Page 1
Abstract This guide provides information about configuring, updating, and operating HPE ProLiant Gen10 servers and HPE Synergy compute modules by using the HPE iLO 5 firmware. This document is intended for system administrators, Hewlett Packard Enterprise representatives, and Hewlett Packard Enterprise Authorized Channel Partners who are involved in configuring and using Hewlett Packard Enterprise servers that include iLO 5.
Contents iLO......................16 iLO key features..........................16 ROM-based configuration utility....................17 iLO mobile app..........................17 iLO RESTful API......................... 18 RESTful Interface Tool........................ 18 iLO scripting and command line....................18 Setting up iLO..................19 Preparing to set up iLO....................... 19 iLO network connection options..................19 NIC teaming with Shared Network Port configurations............ 20 iLO IP address acquisition....................
Page 4
Viewing the event log....................... 39 Saving the event log to a CSV file..................41 Clearing the event log...................... 41 Integrated Management Log.......................41 Viewing the IML........................42 Marking an IML entry as repaired..................44 Adding a maintenance note to the IML................44 Saving the IML to a CSV file.................... 45 Clearing the IML.......................45 Active Health System........................45 Active Health System data collection................
Page 5
iLO Repository..........................74 Adding a component to the iLO Repository..............74 Installing a component from the iLO Repository.............. 75 Removing a component from the iLO Repository............76 Viewing iLO Repository summary and component details..........76 Install Sets...........................77 Installing an install set...................... 77 Removing an Install Set....................
Page 6
Shared Remote Console (.NET IRC only).................113 Joining a Shared Remote Console session..............113 Console Capture (.NET IRC only)..................... 114 Viewing Server Startup and Server Prefailure sequences..........114 Saving Server Startup and Server Prefailure video files..........115 Capturing video files with the Remote Console..............115 Viewing saved video files....................
Page 7
Using the power and thermal features..........145 Server power-on........................145 Brownout recovery........................145 Graceful shutdown........................146 Power efficiency........................146 Power-on protection........................146 Power allocation (blade servers and compute modules)............147 Managing the server power...................... 147 Virtual Power Button options..................148 Configuring the System Power Restore Settings..............148 Auto Power-On.......................148 Power-On Delay......................149 Viewing server power usage.....................
Page 8
iLO features that support IPv6..................175 Configuring iLO SNTP settings....................176 SNTP options......................... 177 iLO clock synchronization....................178 DHCP NTP address selection..................178 iLO NIC auto-selection......................178 NIC auto-selection support.....................179 iLO startup behavior with NIC auto-selection enabled........... 179 Enabling iLO NIC auto-selection..................180 Configuring NIC failover....................
Page 9
Editing local user accounts.................... 203 Deleting a user account....................203 iLO user account options....................204 iLO user privileges......................204 Password guidelines...................... 205 IPMI/DCMI users......................206 Viewing local user accounts................... 206 iLO directory groups........................206 Adding directory groups....................207 Editing directory groups....................207 Deleting a directory group....................208 Directory group options....................
Page 10
Configuring a client to connect through the iLO Service Port........235 iLO Service Port supported devices................236 Sample text file for Active Health System Log download through iLO Service Port..236 Administering SSH keys......................238 Authorizing a new SSH key by using the web interface..........238 Authorizing a new SSH key by using the CLI..............238 Deleting SSH keys......................
Page 11
Configuring SNMP settings.......................279 SNMP options........................ 279 SNMPv3 authentication......................280 Configuring SNMPv3 users....................281 Deleting an SNMPv3 user profile................... 281 Configuring the SNMPv3 Engine ID................282 Configuring SNMP alerts......................282 SNMP alert settings......................283 Using the AMS Control Panel to configure SNMP and SNMP alerts (Windows only)....283 SNMP traps..........................284 iLO AlertMail..........................289 Enabling AlertMail......................
Page 12
Configuring the iLO hostname and domain name for Kerberos authentication..... 306 Preparing the domain controller for Kerberos support........... 307 Generating a keytab file for iLO in a Windows environment.......... 307 Verifying that your environment meets the Kerberos authentication time requirement.. 309 Configuring Kerberos support in iLO................310 Configuring supported browsers for single sign-on............310 Directory integration........................312...
