors ... 294 GET_GLOBAL_SETTINGS Return Messages ... 294 MOD_GLOBAL_SETTINGS ... 294 MOD_GLOBAL_SETTINGS Parameters ... 295 MOD_GLOBAL_SETTINGS Runtime Errors ... 298 GET_SNMP_IM_SETTINGS ... 298 GET_SNMP_IM_SETTINGS Parameters ... 298 GET_SNMP_IM_SETTINGS Runtime Errors ... 298 GET_SNMP_IM_SETTINGS Return Messages... 298 MOD_SNMP_IM_SETTINGS...
GET_DIAGPORT_SETTINGS Parameters... 313 GET_DIAGPORT_SETTINGS Runtime Errors ... 313 GET_DIAGPORT_SETTINGS Return Messages ... 314 MOD_DIAGPORT_SETTINGS ... 314 MOD_DIAGPORT_SETTINGS Parameters ... 314 MOD_DIAGPORT_SETTINGS Runtime Errors ... 315 GET_TOPOLOGY ... 315 GET_TOPOLOGY Parameters ... 316 GET_TOPOLOGY Return Message ... 316 SERVER_INFO... 316 SERVER_INFO Parameter ... 317 SERVER_INFO Runtime Errors ...
Virtual Power and Reset ... 339 Virtual Media... 339 Configure iLO Settings... 339 Directory Services Schema HP Management Core LDAP OID Classes and Attributes ... 353 Core Classes ... 353 Core Attributes ... 353 Core Class Definitions... 354 Core Attribute Definitions ... 355 Lights-Out Management Specific LDAP OID Classes and Attributes ...
iLO POST LED Indicators... 364 Event Log Entries ... 366 MS-DOS® Error Codes ... 370 Hardware and Software Link-Related Issues ... 370 Hardware ... 371 Software... 371 Login Issues ... 371 Login Name and Password Not Accepted ... 372 Directory User Premature Logout... 372 iLO Management Port Not Accessible by Name...
Testing SSL ... 394 Resetting iLO... 395 Server Name Still Present after ERASE Utility is Executed ... 396 Troubleshooting a Remote Host ... 396 Technical Support HP Contact Information ... 397 Before You Contact HP ... 397 Acronyms and Abbreviations Index...
Operational Overview In This Section New in This Version...15 Usage Model...16 Network Connection Overview Supported Server Operating System Software Supported Browsers...18 New in This Version Secure Shell (on page 123) Virtual Media Scripting (on page 79) iLO Shared Network Port (on page 125) Command Line Interface (on page 130) ProLiant BL p-Class Configuration (on page 31) Telnet Simple Command Set (on page 117)
User Guide Integrated Lights-Out GET_VM_STATUS (on page 328) SET_VM_STATUS (on page 329) Usage Model The common usage model for iLO is a client PC running a supported browser using DHCP and DNS protocols connected to one or more iLO devices. To use iLO, plug in the power of the host server and connect an Ethernet cable to the dedicated iLO management port of the server.
A separate network increases the security of the management network because you can physically control which workstations are connected to the network. An iLO Shared Network Port using the server's NIC instead of the dedicated iLO management NIC for server management. This configuration simplifies the network and reduces total network cost.
Remote Console, Java™ 1.3.1_02 or greater, JVM is required. Recommended—Microsoft® Internet Explorer 6.0 or later and Java™ 1.4.X JVM for Windows® 2000 or Windows® XP. To download the recommended JVM for your system configuration, refer to the HP website (http://www.hp.com/servers/manage/jvml). Linux...
Mozilla 1.60 is not supported on United Linux 1.0. Please use Mozilla 1.70. Linux, Netscape, and Mozilla require Java™ 1.4.2 JVM. To download the recommended JVM for your system configuration, refer to the HP website (http://www.hp.com/servers/manage/jvml). Certain browsers and operating system combinations might not work correctly depending on their implementations of the required browser technologies.
Configuring iLO In This Section iLO Configuration Options...21 Installing iLO Device Drivers Enabling iLO Advanced Functionality...28 ProLiant BL p-Class Configuration...31 Integration with RILOE II Accessory Boards iLO Configuration Options iLO comes preconfigured with default factory settings, including a default user account and password.
User Guide Integrated Lights-Out iLO RBSU HP recommends iLO RBSU to initially set up iLO and initially configure iLO network parameters for environments that do not use DHCP and DNS or WINS. RBSU provides the basic tools to configure iLO network settings and user accounts to get iLO onto the network.
3. Enter a valid iLO user ID and password with the appropriate iLO privileges (Administer User Accounts>Configure iLO Settings). Default account information is located on the iLO Default Network Settings tag. 4. Select Network>DNS/DHCP, press the Enter key, and then select DHCP Enable.
HPONCFG is a utility that runs on the host and passes RIBCL scripts to the local iLO. There are Windows® and Linux versions of this utility, which requires the HP iLO Management Interface Driver. Scripting can be integrated with the SmartStart Scripting Toolkit. Scripting can also be launched with: Windows®...
The PSP for Microsoft® Windows® products includes an installer that analyzes system requirements and installs all drivers. The PSP is available on the HP website (http://www.hp.com/support) or on the SmartStart CD. NOTE: If you are updating the iLO drivers, be sure that the iLO is running the latest version of the iLO firmware.
User Guide Integrated Lights-Out To install the drivers in the PSP, download the PSP from the HP website (http://www.hp.com/support), run the SETUP.EXE file included in the download, and follow the installation instructions. For additional information about the PSP installation, read the text file included in the PSP download.
Red Hat Linux and SuSE Linux Server Driver Support The device drivers required to support iLO for Red Hat Linux and SuSE Linux are located on the SmartStart CD, Management CD, or on the HP website (http://www.hp.com/support). iLO Pre-requisite Files for Red Hat and SuSE Linux Files You can download the PSP files containing the iLO driver, the foundation agents, and health agents from the HP website (http://www.hp.com/support).
The iLO Advanced Pack contains an activation key that you must enter into iLO to enable advanced functionality. The advanced features can be evaluated using a 30-day evaluation key which you can download for free from the HP website (http://www.hp.com/servers/lights-out). For more information, refer to the "iLO Advanced Evaluation License (on page 29)"...
Advanced Evaluation License A free 30-day evaluation license is available for download on the HP website (http://h10018.www1.hp.com/wwsolutions/ilo/iloeval.html). The evaluation license will activate and access iLO Advanced features. Only one evaluation license can be installed per iLO. After the evaluation period, an iLO Advanced license is required to continue using the advanced features.
3. Click Licensing to display the iLO Advanced license activation screen. 4. Enter the activation key in the space provided. The EULA confirmation appears. The EULA details are available on the HP website (http://www.hp.com/servers/lights-out) and with the Advanced Pack License kit.
Activating iLO Advanced Using Scripting To activate iLO Advanced using CPQLODOS: 1. Add the following statements in the XML script file. The script is saved by CPQLODOS as iLO.xml. <SET_LICENSE> <LICENSE_KEY VALUE="1234567890ABCDEFGHIJKLMNO" /> </SET_LICENSE> 2. Execute the following CPQLODOS command to activate the iLO license key: cpqlodos /load_xml =iLO.xml Refer to the "Lights-Out DOS Utility (on page 249)"...
User Guide Integrated Lights-Out On select p-Class blades in enclosures with updated management backplanes that support BL30P (high density) blades, iLO can be used for initial enclosure static IP configuration. Initial configuration of the blade in bay 1 allows all subsequent iLOs in the enclosure to receive predetermined static IP assignments.
Configuring a ProLiant BL p-Class Blade Enclosure To configure a BL p-Class blade enclosure using static IP bay addressing: 1. Install a server blade in bay 1 of the BL p-Class enclosure. The server blade does not need to be configured or have an operating system installed. The server blade must be configured before installing any additional blades in the enclosure.
User Guide Integrated Lights-Out The Enable Static IP Bay Configuration Settings checkbox, available on the Network Settings tab (not shown), allows you to enable or disable Static IP Bay Configuration. The new Enable Static IP Bay Configuration Settings option is only available on blade servers.
ProLiant BL p-Class Standard Configuration Parameters Beginning IP Address (Bay 1)—Assigns the starting IP address. All IP addresses must be valid addresses. Ending IP Address (Bay 16)—Assigns the ending IP address. All IP addresses must be valid addresses. Subnet Mask—Assigns the subnet mask for the default gateway. This field may be filled in if either Static IP Bay Configuration or DHCP is enabled.
User Guide Integrated Lights-Out Static Route #1, #2, and #3 (destination gateway)—Assigns the appropriate static route destination and gateway IP address on your network (the default IP values are 0.0.0.0 and 0.0.0.0, where the first IP address corresponds to the destination IP, and the second IP address corresponds to the gateway IP).
GET_ENCLOSURE_IP_SETTINGS—Requests the respective iLO Static IP Bay Configuration settings. This attribute must appear inside the RACK_INFO command block. The RACK_INFO command block may be set to read or write. RIBCL RACK_INFO Command Examples Getting Static IP Bay Configuration Settings <RIBCL VERSION="2.0"> <LOGIN USER_LOGIN="Admin"...
User Guide Integrated Lights-Out <RIBCL VERSION="2.0"> <LOGIN USER_LOGIN="Admin" PASSWORD="password"> <RIB_INFO MODE="write"> <MOD_NETWORK_SETTINGS> </MOD_NETWORK_SETTINGS> </RIB_INFO> </LOGIN> </RIBCL> Integration with RILOE II Accessory Boards RILOE II is supported as an option in servers with iLO. Previous generations of the Remote Insight boards, such as the Remote Insight board/PCI and the original RILOE, are not supported in servers with iLO.
Use these values to access iLO remotely from a network client using a standard Web browser. For security reasons, HP recommends changing the default settings after logging in to iLO for the first time. Use the "iLO Parameters Table (on page 331)" to record your settings.
User Guide Integrated Lights-Out DNS Name—ILOXXXXXXXXXXXX, where the 12 Xs represent the serial number of the server NOTE: User names and passwords are case sensitive. Logging in to iLO for the First Time Using a Browser To start the login process, you must know the iLO network address, which is either the DNS name, or the iLO IP address.
2. In the Security Alert window: Click Yes to continue to the login screen of iLO. The alert message appears each time that you access the iLO management processor in a browser. Click No to return to the Welcome screen of iLO. Click View Certificate to display the certificate information.
This self-signed certificate is not as secure as a certificate generated by a CA. (Refer to "Certificates (on page 140)" to import a certificate generated by a CA.) HP does not recommend using a self-signed certificate, because this certificate will change everytime iLO reboots.
Using iLO 4. When the browser completes the SSL connection to iLO, the Account Login screen prompts you for a user name and password. Use the default user name and password from the Network Settings tag, and click Log In.
User Guide Integrated Lights-Out After the default user name and password have been verified, the Status Summary screen is displayed. The BL p-Class tab is not illustrated in this and subsequent screen shots. Progressive Delays for Failed Browser Login Attempts After an initial failed log in attempt, iLO imposes a security delay.
IP address and name, and latest log entry data. The Status Summary screen also shows whether iLO has been configured to use HP Web-Based Management and Insight Management Web agents. iLO Status...
The Server Status option provides comprehensive status information about the server, including: Server name associated with the iLO management processor The Server Name field reports host is unnamed if the HP Management Agents are not loaded on the host server. Server power status...
SMBIOS data such as host platform, system ROM, processors, embedded MAC addresses, expansion slots, and memory modules present at POST iLO Event Log The iLO Event Log is a record of significant events detected by iLO. Logged events include major server events, such as a server power outage or a server reset;...
User Guide Integrated Lights-Out Other logged events include any successful or unsuccessful browser and Remote Console logins, virtual power and power cycle events, and clear event log actions. Some configuration changes, such as creating or deleting a user, are also logged.
Server and iLO Diagnostics The Server and iLO Diagnostics option provides the following comprehensive diagnostic information: POST diagnostic results for the host server (on page 49) NVRAM environment variables listing (on page 50) Virtual NMI button (on page 50) iLO self-test results (on page 51) NOTE: When connected through the Diagnostics Port, the directory server is not available.
FE54 NVRAM Environment Variables Listing HP uses NVRAM to store server environment variable information, for example, host controller boot order. This information can be useful to HP engineers and advanced customers who have detailed knowledge of HP System Management architecture.
If the system management (Health) driver is loaded, and ASR is enabled, then the host automatically reboots after an NMI has occurred. Debug If a software application hangs the system, the NMI capability can be used to engage the operating system debugger. Initiate dump of an unresponsive host A vendor might be interested in capturing the server context.
User Guide Integrated Lights-Out Remote Console The Remote Console tab provides access to different views of the Remote Console and enables you to define keystroke sequences that will be transmitted to the remote host server at the press of a hot key. Standard iLO provides embedded hardware Remote Console capabilities on a text mode screen.
Using iLO For best performance, be sure to configure the host operating system display as described in "Optimizing Performance for Graphical Remote Console (on page 54)." Remote Console Information Option The Remote Console Information option displays information concerning the Remote Console options available, as well as a link to download an updated Java™...
Close—Closes the Remote Console window and ends the Remote Console session. Optimizing Performance for Graphical Remote Console HP recommends the following client and server settings based on the operating system used. Recommended Client Settings Ideally, the remote server operating system display resolution should be the same resolution, or smaller, than that of the browser computer.
Linux X Display Properties—On the X Preferences screen, set the font size to 12. Remote Console For Remote Console speed, HP recommends using a 700-MHz or faster client with 128 MB or more of memory. For the Remote Console Java™ applet execution, HP recommends using a single processor client.
User Guide Integrated Lights-Out Microsoft® Windows NT® 4.0 and Windows® 2000 Settings Use the following settings to optimize performance: Server Display Properties Plain Background (no wallpaper pattern) Display resolution of 800 x 600 or 1024 x 768 pixels 256-color or 24-bit color mode Server Mouse Properties Select None for mouse pointer Scheme.
To automate the setting of the optimal mouse configuration, download the Lights-Out Optimization utility from the HP website (http://www.hp.com/servers/lights-out). Click the Best Practices graphic, then click the Maximize Performance links. Red Hat Linux and SuSE Linux Server Settings Use the following settings to optimize performance:...
User Guide Integrated Lights-Out The Remote Console hot keys are active during a remote console session through the Remote Console applet and during a text remote console session through a telnet client. To define a Remote Console hot key: 1. Click Remote Console Hot Keys in the Remote Console tab. 2.
PG UP PG DN ENTER BREAK Single- and Dual-Cursor Modes for Graphical Remote Console The Graphical Remote Console can use either a single- or dual-cursor mode. A supported JVM might be required for support. Remote Console (Single-Cursor) Single-cursor means the local cursor is not displayed when the mouse cursor is over the Remote Console screen.
