HP Integrated Lights-Out 2 User Guide HP Part Number: 394326-403 Published: June 2012 Edition: 1
© Copyright 2012 Hewlett-Packard Development Company, L.P Notices The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Confidential computer software.
Contents 1 Overview................................................................................................11 New in this release of iLO 2.....................................................................................................11 iLO 2 Overview......................................................................................................................11 Differences between iLO 2 and iLO......................................................................................
Password guidelines......................................................................................................42 Securing RBSU..............................................................................................................42 iLO 2 Security Override Switch administration...................................................................42 Trusted Platform Module support..........................................................................................
Power..........................................................................................................................77 Processors....................................................................................................................77 Memory.......................................................................................................................77 NIC..........................................................................................................................
Virtual folder operating system notes..................................................................................112 Power management..............................................................................................................112 Server power settings.......................................................................................................113 Server power data...........................................................................................................
Active Directory installation prerequisites........................................................................140 Installing Active Directory on Windows Server 2008.......................................................141 Directory services preparation for Active Directory...........................................................141 Snap-in installation and initialization for Active Directory..................................................
Core attribute definitions..............................................................................................173 hpqPolicyDN.........................................................................................................173 hpqRoleMembership...............................................................................................173 hpqTargetMembership............................................................................................173 hpqRoleIPRestrictionDefault..........
Troubleshooting directory issues..............................................................................................191 Domain/name format login issues......................................................................................191 ActiveX controls are enabled and I see a prompt but the domain/name login format does not work..............................................................................................................................192 User contexts do not appear to work..
Inability to access ActiveX downloads.................................................................................201 Inability to get SNMP information from HP SIM....................................................................201 Incorrect time or date of the entries in the event log..............................................................201 Inability to upgrade iLO 2 firmware....................................................................................201 Diagnostic steps..............
1 Overview The iLO 2 firmware provides multiple ways to configure, update, and operate servers remotely. The HP Integrated Lights-Out 2 User Guide describes these features and how to use them with the browser-based interface and RBSU. Some features are licensed features and may only be accessed after purchasing an optional license. For more information, see “Licensing” (page 26).
Differences between iLO 2 and iLO The iLO 2 firmware is based on the iLO and shares many common features. However, to use iLO 2 to access a pre-operating system, text-based remote console, you must use the remote serial console. For more information, see “Text-based remote console overview” (page 95). The following table highlights the differences between iLO 2 and iLO.
Server management through IPMI version 2.0 compliant applications Server management through the IPMI is a standardized method for controlling and monitoring the server. iLO 2 provides server management based on the IPMI version 2.0 specification. The IPMI specification defines a standardized interface for platform management.
Authentication: • The iLO 2 firmware uses basic authentication over SSL, compliant with profile: wsman:secprofile/https/basic. • Authenticated users are authorized to execute WS-Management commands in accordance with designated privileges in their local or directory accounts. • To enable basic authentication on Windows Vista, enter gpedit.msc at the command prompt to launch the Group Policy Object Editor.
• “Troubleshooting iLO 2” (page 182) • “Directory services schema” (page 171) Supported browsers and client operating systems • • Microsoft Internet Explorer 7, Internet Explorer 8, Internet Explorer 9 ◦ These browsers are supported on Microsoft Windows products. ◦ HP supports Microsoft JVM and SUN Java 1.4.2_13. To download the recommended JVM for your system configuration, see the website at http://h18006.www1.hp.com/ products/servers/management/ilo_table.html?jumpid=reg_r1002_usen.
• 16 Overview ◦ RedHat Enterprise Linux 4 (AMD64/EM64T) ◦ RedHat Enterprise Linux 5 (x86) ◦ RedHat Enterprise Linux 5 (AMD64/EM64T) SUSE LINUX ◦ SUSE LINUX Enterprise Server 9 (x86) ◦ SUSE LINUX Enterprise Server (AMD64/EM64T) ◦ SUSE LINUX Enterprise Server 10 ◦ SUSE LINUX 10 (32– and 64–bit) ◦ SUSE LINUX 11 (32– and 64–bit)
2 Setting up iLO 2 Quick setup To quickly set up iLO 2 by using the default settings for iLO 2 Standard and iLO Advanced features, follow these steps: 1. To decide how you want to structure networking and security, see“Preparing to set up iLO 2” (page 17) 2. To connect iLO 2 to the network, see “Connecting to the network” (page 18). 3. If you are not using dynamic IP addressing to configure a static IP address, use the iLO 2 RBSU. See “Configuring the IP address” (page 19). 4.
3. What access security is required and what user accounts and privileges are needed? The iLO 2 firmware provides several options to control user access. You must select one of the following methods to prevent unauthorized access to corporate IT assets: 4. • Local accounts with up to 12 user names and passwords can be stored on iLO 2. This is ideal for small environments such as labs and small- and medium-sized businesses.
• Dedicated management network, where the iLO 2 port is on a separate network. Configuring the IP address This step is necessary only if you are using a static IP address. When using dynamic IP addressing, your DHCP server automatically assigns an IP address for iLO 2. To simplify installation, HP recommends using DNS or DHCP with iLO 2. To configure a static IP address, use the iLO 2 RBSU with the following procedure to disable DNS and DHCP and configure the IP address and the subnet mask: 1.
Logging in to iLO 2 for the first time The iLO 2 firmware is configured with a default user name, password, and DNS name. Default user information is located on the iLO 2 Network Settings tag attached to the server containing the iLO 2 management processor. Use these values to access iLO 2 remotely from a network client using a standard Web browser. For security reasons, HP recommends changing the default settings after logging in to iLO 2 for the first time.
Setting up iLO 2 with the browser-based option If you can connect to iLO 2 on the network with a browser, then use the browser-based setup method. You can also use this method to reconfigure a previously configured iLO 2. Access iLO 2 from a remote network client using a supported browser, and provide the default DNS name, user name, and password. Default DNS name and account information is located on the iLO 2 Network Settings tag attached to the server containing the iLO 2 management processor.
1. 2. Click the iLO 2 graphic. Select Software and Drivers. Microsoft device driver support The device drivers that support the iLO 2 are part of the PSP that is located on the HP website at http://www.hp.com/support or on the SmartStart CD. Before you install the Windows drivers, obtain the Windows documentation and the latest Windows Service Pack. iLO 2 prerequisite files: • CPQCIDRV.SYS – Provides the iLO 2 Management Interface Driver support. • CPQASM2.SYS, SYSMGMT.SYS, and SYSDOWN.
When updating iLO 2 drivers, be sure iLO 2 is running the latest version of iLO 2 firmware. You can obtain the latest version as a Smart Component from the HP website at http://www.hp.com/ servers/lights-out. Install the drivers download the PSP from the HP website at http://www.hp.com/support to a NetWare server. After downloading the PSP, follow the Novell NetWare component installation instructions to complete the installation.
3 Configuring iLO 2 iLO 2 configuration overview Typically, an advanced or administrative user who must manage users and configure global and network settings configures iLO 2. You can configure iLO 2 using the iLO 2 browser-based GUI or scripting tools such as CPQLOCFG and HPONCFG (described in the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide at http:// h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.
updates, iLO 2 configuration, and iLO 2 operations in bulk, securely over the network. HP recommends that Linux users review the HP Lights-Out XML PERL Scripting Samples for Linux. • Scripting with HPONCFG – Download the HPONCFG component to get the host-based scripting utility HPONCFG. This utility enables you to use RIBCL scripts that perform firmware updates, Lights-Out processor configuration and operations in bulk, from Administrator or root account access on supported host operating systems.
Recovering from a failed iLO 2 firmware update To recover from a failed firmware update using the HP Drive Key Boot Utility: 1. Copy the iLO 2 offline flash component to your USB drive key. 2. Verify that the iLO 2 security override switch is set to disabled. 3. Boot the USB drive key containing the iLO 2 flash component. To download the HP Drive Key Boot Utility and for information on how to create a boot USB key, see the HP website at http://www.hp.com/go/support. 4. 5. 6.
NOTE: The features annotated with an asterisk (*) are not supported on all systems.
Feature iLO 2 Advanced iLO 2 Advanced for BladeSystem iLO 2 Standard iLO 2 Standard Blade Edition Kernel debugger for Windows X X –– –– Console replay X X –– –– Shared remote console X X –– –– Boot/fault console capture X X –– –– iLO video player (license required for capture) X X X X Enhanced CLI prompt X X X X Virtual Serial port log X X –– –– In addition to the standard iLO 2 single-server licenses, two other licensing options are available: • The Flexible Quantit
iLO 2 Directory Accounts enables you to view iLO 2 groups and modify the settings for those groups. You must have the Administer Directory Groups privilege. To access Directory Accounts, click Administration>User Administration>Group Accounts. Adding a new user NOTE: 2. Only users with the Administer User Accounts privilege can manage other users on iLO You can assign a different access privilege to each user.
5. Complete the fields. The following options are available: • User Name appears in the user list and on the home page. It is not necessarily the same as the Login name. The maximum length for a User Name is 39 characters. The User Name must use printable characters. • Login Name is the name that you must use when logging in to iLO 2. The maximum length for a login name is 39 characters. The login name can only use printable characters.
to each user. A user who presents a certificate when connecting to iLO 2 is authenticated as the user to whom the certificate is mapped. Two-Factor Authentication must be enabled to authenticate using a certificate. 6. When the user profile is complete, return to the User Administration screen by clicking Save User Information. To clear the user profile while entering a new user, click Restore User Information. Viewing or modifying existing user settings 1.
Group administration The iLO 2 firmware enables you to view iLO 2 groups and modify settings for those groups. You must have the Administer Directory Groups privilege. To view or modify a group: 1. Click Administration>User Administration>Group Accounts. 2. Select the group, and click View/Modify Group. The Modify Group page appears. Click Cancel to return to the Group Administration page.