Page 13
Resetting iLO to the factory default settings (iLO 5 Configuration Utility)...... 359 Generating an NMI........................360 Troubleshooting.................. 361 Using the iLO Virtual Serial Port with Windbg................361 Using the Server Health Summary................... 362 Server Health Summary details..................363 Event log entries........................364 Incorrect time stamp on iLO Event Log entries.................364 USB key attached to iLO Service Port fails to mount..............364 IML troubleshooting links......................
Page 14
iLO Java IRC does not start ..................381 Cursor cannot reach iLO Remote Console window corners ......... 382 iLO Remote Console text window not updated correctly..........382 Mouse or keyboard not working in iLO .NET IRC or Java IRC (Java Web Start)..382 Mouse or keyboard not working in iLO Java IRC (Java Applet)........383 iLO .NET IRC sends characters continuously after switching windows ......
Page 15
Firmware update issues......................401 Unsuccessful iLO firmware update ................401 iLO firmware update error ..................... 402 iLO firmware update does not finish ................402 iLO network Failed Flash Recovery................403 Licensing issues........................404 License key installation errors..................404 Unable to access Virtual Media or graphical Remote Console........404 Recovering an iLO license key..................405 Agentless Management, AMS, and SNMP issues..............406 AMS is installed but unavailable in iLO .................
iLO 5 is a remote server management processor embedded on the system boards of HPE ProLiant servers and Synergy compute modules. iLO enables the monitoring and controlling of servers from remote locations. iLO management is a powerful tool that provides multiple ways to configure, update, monitor, and repair servers remotely.
Validates the system ROM during server startup. If valid system ROM is not detected, the server is prevented from booting. Recovery options include swapping the active and redundant ROM, and initiating a firmware verification scan and recovery action (the iLO Advanced Premium Security Edition license is required for scheduling and automated recovery).
with a blank hard drive. As an IT administrator, you can troubleshoot problems and perform software deployments from almost anywhere. For more information about the iLO mobile app, see http://www.hpe.com/info/ilo/mobileapp. iLO RESTful API iLO includes the iLO RESTful API, which is Redfish API conformant. The iLO RESTful API is a management interface that server management tools can use to perform configuration, inventory, and monitoring tasks by sending basic HTTPS operations (GET, PUT, POST, DELETE, and PATCH) to the iLO web server.
Setting up iLO Preparing to set up iLO Before setting up an iLO management processor, you must decide how to handle networking and security. The following questions can help you configure iLO: Procedure 1. How will iLO connect to the network? 2.
• With a shared network connection, traffic can hinder iLO performance. • During the server boot process and when the operating system NIC drivers are loading and unloading, there are brief periods of time (2–8 seconds) when iLO cannot be reached from the network. After these short periods, iLO communication is restored and iLO will respond to network traffic.
Transmit Load Balancing The server transmits on multiple adapters but receives only on the primary adapter. This mode allows the iLO Shared Network Port to function correctly. Select the NIC/port iLO uses as the Preferred Primary Adapter. Switch Assisted Load Balancing This mode type refers to the following: •...
Local accounts Up to 12 user accounts can be stored in iLO. This configuration is ideal for small environments such as labs and small-sized or medium-sized businesses. Login security with local accounts is managed through the iLO Access Settings and user privileges. Directory services Up to six directory groups can be configured in iLO.
Scripting You can use scripting to set up multiple iLO management processors. Scripts are XML files written for a scripting language called RIBCL. You can use RIBCL scripts to configure iLO on the network during initial deployment or from a deployed host. The following methods are available: •...
Setting up iLO by using the iLO 5 Configuration Utility Hewlett Packard Enterprise recommends using the iLO 5 Configuration Utility to set up iLO for the first time and to configure iLO network parameters for environments that do not use DHCP, DNS, or WINS. NOTE: If you can connect to iLO on the network by using a web browser, you can also use the iLO web interface to configure iLO.
The iLO 5 Configuration Utility is still open from the previous session. b. Press ESC several times to navigate to the System Configuration page. c. To exit the System Utilities and resume the normal boot process, click Exit and resume system boot.