You might prefer the dual-cursor option because you can see where the cursor exits the Remote Console applet window. HP recommends using the Remote Console dual-cursor mode with text-based operating systems. When operating in dual-cursor mode, the local cursor assumes the shape of the remote cursor.
Using iLO Virtual Devices Within the Virtual Devices tab are: Virtual Power (on page 62) Virtual Media (on page 64) Virtual Indicators (on page 83) Virtual Serial Port (on page 84)
User Guide Integrated Lights-Out Virtual Power The Virtual Power button enables control of the power state of the remote server and simulates pressing the physical power button on the server. If the remote host server is not responding, this feature enables an administrator to initiate a cold or warm reboot to bring the server back online.
To use the Virtual Power button, select the power option that you want and click Virtual Power to initiate the power option. The available power options are: Momentary Press—This option simulates a momentary press of the power button. A momentary press is usually sufficient to turn off a server that is currently on or to turn on a server that is currently off.
Class option to power on servers that exceed the power available from the power supplies. Exceeding the available power can cause loss of all servers in the rack, server failures, and loss or corruption of data. HP recommends correcting configuration or communication problems to ensure reliable operation.
USB floppy drive or a physical USB CD-ROM drive will also impact iLO Virtual Media. The HP server ROM provides support at server boot time for Virtual Media. The Virtual Floppy will be available at boot time regardless of the server operating system.
User Guide Integrated Lights-Out Pre- operating system server boot using Virtual floppy NetWare 5.x or 6 NetWare 6.5 SUSE Linux Enterprise Server 7 UnitedLinux Red Hat Linux 7.2 Red Hat Linux 7.3 Red Hat Linux 8.0 Red Hat Enterprise Linux AS 2.1 Red Hat Enterprise Linux 3...
Web browser, or an image file stored on your local hard drive or network drive. For maximum performance, HP recommends the use of local image files stored either on the hard drive of your client PC or on a network drive accessible through a high-speed network link.
User Guide Integrated Lights-Out 3. Click Connect. To use an image file: 1. Select Local Image File within the Virtual Floppy section of the Virtual Media applet. 2. Enter the name of the diskette image in the text box. You can also click Browse to locate image files.
The iLO Virtual Floppy appears to your operating system just like any other floppy. When using iLO for the first time, the host operating system may prompt you to complete a New Hardware Found wizard. When you are finished using iLO virtual media and disconnect it, you might receive a warning message from the host operating system regarding unsafe removal of a device.
User Guide Integrated Lights-Out 2. Select Virtual Media in the Virtual Devices tab. 3. Insert the media into the local floppy drive, select a diskette drive, and click Connect. Alternatively, select a diskette image to be used and click Connect. In NetWare 6.5, use the lfvmount command on the server console to assign the device a drive letter.
The floppy device can be used as a Linux file system, if formatted as such, with the mount command. However, 1.44-Mb diskettes are usually accessed utilizing the mtools utilities distributed with both Red Hat and SLES. The default mtools configuration does not recognize a USB-connected floppy. To enable the various m commands to access the Virtual Floppy device, modify the existing /etc/mtools.conf file and add the following line: drive v: file="/dev/sda"...
Web browser, or an image file stored on your local hard drive or network drive. For maximum performance, HP recommends the use of local image files stored either on the hard drive of your client PC or on a network drive accessible through a high-speed network link.
3. Click Connect. Using an Image File 1. Select Local Image File within the Virtual CD-ROM section of the Virtual Media applet. 2. Enter the name of the CD-ROM image in the text box. You can also click Browse to locate image files. 3.
User Guide Integrated Lights-Out iLO Virtual Media CD-ROM appears to your operating system just like any other CD-ROM. When using iLO for the first time, the host operating system may prompt you to complete a New Hardware Found wizard. When you are finished using iLO virtual media and disconnect it, you might receive a warning message from the host operating system regarding unsafe removal of a device.
On servers with a locally attached IDE CD-ROM, the virtual CD-ROM device is accessible at /dev/cdrom1. However, on servers without a locally attached CD-ROM, such as the BL-class blade systems, the virtual CD-ROM is the first CD-ROM accessible at /dev/cdrom. The virtual CD-ROM can be mounted as a normal CD-ROM device using: mount /mnt/cdrom1...
User Guide Integrated Lights-Out 3. Insert the media into the client's CD-ROM drive, select a drive, and click Connect. 4. The NetWare 6.5 operating system will automatically detect the new Virtual CD-ROM drive, mount it as an NSS volume, and display it as the media's volume label name.
To create a Virtual Media image file: 1. Click Create Disk Image. 2. Select the drive letter and the image file name. You can use the Browse feature to find and select an existing image file or to change the directory in which the image file will be created.
User Guide Integrated Lights-Out Composite Mode only functions properly on server operating systems that support composite USB devices. For a current list of supported server operating systems, refer to the server documentation and readme notes. Virtual Media Composite Device is not supported on the ProLiant ML370 G4, ProLiant DL360 G4, ProLiant DL380 G4, ProLiant DL360 G2, or ProLiant DL580 G2 servers.
Using the browser to upgrade iLO remotely makes the lost connection temporary and you are automatically reconnected. HP recommends remotely upgrading the iLO firmware using the Upgrade iLO Firmware option on the Administration tab.
User Guide Integrated Lights-Out The XML commands enable you to configure Virtual Media in the same manner as the Virtual Media applet. The one exception is that the actual image will be located on a Web server with which the iLO can communicate with through the management network.
Command Line Input [-?] Scripting Web Server Requirements Virtual Media scripting uses a media image that is stored and retrieved from a Web server accessible from the management network. The web server must be a HTTP 1.1 compliant server that supports the Range header. Furthermore, for write access to the file, the Web server should support DAV and must support the Content-Range header for DAV transactions.
User Guide Integrated Lights-Out CGI Helper Application The following perl script is an example of a CGI helper application that allows diskette writes on Web servers that cannot perform partial writes. When using the helper application, the iLO firmware posts a request to this application with three parameters: The file parameter contains the name of the file provided in the original URL.
Virtual Indicators The Unit ID LED is the blue LED on the HP server that is used for identifying systems in a rack full of servers. iLO enables you to view the status of the Unit ID LED and change the status using iLO Web pages.
User Guide Integrated Lights-Out iLO settings are being modified through XML scripting. iLO firmware is being updated. Never remove power from a server with a flashing Unit ID LED. Virtual Serial Port The Virtual Serial Port function is a bidirectional data flow of the data stream appearing on the server's serial port.
To obtain the SAC> prompt, entering Enter might be required after connecting through the Virtual Serial Port console. For more information on using the EMS features, refer to the Windows® Server 2003 documentation. Security Information If Remote Console Data Encryption is enabled, the Virtual Serial Port data stream is encrypted as data is passed between the iLO system and the viewing applet.
User Guide Integrated Lights-Out Linux requires that the terminal be listed in the /etc/securetty file in order to logon. Add the following line at the end of this file: ttyS0 On some BL p-Class systems, the standard UART I/O address (0x3F8) is used when there is no conflict.
iLO supports up to 12 users with customizable access rights, login names and advanced password encryption. Individual user's abilities are controlled by privileges. Each user can have privileges custom-tailored to their access requirements. To support more than 12 users, iLO Advanced enables integration with virtually unlimited directory-based user accounts.
User Guide Integrated Lights-Out 2. Click User Administration. A screen similar to the one shown is displayed. 3. Click Add. 4. Complete the fields with the necessary information for the user being added. 5. When the user profile is complete, click Save User Information to return to the User Administration screen.
4. Change the user information in the fields that require modification. After changing the fields, click Save User Information to return to the User Administration screen. To recover the user's original information, click Restore User Information. All changes made to the profile will be discarded.
User Guide Integrated Lights-Out IMPORTANT: Only users with the Configure iLO Settings privilege can change these settings. Users that do not have the Configure iLO Settings privilege can only view the assigned settings. This privilege is managed through the Configure Local Device Settings field in the directory administration snap-ins for directory users.
Pass-Through Configuration ("Terminal Services Pass-Through Option" on page 109) Enable iLO RBSU (on page 340) Require Login for iLO RBSU Show iLO during Post (on page 341) Remote Console Port Configuration (on page 341) Remote Console Data Encryption (on page 341) SSL Encryption Strength (on page 341) Current Cipher (on page 341) Web Server Non-SSL Port (on page 342)
User Guide Integrated Lights-Out 1. Log on to iLO using an account that has the Configure iLO Settings privilege. Click Administration. IMPORTANT: Only users with the Configure iLO can change these settings. Users that do not have the Configure iLO Settings privilege can only view the assigned settings.
Using iLO 4. After completing any parameter ("Network Settings Parameters" on page 343) changes, click Apply to complete the changes. When you click Apply, iLO restarts, and the connection of your browser to iLO terminates. To re-establish a connection, wait 60 seconds before launching another Web browser session and logging in.
User Guide Integrated Lights-Out iLO Diagnostic Port Configuration Parameters The iLO Diagnostic Port on the front of ProLiant BL p-Class servers enables you to access and troubleshoot server issues by using a diagnostic cable. The iLO Diagnostic Port uses a static IP address. It does not use DHCP to obtain an IP address, register with WINS or dynamic DNS, or use a gateway.
In the event that an iLO firmware update has failed, there are various recovery options. For all of these options, you need a current firmware image. HP does not recommended downgrading iLO firmware, and the version you have could be corrupt.
User Guide Integrated Lights-Out Enabling SNMP Alerts iLO supports up to three IP addresses to receive SNMP alerts. Typically, this address is the same as the IP address of the Insight Manager 7 or Systems Insight Manager server console. IMPORTANT: Only users with the Configure iLO can change these settings.
2. Select SNMP/Insight Manager Settings in the Administration tab. 3. Enter up to three IP addresses to receive the SNMP alerts. 4. Select the alert options you want iLO to support. For information on the Forward Insight Manager Agent SNMP Alerts field. 5.
Web browser. Only users with the Update iLO Firmware privilege can upgrade the iLO firmware. The most recent firmware for iLO is available on the HP website. To upgrade the iLO firmware using a supported Web browser: 1.
Using iLO 2. Click Upgrade iLO Firmware in the Administration tab. 3. Enter the file name in the New firmware image field or browse for the file. 4. Click Send firmware image. 5. The firmware upgrade takes a couple of minutes. A progress bar displays the progress of the firmware upgrade.
("Inability to Upgrade iLO Firmware" on page 391) if a firmware upgrade is interrupted or failed. NOTE: For systems with diskette drives, you can also update the iLO firmware using ROMPaq diskettes. HP does not recommend updating iLO firmware using the Virtual Media floppy diskette. Licensing The iLO Advanced License Activation page is used to apply the license activation for the iLO Advanced Pack.
Access advanced troubleshooting features provided by iLO Advanced. Launch a Web browser, use SNMP alerting, and diagnose the server blade using HP Systems Insight Manager. Configure static IP bay settings for the dedicated iLO management NICs on each server blade in an enclosure for faster deployment.
User Guide Integrated Lights-Out The server blade must be properly cabled for iLO connectivity. Connect to the server blade with one of the following methods: Through an existing network (in the rack)—This method requires you to install the server blade in its enclosure and assign it an IP address manually or using DHCP.
Rack Settings Blade servers communicate with the rack environment to obtain power and manage shared resources of the rack (fans, temperature, power supplies). The Rack Settings option enables you to configure this communication. The following fields are available: Rack Name Enclosure Name Bay Name (on page 349) Bay (on page 349)
User Guide Integrated Lights-Out Enable Rack Alert Logging (IML) (on page 350) Server Blade Management Module The Server Blade Management Module screen: Displays devices discovered in the BL p-Class server blade enclosure Reads and displays the current firmware version of the controller for the server blade enclosure Detects and displays the fuse state and power state of blade servers Enables you to activate the enclosure Unit Identification LEDs...
Reads and displays the current firmware version of the controller for the power supply enclosure Displays the current power output, maximum power output, and temperature information for the power supply Enables you to activate the power management module Unit Identification LEDs Redundant Power Management Module If the rack topology consists of a redundant power supply, the Redundant Power...
User Guide Integrated Lights-Out Server POST Tracking Feedback is limited while the server is booting because of the headless nature of the ProLiant BL p-Class servers. iLO provides boot-time feedback by flashing the Server Health LED green during server POST. The LED is set to solid amber if the boot is unsuccessful.
Hot-unplugging a keyboard—Disconnecting a local keyboard from the server while the server is in a powered on state. Hot-Plug Keyboard Recommended Usage For best results, follow these guidelines: Only hot-plug a local keyboard after the operating system has booted. Do not hot-unplug the local keyboard before the operating system has booted.
User Guide Integrated Lights-Out If iLO is unavailable from power-on through operating system boot and a local keyboard is not present, Remote Console keyboard functionality might not function when iLO becomes available again, depending on the operating system. iLO can become unavailable for various reasons, including firmware upgrade, network settings change, or reassignment of ports.
Terminal Services Pass-Through Option Terminal Services is provided by the Microsoft® Windows® operating systems. The iLO Terminal Services pass-through option provides a connection between the Terminal Services server on the host system and the Terminal Services client on the client system. When the Terminal Services pass-through option is enabled, iLO firmware sets up a socket, listening by default on port 3389.
User Guide Integrated Lights-Out Microsoft® Windows® 2000 servers require the installation of Microsoft® .NET Framework to support the use of Terminal Services. After .NET Framework is installed, the Terminal Services client must be installed from diskettes created by the Terminal Services server. Consult your Windows® operating guides or help files for instructions.
Windows® Server 2003 must be installed on the server that has the iLO. The service and iLO driver are available as Smart Components on the HP website and on the HP SmartStart CD. They are also part of the ProLiant Support Pack for Microsoft® Windows® Server 2003 and Microsoft® Windows®.
User Guide Integrated Lights-Out Errors during installation and during execution of the pass-through service will be logged in the server's Application Event Log. The pass-through service may be removed using Add or Remove Programs in the Control Panel. Windows® 2000 Terminal Services Port Change If the Terminal Services port is changed, Windows®...
When the Terminal Services pass-through option is set to Enabled or Automatic on the Global Settings page and the Terminal Services Client is installed on the Windows® client (installs by default on Windows® XP), the Terminal Services button is enabled. When the Terminal Services button is clicked, the applet tries to launch the Terminal Services, even if the server is not running a Windows®...
User Guide Integrated Lights-Out Terminal Services Button Display This version of the iLO firmware does not accurately display through the Terminal Services button whether the host operating system is enabled for Terminal Services operation. Even if the operating system is not enabled (for example, the host operating system is Linux, which does not support Terminal Services operation), the Terminal Services button might not appear inactive and might inaccurately imply that Terminal Services operation is available.
Terminal Services can be disabled or enabled at any time. Changing the Terminal Services configuration causes the iLO firmware to reset. Resetting the iLO firmware interrupts any open connections to iLO. When the Terminal Services client is launched by the Remote Console, Remote Console goes into a sleep mode to avoid consuming CPU bandwidth.