Configuring iLO 2 access The iLO 2 firmware enables you to configure which services are enabled on iLO 2 and user access to iLO 2. To configure iLO 2 services options, click Administration>Access. The Services page (tab) appears. To configure iLO 2 access options), click Administration>Access>Options (tab). You must have the Configure iLO 2 Settings privilege to modify iLO 2 services and access options. For more information, see “Access options” (page 38).
Parameter Default value Description Telnet Access Disabled This setting enables you to connect a Telnet client to the Remote Console/Telnet port, providing access to the iLO 2 CLP. The following settings are valid: • Enabled – iLO 2 enables Telnet clients to connect to the Remote Console/Telnet port. Network port scanners can detect that iLO 2 is listening on this port. Unencrypted communication is allowed between the iLO 2 CLP and Telnet clients.
Parameter Default value Description port is only open when a capture buffer is being transferred to the client. Raw Serial Data Port 3002 This setting specifies the Raw Serial Data port address. The Raw Serial Data port is only open while the WiLODbg.exe utility is being used to debug the host server remotely. Terminal Services Passthrough option Terminal Services is provided by the Microsoft Windows operating systems.
Windows RDP Passthrough service To use the iLO 2 Terminal Services Passthrough feature, you must install a passthrough service on the host system. This service displays the name of the iLO 2 Proxy in the host list of available services. The service utilizes Microsoft .NET framework security and reliability. After the service is started, the service polls iLO 2 to detect if an RDP connection with the client is established.
You must comply with Microsoft license requirements which are the same as connecting through the server's NIC. For instance, when set for administrative access, Terminal Services does not allow more than two connections, regardless of whether the connections are through the server's NIC, or iLO 2, or both. Terminal Services warning message Terminals Services users operating on Windows 2003 Server might notice the following when using the Terminal Services passthrough feature of iLO 2.
The Remote Console activates and becomes available if the Remote Console is in sleep mode and the Terminal Services client is interrupted by any of the following events: • The Terminal Services client is closed by the user. • The Windows operating system is shut down. • The Windows operating system locks up. Terminal Services troubleshooting To resolve issues with iLO 2 Terminal Services Passthrough: 1.
The Options tab includes the following. Parameter Default value Descriptions Idle Connection Timeout 30 minutes (minutes) This setting specifies the interval of user inactivity, in minutes, before the web server and Remote Console session automatically terminate. The following settings are valid: 15, 30, 60, 120 minutes, or 0 (infinite). The infinite timeout value does not log out inactive users. Lights-Out Functionality Enabled This setting enables connection to iLO 2.
Parameter Default value Descriptions Serial Command Line Interface Status Enabled-Authentication This setting enables you to change the login model of the CLI feature Required through the serial port. The following settings are valid: • Enabled – Authentication Required • Enabled – No Authentication • Disabled Serial Command Line Interface Speed 9600 This setting enables you to use the serial port to change the speed of the serial port for the CLI feature.
3. connection terminates, and the second login failure is recorded. The SSH login failure counter is set to 2. Run the SSH client until receiving the login prompt. Log in with an incorrect login name and password. You will receive three password prompts. After the third incorrect password, the connection terminates and the third login failure is recorded. The SSH login failure counter is set to 3.
Password guidelines The following is a list of recommended password guidelines.
• The iLO 2 firmware, if disabled while the Security Override Switch is set, does not log the user out and complete the disable process until the power is cycled on the server. • The boot block is exposed for programming. NOTE: The iLO 2 Security Override Switch is located inside the server and cannot be accessed without opening the server enclosure. A warning message appears on iLO 2 browser pages indicating that the iLO 2 Security Override Switch is currently in use.
The iLO 2 firmware iLO 2 can be configured to use a directory to authenticate and authorize its users. This configuration enables a virtually unlimited number of users, and easily scales to the number of Lights-Out devices in an enterprise. Additionally, the directory provides a central point of administration for Lights-Out devices and users, and the directory can enforce a stronger password policy. iLO 2 enables you to use local users, directory users, or both.
SSL certificate administration The iLO 2 firmware enables you to create a certificate signing request (CSR) with custom subject information or default settings, import a certificate, and view certificate administration information associated with a stored certificate. Certificate information is encoded in the certificate by the CA and is extracted by iLO 2. By default, iLO 2 creates a self-signed certificate for use in SSL connections.
generated immediately on clicking the Create Certificate Request button. However, the certificate request generation button is grayed out while the key generation is in progress. In this scenario, you can close all active Remote Console sessions and try again later (around 2 minutes for a 1024-bit key, and 10 minutes for 2048-bit key). • Import Certificate – Use this button when you are returning to the Certificate Administration page with a certificate to import.
The Certificate Revocation Checking setting controls whether iLO 2 uses the certificate CRL distribution points attribute to download the latest CRL and verify revocation of the client certificate. If the client certificate is contained in the CRL, or if you cannot download the CRL, access is denied. The CRL distribution point must be available and accessible to iLO 2 when Certificate Revocation Checking is set to Yes.
19. Click Apply to reset iLO 2. When iLO 2 attempts to go to the login page again, the browser displays the Client Authentication page with a list of certificates that are available to the system. If the user certificate is not registered on the client machine, you will not see it in the list. The user certificate must be registered on the client system before you can use it.
3. 4. 5. Click View/Modify. Under the User Certificate Information section, click Add a certificate. On the Map User Certificate page, paste the user certificate into the text-box, and click Import Certificate. For more information on creating, copying, and pasting certificate information, see “Setting up two-factor authentication for the first time” (page 47).
Using two-factor authentication with directory authentication In some cases, configuring two-factor authentication with directory authentication is complicated. iLO 2 can use HP Extended schema or Default Directory schema to integrate with directory services. To ensure security when two-factor authentication is enforced, iLO 2 uses an attribute from the client certificate as the directory user's login name.
Directory settings iLO 2 connects to Microsoft Active Directory, Novell e-Directory, and other LDAP 3.0-compliant directory services for user authentication and authorization. You can configure iLO 2 to authenticate and authorize users using the HP schema directory integration or the schema-free directory integration. iLO 2 only connects to directory services using SSL-secured connections to the directory server LDAP port. The default secure LDAP port is 636.
User accounts and group memberships are used to authenticate and authorize users. After entering the directory network information, to grant users access to iLO 2, click Administer Groups, and enter one or more valid directory distinguished names and privileges. • Enable Local User Accounts – Enables you to limit access to local users. — If Local User Accounts are enabled, a user can login using locally stored user credentials.
Directory User Context 1:ou=IM,o=hp Directory User Context 2:ou=Services,o=hp Directory User Context 3:ou=Training,o=hp Allow users in any of these organizations to log in by using just their common names. If a user exists in both the IM organizational unit and the Training organizational unit, login is first attempted as cn=user,ou=IM,o=hp. Example 3 (Active Directory only): Microsoft Active Directory allows an alternate user credential format.
iLO 2 also provides enhanced encryption through the SSH port for secure CLP transactions. iLO 2 supports AES128-CBC and 3DES-CBC cipher strengths through the SSH port. If enabled, iLO 2 enforces the usage of these enhanced ciphers (both AES and 3DES) over the secure channels, including secure HTTP transmissions through the browser, SSH port, and XML port. When AES/3DES encryption is enabled, you must use a cipher strength equal to or greater than AES/3DES to connect to iLO 2 through these secure channels.
Internet Explorer does not have a user-selectable cipher strength setting. You must edit the registry to enable Internet Explorer to connect to iLO 2 when the Enforce AES/3DES Encryption setting is enabled. To enable AES/3DES encryption in Internet Explorer, open the registry and set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ FIPSAlgorithmPolicy to 1. NOTE: Incorrectly editing the registry can severely damage your system.
for certificates and iLO 2 server names. When the allocated storage is used, no more imports are accepted. After setting up SSO in iLO 2, log in to HP SIM, locate the LOM processor, select Tools>System Information>iLO as... HP SIM launches a new browser that is logged in to the LOM management processor. Adding HP SIM trusted servers You can install HP SIM server certificates using scripting that is suitable for mass deployment.
After pasting the HP SIM server base-64 encoded x.509 certificate data into the Directly import a HP SIM Server Certificate section, click Import Certificate to record the data. This type of record supports SSO Trust by Name and SSO Trust by Certificate. There are other ways to retrieve HP SIM server certificate data. For more information, see your HP SIM documentation. Setting up HP SIM SSO The HP SIM SSO page allows you to view and configure the existing iLO 2 Single Sign-On settings.
import a server certificate, or directly install a server certificate. For more information, see “Adding HP SIM trusted servers” (page 56). The server table displays a list of registered HP SIM servers with the status of each. The actual number of systems allowed depends on the size of the stored certificate data. Although a system might be registered, SSO might be refused because of the current trust level or certificate status.
You can create a Remote Console Computer Lock key sequence using the keys listed in the following table. 4.
Network The Network Settings and DCHP/DNS tabs of the Network section enable you to view and modify network settings for iLO 2. Only users with the Configure iLO 2 Settings privilege can change these settings. Users that do not have the Configure iLO 2 Settings privilege can view the assigned settings. To change network settings for iLO 2: 1. Log in to iLO 2 using an account that has the Configure iLO 2 Settings privilege. Click Administration>Network. 2. Select Network Settings or DHCP/DNS. 3.
• iLO 2 Subsystem Name is a name used by the iLO 2 subsystem. If DHCP and DNS are configured correctly, this name can be used to connect to the iLO 2 subsystem instead of the IP address. For more information, see “iLO 2 subsystem name limitations” (page 61). • Link controls the speed and duplex of the iLO 2 network transceiver. The current link speed of the primary dedicated iLO 2 NIC can be highlighted.
iLO 2 provides support for servers that might not have an iLO 2 Dedicated Management NIC. On servers using the iLO 2 Dedicated Management NIC, the standard hardware configuration provides iLO 2 network connectivity only through the iLO 2 Shared Network Port connection. iLO 2 detects the lack of an iLO 2 Dedicated Management NIC and automatically defaults to the Shared Network Port. On some of these servers, an iLO 2 Dedicated Management NIC might be available as a hardware option.