Page 26
Editing user accounts (iLO 5 Configuration Utility) Procedure Optional: If you access the server remotely, start an iLO remote console session. Restart or power on the server. Press F9 in the server POST screen. The UEFI System Utilities start. Click System Configuration, click iLO 5 Configuration Utility, click User Management, and then click Edit/Remove User.
The System Utilities start. 4. Click System Configuration, click iLO 5 Configuration Utility, click User Management, and then click Edit/Remove User. 5. In the Action menu for the user you want to remove, select Delete. The user name is marked to be deleted when you save the changes on this page. 6.
iLO driver support iLO is an independent microprocessor running an embedded operating system. The architecture ensures that most iLO functionality is available, regardless of the host operating system. The iLO driver enables software such as HPONCFG and the Agentless Management Service to communicate with iLO. The installed OS and system configuration determine the installation requirements.
Page 29
◦ SPP documentation: http://www.hpe.com/info/spp/documentation. ◦ SPP Custom Download hosted service: http://www.hpe.com/servers/spp/custom. • For VMware—Download the iLO driver from the vibsdepot section of the Software Delivery Repository website: http://www.hpe.com/support/SDR-Linux. Follow the installation instructions provided with the software. • For Ubuntu—Subscribe to the Linux Management Component Pack at http://www.hpe.com/ support/SDR-Linux.
Using the iLO web interface iLO web interface You can use the iLO web interface to manage iLO. You can also use a Remote Console, XML configuration and control scripts, SMASH CLP, or the iLO RESTful API. For more information, see the iLO and iLO RESTful API documentation at the following website: http:// www.hpe.com/support/ilo-docs.
6. Click OK. 7. Refresh your browser window. Logging in to the iLO web interface Procedure 1. Enter https://<iLO host name or IP address>. When you access the iLO web interface, you must use HTTPS (HTTP exchanged over an SSL encrypted session).
Page 32
During login, the login page builds a browser session cookie that links the window to the appropriate session in the iLO firmware. The firmware tracks browser logins as separate sessions listed on the Session List page. For example, when User1 logs in, the web server builds the initial frames view, with User1 listed as the active user, menu items in the navigation pane, and page data in the right pane.
iLO web interface The iLO web interface groups similar tasks for easy navigation and workflow. The interface is organized with a navigation tree in the left pane. To use the web interface, click an item in the navigation tree, and then click the name of the tab you want to view.
To view or modify the language settings, click the language icon, and then select Settings. • Health icon—Click this icon to view the overall health status for the server fans, temperature sensors, and other monitored subsystems. For all components except the Agentless Management Service (AMS), click a component to view additional details.
When iLO is under the control of a remote management tool, the iLO web interface displays a message similar to the following: This system is being managed by <remote management tool name>. Changes made locally in iLO will be out of sync with the centralized settings, and could affect the behavior of the remote management system.
Viewing iLO information and logs Viewing iLO overview information Procedure Navigate to the Information page. The iLO Overview page displays high-level details about the server and the iLO subsystem, as well as links to commonly used features. System information details •...
• License Type—The level of licensed iLO firmware functionality. • iLO Firmware Version—The version and date of the installed iLO firmware. To navigate to the Firmware Update page, click the iLO Firmware Version link. • IP Address—The network IP address of the iLO subsystem. •...
• Module Type—The TPM or TM type and specification version. The possible values are TPM 1.2, TPM 2.0, TM 1.0, Not Specified, and Not Supported. This value is displayed when a TPM or TM is present on a server. • SD-Card Status—The status of the internal SD card.
• Source—The session source (for example, Remote Console, web interface, ROM-based setup utility, iLO RESTful API, or SSH). • Privilege icons (current user only)—The privileges assigned to the current user account. iLO Event Log The event log provides a record of significant events recorded by the iLO firmware. Logged events include major server events such as a server power outage or a server reset, and iLO events such as unauthorized login attempts.
Page 40
When less important events are repeated, they are consolidated into one event log entry, and the Count and Last Update values are updated. Each event type has a specific time interval that determines whether repeated events are consolidated or a new event is logged. •...
• To filter by the last update date, select a value in the Last Update menu. • To set the filters back to the default values, click Reset filters. Searching for an event To search for events based on dates, event ID, or description text, click , and then enter text in the search box.