HP ProLiant Essentials Rapid Deployment Pack Integration HP ProLiant Essentials Rapid Deployment Pack integrates with iLO to allow the management of remote servers and the performance of remote console operations regardless of the state of the operating system or hardware.
Using Telnet To use telnet, the iLO Remote Console Port Configuration and Remote Console Data Encryption on the Global Settings screen must be configured as follows: 1. Set the Remote Console Port Configuration to Enabled. 2. Set the Remote Console Data Encryption to No. You can open either a telnet based Remote Console session or a browser-based Remote Console session.
User Guide Integrated Lights-Out Action POWER OFF ACPI PRESS SYSTEM REBOOT UID ON UID OFF Key sequences operate during a telnet Remote Console session or Virtual Serial Port session. The keys do not work before authentication. The power control requests are correctly ignored when you do not have the correct power control privileges.
iLO VT100+ Key Map The following are VT100+ key sequences. Many terminal programs send CR-LF when they mean ENTER. Sequence "\r\n" = '\r' Some terminals send ASCII 127 (DEL) when they mean backspace. The DELETE key never sends DEL, it sends "\e[3~". Some programs use the following mapping for HOME and END: sequence "\e[H"...
User Guide Integrated Lights-Out ALT_K ALT_L ALT_M ALT_N ALT_O ALT_P ALT_Q ALT_R ALT_T ALT_U ALT_V ALT_W ALT_X ALT_Y ALT_Z ALT_LOWER_A ALT_LOWER_B ALT_LOWER_C ALT_LOWER_D ALT_LOWER_E ALT_LOWER_F ALT_LOWER_G ALT_LOWER_H ALT_LOWER_I Sequence ALT_QUES ALT_AT ALT_OPENSQ ALT_BSLASH \eO\? ALT_CLOSESQ ALT_CARAT ALT_USCORE ALT_ACCENT ALT_PIPE ALT_CBRACK ALT_TILDE ALT_TAB ALT_BS...
Sequence ALT_LOWER_J ALT_LOWER_K ALT_LOWER_L ALT_LOWER_M ALT_LOWER_N ALT_LOWER_O ALT_LOWER_P ALT_LOWER_Q ALT_LOWER_R ALT_LOWER_S ALT_LOWER_T ALT_LOWER_U ALT_LOWER_V ALT_LOWER_W ALT_LOWER_X ALT_LOWER_Y ALT_LOWER_Z ALT_SPACE \e\040 ALT_EXCL \e\" ALT_QUOTE ALT_POUND ALT_DOLLAR ALT_PERCENT Sequence \e\eOY ALT_F10 \e\eOZ ALT_F11 \e\eO[ ALT_F12 ALT_F5 \e\e[15~ \e\e[17~ ALT_F6 \e\e[18~ ALT_F7 \e\e[19~ ALT_F8 ALT_F9 \e\e[20~...
User Guide Integrated Lights-Out VT100+ Codes for the F-Keys F1_KEY F2_KEY F3_KEY F4_KEY F5_KEY F6_KEY F7_KEY F8_KEY F9_KEY F10_KEY F11_KEY F12_KEY Linux Codes for the F-Keys F5_KEY F6_KEY F7_KEY F8_KEY F9_KEY F10_KEY F11_KEY F12_KEY HOME_KEY INSERT_KEY DELETE_KEY Sequence \eOP \eOQ \eOR \eOS \eOT...
Internet. When using PuTTY, versions before 0.54 may display 2 line feeds instead on a single line feed, when the ENTER key is pressed. To avoid this issue and for best results, HP recommends using version 0.54 or later.
User Guide Integrated Lights-Out 1. Open an SSH window. 2. When prompted, enter the IP address or DNS name, login name, and password. Using OpenSSH To start an OpenSSH client in Linux, use: ssh -l loginname ipaddress/dns name Using PuTTY To start a PuTTY session, double-click the PuTTY icon in directory where PuTTY is installed.
Feature Language Client/User authentication method Authentication timeout Authentication attempts Default SSH port iLO Shared Network Port The iLO Shared Network Port enables you to choose either the system NIC or the dedicated iLO NIC for server management. Both regular network traffic and network traffic intended for iLO pass through the system NIC when this feature is selected.
User Guide Integrated Lights-Out iLO Shared Management Port Features and Restrictions Only the iLO Shared Network Port or the iLO Dedicated Management NIC port can be used for iLO server management at one time. The iLO Shared Network Port and the iLO Dedicated Management NIC port cannot operate simultaneously.
When the Shared Network Port is selected, iLO must be configured through either the iLO RBSU or XML. Configuration through RBSU requires that the system be rebooted. Enabling the iLO Shared Network Port Feature The iLO Shared Network Port feature is disabled by default. This feature can be enabled through: iLO RBSU The iLO Web interface...
User Guide Integrated Lights-Out 4. In the Network Configuration menu, toggle the Network Interface Adapter Field to Shared Network Port by pressing the space bar. The Shared Network Port option is only available on supported servers. 5. Press the F10 key to save the configuration. 6.
After iLO resets, the Shared Network Port feature will be active. Any network traffic going to or originating from iLO is directed through the system's NIC port The iLO web interface is no longer available after iLO resets. To restore the use of the web interface, iLO's Dedicated Management NIC port must be re-enabled.
User Guide Integrated Lights-Out To re-enable the dedicated management port: 1. Connect the iLO dedicated management NIC port to a LAN from which the server is managed. 2. Reboot the server. 3. When prompted during POST, press the F8 key to enter iLO RBSU. 4.
SSH allowing two simultaneous connections. IP address or DNS name, login name and password are required to start a CLI session using SSH. Telnet protocol using three simultaneous connections All six connections can be active simultaneously. After serial CLI is enabled on the Global Settings screen, the iLO CLI is invoked by entering ESC (.
User Guide Integrated Lights-Out The following commands display help messages : help Entering help or ? displays all the supported commands. Entering <command help/?> or <help/? command> displays the help message specific to that command. Power The power command is used to change the power state of the server and is limited to users with the Power and Reset privilege.
The vsp command invokes a virtual serial port session. When in virtual serial port session, press <ESC>( to return to the CLI. The vm command allows Virtual Media scripting commands to be entered at the CLI. vm device insert path inserts an image. vm device eject ejects an image.
iLO Security In This Section Security Features ...135 General Security Guidelines Encryption ...136 iLO Security Override Switch Administration User Accounts ...137 Password Guidelines...139 Certificates...140 Securing RBSU ...141 Security Features iLO provides the following security features: User-defined TCP/IP ports ("Network Settings" on page 91) User actions logged in the iLO Event Log Progressive delays for failed login attempts ("Login Security"...
User Guide Integrated Lights-Out iLO should not be connected directly to the Internet. A 128-bit cipher strength browser must be used. Encryption iLO provides strong security for remote management in distributed IT environments by using 128-bit SSL encryption of HTTP data transmitted across the network.
Setting the iLO Security Override Switch also enables you to flash the iLO boot block. HP does not anticipate that you will need to update the iLO boot block. If an iLO boot block update is ever required, physical presence at the server will be required to reprogram the boot block and reset iLO.
User Guide Integrated Lights-Out An alternative to local iLO user accounts is to integrate iLO user authentication into directory services. This configuration allows a virtually unlimited number of users, and easily scales to the number of Lights-Out devices in an enterprise. Additionally, the directory provides a central point of administration for Lights- Out devices and users, and the directory can enforce a stronger password policy.
Global Security Settings Global security settings allow the administrator to control access to functions or to control specific actions of functions that have been enabled globally. For example, you can control access to iLO RBSU, enable or disable Lights-Out Functionality, set the Remote Console timeout, Web server SSL and non-SSL ports, virtual media port, and set the minimum password length.
User Guide Integrated Lights-Out Certificates By default, iLO creates a self-signed certificate for use in SSL connections. This certificate enables the iLO to work without any additional configuration steps. The security features of the iLO can be enhanced by importing a trusted certificate.
Securing RBSU The iLO RBSU allows user access for viewing and modifying the iLO configuration. RBSU access settings can be configured using RBSU, browser, RIBCL scripts, and the iLO Security Override Switch. RBSU has three levels of security: RBSU Disabled (most secure) If iLO RBSU is disabled, user access is prohibited.
Directory Services In This Section Benefits of Directory Integration...143 Features Supported by Directory Integration Installing Directory Services Schema Documentation...146 Directory Services Support...147 eDirectory Installation Prerequisites...148 Schema Required Software Schema Installer ...148 Management Snap-In Installer...152 Directory Services for Active Active Directory Lights-Out Directory Services for eDirectory...171 Configuring Directory Settings...
User Guide Integrated Lights-Out Single point of administration—You can use native administrative tools like MMC and ConsoleOne to administrate Lights-Out users. Immediacy—A single change in the directory rolls-out immediately to associated Lights-Out processors. This eliminates the need to script this process.
"Directory Services Schema (on page 353)" "Directory-Enabled Remote Management (on page 193)" 2. Install a. Download the HP Lights-Out Directory Package containing the schema installer, the management snap-in installer, and the migrations utilities from the HP website (http://www.hp.com/servers/lights-out). b. Run the schema installer (on page 148) once to extend the schema.
RILOE II After the schema has been extended, you can complete the directory services setup by using HP Lights-Out Directories Migration Utilities (on page 205). The migration utilities are included in the HP Lights-Out Directory Package. Version 1.13 of the Directories Migration Utility allows Lights-Out import and export and supports different user credentials for each Lights-Out processor.
Directory Services Support iLO supports the following directory services: Microsoft® Active Directory Microsoft® Windows® Server 2003 Active Directory Novell eDirectory 8.6.2 Novell eDirectory 8.7 iLO software is designed to run within the Microsoft® Active Directory Users and Computers and Novell ConsoleOne management tools, enabling you to manage user accounts on Microsoft®...
Directory Services for iLO uses LDAP over SSL to communicate with the directory servers. iLO software is designed to install in an eDirectory version 8.6.1 (and above) tree. HP does not recommend installing this product if you have eDirectory servers with a version less than eDirectory 8.6.1. Before...
Schema Preview Setup Results Schema Preview The Schema Preview screen enables the user to view the proposed extensions to the schema. This screen reads the selected schema files, parses the XML, and displays it as a tree view. It lists all of the details of the attributes and classes that will be installed.
User Guide Integrated Lights-Out Setup The Setup screen is used to enter the appropriate information before extending the schema. The Directory Server section of the Setup screen enables you to select whether you will be using Active Directory or eDirectory, and to set the computer name and the port to be used for LDAP communications.
Directory Services The Directory Login section of the Setup screen enables you to enter your login name and password. These might be required to complete the schema extension. The Use SSL during authentication option sets the form of secure authentication to be used.
User Guide Integrated Lights-Out Results The Results screen displays the results of the installation, including whether the schema could be extended and what attributes were changed. Management Snap-In Installer The management snap-in installer installs the snap-ins required to manage iLO objects in a Microsoft®...
Directory Services for Active Directory The following sections provide installation prerequisites, preparation, and a working example of Directory Services for Active Directory. HP provides a utility to automate much of the directory setup process. You can download the HP Directories Support for Management Processors on the HP website (http://h18004.www1.hp.com/support/files/lights-out/us/index.html).
User Guide Integrated Lights-Out These articles are accessed using the Knowledge Base Article ID Number Search option at Microsoft® website (http://support.microsoft.com/). 216999 Installing the Remote Server Administration Tools in Windows® 2000 314978 Using the Adminpak.msi to Install a Server Administration Tool in Windows®...
Resource Kit) or by the following steps. This step is not necessary if you are using Windows® Server 2003. IMPORTANT: Incorrectly editing the registry can severely damage your system. HP recommends creating a back up of any valued data on the computer before making changes to the registry. a. Start MMC.
2. Configure the directory service to have the appropriate objects and relationships for iLO management. a. Use the management snap-ins from HP to create iLO, Policy, Admin, and User Role objects. b. Use the management snap-ins from HP to build associations between the iLO object, the policy object, and the role object.
Example: Creating and Configuring Directory Objects for Use with iLO in Active Directory The following example shows how to set up roles and HP devices in an enterprise directory with the domain testdomain.local, which consists of two organizational units, Roles and RILOES.
Right-click the RILOES organizational unit found in the testdomain.local domain, and select NewHPObject. b. Select Device for the type on the Create New HP Management Object dialog box. c. Enter an appropriate name in the Name field of the dialog box. In this...
Right-click the Roles organizational unit, select New then Object. b. Select Role for the type field in the Create New HP Management Object dialog box. c. Enter an appropriate name in the Name field of the New HP Management Object dialog box. In this example, the role will contain users trusted for remote server administration and will be called remoteAdmins.
User Guide Integrated Lights-Out c. Using the Select Users dialog box, select the Lights-Out Management object created in step 2, rib-email-server in folder testdomain.local/RILOES. Click OK to close the dialog, then click Apply to save the list.
6. Using the same procedure as in step 4, edit the properties of the remoteMonitors role, add the rib-email-server device to the Managed Devices list on the HP Devices tab, and add users to the remoteMonitors role using the Members tab. Then, on the Lights Out Management tab, select the box next to the Login.
User Guide Integrated Lights-Out User rights to any iLO are calculated as the sum of all the rights assigned by all the roles in which the user is a member, and in which the iLO is a Managed Device. Following the preceding examples, if a user is in both the remoteAdmins and remoteMonitors roles, they will have all the rights, because the remoteAdmins role has those rights.
Add users to the role objects. Set the rights and restrictions of the role objects. Active Directory Snap-Ins The following sections discuss the additional management options available within Active Directory Users and Computers after the HP snap-ins have been installed. Directory Services...
User Guide Integrated Lights-Out HP Devices The HP Devices tab is used to add the HP devices to be managed within a role. Clicking Add enables you to browse to a specific HP device and add it to the list of member devices.
Directory Services Members After user objects are created, the Members tab enables you to manage the users within the role. Clicking Add enables you to browse to the specific user you want to add. Highlighting an existing user and clicking Remove removes the user from the list of valid members.
User Guide Integrated Lights-Out Time Restrictions IP Network Address Restrictions IP/Mask IP Range DNS Name...
Directory Services Time Restrictions You can manage the hours available for logon by members of the role by clicking Effective Hours in the Role Restrictions tab. In the Logon Hours pop- up window, you can select the times available for logon for each day of the week in half-hour increments.
User Guide Integrated Lights-Out Enforced Client IP Address or DNS Name Access Access can be granted or denied to an IP address, IP address range, or DNS names. 1. In the By Default dropdown menu, select whether to Grant or Deny access from all addresses except the specified IP addresses, IP address ranges, and DNS names.
Directory Services To remove any of the entries, highlight the entry in the display list and click Remove.