5. 6. Press the F10 key to save the configuration. Select File>Exit, and press the Enter key. After iLO 2 resets, the Shared Network Port feature is active. Any network traffic going to or originating from iLO 2 is directed through the system's NIC port 1. Enabling the iLO 2 Shared Network Port feature through the web interface 1. 2. 3. 4. 5. 6. Connect iLO 2 NIC port 1 to a LAN. Open a browser, and browse to the iLO 2 IP address or DNS name. Select Administration>Network Settings.
1. 2. 3. 4. Open a browser and navigate to the iLO 2 IP address or DNS name On the Network Settings page, select Enabled for the iLO 2 NIC. Click Apply. A warning dialog appears. Click Yes, and then OK. After iLO 2 resets, the iLO 2 Dedicated Management NIC is active. When using IRC through iLO 2 Dedicated Management NIC port and depending on the network traffic, you might not have sufficient time to press the RBSU keys during POST.
• Domain Name is the name of the domain where the iLO 2 subsystem resides. This name is assigned by DHCP (if DHCP is enabled). Enabling DHCP allows you to configure the following DHCP options: — Use DHCP Supplied Gateway – Toggles if iLO 2 uses the DHCP server-supplied gateway. If not, enter an gateway address in the Gateway IP Address box. — Use DHCP Supplied DNS Servers – Toggles if iLO 2 uses the DHCP server-supplied DNS server list.
• SNMP Pass-thru • p-Class Alert Forwarding (displayed on p-Class servers only) For more information see to the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide at http://h20000.www2.hp.com/bizsupport/TechSupport/ DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&docIndexId=64179& taskId=135&prodTypeId=18964&prodSeriesId=1146658. To configure alerts: 1. Log in to iLO 2 using an account that has the Configure iLO 2 Settings privilege. 2.
Transitions of the host system power are unexpected when the change takes place because of events unknown to the management processor. This alert is not generated when the system is powered up or down using the iLO 2 interface, CLI, RIBCL or other management feature. If the server is powered down because of the operating system, physical power button presses, or other methods, the alert is generated and sent.
For more information on Insight Agents, click System Status>Insight Agent. Static IP bay configuration Static IP bay configuration is implemented using the Static IP Bay Settings option on the BL p-Class tab. This option eases the initial deployment of an entire enclosure or the subsequent deployment of blades within an existing enclosure.
If multiple enclosures are deployed at the same time, the process can be repeated easily by moving a single blade to bay #1 of each enclosure to perform the configuration. Configuring static IP bay settings Static IP bay settings are available on the BL p-Class tab and enable you to configure and deploy the blade server. When configuring these settings, you must use the blade in bay 1.
Primary WINS Server – Assigns a unique WINS server IP address on your network. Secondary WINS Server – Assigns a unique WINS server IP address on your network. Static Route #1, #2, and #3 (destination gateway) – Assigns the appropriate static route destination and gateway IP address on your network (the default IP values are 0.0.0.0 and 0.0.0.0, where the first IP address corresponds to the destination IP, and the second IP address corresponds to the gateway IP).
1. 2. 3. 4. iLO 2 configuration Server RAID verification Virtual media connection Software installation The iLO 2 firmware configuration screen This screen enables you to change the following settings: • Administrator password. HP recommends changing the default password. • Network configuration settings.
POST. If this is the case, exit any RBSU program you are running, allow POST to complete, and try the operation again. You can change the RAID level manually through RBSU. If the operating system is already installed, changing the RAID level results in a loss of data. Connect Virtual Media screen This step of the installation wizard enables you to verify and accept the drive you will use during the installation of the operating system.
• IP Address Use this parameter to assign a static IP address to iLO 2 on your network. By default, the IP address is assigned by DHCP. By default, the IP address is 192.168.1.1 for all iLO 2 Diagnostic Ports. • Subnet Mask — Use the subnet mask parameter to assign the subnet mask for the iLO 2 Diagnostic Port. By default, the subnet mask is 255.255.255.0 for all iLO 2 Diagnostic Ports. — The use of the Diagnostic Port is automatically sensed when an active network cable is plugged in to it.
4 Using iLO 2 System status and status summary information When you first access iLO 2, the interface displays the Status Summary page with system status and status summary information, and provides access to health information, system logs, and Insight Agent information. The options available in the System Status section are: Summary, System Information, iLO 2 Log, IML, Diagnostics, iLO 2 User Tips, and Insight Agents.
• UID Light – Displays the state of the UID light when the page was loaded. You can control the UID state using the Turn UID On button in addition to the physical UID buttons on the server chassis. The UID helps you identify and locate a system, especially in high-density rack environments. Additionally, the UID indicates that a critical operation is underway on the host, such as Remote Console access or firmware update. CAUTION: Never remove power from a server with a flashing UID.
(ability to handle a failure). The subsystems can include fans, temperature sensors, power supplies, and voltage regulator modules. • Fans – Displays the state of the replaceable fans in the server chassis. This data includes the area that is cooled by each fan and current fan speeds. • Temperatures – Displays the temperature conditions monitored at sensors in various locations in the server chassis, and the processor temperature.
below the caution threshold. If one or more sensors exceed this threshold, iLO 2 implements the recovery policy to prevent damage to server components. • If the temperature exceeds the caution threshold, the fan speed is increased to maximum. • If the temperature exceeds the critical temperature, a graceful server shutdown is attempted. • If the temperature exceeds the fatal threshold, the server is immediately turned off to prevent permanent damage.
failed authentications. You can configure tracking failed login attempts for every attempt or every second, third, or fifth attempt, and captures the client name for each logged entry to improve auditing capabilities in DHCP environments, as well as recording account name, computer name, and IP address. When login attempts fail, iLO 2 also generates alerts and sends them to a remote management console. Events logged by higher versions of iLO 2 firmware might not be supported by earlier versions.
• Temperature normal • Automatic shutdown started • Automatic shutdown cancelled Diagnostics The Diagnostics option on the System Status tab displays the Server and iLO 2 Diagnostics screen. The Server and iLO 2 Diagnostic screen displays iLO 2 self-test results, and provides options to generate an NMI to the system and to reset iLO 2. NOTE: When connected through the Diagnostics Port, the directory server is not available. You can log in using a local account only.
have the Configure iLO 2 privilege (configure local device settings) to reset iLO 2 using this option. Insight Agents The HP Insight Management Agents support a browser interface for access to runtime management data through the HP System Management Homepage. The HP System Management Homepage is a secure web-based interface that consolidates and simplifies the management of individual servers and operating systems.
system. Remote Console operates with all operating systems and browsers supported by iLO 2. • “Remote Serial Console” (page 100) – Provides access to a VT320 serial console through a Java applet-based console connected to the iLO 2 Virtual Serial Port. The Remote Serial Console is available without an additional license and is suitable for host operating systems that do not require access to the graphical console. Standard iLO 2 provides server console access from server power-on through POST.
The Remote Console Settings page includes three tabs: Settings • High Performance Mouse settings can help alleviate remote console mouse synchronization issues, but this feature is not supported on all operating systems. The effects of changing the settings take place when remote console is started or restarted. The following options are available: — Disabled – Enables the mouse to use the relative coordinates mode which is compatible with most host operating systems.
can be captured. You can change the enabled buffers at any time to maximize buffer utilization. When the buffer configuration is changed, both buffers are reset and information currently in the buffers at that time is lost. — • Auto Export/Fault Buffer allows you to enable or disable automatically exporting captured console data. Export Boot/Fault Buffer enables you to specify the URL location of a web server that accepts a PUT or POST Method data transfer. For example: http://192.168.1.
not necessarily reflect the state of the server keyboard. However, pressing any of the locking keys will change that Lock state on the server. To define a Remote Console hot key: 1. Click Remote Console>Hot Keys. 2. Select the hot key you want to define, and use the drop-down boxes to select the key sequence to be transmitted to the host server when you press the hot key. 3. Click Save Hot Keys when you have finished defining the key sequences.
F10 8 m F11 9 n SYS RQ Hot keys and international keyboards To set up hot keys on an international keyboard, select keys on your keyboard in the same position on a US keyboard. To create a hot key using the international AltGR key, use R_ALT in the key list. Use the US keyboard layout shown to select your keys. Shaded keys do not exist on a US keyboard. • The green shaded key is known as the Non-US \ and | keys on an international keyboard.
Console is a licensed feature available with the purchase of optional licenses. For more information, see “Licensing” (page 26). The Integrated Remote Console supports four simultaneous remote console sessions with the same server if enabled through the Remote Console Settings screen, SMASH CLI (OEM), or RIBCL. For more information about using multiple remote console sessions, see “Multi-user access to the Integrated Remote Console” (page 89).
• Replay (play icon on the main menu) – Displays the Replay Console. The Replay Console provides playback control of the selected data buffer and displays elapsed playback time. The Replay Console has the following options: ◦ ◦ Click Play to start the playback. After you click Play, you can: – Click Pause to stop the playback and hold the current position. To resume playback, click Play from the paused state and the playback resumes from the current position.
• Power (green power icon) – Displays the power status and allows you to access the power options. The power button is green when the server is powered up. When you press Power the Virtual Power Button screen appears with four options: Momentary Press, Press and Hold, Cold Boot, and Reset System. When either the Drives or Power button is pressed, the menu displayed remains open even when the mouse is moved away from the menu bar.
Both the Integrated Remote Console and the Remote Console applets send absolute and relative mouse cursor coordinates to iLO 2. When iLO 2 is in High Performance Mouse mode, it discards the relative coordinates and sends the absolute coordinates to the USB tablet mouse emulator. The result is that the server "sees" the mouse move as if the coordinate information had originated from a local USB tablet mouse.
Shared Remote Console is a licensed feature available with the purchase of optional licenses. For more information, see “Licensing” (page 26). Shared Remote Console and Forced Switch mode are disabled by default. You must enable and configure these features through the browser, SMASH CLI (OEM), or RIBCL. All console sessions are encrypted by authenticating the client first, and then the session leader decides whether to allow the new connection.
iLO Video Player user interface When you launch HP iLO Video Player, the user interface appears and serves as the control point for all playback functions. iLO Video Player menu options: • • • File ◦ Open – Opens a video capture file. ◦ Exit – Closes the iLO Video Player. Controls ◦ Play – Plays or restart the current video capture file. ◦ Stop – Stop playback of the current video capture file. ◦ Skip to Start – Restarts playback of the current video capture file.
iLO Video Player controls Control Name Function Play/Pause Starts playback if the currently selected file is not playing or is paused. If playback is in progress, it pauses the file. If no file is selected, the button is disabled. Stop Stops playback. If no file is selected, the button is disabled. Skip to Start Restarts playback from the beginning of the file. If no file is selected, the button is disabled. Seek Moves the playback video forward or backward.
When you click Acquire, you are prompted to verify that you want to interrupt the other user's Remote Console session. The other user receives a notification that another user has acquired the Remote Console session after losing the connection. No prior warning is given. After you confirm you want to proceed with the acquire operation, you are notified by an alert window that the operation could take 30 seconds or longer to complete.
Remote Console uses dual cursors to help you distinguish between the local and remote mouse pointers. The client computer's mouse cursor appears in the Remote Console as a crosshair symbol. For best performance, be sure to configure the host operating system display as described in “Recommended client settings” (page 94)and “Recommended server settings” (page 95).
Use the following client and browser settings to optimize performance: • • • Display Properties — Select an option greater than 256 colors. — Select a greater screen resolution than the screen resolution of the remote server. — Linux X Display Properties—On the X Preferences screen, set the font size to 12. Remote Console — For Remote Console speed, HP recommends using a 700-MHz or faster client with 128 MB or more of memory.
remote console. The iLO 2 Remote Serial Console applet appears as a text-based console, but the information is rendered using graphical video data. iLO 2 displays this information through the remote console applet while in the server pre-operating system state, enabling a non-licensed iLO 2 to observe and interact with the server during POST activities.
To use the iLO 2 Text Console feature successfully, you must update the HOST ROM. iLO 2 supports iLO 2 Text Console on the following HP ProLiant servers: • ML350 G5 • SE326 M1 • DL380 G6 • BL685c G6 • ML370 G5 • DL320 G6 • DL360 G6 • BL280c G6 • DL360 G5 • ML330 G6 • BL2x220c G6 • BL460c G6 • DL380 G5 • ML/DL 370 G6 • BL460c G1 • DL580 G5 • DL785 G6 • BL480c G1 • SE316 M1 • ML350 G6 • BL680c G5 Using the iLO 2 Text Console To start an iLO 2 Text Console session: 1.
To control the translation, use the xlt option with the appropriate reference number.
Character value Description Mapped equivalent 0x1B Right arrow > 0x1E Up pointer ^ 0x1F Down pointer v 0xFF Shaded block blank space Using a Linux session You can run an iLO 2 virtual serial port on a Linux system, if the system is configured to present a terminal session on the serial port. This feature enables you to use a remote logging service. You can remotely log on to the serial port and redirect output to a log file. Any system messages directed to the serial port are logged remotely.
Using the iLO 2 remote serial console, the remote user is able to perform operations such as interacting with the server POST sequence and operating system boot sequence; establishing a login session with the operating system, interacting with the operating system; and executing and interacting with applications on the server operating system. Users of the Microsoft Windows Server 2003 operating system have the ability to execute the EMS subsystem through the remote serial console.
After the server completes POST, the server system ROM transfers control to the operating system boot loader. If you are using Linux, you can configure the operating system boot loader to interact with the server serial port instead of the keyboard, mouse, and VGA console. This configuration enables you to view and interact with the operating system boot sequence through the Remote Serial console. For an example of a Linux operating system boot loader, see “Linux configuration example” (page 101).
Windows EMS Console The Windows EMS Console, if enabled, provides the ability to perform Emergency Management Services in cases where video, device drivers, or other operating system features have prevented normal operation and normal corrective actions from being performed. iLO 2, however, enables you to use EMS over the network through a Web browser. Microsoft EMS enables you to display running processes, change the priority of processes, and halt processes.
Serial Port Configuration displays server configuration information, available serial ports, and virtual serial port status. Status appears as: • Available – The virtual serial port is not in use • In use – Normal mode when the virtual serial port is connected normally • In use – Raw mode when the WiLODbg.exe utility is used to connect When the virtual serial port is in use, the Disconnect button is enabled and can be used to terminate any type of virtual serial port connection.
This example starts WinDBG.exe with an additional command line of -b and uses a direct socket connection from WinDBG.exe to iLO 2 on port 3002. • To connect to iLO 2 at 16.100.226.57 and validate the iLO 2 user with the username of admin and password mypass, and start kd with an additional command line for kd of -b: wilodbg 16.100.226.
To access iLO 2 Virtual Media devices using the graphical interface, select Virtual Media on the Virtual Devices tab. An applet loads in support of the Virtual Floppy or Virtual CD/DVD-ROM device. Virtual Media and Windows 7 By default, Windows 7 powers off the ILO virtual hub when no virtual media devices are enabled or connected during boot. To prevent this issue, manually override the power management feature in the Windows 7 through the Control Panel so the virtual hub does not power down. 1.
To use an image file: 1. From the Virtual Floppy/USBKey section of the Virtual Media applet, select Local Image File . 2. To locate the image file using the Choose Disk Image File dialog box, enter the path or file name of the image in the text-box, or click Browse. To ensure the source diskette or image file is not modified during use, select the Force read-only access option. 3. Click Connect.
obscured and unavailable during this time. You cannot use a physical local floppy drive and the Virtual Floppy simultaneously. • Windows Server 2008 or later and Windows Server 2003 Virtual Floppy and USB key drives appear automatically after Microsoft Windows has recognized the mounting of the USB device. Use it as you would a locally attached device.
When the drive letter shows as mounted, the drive will now be accessible through the server GUI as well as the system console. When the Virtual Floppy Drive is mounted, if the media is changed in the local floppy drive, you must reissue the lfvmount command on the server console to see the new media in the NetWare 6.5 operating system. Mounting USB Virtual Media/USBKey in Linux 1. 2. 3. Access iLO 2 through a browser. Select Virtual Media in the Virtual Devices tab.
Changing diskettes When using the iLO 2 Virtual Floppy or USB key drive, and the physical diskette drive on the client machine is a USB diskette drive, disk change operations will not be recognized. For example, in this configuration, if a directory listing is obtained from a floppy diskette and the diskette is changed, a subsequent directory listing will show the listing for the first diskette.
1. 2. 3. Select Local Image File within the Virtual CD/DVD-ROM section of the Virtual Media applet. Enter the path or file name of the image in the text box or click Browse to locate the image file using the Choose Disk Image File dialog. Click Connect. The connected drive icon and LED will change state to reflect the current status of the Virtual CD/DVD-ROM. When connected, virtual devices are available to the host server until you close the Virtual Media applet.
3. 4. Select the CD/DVD-ROM to be used and click Connect. Mount the drive using the following command: mount /dev/cdrom1 /mnt/cdrom1 For SLES 9: mount /dev/scd0 /media/cdrom1 Creating iLO 2 disk image files The iLO 2 virtual media feature enables you to create diskette and CD-ROM image files within the same applet. Creation of DVD image files using the Virtual Media applet is not supported. The image files created from the applet are ISO-9660 file system images.
on a local or networked directory that is accessible through the client, mounted and dismounted as a Virtual Media device. Virtual folder operating system notes • MS-DOS During boot and MS-DOS sessions, the Virtual Folder device appears as a standard BIOS floppy drive. This device appears as drive A. If a physically attached floppy drive exists, it is obscured and unavailable during this time. You cannot use a physical local floppy drive and the Virtual Folder simultaneously.
down the operating system. An operating system shutdown must be initiated using the Remote Console before using the Virtual Power Button options. The following options are available: • Momentary Press button provides behavior identical to pressing the physical power button. • Press and Hold is identical to pressing the physical power button for five seconds and then releasing it. This option provides the ACPI-compatible functionality that is implemented by some operating systems.
• The Power Regulator for ProLiant section has the following options: ◦ Enable HP Dynamic Power Savings Mode sets the processor to dynamically set the power level based on usage. ◦ Enable HP Static Low Power Mode sets the processor to minimum power. ◦ HP Static High Performance Mode sets the processor to the highest supported processor state and forces it to stay in that state. ◦ Enable OS Control Mode sets the processor to maximum power.
◦ If the server has the hardware and software to support dynamic power capping, the message System supports Dynamic Power Capping appears. Dynamic power capping provides electrical circuit breaker protection. ◦ If the message System supports Dynamic Power Capping does not appear, the server supports normal power capping. Normal power capping does not react fast enough to provide electrical circuit breaker protection.
The Power Meter Readings section displays the following: • The data graph displays the power usage of the server over the previous 24 hours. iLO 2 collects power usage information from the server every 5 minutes. For each five-minute interval, the peak and average power usage is stored in a circular buffer. These two values appear in the form of a bar graph, with the average values in blue and the peak values in red. This data resets whenever either the server or iLO 2 is reset.
You must have the Configure iLO 2 Settings privilege to view the Power Regulator for ProLiant Data page. Power Regulator for ProLiant Data is a licensed feature available with the purchase of optional licenses. For more information, see “Licensing” (page 26). To access the Power Regulator for ProLiant Data page, click Power Management>Processor States.
You can configure HEM only through the RBSU. You cannot modify these settings through iLO. Settings for HEM are Enabled or Disabled (also called Balanced Mode), and Odd or Even supplies as primary. These settings are visible in the High Efficiency Mode & Standby Power Save Mode section of the System Information>Power tab.