User Guide Integrated Lights-Out Active Directory Lights-Out Management After a role is created, rights for the role can be selected. Users and group objects can now be made members of the role, giving the users or group of users the rights granted by the role.
Example: Creating and Configuring Directory Objects for Use with LOM Devices in eDirectory The following example shows how to set up roles and HP devices in a company called samplecorp, which consist of two regions, region1 and region2. Directory Services...
1. Begin by creating organizational units in each region, which will contain the Lights-Out Management devices and roles specific to that region. In this example, two organizational units are created, called roles and hp devices, in each organizational unit, region1 and region2.
3. Use the HP provided ConsoleOne snap-ins to create HP Role objects in the roles organizational units. a. Right-click the roles organizational unit found in the region2 organizational unit, and select New then Object.
4. Use the HP provided ConsoleOne snap-ins to assign rights to the role and associate the roles with users and devices. a. Right-click on the remoteAdmins role in the roles organizational unit in the region1 organizational unit, and select Properties.
5. Using the same procedure as in step 4, edit the properties of the remoteMonitors role: a. Add the three iLO devices within hp devices under region1 to the Managed Devices list on the Role Managed Devices subtab of the HP Management tab.
User Guide Integrated Lights-Out c. Then, using the Lights Out Management Device Rights subtab of the HP Management tab, select the check box next to Login, and click Apply and Close. Members of the remoteMonitors role will be able to authenticate and view the server status.
The Role Managed Devices subtab under the HP Management tab is used to add the HP devices to be managed within a role. Clicking Add allows you to browse to the specific HP device and add it as a managed device.
User Guide Integrated Lights-Out Members After user objects are created, the Members tab allows you to manage the users within the role. Clicking Add allows you to browse to the specific user you want to add. Highlighting an existing user and clicking Delete removes the user from the list of valid members.
IP Range DNS Name eDirectory Role Restrictions The Role Restrictions subtab allows you to set login restrictions for the role. These restrictions include: Time Restrictions IP Network Address Restrictions IP/Mask IP Range Directory Services...
User Guide Integrated Lights-Out DNS Name Time Restrictions You can manage the hours available for logon by members of the role by using the time grid displayed in the Role Restrictions subtab. You can select the times available for logon for each day of the week in half-hour increments. You can change a single square by clicking it, or a section of squares by clicking and holding the mouse button, dragging the cursor across the squares to be changed, and releasing the mouse button.
1. In the By Default dropdown menu, select whether to Allow or Deny access from all addresses except the specified IP addresses, IP address ranges, and DNS names. 2. Select the addresses to be added, select the type of restriction, and click Add. 3.
Rights are managed on the Lights Out Management Device Rights subtab of the HP Management tab. The available rights are: Login—This option controls whether users can to log in to the associated...
Directory Services Remote Console—This option allows the user access to the Remote Console. Virtual Media—This option allows the user access to the RILOE II Virtual Floppy and Virtual Media functionality. Server Reset and Power—This option allows the user to remotely reset the server or power it down.
User Guide Integrated Lights-Out Configuring Directory Settings The Directory Settings screen contains the following settings options: Enable Directory Authentication (on page 351) Enable Local User Accounts (on page 351) Directory Server Address (on page 351) Directory Server LDAP Port LOM Object Distinguished Name (on page 351) LOM Object Password (on page 351) NOTE: At this time, the LOM Object Password field is not used.
Directory User Context ("Directory User Context 1, Directory User Context 2, Directory User Context 3" on page 352) Click Apply Settings to save any changes. To test the communication between the directory server and iLO, click Test Settings. Refer to "Testing Directory Settings (on page 352)" for additional information.
User Guide Integrated Lights-Out Directory Tests To validate current directory settings for iLO, click Test Settings on the Directory Settings page. The Directory Tests page will display.
The iLO login page Login Name field accepts all of the following: Directory users LDAP Fully Distinguished Names Example: CN=John Smith,CN=Users,DC=HP,DC=COM, or @HP.com NOTE: The short form of the login name by itself does not tell the directory which domain you are trying to access. You must provide the domain name or use the LDAP distinguished name of your account.
User Guide Integrated Lights-Out DOMAIN\user name form (Active Directory Only) Example: HP\jsmith username@domain form (Active Directory Only) Example: email@example.com NOTE: Directory users specified using the @ searchable form may be located in one of three searchable contexts, which are configured within Directory Settings.
Certificate Services In This Section Introduction to Certificate Services Installing Certificate Services...189 Verifying Directory Services...190 Configuring Automatic Certificate Request Introduction to Certificate Services Certificate Services are used to issue signed digital certificates to network hosts. The certificates are used to establish SSL connections with the host and verify the authenticity of the host.
User Guide Integrated Lights-Out 6. Enter the information appropriate for your site and organization. Accept the default time period of two years for the Valid for field. Click Next. 7. Accept the default locations of the certificate database and the database log. Click Next.
Certificate Services 8. Click Next when the Automatic Certificate Request Setup wizard starts. 9. Select the Domain Controller template, and click Next. 10. Select the certificate authority listed. (It is the same CA defined during the Certificate Services installation.) Click Next. 11.
LOM device objects for Active Directory ("Directory Services for Active Directory" on page 153) and eDirectory ("Directory Services for eDirectory" on page 171). In general, administrators can use the HP provided snap-ins to create objects. It is useful to give the LOM device objects meaningful names, such as the device's network address, DNS name, host server name, or serial number.
DNS name of a local directory server or, for more redundancy, a multi-host DNS name. Using Bulk Import Tools Adding and configuring large numbers of LOM objects is time consuming. HP provides several utilities to assist in these tasks. Below is a brief description of the utilities available.
Discover the LOM devices as management processors using CPQLOCFG to send a RIBCL XML script file to a group of LOM devices to manage those LOM devices. The LOM devices perform the actions designated by the RIBCL file and send a response to the CPQLOCFG log file.
User Guide Integrated Lights-Out When using Microsoft® Active Directory, it is possible to place one group within another or nested groups. Role objects are considered groups and can include other groups directly. Add the existing nested group directly to the role, and assign the appropriate rights and restrictions.
An admin user gains the login right from the regular user group. More advanced rights are assigned through the Admin role, which assigns additional rights— Server Reset and Remote Console. A d m in U se r U se r The Admin role assigns all admin rights—Server Reset, Remote Console, and Login.
User Guide Integrated Lights-Out Creating Roles to Follow Organizational Structure Often, the administrators within an organization are placed into a hierarchy in which subordinate administrators must assign rights independently of ranking administrators. In this case, it is useful to have one role that represents the rights assigned by higher-level administrators and to allow the subordinate administrators to create and manage their own roles.
DNS-based restrictions can limit access to a single, specific machine name or to machines sharing a common domain suffix. For example, the DNS restriction, www.hp.com, matches hosts that are assigned the domain name www.hp.com. However, the DNS restriction, *.hp.com, matches any machine originating from DNS restrictions can cause some ambiguity because a host can be multi-homed.
User Guide Integrated Lights-Out Using DNS-based restrictions can create some security complications. Name service protocols are insecure. Any individual with malicious intent and access to the network can place a rogue DNS service on the network creating fake address restriction criteria. Organizational security policies should be taken into consideration when implementing DNS-based address restrictions.
How User Time Restrictions are Enforced Administrators can place a time restriction on directory user accounts. Time restrictions limit the ability of the user to log in (authenticate) to the directory. Typically, time restrictions are enforced using the time at the directory server, but if the directory server is located in a different time zone or a replica in a different time zone is accessed, then time zone information from the managed object can be used to adjust for relative time.
User Guide Integrated Lights-Out Network address restrictions placed on the user in the directory might not be enforced in the expected manner if the directory user logs in through a proxy server. When a user logs in to a LOM device as a directory user, the LOM device attempts authentication to the directory as that user, which means that address restrictions placed on the user account apply when accessing the LOM device.
Directory-Enabled Remote Management In the example, security policy dictates general use is restricted to clients within the corporate subnet, and server reset capability is additionally restricted to after hours. Alternatively, the directory administrator could create a role that grants the login right and restrict it to the corporate network, then create another role that grants only the server reset right and restrict it to after-hours operation.
User Guide Integrated Lights-Out The previous configuration meets corporate security policy. However, adding another role that grants the login right can inadvertently grant server reset privileges from outside the corporate subnet after hours. A more manageable solution would be to restrict the Reset role, as well as the General Use role.
HPQLOMGC Operation...217 Introduction to Lights-Out Migration Utilities For customers with previously installed management processors, HP created two utilities to simplify the migration of these processors to management by Directory Services. The two utilities are the HPQLOMIG utility and the HPQLOMGC utility. These utilities automate some of the migration steps necessary for the management processors to support Directories Services.
User Guide Integrated Lights-Out HPQLOMGC is a command line utility enabling you to migrate individual management processors. Used in conjunction with Insight Manager 7 or Systems Insight Manager, HPQLOMGC upgrades the firmware of the management processor, if necessary, configures the management processor, and configures the directory settings.
4. Download the HP Lights-Out Directory Services Smart Component from the HP website (http://www.hp.com/servers/lights-out). 5. Apply the HP Lights-Out schema extensions to the directory. 6. Create a role for the users of the management processor using the HP Lights- Out management snap-in. HP Lights-Out Directory Package All of the migration software, as well as the schema extender and management snap-ins, are packaged together in an HP Smart Component.
Systems Insight Manager, consider using the HPQLOMIG utility. IMPORTANT: Installing directory support for any management processor requires downloading the HP Smart Component. Refer to the "Pre-Migration Checklist (on page 206)" and the "HP Lights-Out Directory Package" sections for additional information. Extending the schema must be completed by a Schema Administrator.
If you click Next, Back, or exit the application during discovery, operations on the current network address are completed but those on subsequent network addresses are cancelled. To start the process of discovering your management processors: 1. Select Start>Programs>Hewlett-Packard, HPQLOMIG to start the migration utility.
Results column and HPQLOMIG continues to upgrade the other discovered management processors. IMPORTANT: HP recommends testing the upgrade process and verifying the results in a test environment before running the utility on a production network. An incomplete transfer of the firmware image to a management processor could result in having to locally reprogram the management processor using a floppy diskette.
3. Click Upgrade Firmware. The selected management processors will now be upgraded. Although this utility enables you to upgrade hundreds of management processors, only 25 management processors are upgraded simultaneously. Network activity is considerable during this process. 4. After the upgrade is complete, click Next. During the firmware upgrade process, all buttons are deactivated to prevent navigation.
User Guide Integrated Lights-Out Naming Management Processors This screen enables you to name Lights-Out Management device objects in the directory and create corresponding device objects for all management processors to be managed. You can create names using one or more of the following: The network address An index A prepend prefix to all...
Lights-Out Directories Migration Utilities 5. After the names are correct, click Next. Configuring Directories The Configure Directory screen enables you to create a device object for each discovered management processor and to associate the new device object to a previously defined role. For example, the directory defines a user as a member of a role (such as administrator) who has a collection of privileges on a specific device object (such as a RILOE II card).
User Guide Integrated Lights-Out Network Address—This is the network address of the directory server and can either be a valid DNS name or IP address. Port—The port is the SSL port to the directory. The default entry is 636. Management processors can only communicate with the directory using SSL. Login Name and Password—These fields are used to log in with an account that has domain administrator access to the directory.
Lights-Out Directories Migration Utilities 5. After the device objects have been associated with a role, click Next. Setting Up Management Processors for Directories The last step in the migration process is to configure the management processors to communicate with the directory. This screen enables you to create user contexts and designate whether or not Directory Support and Local Accounts are enabled.
CN=Users,DC=RILOETEST2,DC=HP allows user "John Smith" to log in using John Smith rather than CN=John Smith,CN=Users, DC=RILOETEST2,DC=HP. The @ format is also supported. For example, @RILOETEST2.HP in a context field allows the user to log in using jsmith (assuming that jsmith is the user's short name).
NOTE: The feature associated with the Management Processor Password field is not available at this time. This field is provided for forward compatibility with future releases. HPQLOMGC Operation The command line utility is intended to be used in conjunction with Insight Manager 7 and Systems Insight Manager.
User Guide Integrated Lights-Out IMPORTANT: Installing directory support for any management processor requires downloading the HP Smart Component. Refer to the "Pre-Migration Checklist (on page 206)" and the "HP Lights-Out Directory Package" sections for additional information. Extending the schema must be completed by a Schema Administrator.
To create an Application Launch task: 1. Click Device in the navigation bar on the top left side of the screen. 2. Click Tasks to open the Tasks screen. 3. Click New Control Task. A dropdown menu is displayed. 4. Click Application Launch from the dropdown menu to open the Create/Edit Task screen.
User Guide Integrated Lights-Out 9. Select the query that had been created earlier, for example "Mgmt Processors." 10. Click Schedule to define when the Application Launch task will run. A schedule configuration window is displayed. 11. Click OK to set the schedule. NOTE: The default schedule for a control task is Now.
<DIR_SERVER_ADDRESS value="administration.wins.hp.com" /> <DIR_SERVER_PORT value="636" /> <DIR_OBJECT_DN value="CN=RILOP5,CN=Users,DC=RILOEGRP2,DC=HP" /> <DIR_OBJECT_PASSWORD value="aurora" /> <DIR_USER_CONTEXT_1 value="CN=Users,DC=RILOEGRP2,DC=HP" /> <DIR_USER_CONTEXT_2 value="" /> <DIR_USER_CONTEXT_3 value="" /> <DIR_ROLE value="CN=RILOEROLE,CN=Users,DC=RILOEGRP2,DC=HP" /> <DIR_LOGIN_NAME value="RILOEGRP2\Adminl" /> <DIR_LOGIN_PASSWORD value="aurora" /> </MOD_DIR_CONFIG> </DIR_INFO> </LOGIN> </RIBCL> ILO_CONFIG RIBCL allows for only one firmware image per XML file. The command language for HPQLOMGC has been modified to allow for each management processor to have a specified firmware image within a single XML file.
Insight Manager 7 Integration In This Section Integrating iLO with Insight Manager Functional Overview ...224 Identification and Association Configuring Identification of iLO Receiving SNMP Alerts in Insight Manager 7 Port Matching ...228 Reviewing iLO Advanced License Information in Insight Manager 7 ProLiant BL p-Class Rack Visualization...231 Integrating iLO with Insight Manager 7...
Draw a visualization of the ProLiant BL p-Class rack infrastructure. The following sections give a summary of each function. For detailed information on these benefits and how to use Insight Manager 7, refer to the HP Insight Manager 7 Technical Reference Guide, provided with Insight Manager 7.
The color of the icon represents the status of the management processor. For a complete list of device statuses, refer to the HP Insight Manager 7 Technical Reference Guide, provided with Insight Manager 7.
User Guide Integrated Lights-Out iLO and the host server from the Insight Manager 7 home page iLO from the Query Results page The server from the Query Results page The server from the Device Summary page of iLO iLO from the Device Summary page of the server The Home page and Query Results pages display iLO, the server, and the relationship between iLO and the server.