Brown-Out recovery A brown-out condition occurs when power momentarily is lost to the server. A brown-out interrupts the operating system, but does not interrupt the iLO firmware. Under brown-out conditions the iLO service remains uninterrupted for about 4 seconds (longer power interruptions result in black-outs). Support has been added to iLO to detect and recover from power brown-outs. If iLO detects that a brown-out has occurred, server power is restored after the power-on delay.
the blade with the diagnostic station and connecting to an existing network through a hub. The IP address is assigned by a DHCP server on a network. The BL p-Class tab enables you to control specific settings for the ProLiant BL p-Class blade server rack. iLO 2 also provides Web-based status for the ProLiant BL p-Class server rack. Rack View The Rack View page presents an overview of all the enclosures and the contained blade servers, network components, and power supplies.
Blade configuration and information The blade configuration option provides information regarding the identity, location, and network address of the blade selected on the Rack View page. To view these settings, select a blade component and select Configure on the “Rack View” (page 120) page. You can change some of the settings for the blade in which you are currently logged in. To save changes, click Apply.
Enclosure information Enclosure information is specific to the selected enclosure. Information about a particular enclosure is viewed by selecting Details located on the enumerated enclosure headers. A limited amount of rack information is available, including the name and serial number A basic set of information is available for the enclosures that do not contain the blade that you are logged in to. This information includes the name, serial number, and enclosure type.
The following fields are available: • Rack name • Rack serial number • Enclosure name • Enclosure serial number • Enclosure type • Firmware revision • Hardware revision • Load balance wire • Enclosure temperature • Enclosure temperature side A and B • Management Module UID Certain fields can be changed and updated by clicking Apply. Network component information Network component information displays the status of the patch panel or interconnect switch that has been selected.
Insufficient power notification iLO 2 turns the Server Health LED solid red if iLO 2 cannot power on the server because insufficient power is in the rack infrastructure. ProLiant BL p-Class alert forwarding iLO 2 supports blade infrastructure SNMP traps on a passthrough basis. Reporting of blade infrastructure status by iLO 2 does not require operating system support. The alerts (traps) originate from the Enclosure Manager and Power Supply Manager and are transmitted to iLO 2.
The Onboard Administrator option enables you to view a brief overview of the server system health as well as launch a browser (which launches the HP Onboard Administrator Rack View screen) or turn the UID Light on or off. Enclosure bay IP addressing During completion of the First Time Setup Wizard, you are asked to set up your enclosure bay IP addressing. For more information about the complete wizard setup process, see the HP BladeSystem Onboard Administrator User Guide.
16.100.226.32. If you set the interconnect bay EBIPA range to 16.200.139.51 to 16.209.139.58, the interconnect module management port in interconnect bay #1 is assigned 16.200.139.51 and the interconnect module management port in interconnect bay #7 is assigned 16.200.139.57. To enable EBIPA settings for the server bays in this enclosure, select Enable Enclosure Bay IP Addressing for Server Bay iLO 2 Processors, then enter the following information. 126 Field Possible value Beginning Address ###.###.
Dynamic power capping for server blades Dynamic power capping is an iLO 2 feature available for c-Class server blades and accessed through HP Onboard Administrator. For more information on all the power setting options for c-Class server blades, see the HP BladeSystem Onboard Administrator User Guide. Dynamic power capping is only available if your system hardware platform, BIOS (ROM), and power micro-controller firmware version support this feature.
For more information on Static Power Limit, see the HP BladeSystem Onboard Administrator User Guide. iLO 2 Virtual Fan In c-Class blade servers, the HP Onboard Administrator controls the enclosure fans. The iLO 2 firmware cannot detect these enclosure fans. Instead, the iLO 2 firmware monitors an ambient temperature sensor located on the blade server. This information displays on the iLO 2 interface and retrieved by the Onboard Administrator periodically.
BL p-Class and BL c-Class features The HP ProLiant BL p-Class and ProLiant c-Class servers share common features.
5 Directory services Overview of directory integration iLO 2 can be configured to use a directory to authenticate and authorize its users. Before configuring iLO 2 for directories, you must decide whether or not you want to use the HP Extended schema option. The advantages of using the HP Extended schema option are: • There is much more flexibility in controlling access. For example, access can be limited to a time of day or from a certain range of IP addresses.
Advantages and disadvantages of schema-free directories and HP schema directory Directories enhance security, enabling you to manage access and rights from a centralized location. Directories also enable flexible configuration. Some directory configuration practices work better with iLO 2 than others. Before configuring iLO 2 for directories, you must decide whether to use the schema-free directory or the HP schema directory integration methods.
admin named User1; you can copy the distinguished name of the domain admin security group over to iLO 2 and give it full privileges. User1 would then have access to iLO 2. Disadvantages of using schema-free directory integration • Supports only Microsoft Active Directory • Group privileges are administered on each iLO 2. However, this disadvantage is minimized by group privileges rarely changing, and the task of changing group membership is administered in the directory and not on each separate iLO 2.
7. 8. 9. Accept the default locations of the certificate database and the database log. Click Next. Browse to the c:\I386 folder when prompted for the Windows 2000 Advanced Server CD. Click Finish to close the wizard. Verifying certificate services Because management processors communicate with Active Directory using SSL, you must create a certificate or install Certificate Services. You must install an enterprise CA because you are issuing certificates to objects within your organizational domain.
1. Download and review the scripting and command line resource guide at http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp? contentType=SupportManual&lang=en&cc=us&docIndexId=64179&taskId=135& prodTypeId=18964&prodSeriesId=1146658. 2. Write a script that configures iLO 2 for schema-free directories support and run it. The following script can be used as a template. PAGE 135
Better Login Flexibility • In addition to the minimum settings, enter at least one directory user context. At login time, the login name and user context are combined to make the user's distinguished name. For instance, if the user logs in as JOHN.SMITH and a user context is set up as CN=USERS,DC=HP,DC=COM, then the distinguished name that iLO 2 tries is CN=JOHN.SMITH,CN=USERS,DC=HP,DC=COM. Maximum Login Flexibility • Configure iLO 2 as described.
Setting up HP schema directory integration When using the HP schema directory integration, iLO 2 supports both Active Directory and eDirectory. However, these directory services require the schema being extended. Features supported by HP schema directory integration iLO 2 Directory Services functionality enables you to: • Authenticate users from a shared, consolidated, scalable user database. • Control user privileges (authorization) using the directory service.
For more information on managing the directory service, see “Directory-enabled remote management” (page 156). Examples are available in “Directory services for Active Directory” (page 140) and “Directory services for eDirectory” (page 149). 5. Handle exceptions • Lights-Out migration utilities are easier to use with a single Lights-Out role.
installer and the management snap-in installer. The HP Smart Component can be downloaded from the HP website at http://www.hp.com/servers/lights-out. You cannot run the schema installer on a domain controller that hosts Windows Server 2008 Core. Windows Server 2008 Core does not use a GUI (for security and performance reasons). To use the schema installer, you must install a GUI on the domain controller or use a domain controller that hosts an earlier version of Windows.
NOTE: Extending the schema on Active Directory requires that the user be an authenticated Schema Administrator, the schema is not write protected, and the directory is the FSMO role owner in the tree. The installer will attempt to make the target directory server the FSMO Schema Master of the forest. To get write access to the schema on Windows 2000 requires a change to the registry safety interlock.
Management snap-in installer The management snap-in installer installs the snap-ins required to manage iLO 2 objects in a Microsoft Active Directory Users and Computers directory or Novell ConsoleOne directory. iLO 2 snap-ins are used to perform the following tasks in creating an iLO 2 directory: • Creating and managing the iLO 2 and role objects (policy objects will be supported at a later date). • Making the associations between iLO 2 objects and the role (or policy) objects.
NOTE: Installing Directory Services for iLO 2 requires extending the Active Directory schema. Extending the schema must be completed by an Active Directory Schema Administrator. • Extending the Schema in the Microsoft Windows 2000 Server Resource Kit, available on the Microsoft website at http://msdn.microsoft.com).
1. 2. 3. Install Active Directory. For more information, refer to Installing Active Directory in the Microsoft Windows 2000 Server Resource Kit. Install the Microsoft Admin Pack (the ADMINPAK.MSI file, which is located in the i386 subdirectory of the Windows 2000 Server or Advance Server CD). For more information, refer to the Microsoft Knowledge Base Article 216999. In Windows 2000, the safety interlock that prevents accidental writes to the schema must be temporarily disabled.
a. b. c. Use the management snap-ins from HP to create iLO 2, Policy, Admin, and User Role objects. Use the management snap-ins from HP to build associations between the iLO 2 object, the policy object, and the role object. Point the iLO 2 object to the Admin and User role objects (Admin and User roles automatically point back to the iLO 2 object). For more information on iLO 2 objects, see “Directory services objects” (page 145).
2. Use the HP provided Active Directory Users and Computers snap-ins to create HP Role objects in the Roles organizational unit. a. Right-click the Roles organizational unit, select New then Object. b. Select Role for the field type in the Create New HP Management Object dialog box. c. Enter an appropriate name in the Name field of the New HP Management Object dialog box. In this example, the role contains users trusted for remote server administration and is called remoteAdmins. Click OK. d.
4. 5. Use the Lights Out Management tab to set the rights for the role. All users and groups within a role will have the rights assigned to the role on all of the iLO 2 devices managed by the role. In this example, the users in the remoteAdmins role is given full access to the iLO 2 functionality. Select the boxes next to each right, and then click Apply. Click OK to close the property sheet.
Each object represents a device, user, or relationship that is required for directory-based management. NOTE: After the snap-ins are installed, ConsoleOne and MMC must be restarted to show the new entries. After the snap-in is installed, iLO 2 objects and iLO 2 roles can be created in the directory. Using the Users and Computers tool, the user will: • Create iLO 2 and role objects. • Add users to the role objects. • Set the rights and restrictions of the role objects.