Display Information Server State Management Processor Status Management Processor Serial Number iLO Advanced License Status and Data Hardware Revision Information Firmware Revision Information Rack Topology Single Sign On* Secure Task Execution* CIMOM* Device Home Page URL *NOTE: Reserved for future integration. Receiving SNMP Alerts in Insight Manager 7 iLO can be configured to forward alerts from the host operating system management agents, and it can also be configured to send iLO-generated alerts to...
Click the event description to obtain further information about the event. NOTE: HP Insight Agents for iLO must be installed on the remote host server to enable management of iLO. Refer to "Installing iLO Device Drivers (on page 24)"...
To change the port number in Insight Manager 7, add the port to the \ADDITIONALWSDISC.PROPS file. Port 80 does not need an entry in this props file, but any other port designated for iLO must be specified so that Insight Manager 7 can use it during HTTP identification.
User Guide Integrated Lights-Out The license information of the management processors appears. To be sure that this data is current, run the device identification task for your management processors. Refer to the Insight Manager 7 documentation for additional details about initiating tasks.
Insight Manager 7 Integration ProLiant BL p-Class Rack Visualization Insight Manager 7 can draw a visualization of the ProLiant BL p-Class rack, enclosures, and servers using information from iLO. The SNMP/Insight Manager setting for the level of data to be returned must be Medium or High for Insight Manager 7 to draw the visualization.
User Guide Integrated Lights-Out...
System Insight Manager ProLiant BL p-Class Rack Integrating iLO with Systems Insight Manager iLO fully integrates with HP Systems Insight Manager in key operating environments. Full integration with Systems Insight Manager also provides a single management console for launching a standard Web browser to access.
Systems Insight Manager provides a hyperlink on the server device page to launch and connect to iLO. HP Management Agents iLO, combined with HP Management Agents, provides remote access to system management information through the iLO Web browser interface. Systems Insight Manager Functional Overview Systems Insight Manager enables you to: Identify iLO processors.
System Insight Manager Identification and Association Systems Insight Manager can identify an iLO processor and create an association between iLO and server. The administrator of the iLO device may configure iLO to respond to Systems Insight Manager identification requests. System Insight Manager Status In Systems Insight Manager, iLO is identified as a management processor.
User Guide Integrated Lights-Out For a complete list of device statuses, refer to the HP Systems Insight Manager Installation and User Guide. System Insight Manager Links For ease of management, Systems Insight Manager creates links to the following locations: iLO and the host server from any System list...
Receiving SNMP Alerts in Systems Insight Manager iLO can be configured to forward alerts from the host operating system management agents, and it can also be configured to send iLO-generated alerts to Systems Insight Manager. Systems Insight Manager provides support for full SNMP management, and iLO supports SNMP trap delivery to Systems Insight Manager.
Click the Event Type to obtain further information about the event. NOTE: HP Insight Agents for iLO must be installed on the remote host server to enable management of iLO. Refer to "Installing iLO Device Drivers (on page 24)" for additional details about installing and configuring agents.
In addition, HP System Insight Manager 4.1 and above provides visualization support for ProLiant BL p-Class server blades which enables you to...
CPQLOCFG utility can be launched from Insight Manager 7 or Systems Insight Manager for Group Administration or used independently from a command prompt for batch processing. This utility can be downloaded from the HP website (http://h18004.www1.hp.com/support/files/lights-out/us/index.html). Version 2.20 or later of CPQLOCFG.EXE is required to configure iLO Directory Settings using RIBCL scripts.
User Guide Integrated Lights-Out Insight Manager 7—C:\PROGRAM FILES\INSIGHT MANAGER 7 Systems Insight Manager— C:\PROGRAM FILES\INSIGHT MANAGER\HP\SYTEMS Syntax errors occur when an invalid XML tag is encountered. When a syntax error occurs, the Lights-Out Configuration Utility stops running and logs the error in the runtime script and output log file.
Create a Task (on page 246) Using the Lights-Out Configuration Utility with Insight Manager 7 Insight Manager 7 can manage the group administration of iLO devices using query definitions ("Query Definition in Insight Manager 7" on page 243) and Application Launch ("Application Launch Using Insight Manager 7" on page 244).
User Guide Integrated Lights-Out 14. Click Overview on the left side of the screen after the verification has taken place. The initial page for devices opens. Application Launch Using Insight Manager 7 The Application Launch combines the RIBCL, the Lights-Out Configuration Utility, and the query definition to manage the Group Administration of iLO management processors.
10. Click Schedule to define when the Application Launch task will run. A schedule configuration window is displayed. 11. Click OK to set the schedule. NOTE: The default schedule for a control task is Now. 12. Click Finish to save the Application Launch task. 13.
User Guide Integrated Lights-Out 2. In the New Custom Command screen, enter the appropriate information in the Name, Description, and Comments fields. 3. In the Command field, be sure to enter the full path and the file name of the application.
If you click Schedule, the schedule task screen appears. Schedule the task. For more information on the scheduling options, see the HP Systems Insight Manager documentation. The Schedule option is available only if the tool can be scheduled. If you click Run Now, the Task Results screen appears with a summary of the task, the target details, and the status.
GET commands are logged without this switch. Refer to the "Remote Insight Command Language (on page 269)" section for information on the syntax of the XML data files. Sample XML scripts are available on the HP website (http://www.hp.com/servers/lights-out) in the Best Practices section.
Lights-Out DOS Utility In This Section Overview of the Lights-Out DOS Utility CPQLODOS Recommended Usage CPQLODOS General Guidelines Command Line Arguments RIBCL XML Commands for Overview of the Lights-Out DOS Utility CPQLODOS is a command line utility that is a part of the SmartStart Scripting Toolkit.
User Guide Integrated Lights-Out CPQLODOS Recommended Usage HP recommends using CPQLODOS /WRITE_XML=filename.ext to capture the current iLO settings. The output from the /WRITE_XML command should be used as a template for further CPQLODOS scripting. For security reasons, the /WRITE_XML command does not output the passwords for current user accounts or the iLO Advanced Pack license key.
Command Line Argument /HELP or /? /DETECT /RESET /VIRT_FLOPPY /MIN_FW-xxx /GET_STATUS /GET_HOSTINFO /GET_USERINFO /GET_NICCONFIG /GET_DHCPCONFIG /GET_DIRCONFIG /WRITE_XML=path\file name.ext /LOAD_XML=path\file name.ext /VERIFY_XML Description Displays simple help messages Detects the iLO management processor on the target server Resets the iLO management processor Ignores the virtual floppy inserted error Enables you to set the minimum firmware version on which the iLO management processor runs...
User Guide Integrated Lights-Out RIBCL XML Commands for CPQLODOS CPQLODOS uses the same RIBCL XML commands as CPQLOCFG for the <MOD_NETWORK_SETTINGS>, and the <MOD_DIR_CONFIG> XML scripting language blocks. Only those parameters unique to CPQLODOS are discussed. For more information on <MOD_NETWORK_SETTINGS>, and <MOD_DIR_CONFIG>...
ADD_USER This command is used to add a user to iLO. If multiple ADD_USER commands are in the XML script, CPQLODOS will use only the settings from the last command. Example: <ADD_USER USER_NAME = "James Madison" USER_LOGIN = "jmadison" PASSWORD = "president"> </ADD_USER>...
User Guide Integrated Lights-Out Blank user login name not allowed. Maximum length is 39 characters. SET_LICENSE This command is used to apply the iLO Advanced Pack License key to the iLO. On a ProLiant BL p-class server, this parameter is not necessary because the advanced features are activated by default.
Out XML scripting language. Perl scripts require a valid user ID and password with appropriate privileges. Sample XML scripts for Lights-Out devices and a sample Perl script are available on the HP website (http://www.hp.com/servers/lights-out) in the Best Practices section. XML Enhancements Previous versions of iLO firmware do not return properly formatted XML syntax.
<?xml version="1.0"?> and before the XML script is sent. If placing the tag in the XML script, the tag should be placed before <RIBCL version="2.0">. If you are using the Perl script provided by HP, then the bold line in the following example can be added to return properly formatted XML syntax.
Opening an SSL Connection Perl scripts must open an SSL connection to the device's HTTPS port, by default port 443. For example: use Socket; use Net::SSLeay qw(die_now die_if_ssl_error); Net::SSLeay::load_error_strings(); Net::SSLeay::SSLeay_add_ssl_algorithms(); Net::SSLeay::randomize(); # opens an ssl connection to port 443 of the passed host sub openSSLconnection($) my $host = shift;...
User Guide Integrated Lights-Out Net::SSLeay::connect($ssl) and die_if_ssl_error("ERROR: ssl connect"); print STDERR 'SSL Connected '; print 'Using Cipher: ' . Net::SSLeay::get_cipher($ssl) if $debug; print STDERR "\n\n"; return $ssl; Sending the XML Header and Script Body After the connection is established, the first line of script sent must be an XML document header, which tells the device's HTTPS Web server that the following content is an XML script.
$n++; $reply .= $lastreply; $lastreply = Net::SSLeay::read($ssl); die_if_ssl_error("ERROR: ssl read"); if($lastreply eq "") sleep(2); # wait 2 sec for more text. $lastreply = Net::SSLeay::read($ssl); last READLOOP if($lastreply eq ""); sleep(2); # wait 2 sec for more text. $lastreply = Net::SSLeay::read($ssl); last READLOOP if($lastreply eq "");...
User Guide Integrated Lights-Out PERL scripts must send the XML header before sending the body of the script. PERL scripts must provide script data fast enough to prevent the device from timing out. XML scripts cannot contain the update firmware command, which requires extra work on the part of the PERL script to open the file containing the firmware image and send it to the device.
HPONCFG takes RIBCL scripts and passes them to the iLO in the host system instead of over the network. HPONCFG replaces the control panel applet used with RILOE. You can download HPONCFG from the HP website (http://h18004.www1.hp.com/support/files/lights-out/us/index.html). HPONCFG Supported Operating Systems HPONCFG is supported on: Windows®...
HP Insight Management Agents. During execution, HPONCFG will display an error message if the sm2user.dll file cannot be found. This file can be installed separately from the component HP Insight Management Agents for Windows® 2000 or Windows® Server 2003,...
Windows Server Installation 1. To install HPONCFG, run the self-extracting executable delivered in the Softpaq from within a directory of your choice on the managed server. Choose the directory from which the HPONCFG utility is executed. This directory will also contain the XML formatted input scripts and store the output files from execution of the utility.
User Guide Integrated Lights-Out Using HPONCFG Start the HPONCFG configuration utility from the command line. When using Microsoft® Windows®, cmd.exe is available by selecting Start>Run>cmd. HPONCFG displays a usage page if HPONCFG is entered with no command line parameters. HPONCFG accepts a correctly formatted XML script. Refer to the "Remote Insight Command Language (on page 269)"...
HPONCFG /f add_user.xml /l log.txt > output.txt HPONCFG Usage Model HPONCFG is best used to configure iLO after the host operating system has been deployed or redeployed to: Capture iLO configuration parameters. Create a known user account. Obtaining an Entire Configuration HPONCFG and RIBCL can retrieve the current Lights-Out configuration.
User Guide Integrated Lights-Out </MOD_NETWORK_SETTINGS> <ADD_USER </ADD_USER> <RESET_RIB VALUE = "Y"/> </HPONCFG> Creating a User Account If iLO user credentials are unknown, an account on iLO can be created using HPONCFG. HPONCFG runs from the host operating system context, requiring administrator or root access to the operating system.
<!-- Add user with remote power and access privileges -- > <RIBCL version="2.0"> <LOGIN USER_LOGIN="Administrator" PASSWORD="password"> <USER_INFO MODE="write"> <ADD_USER USER_NAME="Adam Smith" USER_LOGIN="Adam" PASSWORD="password"> <ADMIN_PRIV="N"> <REMOTE_CONS_PRIV="Y" <RESET_SERVER_PRIV="Y" <VIRTUAL_MEDIA_PRIV="Y" <CONFIG_ILO_PRIV="N" </ADD_USER> </USER_INFO> </LOGIN> </RIBCL> HPONCFG Online Configuration Utility...
Remote Insight Command Language In This Section Overview of the Remote Insight Board Command RIBCL and ProLiant BL p-Class RIBCL Sample Scripts ...271 RIBCL General Guidelines Header...271 Data Types...271 Response Definitions...272 RIBCL ...273 LOGIN...274 USER_INFO...275 ADD_USER ...276 DELETE_USER...279 GET_USER ...280 MOD_USER...281 GET_ALL_USERS ...284...
User Guide Integrated Lights-Out GET_DIAGPORT_SETTINGS MOD_DIAGPORT_SETTINGS...314 GET_TOPOLOGY...315 SERVER_INFO ...316 GET_HOST_POWER_STATUS SET_HOST_POWER...318 RESET_SERVER...319 PRESS_PWR_BTN...320 HOLD_PWR_BTN ...321 COLD_BOOT_SERVER ...322 WARM_BOOT_SERVER GET_UID_STATUS ...323 UID_CONTROL ...324 INSERT_VIRTUAL_MEDIA...325 EJECT_VIRTUAL_MEDIA GET_VM_STATUS...328 SET_VM_STATUS ...329 Overview of the Remote Insight Board Command Language The Remote Insight Board Command Language enables you to write scripts to manage user accounts and to configure settings.
RIBCL Sample Scripts Sample scripts for all iLO commands described in this section are available for download from the HP website (http://www.hp.com/servers/lights-out). RIBCL General Guidelines In this section, all of the commands are grouped by functionality. All commands that manipulate user information are grouped together. Grouping commands...
User Guide Integrated Lights-Out Specific string Boolean string String A string is any text enclosed in quotes. It can include spaces, numbers, or any printable character. A string may start with either a double or single quote and it must end with the same type of quote. The string may contain a quote if it is different from the string delimiter quotes.
/> RESPONSE This tag name indicates that iLO is sending a response to the previous commands back to the client application to indicate the success or failure of the commands that have been sent to iLO. STATUS This parameter contains an error number. The number “0x0000” indicates that there is no error.
User Guide Integrated Lights-Out Version must not be blank. LOGIN The LOGIN command provides the information that is used to authenticate the user whose permission level will be used when performing RIBCL actions. The specified user must have a valid account on the respective iLO to execute RIBCL commands.
Logged-in user does not have required privilege for this command. USER_INFO The USER_INFO command can only appear within a LOGIN command block. When the command is parsed, it reads the local user information database into memory and prepares to edit it. Only commands that are USER_INFO type commands are valid inside the USER_INFO command block.
User Guide Integrated Lights-Out ADD_USER The ADD_USER command is used to add a local user account. The USER_NAME and USER_LOGIN parameters must not exist in the current user database. Use the MOD_USER command to change an existing user's information. For this command to parse correctly, the command must appear within a USER_INFO command block, and USER_INFO MODE must be set to write.