Active Directory role restrictions The Role Restrictions subtab allows you to set login restrictions for the role. These restrictions include: • Time restrictions • IP network address restrictions ◦ IP/mask ◦ IP range ◦ DNS name Time restrictions You can manage the hours available for logon by members of the role by clicking Effective Hours in the Role Restrictions tab. In the Logon Hours pop-up window, you can select the times available for logon for each day of the week in half-hour increments.
Enforced client IP address or DNS name access Access can be granted or denied to an IP address, IP address range, or DNS names. 1. In the By Default dropdown menu, select whether to Grant or Deny access from all addresses except the specified IP addresses, IP address ranges, and DNS names. 2. Select the addresses to be added, select the type of restriction, and click Add. 3. In the new restriction pop-up window, enter the information and click OK. The new restriction pop-up window displays.
The available rights are: • Login – This option controls whether users can log in to the associated devices. • Remote Console – This option enables the user access to the Remote Console. • Virtual Media – This option enables the user access to the iLO 2 virtual media functionality. • Server Reset and Power – This option enables the user access to the iLO 2 Virtual Power button to remotely reset the server or power it down.
Snap-in installation and initialization for eDirectory For step-by-step instructions on using the snap-in installation application, see “Snap-in installation and initialization for Active Directory” (page 142). NOTE: After the snap-ins are installed, ConsoleOne and MMC must be restarted to show the new entries.
3. Create HP Role objects in the roles organizational unit using the HP provided ConsoleOne snap-ins tool. a. Right-click the roles organizational unit found in the region2 organizational unit, and select New>Object. b. Select hpqRole from the list of classes, and click OK. c. Enter an appropriate name on the New hpqRole page. In this example, the role will contain users trusted for remote server administration and will be named remoteAdmins. Click OK. The Select Object Subtype page appears. d.
5. Using the same procedure as in step 4, edit the properties of the remoteMonitors role: a. Add the three iLO 2 devices within hp devices under region1 to the Managed Devices list on the Role Managed Devices option of the HP Management tab. b. Add users to the remoteMonitors role using the Members tab. c. Select the Login check-box, and click Apply>Close.
Members After user objects are created, the Members tab allows you to manage the users within the role. Clicking Add enables you to browse to the specific user you want to add. Highlighting an existing user and clicking Delete removes the user from the list of valid members.
eDirectory Role Restrictions The Role Restrictions subtab enables you to set login restrictions for the role. These restrictions include: • Time restrictions • IP network address restrictions • — IP/mask — IP range DNS name Time restrictions You can manage the hours available for logon by members of the role by using the time grid displayed in the Role Restrictions subtab. You can select the times available for logon for each day of the week in half-hour increments.
eDirectory Lights-Out Management After a role is created, rights for the role can be selected. Users and group objects can now be made members of the role, giving the users or group of users the rights granted by the role. Rights are managed on the Lights Out Management Device Rights subtab of the HP Management tab. The available rights are: • Login – This option controls whether users can log in to the associated devices.
• Server Reset and Power – This option allows the user to remotely reset the server or power it down. • Administer Local User Accounts – This option allows the user to administer accounts. The user can modify their account settings, modify other user account settings, add users, and delete users. • Administer Local Device Settings – This option allows the user to configure iLO 2 settings.
Directory” (page 140), and “Directory services for eDirectory” (page 149). In general, you can use the HP provided snap-ins to create objects. It is useful to give the LOM device objects meaningful names, such as the device network address, DNS name, host server name, or serial number. • Configure the Lights-Out management devices Every LOM device that uses the directory service to authenticate and authorize users must be configured with the appropriate directory settings.
An admin user gains the login right from the regular user group. More advanced rights are assigned through the Admin role, which assigns additional rights – Server Reset and Remote Console. The Admin role assigns all admin rights Server Reset, Remote Console, and Login. How directory login restrictions are enforced Two sets of restrictions potentially limit a directory user's access to LOM devices. User access restrictions limit a user's access to authenticate to the directory.
For step-by-step instructions on how to create network and time restrictions on a role, see “Active Directory role restrictions” (page 147) or “eDirectory Role Restrictions” (page 154). Role time restrictions Administrators can place time restrictions on LOM roles. Users are granted the rights specified for the LOM devices listed in the role, only if they are members of the role and meet the time restrictions for that role. LOM devices use local host time to enforce time restrictions.
DNS-based restrictions DNS-based restrictions use the network naming service to examine the logical name of the client machine by looking up machine names assigned to the client IP addresses. DNS restrictions require a functional name server. If the name service goes down or cannot be reached, DNS restrictions cannot be matched and will fail. DNS-based restrictions can limit access to a single, specific machine name or to machines sharing a common domain suffix. For example, the DNS restriction, www.hp.
to an after-hours application might allow administrators outside the corporate network to reset the server, which is contrary to most security policies. In the example, security policy dictates general use is restricted to clients within the corporate subnet, and server reset capability is additionally restricted to after hours.
with the Application Launch and query features of HP SIM to configure many devices at a time. Customers that must configure only a few LOM devices to use directory services might also prefer the command-line approach. For more information, see “HPLOMIG directory migration utility” (page 162). • • HP SIM utilities: ◦ Manage multiple LOM devices. ◦ Discover the LOM devices as management processors using CPQLOCFG to send a RIBCL XML script file to a group of LOM devices to manage those LOM devices.
HP Lights-Out directory package All of the migration software, as well as the schema extender and management snap-ins, are packaged in an HP Smart Component. To complete the migration of your management processors, you must extend the schema and install the management snap-ins before running the migration tool. The Smart Component is located on the HP Lights-Out management website at http:// www.hp.com/servers/lights-out.
To start the process of discovering your management processors: 1. Click Start and select Programs>Hewlett-Packard, Lights-Out Migration Utility to start the migration process. 2. Click Next to move past the Welcome screen. 3. Enter the variables to perform the management processor search in the Addresses field. 4. Enter your login name and password, and click Find. The Find button changes to Verify when the search is complete. You can also input a list of management processors by clicking Import.
Upgrading firmware on management processors The Upgrade Firmware screen enables you to update the management processors to the firmware version that supports directories. This screen also enables you to designate the location of the firmware image for each management processor by either entering the path or clicking Browse. NOTE: Binary images of the firmware for the management processors are required to be accessible from the system that is running the migration utility.
During the firmware upgrade process, all buttons are deactivated to prevent navigation. You can still close the application using the "X" at the top right of the screen. If the GUI is closed while programming firmware, the application continues to run in the background and completes the firmware upgrade on all selected devices. HPLOMIG supports firmware flash on servers with a TPM chip.
To configure the management processor for: • Directory Services, see “Configuring directories when HP Extended schema is selected” (page 168). • Schema-free (default schema) directories support, see “Setting up Schema-free directory integration” (page 132). Naming management processors This screen enables you to name Lights-Out management device objects in the directory and create corresponding device objects for all management processors to be managed.
4. 5. To change the names (optional), click Clear All Names, and rename the management processors. After the names are correct, click Next. Configuring directories when HP Extended schema is selected The Configure Directory screen enables you to create a device object for each discovered management processor and to associate the new device object to a previously defined role.
1. 2. 3. 4. 5. Enter the network address, login name, and password for the designated directory server. Enter the container distinguished name in the Container DN field, or click Browse. Associate device objects with a member of a role by entering the role distinguished name in the Role DN field, or click Browse. Click Update Directory. The tool connects to the directory, creates the management processor objects, and adds them to the selected roles.
Setting up management processors for directories The last step in the migration process is to configure the management processors to communicate with the directory. This screen enables you to create user contexts. User contexts enable the user to use short or user object names to log in, rather than the full distinguished name. For example, having a user context such as CN=Users,DC=RILOETEST2,DC=HP enables user "John Smith" to log in using John Smith, rather than CN=John Smith,CN=Users, DC=RILOETEST2,DC=HP.
When you click Configure, HPLOMIG displays the following message: The message indicates that, all 15 User contexts are applicable to only iLO 2 machines with supported firmware version (1.75 or later.) For all other management processors, only the first three User Context fields are applicable. 4. When the process completes, click Done.
Core classes Class name Assigned OID hpqTarget 1.3.6.1.4.1.232.1001.1.1.1.1 hpqRole 1.3.6.1.4.1.232.1001.1.1.1.2 hpqPolicy 1.3.6.1.4.1.232.1001.1.1.1.3 Core attributes Attribute name Assigned OID hpqPolicyDN 1.3.6.1.4.1.232.1001.1.1.2.1 hpqRoleMembership 1.3.6.1.4.1.232.1001.1.1.2.2 hpqTargetMembership 1.3.6.1.4.1.232.1001.1.1.2.3 hpqRoleIPRestrictionDefault 1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleIPRestrictions 1.3.6.1.4.1.232.1001.1.1.2.5 hpqRoleTimeRestriction 1.3.6.1.4.1.232.1001.1.1.2.
hpqPolicy OID 1.3.6.1.4.1.232.1001.1.1.1.3 Description This class defines Policy objects, providing the basis for HP products using directory-enabled management. Class Type Structural SuperClasses top Attributes hpqPolicyDN – 1.3.6.1.4.1.232.1001.1.1.2.1 Remarks None Core attribute definitions The following defines the HP Management core class attributes. hpqPolicyDN OID 1.3.6.1.4.1.232.1001.1.1.2.
Options Single Valued Remarks If this attribute is TRUE, then IP restrictions are satisfied for unexceptional network clients. If this attribute is FALSE, then IP restrictions are unsatisfied for unexceptional network clients. hpqRoleIPRestrictions OID 1.3.6.1.4.1.232.1001.1.1.2.5 Description Provides a list of IP addresses, DNS names, domain, address ranges, and subnets which partially specify right restrictions under an IP network address constraint. Syntax Octet String – 1.3.6.1.4.1.1466.115.
Lights-Out Management specific LDAP OID classes and attributes The following schema attributes and classes might depend on attributes or classes defined in the HP Management core classes and attributes. Lights-Out Management classes Class name Assigned OID hpqLOMv100 1.3.6.1.4.1.232.1001.1.8.1.1 Lights-Out Management attributes Class name Assigned OID hpqLOMRightLogin 1.3.6.1.4.1.232.1001.1.8.2.1 hpqLOMRightRemoteConsole 1.3.6.1.4.1.232.1001.1.8.2.2 hpqLOMRightVirtualMedia 1.3.6.1.4.1.232.1001.
Options Single Valued Remarks Meaningful only on ROLE objects, if TRUE, members of the role are granted the right. hpqLOMRightRemoteConsole OID 1.3.6.1.4.1.232.1001.1.8.2.2 Description Remote Console Right for Lights-Out Management Products. Meaningful only on ROLE objects. Syntax Boolean – 1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is only used on ROLE objects. If this attribute is TRUE, members of the role are granted the right. hpqLOMRightVirtualMedia OID 1.
hpqLOMRightConfigureSettings OID 1.3.6.1.4.1.232.1001.1.8.2.6 Description Configure Devices Settings Right for HP Lights-Out Management products. Syntax Boolean – 1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is only used on ROLE objects. If this attribute is TRUE, members of the role are granted the right.
6 HP Systems Insight Manager integration Integrating iLO 2 with HP SIM iLO 2 fully integrates with HP SIM in key operating environments. Full integration with Systems Insight Manager also provides a single management console for launching a standard Web browser to access. While the operating system is running, you can establish a connection to iLO 2 using HP SIM.
6. 7. 8. Click Add HP SIM Server. The HP Systems Insight Manager Single Sign-On Settings page displays. In Retrieve and import a certificate from a trusted HP SIM Server, enter the hostname or IP address of the HP SIM Server, and click Import Certificate. The server is added to the HP SIM trusted servers list on the HP SIM SSO tab. Log in to the HP SIM you entered in step 7 and discover this . After completing the discovery process, SSO is enabled for this iLO 2.
Clicking a status icon for iLO 2 takes you to the iLO 2 Web interface. Clicking the hardware status icon takes you to the Insight Management Agents for the device. Clicking the iLO 2 or server name takes you to the System Page of the device. Within the System Page are the Identity, Tools & Links, and Event tabs. These tabs provide identity and status information, event information, and links for the associated device. HP SIM systems lists iLO 2 management processors can be viewed within HP SIM.
HP SIM port matching HP SIM is configured to start an HTTP session to check for iLO 2 at port 80. The port can be changed. If you want to change the port number, you must also change it in Network Settings and HP SIM. To change the port number in HP SIM, add the port to the config\identification\ additionalWsDisc.props file in the directory where HP SIM is installed. The entry must start with the HTTP port for iLO 2. No entry needs to be in this file for iLO 2 if it remains at the standard Port 80.
7 Troubleshooting iLO 2 iLO 2 POST LED indicators During the initial boot of iLO 2, the POST LED indicators flash to display the progress through the iLO 2 boot process. After the boot process is complete, the HB LED flashes every second. LED 7 also flashes intermittently during normal operation. The LED indicators (1 through 6) light up after the system has booted to indicate a hardware failure. If a hardware failure is detected, reset iLO 2.
LED indicator POST code (activity completed) Description Failure indicated None 00 Main_init() completed. Subsystem startup failed. HB and 7 Flashes as the iLO 2 processor executes firmware code. It does not change the value of the lower six LEDs. The iLO 2 microprocessor firmware includes code that makes consistency checks. If any of these checks fail, the microprocessor executes the FEH. The FEH presents information using the iLO 2 POST LED indicators.
Event log display Event log explanation iLO 2 reset by watchdog Displays when an error has occurred in iLO 2 and iLO 2 has reset itself. If this issue persists, call customer support. iLO 2 reset by host Displays when the server resets iLO 2. Recoverable iLO 2 error, code # Displays when a non-critical error has occurred in iLO 2 and iLO 2 has reset itself. If this issue persists, call customer support.
Event log display Event log explanation Remote Console Closed Displays when an authorized Remote Console user is logged out or when the Remote Console port is closed following a failed login attempt. Failed Console login—IP Address: IP address Displays when an unauthorized user has failed three login attempts using the Remote Console port. Added User: User Displays when a new entry is made to the authorized user list.
Hardware and software link-related issues iLO 2 uses standard Ethernet cabling, which includes CAT5 UTP with RJ-45 connectors. Straight-through cabling is necessary for a hardware link to a standard Ethernet hub. Use a crossover cable for a direct PC connection. The iLO 2 Management Port must be connected to a network that is connected to a DHCP server, and iLO 2 must be on the network before power is applied. DHCP sends a request soon after power is applied.
Login issues Use the following information when attempting to resolve login issues: • Try the default login, which is located on the network settings tag. • If you forget your password, an administrator with the Administer User Accounts privilege can reset it. • If an administrator forgets his or her password, the administrator must use the Security Override Switch or establish an administrator account and password using HPONCFG.
iLO 2 RBSU unavailable after iLO 2 and server reset If the iLO 2 processor is reset and the server is immediately reset, there is a small chance that the iLO 2 firmware will not be fully initialized when the server performs its initialization and attempts to invoke the iLO 2 RBSU. In this case, the iLO 2 RBSU is unavailable or the iLO 2 Option ROM code is skipped altogether. If this situation occurs, reset the server a second time.
1. 2. Have only one active NIC on the client workstation. For example, disable the wireless network card. Configure the IP address of the client workstation network to match the iLO 2 Diagnostic Port network so that the following conditions are met: • The IP address setting is 192.168.1.X, where X is any number other than 1, because the IP address of the diagnostic port is set at 192.168.1.1. • The subnet mask setting is 255.255.255.0.
Proxy server issues If the Web browser software is configured to use a proxy server, it will not connect to the iLO 2 IP address. To resolve this issue, configure the browser not to use the proxy server for the IP address of iLO 2. For example, in Internet Explorer, select Tools>Internet Options>Connections>LAN Settings>Advanced, and then enter the iLO 2 IP address or DNS name in the Exceptions field.
Alert Explanation Rack Server Power On Failed The server was unable to power on because the BL p-Class rack indicated that insufficient power was available to power on the server. Rack Server Power On Manual Override The server was manually forced by the customer to power on despite the BL p-Class reporting insufficient power. Rack Name Changed The name of the ProLiant BL p-Class rack was changed.
ActiveX controls are enabled and I see a prompt but the domain/name login format does not work 1. 2. 3. 4. Log in with a local account and determine the directory server name. Verify the directory server name is a name and not an IP address. Verify you can ping the directory server name from your client. Run directory setup tests. Verify the ping was received successfully. For more information on testing directory settings, see “Directory tests” (page 53).
If the mouse still fails to operate correctly, or if this situation occurs frequently, verify that your mouse settings match those recommended in “Optimizing mouse performance for Remote Console or Integrated Remote Console” (page 88). Remote Console no longer opens on the existing browser session With the addition of the Terminal Services passthrough function, the behavior of the Remote Console applet is slightly different from previous versions of iLO 2 firmware.
Troubleshooting Integrated Remote Console issues Issues with Integrated Remote Console include: • Issues with Internet Explorer 7 • Apache web server setup for export • No console playback while server is powered down • Skipping information during boot and fault buffer playback Internet Explorer 7 and a flickering remote console screen Using Internet Explorer 7 with the remote screen can cause the remote console screen to flicker and become difficult to read.
Dav On Order allow,deny Allow from all No console replay while server is powered down Playback of capture buffers and recorded console sessions are not available any time the server is powered down. You can play back the captured buffers by exporting the buffers to a web server and playing the files on another server IRC console.
Inactive IRC The iLO 2 IRC might become inactive or disconnected during periods of high activity. The issue is indicated by an inactive IRC. IRC activity slows before becoming inactive. Symptoms of an affected IRC include: • The IRC display does not update. • Keyboard and mouse activity are not recorded. • Shared Remote Console requests do not register. • The Virtual Media connection displays an empty (blank) virtual media device.
GNOME interface does not lock Terminating an iLO 2 Remote Console or losing iLO 2 network connectivity does not lock the GNOME interface when iLO 2 and the GNOME interface are configured for the Remote Console Lock feature. The GNOME keyboard handler requires time to process key sequences that contain modifier keystrokes. This issue does not occur when key sequences are entered manually through the IRC, but it becomes an issue when the key sequence is sent by iLO 2.
Console applet is not trustworthy. The Remote Console cannot execute any code requiring a higher level of trust. If the Deny option is select, the Remote Console cannot launch the code required to activate the Terminal Services button. If you look in the Java Console, the following error message appears: "Security Exception - Access denied".
Virtual Media applet has a red X and does not display The Virtual Media applet might produce a red X if an unsupported browser or JVM is used, or if Enable All Cookies is not enabled. To correct this issue, ensure you are using a supported browser and JVM on your client by reviewing the support matrix found in “Supported browsers and client operating systems” (page 15). Also be sure Enable All Cookies is selected on the browser Preferences or Options menu. Some browsers do not enable cookies by default.
These multiple logins can confuse the browser. This confusion can appear as an iLO 2 issue; however, this is a manifestation of typical browser behavior. Several processes can cause a browser to open additional windows. Browser windows opened from within an open browser represent different aspects of the same program in memory. Consequently, each browser window shares properties with the parent, including cookies.
Displaying the current session cookie After logging in, you can force the browser to display the current session cookie by entering javascript:alert(document.cookie) in the URL navigation bar. The first field visible is the session ID. If the session ID is the same among the different browser windows, then these windows are sharing the same iLO 2 session. You can force the browser to refresh and reveal your true identity by pressing the F5 key, selecting View>Refresh, or using the refresh button.