Remote Insight Command Language PASSWORD is the password associated with the user. This parameter is case sensitive and can be a combination of any printable characters. The length is user defined and can be a minimum of zero characters and a maximum of 39 characters.
User Guide Integrated Lights-Out VIEW_LOGS_PRIV is a Boolean parameter that gives the user permission to view the iLO system logs. This parameter is optional, and the Boolean string must be set to "Yes" if the user should be allowed to view logs. If this parameter is used, the Boolean string value must never be blank.
User table is full. No room for new user. Cannot add user. The user name already exists. User information is open for read-only access. Write access is required for this operation. User name cannot be blank. User login ID cannot be blank. Boolean value not specified.
User Guide Integrated Lights-Out User information is open for read-only access. Write access is required for this operation. Cannot delete user information for currently logged in user. User login name was not found. User login name must not be blank. User does not have correct privilege for action.
User login name was not found. User does not have correct privilege for action. ADMIN_PRIV required. GET_USER Return Messages A possible GET_USER return message includes: <RESPONSE STATUS="0x0000" MSG="No Errors" /> <GET_USER USER_NAME="Admin User" USER_LOGIN= "username" ADMIN_PRIV="N" REMOTE_CONS_PRIV="Y" RESET_SERVER_PRIV="N" VIRTUAL_MEDIA_PRIV="N" CONFIG_ILO_PRIV value ="No" />...
User Guide Integrated Lights-Out </MOD_USER> </USER_INFO> </LOGIN> </RIBCL> MOD_USER Parameters USER_LOGIN is the login name of the user account. This parameter is case sensitive and must never be blank. If the following parameters are not specified, then the parameter value for the specified user is preserved.
RESET_SERVER_PRIV is a Boolean parameter that gives the user permission to remotely manipulate the server power setting. This parameter is optional, and the Boolean string must be set to "Yes" if the user should have this privilege. If this parameter is used, the Boolean string value must never be left blank. Omitting this parameter prevents the user from manipulating the server power settings.
User Guide Integrated Lights-Out GET_ALL_USERS The GET_ALL_USERS command will return all USER_LOGIN parameters in the user database. For this command to parse correctly, the command must appear within a USER_INFO command block, and USER_INFO MODE can be in read or write. The user must have the administrative privilege to retrieve all user accounts.
<USER_LOGIN VALUE="user4"/> <USER_LOGIN VALUE="user5"/> <USER_LOGIN VALUE="user6"/> <USER_LOGIN VALUE="user7"/> <USER_LOGIN VALUE="user8"/> <USER_LOGIN VALUE="user9"/> <USER_LOGIN VALUE="user10"/> <USER_LOGIN VALUE=""/> <USER_LOGIN VALUE=""/> </GET_ALL_USERS> A possible unsuccessful request is: <RESPONSE STATUS = "0x0001" MSG = "Error Message"/> GET_ALL_USER_INFO The GET_ALL_USER_INFO command will return all local users information in the user database, excluding passwords.
User Guide Integrated Lights-Out User does not have correct privilege for action. ADMIN_PRIV required. GET_ALL_USER_INFO Return Messages A possible GET_ALL_USER_INFO return message is: <GET_ALL_USER_INFO/> <GET_USER USER_NAME="Admin" USER_LOGIN="Admin" ADMIN_PRIV="Y" CONFIG_RILO_PRIV="Y" LOGIN_PRIV="Y" REMOTE_CONS_PRIV="Y" RESET_SERVER_PRIV="Y" VIRTUAL_MEDIA_PRIV="Y" /> ... The same information will be repeated for all the users. </GET_ALL_USER_INFO>...
RIB_INFO Parameter MODE is a specific string parameter with a maximum length of 10 characters that specifies what you intend to do with the information. Valid arguments are "read" and "write." Write mode enables both reading and writing of iLO information. Read mode prevents modification of iLO information.
User Guide Integrated Lights-Out User does not have correct privilege for action. CONFIG_ILO_PRIV required. GET_NETWORK_SETTINGS The GET_NETWORK_SETTINGS command requests the respective iLO network settings. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE can be set to read or write.
<DHCP_WINS_SERVER VALUE="Y"/> <REG_WINS_SERVER VALUE="Y"/> <IP_ADDRESS VALUE="22.214.171.124"/> <SUBNET_MASK VALUE="255.255.255.0"/> <GATEWAY_IP_ADDRESS VALUE="126.96.36.199"/> <DNS_NAME VALUE="test"/> <DOMAIN_NAME VALUE="test.com"/> <PRIM_DNS_SERVER VALUE="188.8.131.52"/> <SEC_DNS_SERVER VALUE="184.108.40.206"/> <TER_DNS_SERVER VALUE="220.127.116.11"/> <PRIM_WINS_SERVER VALUE="18.104.22.168"/> <SEC_WINS_SERVER VALUE="22.214.171.124"/> <STATIC_ROUTE_1 DEST VALUE="0.0.0.0"/> <GATEWAY VALUE="0.0.0.0"/> STATIC_ROUTE_2 DEST VALUE="0.0.0.0"/> GATEWAY VALUE="0.0.0.0"/> STATIC_ROUTE_3 DEST VALUE="0.0.0.0"/> GATEWAY VALUE="0.0.0.0"/> WEB_AGENT_IP_ADDRESS VALUE=""/> </GET_NETWORK_SETTINGS>...
User Guide Integrated Lights-Out The iLO management processor reboots to apply the changes after the script has successfully completed. If connectivity is lost to the iLO, use RBSU to reconfigure the network settings to values that are compatible with the network environment.
Remote Insight Command Language MOD_NETWORK_SETTINGS Parameters If the following parameters are not specified, then the parameter value for the specified setting is preserved. Zero values are not permitted in some fields. Consequently, an empty string deletes the current value in some fields. ENABLE_NIC enables the NIC to reflect the state of iLO.
User Guide Integrated Lights-Out DNS_NAME is used to specify the DNS name for the iLO. If an empty string is entered, the current value is deleted. DOMAIN_NAME is used to specify the domain name for the network where the iLO resides. If an empty string is entered, the current value is deleted. DHCP_GATEWAY specifies if the DHCP-assigned gateway address is to be used.
SEC_WINS_SERVER specifies the IP address of the secondary WINS server. This parameter is only relevant if the DHCP-assigned WINS server address feature is disabled. If an empty string is entered, the current value is deleted. STATIC_ROUTE_1, STATIC_ROUTE_2, and STATIC_ROUTE_3 are used to specify the destination and gateway IP addresses of the static routes.
User Guide Integrated Lights-Out GET_GLOBAL_SETTINGS Runtime Errors None GET_GLOBAL_SETTINGS Return Messages A possible GET_GLOBAL_SETTINGS return message is: <GET_GLOBAL_SETTINGS> <SESSION_TIMEOUT="120"> <ILO_FUNCT_ENABLED VALUE="Y"/> <F8_PROMPT_ENABLED="Y"/> <F8_LOGIN_REQUIRED="Y"/> <REMOTE_CONSOLE_PORT_STATUS VALUE="2"/> <REMOTE_CONSOLE_ENCRYPTION VALUE="Y"/> <PASSTHROUGH_CONFIG VALUE=”3”/> <HTTPS_PORT VALUE="443"/> <HTTP_PORT VALUE="80"/> <REMOTE_CONSOLE_PORT VALUE="23"/> <TERMINAL_SERVICES_PORT VALUE="3389"/> <VIRTUAL_MEDIA_PORT VALUE="17988"/> <MIN_PASSWORD VALUE="8"/> <REMOTE_KEYBOARD_MODEL VALUE="US"/>...
<RIBCL VERSION="2.0"> <LOGIN USER_LOGIN="adminname" PASSWORD="password"> <RIB_INFO MODE="write"> <MOD_GLOBAL_SETTINGS> </MOD_GLOBAL_SETTINGS> </RIB_INFO> </LOGIN> MOD_GLOBAL_SETTINGS Parameters All of the following parameters are optional. If a parameter is not specified, then the parameter value for the specified setting is preserved. SESSION_TIMEOUT determines the maximum session timeout value in minutes.
User Guide Integrated Lights-Out F8_LOGIN_REQUIRED determines if login credentials are required to access the RBSU for iLO. The possible values are "Yes" or "No." REMOTE_CONSOLE_PORT_STATUS determines the behavior of remote console service. The possible values are: 0—No change 1—Disabled (The remote console port is disabled. This will prevent remote console and telnet sessions from being utilized.) 2—Automatic (This is the default setting.
NOTE: If port changes are detected, the iLO management processor will be rebooted to apply the changes after the script has completed successfully. MIN_PASSWORD command specifies how many characters are required in all user passwords. The value can be from zero to 39 characters. REMOTE_KEYBOARD_MODEL determines the remote keyboard language translation used during remote console operation.
User Guide Integrated Lights-Out 3—38,400 bps 4—57,600 bps 5—115,200 bps MOD_GLOBAL_SETTINGS Runtime Errors The possible MOD_GLOBAL_SETTINGS error messages include: RIB information is open for read-only access. Write access is required for this operation. User does not have correct privilege for action. CONFIG_ILO_PRIV required.
<SNMP_ADDRESS_2 VALUE=“192.168.125.122”/> <SNMP_ADDRESS_3 VALUE=“192.168.125.123”/> <OS_TRAPS VALUE=“Yes”/> <RIB_TRAPS VALUE=“No”/> <SNMP_PASSTHROUGH_STATUS VALUE=“No”/> <WEB_AGENT_IP_ADDRESS VALUE=“192.168.125.120”/> <CIM_SECURITY_MASK VALUE=“3”/> </GET_SNMP_IM_SETTINGS> MOD_SNMP_IM_SETTINGS MOD_SNMP_IM_SETTINGS is used to modify SNMP and Insight Manager settings. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to write. The user must have the configure iLO privilege to execute this command.
User Guide Integrated Lights-Out WEB_AGENT_IP_ADDRESS is the address for the Web-enabled agents. The value for this element has a maximum length of 50 characters. It can be any valid IP address. If an empty string is entered, the current value is deleted. SNMP_ADDRESS_1, SNMP_ADDRESS_2, and SNMP_ADDRESS_3 are the addresses that receive traps sent to the user.
RIB information is open for read-only access. Write access is required for this operation. User does not have correct privilege for action. CONFIG_ILO_PRIV required. CLEAR_EVENTLOG The CLEAR_EVENTLOG command clears the iLO Event Log. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to write.
User Guide Integrated Lights-Out UPDATE_RIB_FIRMWARE The UPDATE_RIB_FIRMWARE command copies a specified file to iLO, starts the upgrade process and reboots the board after the image has been successfully flashed. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to write.
User does not have correct privilege for action. CONFIG_ILO_PRIV required. GET_FW_VERSION The GET_FW_VERSION command requests the respective iLO firmware information. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to write.
User Guide Integrated Lights-Out HOTKEY_CONFIG The HOTKEY_CONFIG command configures the remote console hot key settings in iLO. For this command to parse correctly, the command must appear within a RIB_INFO command block, and RIB_INFO MODE must be set to write. The user must have the configure iLO privilege to execute this command. Uppercase letters are not supported, and they will be converted automatically to lowercase.
CTRL_U specifies settings for the CTRL_U hot key. The settings must be separated by commas. For example, CTRL_U="CTRL,ALT,ESC." Up to five keystrokes can be configured for each hot key. CTRL_V specifies settings for the CTRL_V hot key. The settings must be separated by commas.
User Guide Integrated Lights-Out On a ProLiant BL Class server, there is no need for a licensing key. Advanced features are automatically activated. Example: <RIBCL VERSION="2.0"> <LOGIN USER_LOGIN="adminname" PASSWORD="password"> <RIB_INFO MODE="write"> <LICENSE> </LICENSE> </RIB_INFO> </LOGIN> </RIBCL> LICENSE Parameters ACTIVATE followed by a valid KEY value signals the activation of the iLO advanced pack licensing.
DIR_INFO The DIR_INFO command can only appear within a LOGIN command block. When the command is parsed, it reads the local directory information database into memory and prepares to edit it. Only commands that are DIR_INFO type commands are valid inside the DIR_INFO command block. The DIR_INFO command generates a response that indicates to the host application whether the database was successfully read or not.
User Guide Integrated Lights-Out <LOGIN USER_LOGIN="adminname" PASSWORD="password"> <DIR_INFO MODE="read"> <GET_DIR_CONFIG/> </DIR_INFO> </LOGIN> </RIBCL> GET_DIR_CONFIG Parameters None GET_DIR_CONFIG Runtime Errors None GET_DIR_CONFIG Return Messages A possible GET_DIR_CONFIG return message is: <GET_DIR_CONFIG> <DIR_AUTHENTICATION_ENABLED VALUE="Y"/> <DIR_LOCAL_USER_ACCT VALUE="Y"/> <DIR_SERVER_ADDRESS VALUE="server1.hprib.labs"/> <DIR_SERVER_PORT VALUE="636"/> <DIR_OBJECT_DN VALUE="CN=SERVER1_RIB, OU=RIB, DC=HPRIB, DC=LABS"/>...
MOD_DIR_CONFIG MOD_DIR_CONFIG command is used modify the directory settings on iLO. For this command to parse correctly, the MOD_DIR_CONFIG command must appear within a DIR_INFO command block, and DIR_INFO MODE must be set to write. The user must have the configure iLO privilege to execute this command.
User Guide Integrated Lights-Out DIR_SERVER_PORT specifies the port number used to connect to the directory server. This value is obtained from the directory administrator. The secure LDAP port is 636, but the directory server can be configured for a different port number.
This command block is only valid on ProLiant BL Class servers. Example: <RACK_INFO MODE=”read”> ……… RACK_INFO commands ……… </RACK_INFO> RACK_INFO Parameters MODE is a specific string parameter with a maximum length of 10 characters that specifies what you intend to do with the information. Valid arguments are "read"...
User Guide Integrated Lights-Out </MOD_BLADE_RACK> </RACK_INFO> </LOGIN> </RIBCL> MOD_BLADE_RACK Parameters All of the following parameters are optional. If a parameter is not specified, then the parameter value for the specified setting is preserved. RACK_NAME is the name used to logically group together enclosures in a single rack infrastructure.
MOD_BLADE_RACK Runtime Errors The possible MOD_BLADE_RACK error messages include: Rack information is open for read-only access. Write access is required for this operation. Rack Name too long. Enclosure Name too long. Bay Name too long. User does not have correct privilege for action. CONFIG_ILO_PRIV required.
User Guide Integrated Lights-Out GET_DIAGPORT_SETTINGS Return Messages A possible GET_DIAGPORT_SETTINGS return message is: <GET_DIAGPORT_SETTINGS> <DP_SPEED_AUTOSELECT value="No"/> <DP_NIC_SPEED value="100"/> <DP_FULL_DUPLEX value="Yes"/> <DP_IP_ADDRESS value="192.168.142.56"/> <DP_SUBNET_MASK value="255.255.0.0"/> </GET_DIAGPORT_SETTINGS > MOD_DIAGPORT_SETTINGS The MOD_DIAGPORT_SETTINGS command is used modify the diagnostic port network settings on iLO. For this command to parse correctly, the MOD_DIAGPORT_SETTINGS command must appear within a RACK_INFO command block, and RACK_INFO MODE must be set to write.
DP_SPEED_AUTOSELECT is used to automatically select the transceiver speed. The possible values are "Yes" or "No." It is case insensitive. DP_NIC_SPEED is used to set the transceiver speed if DP_SPEED_AUTOSELECT was set to "No." The possible values are 10 or 100. Any other value results in a syntax error.
User Guide Integrated Lights-Out Example: <RIBCL VERSION="2.0"> <LOGIN USER_LOGIN="adminname" PASSWORD="password"> <RACK_INFO MODE="read"> </RACK_INFO> </LOGIN> </RIBCL> GET_TOPOLOGY Parameters None GET_TOPOLOGY Return Message An example of a successful request follows: <RK_TPLGY CNT="3"> <RUID>xxxxxx</RUID> <ICMB ADDR="0xAA55" MFG="232" PROD_ID="NNN" SER="123" NAME="Power_1"> <LEFT/> <RIGHT ADDR="0xAB66" SER="123" NAME="Server_1"/> </ICMB>...
Example: <SERVER_INFO MODE="read"> ……… SERVER_INFO commands ……… </SERVER_INFO> SERVER_INFO Parameter MODE is a specific string parameter with a maximum length of 10 characters that specifies what you intend to do with the information. Valid arguments are "read" and "write." Write mode enables both reading and modifying of server functionality. Read mode prevents modification of server functionality.
User Guide Integrated Lights-Out GET_HOST_POWER_STATUS Parameters None GET_HOST_POWER_STATUS Runtime Errors The possible GET_HOST_POWER_STATUS error messages include: Host power is OFF. Host power is ON. GET_HOST_POWER_STATUS Return Messages The following information is returned within the response: <GET_HOST_POWER HOST POWER="OFF" /> SET_HOST_POWER The SET_HOST_POWER command is used to toggle the power button of server.
SET_HOST_POWER Parameters HOST_POWER enables or disables the Virtual Power Button. The possible values are "Yes" or "No." SET_HOST_POWER Runtime Errors The possible SET_HOST_POWER error messages include: Server information is open for read-only access. Write access is required for this operation. Virtual Power Button feature is not supported on this server.
User Guide Integrated Lights-Out RESET_SERVER Parameters None RESET_SERVER Errors The possible RESET_SERVER error messages include: Server information is open for read-only access. Write access is required for this operation. Server is currently powered off. User does NOT have correct privilege for action. RESET_SERVER_PRIV required.
PRESS_PWR_BTN Runtime Errors The possible error messages include: Server information is open for read-only access. Write access is required for this operation. User does not have correct privilege for action. RESET_SERVER_PRIV required. HOLD_PWR_BTN This HOLD_PWR_BTN command is used to hold the server power button. For this command to parse correctly, the HOLD_PWR_BTN command must appear within a SERVER_INFO command block, and SERVER_INFO MODE must be set to write.
User Guide Integrated Lights-Out User does not have correct privilege for action. RESET_SERVER_PRIV required. COLD_BOOT_SERVER This COLD_BOOT_SERVER command is used to cold boot a server. For this command to parse correctly, the COLD_BOOT_SERVER command must appear within a SERVER_INFO command block, and SERVER_INFO MODE must be set to write.
WARM_BOOT_SERVER This WARM_BOOT_SERVER command is used to warm boot a server. For this command to parse correctly, the WARM_BOOT_SERVER command must appear within a SERVER_INFO command block, and SERVER_INFO MODE must be set to write. The user must have the virtual power and reset privilege to execute this command.
User Guide Integrated Lights-Out Example: <RIBCL VERSION="2.0"> <LOGIN USER_LOGIN="adminname" PASSWORD="password"> <SERVER_INFO MODE="write"> </SERVER_INFO> </LOGIN> </RIBCL> GET_UID_STATUS Parameters None GET_UID_STATUS Response The following information is returned within the response: <GET_UID_STATUS UID="OFF" /> UID_CONTROL The UID_CONTROL command toggles the server UID. For this command to parse correctly, the UID_CONTROL command must appear within a SERVER_INFO command block, and SEVER_INFO MODE must be set to write.
UID_CONTROL Parameters UID determines the state of the UID. A value of "Yes" turns the UID light on, and a value of "No" turns the UID light off. UID_CONTROL Errors The possible UID_CONTROL error messages include: UID is already ON. UID is already OFF.
User Guide Integrated Lights-Out protocol://username:password@hostname:port/filename,cgi- helper The protocol field is mandatory and must be either http or https. The username:password field is optional. The hostname field is mandatory. The port field is optional The filename field is mandatory. The cgi-helper field is optional. In addition, the filename field may contain tokens that expand to host specific strings: %m expands to the iLO MAC address.
RIB information is open for read-only access. Write access is required for this operation. IMAGE_URL must not be blank. User does not have correct privilege for action. VIRTUAL_MEDIA_PRIV required. Unable to parse Virtual Media URL An invalid Virtual Media option has been given. Virtual Media already connected through a script.
User Guide Integrated Lights-Out RIB information is open for read-only access. Write access is required for this operation. User does not have correct privilege for action. VIRTUAL_MEDIA_PRIV required. No image present in the Virtual Media drive. An invalid Virtual Media option has been given. GET_VM_STATUS GET_VM_STATUS returns the Virtual Media drive status.
VM_APPLET = CONNECTED | DISCONNECTED DEVICE = FLOPPY | CDROM BOOT_OPTION = BOOT_ALWAYS | BOOT_ONCE | NO_BOOT WRITE_PROTECT_FLAG = YES | NO IMAGE_INSERTED = YES | NO SET_VM_STATUS SET_VM_STATUS sets the Virtual Media drive status. This command must display within a RIB_INFO element, and RIB_INFO must be in write mode. All the parameters in the command are optional.
User Guide Integrated Lights-Out VM_WRITE_PROTECT sets the write protect flag value for the Virtual Floppy. This value is not significant for the Virtual Media CD-ROM. The possible values are Y or N. SET_VM_STATUS Runtime Errors The possible runtime errors are: RIB information is open for read-only access.
iLO Parameters In This Section iLO Parameters Table... Status...336 Server Status Parameters ...337 User Administration Parameters...338 iLO Parameters Table You can record your settings in the Your Value column of the table. Parameters iLO Status Current User Terminal Services iLO Time iLO Date iLO Firmware Version iLO Serial Number...
User Guide Integrated Lights-Out Parameters User Administration User Name Login Name Password Administer User Accounts Remote Console Access Virtual Power and Reset Virtual Media Configure iLO Settings Global Settings Idle Connection Timeout (minutes) Enable Lights-Out Functionality Pass-Through Configuration Enable iLO ROM-Based Setup Utility Require Login for iLO RBSU Show iLO during POST...
Parameters Remote Console Port Terminal Services Port Secure Shell(SSH) Port Secure Shell(SSH) Access Serial Command Line Interface Status Serial Command Line Interface Speed (bits/second) Minimum Password Length Remote Keyboard Model Network Settings Enable NIC Shared Network Port Transceiver Speed Autoselect Speed Duplex Enable DHCP...
User Guide Integrated Lights-Out Parameters Ping Gateway on Startup iLO IP Address iLO Subnet Mask iLO Gateway IP Address iLO Subsystem Name Domain Name DHCP Server Primary, Secondary, and Tertiary DNS Server Primary and Secondary WINS Server Static Routes #1, #2, #3 Blade server parameters iLO Diagnostic Port Configuration Parameters...
Parameters Enable SNMP Pass-thru Insight Manager Web Agent Level of Data Returned BL p-Class Rack Name Enclosure Name Bay Name Rack Serial Number Enclosure Serial Number Blade Serial Number Power Source Enable Automatic Power On Enable Rack Alert Logging (IML) Directory Settings Enable Directory Authentication...
User Guide Integrated Lights-Out Parameters Directory User Context 2 Directory User Context 3 iLO Status The iLO Status option provides comprehensive iLO status information, including: Current user Status and availability of the Remote Console Status and availability of Terminal Services pass-through Date and time currently in use by iLO NOTE: Date and time are set during POST and maintained by the MP Management Agents.
Product version (iLO Standard or iLO Advanced) of iLO Server Status Parameters The following parameters provide information about the host server. Server Name If the Insight Management agents are being used with the host server operating system, they will provide iLO with the server name. Server ID Displays the serial number of the server.
User Guide Integrated Lights-Out Server Power Status Displays whether the host is powered ON, or in STANDBY (OFF) mode. Server Video Mode Displays the state of the host server video controller as interpreted by Remote Console. Server Keyboard Displays the keyboard type as emulated by Remote Console. Server Mouse Displays the mouse type as emulated by Remote Console.
Password This is a case-sensitive password that the user must provide to log in to iLO. In Security Options, the minimum password length can be assigned. The minimum password can be from 0 to 39 characters. The default minimum password length is eight characters.
User Guide Integrated Lights-Out Idle Connection Timeout (Minutes) This option specifies the interval of user inactivity, in minutes, before the Web server and Remote Console session are automatically terminated. Enable Lights-Out Functionality This option enables connection to iLO. If disabled, all connections to iLO are prevented.
Disabled means that the pass-through feature is off. Require Login for iLO RBSU This option specifies whether the user is required to provide a login name and password to access iLO RBSU. The default setting is No. Show iLO During POST This option specifies if iLO is displayed during POST.
User Guide Integrated Lights-Out Web Server Non-SSL Port The embedded Web server in iLO is configured by default to use port 80 for unencrypted communications. This port setting is configurable in the Global Settings option of the Administration tab. Web Server SSL Port The embedded Web server in iLO is configured by default to use port 443 for encrypted communications.
Secure Shell (SSH) Status This setting enables you to specify if the SSH feature on iLO is enabled or disabled. The default is enabled. Serial Command Line Interface Status This setting allows you to change the status of the CLI feature through the serial port.
Use this setting to assign half or full duplex to the NIC if Transceiver Speed Autoselect is not enabled. DNS/DHCP iLO comes preset from HP with DNS/DHCP enabled. To disable DHCP, you must use the iLO RBSU. NOTE: If you disable DHCP, you will have to manually set up the IP address and the subnet mask using the iLO RBSU.
Use DHCP Supplied Gateway Use DHCP Supplied DNS Servers Use DHCP Supplied WINS Servers Use DHCP Supplied Static Routes Use DHCP Supplied DNS Name If DHCP has been disabled, these settings may have to be assigned. Registering with WINS Server iLO automatically registers with a WINS server.
User Guide Integrated Lights-Out iLO Gateway IP Address Use the gateway parameter to assign the IP address of the network router that connects the iLO subnet to another subnet where the management console resides. The default gateway is assigned by DHCP. iLO Subsystem Name iLO comes preset with a DNS/WINS name.
iLO Parameters SNMP/Insight Manager Settings Parameters iLO supports SNMP settings on a device level. These parameters are not designated on a per-user basis but are specific to iLO. SNMP Alert Destinations Enter the IP address of the remote management PC that will receive SNMP trap alerts from iLO.
User Guide Integrated Lights-Out Insight Manager Web Agent URL The Insight Manager Web Agent URL option enables you to enter the IP address or the DNS name of the host server on which the Insight Manager Web Agents are running. Entering this data in the field provided enables iLO to create a link from the iLO Web pages to the pages of the Web Agent.
iLO Parameters Rack Name The rack name is used to logically group together the components that compose a single rack. When changed, the rack name is communicated to all other components connected in a rack. The name is used when logging and alerting to assist in identifying the component.
User Guide Integrated Lights-Out Blade Serial Number The blade serial number identifies the serial number for the server blade product. Power Source The server blade enclosure can be installed in a rack by using one of two configurations: The server blade power supplies can be used to convert normal AC facility power to 48 V DC to power the rack.
By default, this setting is Enabled. Directory Server Address This parameter specifies the Directory Server DNS name or IP address. HP recommends using a DNS name or multi-host DNS name. If an IP address is used, the directory will not be available if that server is down.
User Guide Integrated Lights-Out Directory User Context 1, Directory User Context 2, Directory User Context 3 This parameter enables you to specify up to three searchable contexts used to locate the user when the user is trying to authenticate using the directory. Directory User Contexts are limited to 128 characters each.
Directory Services Schema In This Section HP Management Core LDAP OID Classes and Attributes ... Lights-Out Management Specific LDAP OID Classes and HP Management Core LDAP OID Classes and Attributes Changes made to the schema during the schema setup process include changes to...
User Guide Integrated Lights-Out Attribute Name hpqRoleIPRestrictions hpqRoleTimeRestriction Core Class Definitions The following defines the HP Management core classes. hpqTarget Description Class Type SuperClasses Attributes Remarks hpqRole Description Class Type SuperClasses Attributes Assigned OID 126.96.36.199.188.8.131.52184.108.40.206.5 220.127.116.11.18.104.22.16822.214.171.124.6 126.96.36.199.188.8.131.52184.108.40.206.1 This class defines Target objects, providing the basis for...
Remarks hpqPolicy Description Class Type SuperClasses Attributes Remarks Core Attribute Definitions The following defines the HP Management core class attributes. hpqPolicyDN Description Syntax Options Remarks hpqRoleMembership Description Syntax Options Directory Services Schema None 220.127.116.11.18.104.22.16822.214.171.124.3 This class defines Policy objects, providing the basis for HP products using directory-enabled management.
User Guide Integrated Lights-Out Remarks hpqTargetMembership Description Syntax Options Remarks hpqRoleIPRestrictionDefault Description Syntax Options Remarks hpqRoleIPRestrictions Description Syntax Options None 126.96.36.199.188.8.131.52184.108.40.206.3 Provides a list of hpqTarget objects that belong to this object. Distinguished Name—220.127.116.11.4.1.1418.104.22.168.12 Multi Valued None 22.214.171.124.126.96.36.199188.8.131.52.4 A Boolean representing access by unspecified clients which partially specifies rights restrictions under an IP network address constraint Boolean—184.108.40.206.4.1.14220.127.116.11.7...
Remarks hpqRoleTimeRestriction Description Syntax Options Directory Services Schema This attribute is only used on role objects. IP restrictions are satisfied when the address matches and general access is denied, and unsatisfied when the address matches and general access is allowed. Values are an identifier byte followed by a type-specific number of bytes specifying a network address.