• Firmware Maintenance CD-ROM – Download the component to create a bootable CD-ROM that contains many firmware updates for ProLiant servers and options. • Scripting with CPQLOCFG – Download CPQLOCFG component to get the network-based scripting utility, CPQLOCFG. CPQLOCFG enables you to use RIBCL scripts that perform firmware updates, iLO 2 configuration, and iLO 2 operations in bulk, securely over the network. HP recommends that Linux users review the HP Lights-Out XML PERL scripting samples for Linux.
If the file is found: • The put command transfers the file to iLO 2 • The image validates • The flash process begins If the file is not found: • Some versions of the put command do not display an error message NOTE: If the directory path includes spaces, enclose the path and filename in quotes. After the firmware image transfers, the recovery payload calculates the check sum, validates the digital signature, and reports if the image is valid.
The iLO 2 firmware does not respond to SSL requests The iLO 2 firmware does not respond to SSL requests when a Java warning appears. If a user is logging in to an iLO 2 browser connection and does not complete the login process by responding to the Java certificate warning, iLO 2 does not respond to future browser requests. The user must continue the login process to free the iLO 2 Web server. Testing SSL The following test checks for the correct security dialog prompt.
To remove the Server Name field after a redeployment of a server, do one of the following: • Load the Insight Manager Agents to update the Server Name field with the new server name. • Use the Reset to Factory Defaults feature of the iLO 2 RBSU utility to clear the Server Name field. This procedure clears all iLO 2 configuration information, not just the Server Name information. • Change the server name on the Administration>Access>Options page on the iLO 2 browser interface.
8 Technical support Support information HP iLO Advanced Pack and HP iLO Advanced Pack for Blade System included with Insight Control suites and iLO Power Management Pack include one year of 24 x 7 HP Software Technical Support and Update Service. This service provides access to HP technical resources for help in resolving software implementation or operations issues.
• Software and Drivers download pages are on the HP website at http://www.hp.com/support. These pages provide the latest software and drivers for your ProLiant products. • Management Security is on the HP website at http://www.hp.com/servers/manage. HP is proactive in its approach to the quality and security of all its management software. Be sure to check this website often for the latest downloadable security updates. • Obtain the latest SmartStart firmware on the HP website at http://www.hp.
Acronyms and abbreviations ACPI Advanced Configuration and Power Interface ARP Address Resolution Protocol ASCII American Standard Code for Information Interchange ASM Advanced Server Management ASR Automatic Server Recovery BMC baseboard management controller CA certificate authority CLI Command Line Interface CLP command line protocol CR Certificate Request CRL certificate revocation list DAV Distributed Authoring and Versioning DDNS Dynamic Domain Name System DHCP Dynamic Host
KDE K Desktop Environment (for Linux) KVM keyboard, video, and mouse LAN local-area network LDAP Lightweight Directory Access Protocol LED light-emitting diode LOM Lights-Out Management LSB least significant bit MAC Media Access Control MLA Master License Agreement MMC Microsoft Management Console MP Multilink Point-to-Point Protocol MTU maximum transmission unit NIC network interface controller NMI non-maskable interrupt NVRAM non-volatile memory PERL Practical Extraction and
VPN virtual private networking VRM voltage regulator module WINS Windows Internet Naming Service WS web services XML extensible markup language 210 Acronyms and abbreviations
Index A access options Configuring iLO 2 access, 33 iLO 2 Remote Console and Remote Serial Console access, 41 Remote Console overview and licensing options, 81 access, VT320 serial console, 100 accessing Onboard Administrator, 124 accessing software, browser, 21 ACPI (Advanced Configuration and Power Interface), 112 acquire, remote console, 92 Active Directory integration Active Directory installation prerequisites, 140 Active Directory Lights-Out management, 148 Directory services for Active Directory, 140
C CA (certificate authority) Installing certificate services, 132 Setting up a user for two-factor authentication, 48 Two-factor authentication, 46 Two-factor authentication login, 49 Using two-factor authentication with directory authentication, 50 Verifying certificate services, 133 CD-ROM, virtual, 109 certificate authority (CA) Installing certificate services, 132 Setting up a user for two-factor authentication, 48 Two-factor authentication, 46 Two-factor authentication login, 49 Certificate Request (CR
Novell NetWare device driver support, 22 DHCP (Dynamic Host Configuration Protocol) BL p-Class and BL c-Class features, 129 DHCP/DNS Settings, 64 iLO 2 Log, 77 Network, 60 Network Settings, 60 preparing to set up iLO 2, 17 DHCP/DNS settings, 64 diagnosing issues, 182 diagnostic port iLO 2 diagnostic port configuration parameters, 72 Inability to connect to the iLO 2 Diagnostic Port, 188 diagnostic tools Diagnostic steps, 202 Diagnostics, 79 Event log entries, 183 iLO 2 diagnostic port configuration paramete
drive key, support, 106 DVD-ROM, virtual, 109 Dynamic Host Configuration Protocol (DHCP) BL p-Class and BL c-Class features, 129 DHCP/DNS Settings, 64 iLO 2 Log, 77 Network, 60 Network Settings, 60 preparing to set up iLO 2, 17 dynamic link library (DLL) HP Lights-Out directory package, 163 Inability to access ActiveX downloads, 201 error messages, 191 EULA (end user license agreement) Activating iLO 2 licensed features with a browser, 21 event capture, remote console, 80 event log entries Event log entrie
HP Lights-Out Migration Command Line (HPQLOMGC) HP Lights-Out directory package, 163 Using bulk import tools, 161 HP Onboard Administrator, 124 HP Onboard Administrator, iLO option, 128 HP Onboard Administrator, Web Administration, 128 HP schema directory integration Features supported by HP schema directory integration, 136 Introduction to directory-enabled remote management, 156 Setting up HP schema directory integration, 136 HP SIM trusted servers, adding, 56 HP SIM, SNMP information, 201 HP Systems Insi
No console replay while server is powered down, 195 power management, 112 Re-enabling the dedicated iLO 2 management port, 63 Server power data, 115 Troubleshooting alert and trap issues, 190 Using Console Capture, 90 Using multiple roles, 157 Virtual folder, 111 IRC, sharing, 89 IRC, troubleshooting Inactive IRC, 196 Internet Explorer 7 and a flickering remote console screen, 194 IRC Failed to connect to server error message, 196 IRC toolbar icons do not update, 196 Repeating keys on the Remote Console, 19
iLO option, 128 Web Administration, 128 M MAC (media access control) Encryption, 53 NIC, 77 management port, re-enabling, 63 management processor name troubleshooting, 187 management processors, Finding management processors, 163 Selecting a directory access method, 166 management processors, naming, 167 media, virtual, 104 medium access control (MAC) Encryption, 53 NIC, 77 memory Memory, 77 Out of Memory error starting Integrated Remote Console, 195 Microsoft Management Console (MMC) Benefits of directory
power management, 112 power monitoring, 77 power regulator, 112 power regulator settings Dynamic power capping for server blades, 127 power management, 112 Server power settings, 113 power supply, status Power, 77 power management, 112 power, monitoring, 115 powering down Graceful shutdown, 118 power management, 112 powering up/down, 112 Practical Extraction and Report Language (Perl) Inability to upgrade iLO 2 firmware, 201 Integrating iLO 2 with HP SIM, 178 preparing to set up iLO 2, 17 SSL certificate ad
Inability to navigate the single cursor of the Remote Console to corners of the Remote Console window, 192 Remote Console applet has a red X when running Linux client browser, 192 Remote Console no longer opens on the existing browser session, 193 Remote console text window not updating properly, 193 Remote Console turns gray or black, 193 Troubleshooting Remote Console issues, 192 Remote Desktop Protocol (RDP) Remote Console and Terminal Services clients, 37 Terminal Services client requirements, 35 Termin
Schema-free browser-based setup, 133 Schema-free scripted setup, 133 Setting up management processors for directories, 170 screen capture and replay, 80 scripted setup, 133 scripts, 161 Secure Shell (SSH) Access options, 38 Configuring Remote Serial Console, 100 Connecting to the iLO 2 using AES/3DES encryption, 54 Encryption, 53 Encryption settings, 54 HP SIM single sign-on (SSO), 55 preparing to set up iLO 2, 17 Remote Console overview and licensing options, 81 Remote Serial Console troubleshooting, 193 S
Enabling the iLO 2 Shared Network Port feature through the web interface, 63 Re-enabling the dedicated iLO 2 management port, 63 shared network port, features Enabling the iLO 2 Shared Network Port feature, 62 iLO 2 Shared Management Port features and restrictions, 62 shared network port, requirements, 61 shared network port, restrictions, 62 Shared Remote Console, 89 sign-on, HP SIM single, 57 Simple Network Management Protocol (SNMP) Enabling SNMP alerts, 65 Event log entries, 183 iLO 2 configuration over
Schema-free setup options, 134 Security, 41 Setup, 138 SSL certificate administration, 45 Testing SSL, 204 Verifying certificate services, 133 WS-Management compatibility overview, 13 SSL, WS-Management, 13 static IP bay settings Configuring static IP bay settings, 69 Static IP bay configuration, 68 static IP configuration, BL p-Class, 68 status, WS-Management, 13 subnet mask, 60 subsystem name, 61 support, 206 supported operating systems, 15 supported software JVM support, 186 Supported browsers and client
Enclosure information, 122 iLO 2 BL c-Class tab, 124 Power enclosure information, 122 System status and status summary information, 74 WS-Management compatibility overview, 13 updating drivers Linux device driver support, 22 Microsoft device driver support, 22 Novell NetWare device driver support, 22 updating the firmware, 24 USB devices, 105 USB drive key, 105 USB key, support, 106 USB support, 107 user access How user time restrictions are enforced, 160 iLO 2 browser interface overview, 14 User accounts a
Virtual media, 104 224 Index