User Guide Integrated Lights-Out Remarks Lights-Out Management Specific LDAP OID Classes and Attributes The following schema attributes and classes might depend on attributes or classes defined in the HP Management core classes and attributes. Lights-Out Management Classes Class Name hpqLOMv100 Lights-Out Management Attributes...
Lights-Out Management Attribute Definitions The following defines the Lights-Out Management core class attributes. Directory Services Schema Assigned OID 18.104.22.168.22.214.171.124126.96.36.199.5 188.8.131.52.184.108.40.206220.127.116.11.6 18.104.22.168.22.214.171.124126.96.36.199.1 This class defines the Rights and Settings used with HP Lights-Out Management Products. Auxiliary None hpqLOMRightConfigureSettings— 188.8.131.52.184.108.40.206220.127.116.11.1 hpqLOMRightLocalUserAdmin— 18.104.22.168.22.214.171.124126.96.36.199.2 hpqLOMRightLogin—188.8.131.52.184.108.40.206220.127.116.11.3...
Remarks hpqLOMRightVirtualMedia Description Syntax Options Remarks 18.104.22.168.22.214.171.124126.96.36.199.1 Login Right for HP Lights-Out Management products Boolean—188.8.131.52.4.1.14184.108.40.206.7 Single Valued Meaningful only on ROLE objects, if TRUE, members of the role are granted the right. 220.127.116.11.18.104.22.16822.214.171.124.2 Remote Console Right for Lights-Out Management Products. Meaningful only on ROLE objects.
Syntax Options Remarks Directory Services Schema 126.96.36.199.188.8.131.52184.108.40.206.4 Remote Server Reset and Power Button Right for HP Lights-Out Management products Boolean—220.127.116.11.4.1.1418.104.22.168.7 Single valued This attribute is only used on ROLE objects. If this attribute is TRUE, members of the role are granted the right.
Troubleshooting iLO In This Section Minimum Requirements ...363 iLO POST LED Indicators Event Log Entries ...366 MS-DOS® Error Codes...370 Hardware and Software Link-Related Issues Login Issues...371 Troubleshooting Alert and Trap Problems Troubleshooting Mouse Problems...379 Troubleshooting Remote Console Problems Troubleshooting SSH and Telnet Problems Troubleshooting Terminal Services Troubleshooting Video and Monitor Problems Troubleshooting Virtual Media Problems...
HP website (http://www.hp.com/servers/manage/jvml). NOTE: You will be redirected from the main site to the java.sun.com site. HP recommends using the version specified in the Remote Console help pages. You can obtain the specified version for Internet Explorer either from the java.sun site or on the Management CD.
LED Indicators POST Code (Activity Completed) 4 and 1 4 and 2 4, 2, and 1 4 and 3 4, 3, and 1 None 4, 3, and 2 Varies Varies 4, 3, 2, and 1 None HB and 7 The iLO microprocessor firmware includes code that makes consistency checks. If any of these checks fail, the microprocessor executes the FEH.
User Guide Integrated Lights-Out FEH Code Consistency Check 9902 TXAPICHK 9903 TXCONTEXT 9905 TRAP 9966 NMIWR 99C1 CHKNULL Event Log Entries Event Log Display Server power failed Browser login: IP address Server power restored Browser logout: IP address Server reset Failed Browser login –...
Event Log Display iLO reset for ROM upgrade iLO reset by user diagnostics Power restored to iLO iLO reset by watchdog iLO reset by host Recoverable iLO error, code # SNMP trap delivery failure: IP address Test SNMP trap alert failed for: IP address Power outage SNMP trap alert failed for: IP address Server reset SNMP trap alert failed for: IP...
User Guide Integrated Lights-Out Event Log Display Virtual Floppy in use by: User Remote Console login: User Remote Console Closed Failed Console login - IP Address: IP address Added User: User User Deleted by: User Modified User: User Browser login: User Browser logout: User Failed Browser login –...
Event Log Display Security Override Switch Setting Changed to Off On-board clock set; was previously [NOT SET]" Logs full SNMP trap alert failed for: IP address Security disabled SNMP trap alert failed for: IP address Security enabled SNMP trap alert failed for: IP address Virtual Floppy connected by User Virtual Floppy disconnected by User...
User Guide Integrated Lights-Out Event Log Display Virtual Serial Port session login failure from: User MS-DOS® Error Codes The CPQLODOS utility sends the MS-DOS® shell a 0 (zero) when no error occurred or a 1 (one) when an error is detected. This can be misleading in that an error might have occurred even if a 0 is returned to the shell.
Hardware iLO uses standard Ethernet cabling, which includes CAT5 UTP with RJ-45 connectors. Straight-through cabling is necessary for a hardware link to a standard Ethernet hub. Use a crossover cable for a direct PC connection. Software The iLO Management Port must be connected to a network that is connected to a DHCP server, and iLO must be on the network before power is applied.
User Guide Integrated Lights-Out Is the password complying with password restrictions? For example, are there case-sensitive characters in the password? Is an unsupported browser being used? Login Name and Password Not Accepted If you have connected to iLO but it does not accept your login name and password, you must verify that your login information is configured correctly.
In addition, the iLO Management Port must be configured with the IP address of the WINS or DDNS server. You can use DHCP to configure the DHCP server with the necessary IP addresses. You can also enter the IP addresses through RBSU or by selecting Network Settings on the Administration tab.
User Guide Integrated Lights-Out Inability to Access iLO Using Telnet If you cannot access iLO using Telnet, you must verify the Remote Console Port Configuration and Remote Console Data Encryption on the Global Settings screen. If Remote Console Port Configuration is set to Automatic, the Remote Console applet enables port 23, starts a session, and then closes port 23 when the session is completed.
SSL initialization If you are using a client workstation that contains more than one enabled NIC, such as a wireless card and a network card, a routing issue might prevent you from accessing the diagnostic port. To resolve this issue: 1.
User Guide Integrated Lights-Out NOTE: If a network connection is established, you may have to wait up to 90 seconds for the DHCP server request. ProLiant BL p-Class servers have a diagnostic port available. Connecting a live network cable to the diagnostic port will cause iLO to automatically switch from the iLO port to the diagnostic port.
Proxy Server Issues If the Web browser software is configured to use a proxy server, it will not connect to the iLO IP address. To resolve this issue, configure the browser not to use the proxy server for the IP address of iLO. For example, in Internet Explorer, select Tools, Internet Options, Connections, LAN Settings, Advanced, and then enter the iLO IP address or DNS name in the Exceptions field.
In the unlikely event that it is necessary, setting the iLO Security Override Switch also enables you to flash the iLO boot block. The boot block is exposed until iLO is reset. HP recommends that you disconnect iLO from the network until the reset is complete.
Troubleshooting Mouse Problems The following sections discuss troubleshooting mouse hardware or software issues. Local USB Mouse and Linux If you are running Linux on your server and the local mouse is USB, your mouse will not work in Remote Console. To correct this issue, configure the system to use two mice.
User Guide Integrated Lights-Out Format is operating-system based. You might need to change the format of the examples for your operating system. For example, Red Hat 3.0 uses Mouse0 for the default label, but SUSE 8 uses Mouse. Follow the naming conventions for your operating system.
1. Select Start>Settings>Control Panel>Display>Settings>Advanced>Troubleshooting> from the Windows® Server 2003 desktop applet. 2. Set the slider control to full hardware acceleration. For more information, refer to the "Optimizing Performance for Graphical Remote Console (on page 54)" section. Emulating a PS/2 Keyboard in a Headless Server Environment iLO will emulate a PS/2 keyboard in a headless server environment.
User Guide Integrated Lights-Out Mozilla 1.6 Mozilla 1.7 RC3 Netscape 7.1 Red Hat 8 Professional Mozilla 1.6 Mozilla 1.7 RC3 Netscape 7.1 SuSE 9 Professional Mozilla 1.7 RC3 Netscape 7.1 United Linux 1.0 Professional Mozilla 1.7 RC3 Netscape 7.1 Inability to Navigate the Single Cursor of the Remote Console to Corners of the Remote Console Window In some cases, you may be unable to navigate the mouse cursor to the corners of the Remote Console window.
Remote Console No Longer Opens on the Existing Browser Session With the addition of the Terminal Services Pass-Through function, the behavior of the Remote Console applet is slightly different from previous versions of iLO firmware. If a Remote Console session is already open, and the Remote Console link is clicked again, the Remote Console session will not restart.
User Guide Integrated Lights-Out One known example of this issue is during the Linux booting and posting process, in which some of the POST messages can be lost. A possible repercussion is that a keyboard response will be requested by the boot process and will be missed.
Console for the majority of available text mode interfaces in current operating systems. Extended text configuration beyond the 80 x 25 configuration is not displayed correctly when using telnet or SSH. HP recommends configuring the text application in 80 x 25 mode or use the iLO Remote Console applet provided by the web interface.
User Guide Integrated Lights-Out Troubleshooting Video and Monitor Problems The following sections discuss items to be aware of when attempting to resolve video and monitor issues. General Guidelines The client screen resolution must be greater than the screen resolution of the remote server.
Troubleshooting Virtual Media Problems The following sections discuss troubleshooting Virtual Media issues. Virtual Drive Listing When using Terminal Services pass-through on a server running Windows® 2000, a Virtual CD-ROM session does not appear on the server. This issue does not exist if the server is running Windows® 2003. The same behavior occurs when connecting to Terminal Services directly.
User Guide Integrated Lights-Out Cookie Sharing Between Browser Instances and iLO iLO uses browser session cookies in part to distinguish separate logins—each browser window displays as a separate user login—while actually sharing the same active session with the iLO. These multiple logins can confuse the browser. This confusion can appear as an iLO issue is a manifestation of typical browser behavior.
While User1 is logged in, if another user, User2, opens another browser window on the same client and logs in, the second login overwrites the cookie generated in the original User1 session. Assuming that User2 is a different user account, a different current frame is built, and a new session is granted.
Incorrect Time or Date of the Entries in the Event Log You can update the time and date on iLO by running the RBSU. This utility automatically sets the time and date on the processor using the server time and date.
User Guide Integrated Lights-Out 1. Attempt to connect to iLO through the Web browser. If you are unable to connect, then there is a communication problem. 2. Attempt to ping iLO. If you are successful, then the network is working. Attempt to open an FTP session to the IP address or DNS name of iLO.
1. Download the latest iLO firmware SoftPaq. Select the SoftPaq image for diskettes and save it to the hard drive. The SoftPaq can be downloaded from the HP website (http://www.hp.com/servers/lights-out). 2. Execute the SoftPaq to create diskettes. Complete this procedure only on the iLO host server: 1.
User Guide Integrated Lights-Out 8. Press the Enter key to reprogram another device, or press the Esc key to return to the A:\ prompt. It might be necessary to set the Security Override Switch to perform the ROMPaq upgrade. The ROMPaq program informs you if the Security Override Switch must be set.
If a firmware upgrade is completed or a network setting is changed, iLO also resets. The HP Management Agents 5.40 and later have the ability to reset iLO. To reset iLO, select the Reset iLO option on the HP Management Agent Web page under the iLO section.
User Guide Integrated Lights-Out You can also manually force the iLO management processor to reset by clicking Apply on the Network Settings page. You do not need to change any parameters before clicking Apply. Server Name Still Present after ERASE Utility is Executed The Server Name field is communicated to iLO through the Insight Manager Agents.
In other locations, refer to the HP website (http://www.hp.com). For HP technical support: In North America, call the HP Technical Support Phone Center at 1-800-633- 3600. This service is available 24 hours a day, 7 days a week. For continuous quality improvement, calls may be recorded or monitored.
User Guide Integrated Lights-Out Third-party hardware or software Operating system type and revision level...
Acronyms and Abbreviations ACPI Advanced Configuration and Power Interface Address Resolution Protocol ASCII American Standard Code for Information Interchange Advanced Server Management Automatic Server Recovery certificate authority Common Gateway Interface Command Line Interface...
User Guide Integrated Lights-Out Certificate Request Distributed Authoring and Versioning DDNS Dynamic Domain Name System DHCP Dynamic Host Configuration Protocol dynamic link library domain name system Digital Signature Algorithm Emergency Management Services EULA end user license agreement fatal exception handler...
Acronyms and Abbreviations FSMO Flexible Single-Master Operation graphical user interface heartbeat HPONCFG HP Lights-Out Online Configuration utility HPQLOMGC HP Lights-Out Migration Command Line HPQLOMIG HP Lights-Out Migration ICMP Internet Control Message Protocol Integrated Lights-Out Integrated Management Log Internet Protocol...
User Guide Integrated Lights-Out Java Virtual Machine local-area network LDAP Lightweight Directory Access Protocol light-emitting diode Lights-Out Management least significant bit medium access control Master License Agreement Microsoft® Management Console Multilink Point-to-Point Protocol...
Acronyms and Abbreviations maximum transmission unit network interface controller non-maskable interrupt NVRAM non-volatile memory PERL Practical Extraction and Report Language PKCS Public-Key Cryptography Standards POST Power-On Self-Test ProLiant Support Pack remote access service RBSU ROM-Based Setup Utility...
User Guide Integrated Lights-Out Remote Desktop Protocol Remote Insight Board RIBCL Remote Insight Board Command Language RILOE Remote Insight Lights-Out Edition RILOE II Remote Insight Lights-Out Edition II Rivest, Shamir, and Adelman public encryption key Remote Server Management SLES SuSE Linux Enterprise Server SNMP Simple Network Management Protocol Secure Shell...
Acronyms and Abbreviations Secure Sockets Layer Transmission Control Protocol UART universal asynchronous receiver-transmitter unit identification universal serial bus Virtual Machine virtual private networking WINS Windows® Internet Naming Service extensible markup language...
34, 35, 37, 337, 343, 344, 354, 357 configuration procedures 269 configuration utilities 265 connection overview 18 contacting HP 403 CPQLODOS 254, 256, 257, 258 cursor modes 61, 62 data protection methods 231 data types 273 definitions 108...
376 help resources 403 HOLD_PWR_BTN 326 host server troubleshooting 402 HOTKEY_CONFIG 308 hot-plug keyboard 108, 109 HP ProLiant Essentials Rapid Deployment Pack 118 HP Technical Support 403 HPONCFG (HP Lights-Out Online Configuration) 265 HPONCFG (HP Lights-Out Online Configuration), commands 268...
NetWare server support 19, 28, 54, 63 network settings 88, 349 NIC (network interface controller) 409 Novell NetWare 28 operating systems supported 369 operational overview 17, 18, 22, 193, 228, 253, optimizing performance 56, 57, 58, 59 options installation 30, 31, 33 overview, RIBCL 274 passwords 141 Perl 259, 261, 262...
64, 66 Virtual Power button 66 Virtual Serial port 86, 87 VT100 121, 124 WARM_BOOT_SERVER 328 website, HP 403 Windows server support 27 XML (Extensible Markup Language) 259 XML header 262, 275 XML, general guidelines 259, 274, 275...