• Fan degraded • Fan repaired • Fan redundancy lost • Fans redundant • Power supply inserted • Power supply removed • Power supply failure • Power supplies redundancy lost • Power supplies redundant • Temperature over threshold • Temperature normal •...
Page 43
• Last Update—The date and time when the latest event of this type occurred. This value is based on the date and time stored by the iLO firmware. If iLO did not recognize the date and time when an event was updated, [NOT SET] is displayed. •...
• To filter by severity, select a severity level from the Severity list. • To filter by class, select a class from the Class list. • To filter by event category, select a value in the Category list. • To change the displayed date and time for events, select a value in the Time menu. Choose from the following: ◦...
Procedure 1. Click Information in the navigation tree, and then click the Integrated Management Log tab. 2. Click The Enter Maintenance Note window opens. 3. Enter the text that you want to add as a log entry, and then click OK. You can enter up to 227 bytes of text.
Active Health System data collection The Active Health System does not collect information about your operations, finances, customers, employees, or partners. Examples of information that is collected: • Server model and serial number • Processor model and speed • Storage capacity and speed •...
• Support case number • Contact name • Phone number • Email address • Company name The contact information you provide will be treated in accordance with the Hewlett Packard Enterprise privacy statement. This information is not written to the log data stored on the server. 4.
6. If you have an open support case, you can email the log file to gsd_csc_case_mngmt@hpe.com. Use the following convention for the email subject: CASE: <case number>. Files that are larger than 25 MB must be compressed and uploaded to an FTP site. If needed, contact Hewlett Packard Enterprise for FTP site information.
5. The file is saved to the specified path. 6. Close the command window. curl command usage with iLO When you use curl to extract the Active Health System log, the command components include the following: Options <iLO IP address> Specifies the iLO IP address.
Prerequisites Configure iLO Settings privilege Procedure 1. Click Information in the navigation tree, and then click the Active Health System Log tab. The Active Health System Log is inaccessible when it is being used by Intelligent Provisioning, the Active Health System download CLI tool, or the iLO Service Port. 2.
Page 51
• Pass—The test was successful. • Fail—The test detected a problem. A reboot, firmware or software update, or service might be required. • Informational—Supplemental data about the tested system is provided in the Notes column. Notes A test might include supplemental information in the Notes column. For some tests, this column displays the versions of other system programmable logic, such as the System Board PAL or the Power Management Controller.
Viewing general system information Viewing health summary information The Health Summary page displays the status of monitored subsystems and devices. Depending on the server configuration, the information on this page varies. If the server is powered off, the system health information on this page is current as of the last power off. Health information is updated only when the server is powered on and POST is complete.
• Not Available—The component is not available or not installed. • Degraded—The device or subsystem is operating at a reduced capacity. iLO displays the power supply status as Degraded when mismatched power supplies are installed. If you power on a server with nonredundant fans or power supplies, the system health status is listed as OK.
Viewing memory information The Memory Information page displays a summary of the system memory. When server power is off, AMP data is unavailable, and only memory modules present at POST are displayed. If the server is powered off, the system health information on this page is current as of the last power off. Health information is updated only when the server is powered on and POST is complete.
Page 55
• RAID-XOR—The system is protected by AMP in the XOR memory mode. No DIMM faults have been detected. • Degraded RAID-XOR—The system is protected by AMP in the XOR memory mode. One or more DIMM faults have been detected. • Advanced ECC—The system is protected by AMP in the Advanced ECC mode.
• Single Board Mirroring—The system can be configured for mirrored advanced memory protection in a single memory board. • Advanced ECC—The system can be configured for Advanced ECC. • Mirroring—The system can be configured for mirrored AMP. • On-line Spare—The system can be configured for online spare AMP. •...
Physical Memory Details The Physical Memory Details section shows the physical memory modules on the host that were installed and operational at POST. Unpopulated module positions are also listed. Various resilient memory configurations can change the actual memory inventory from what was sampled at POST. In systems that have a high number of memory modules, all module positions might not be listed.
Technology The logical memory technology. Possible values follow: • NVDIMM • NVDIMM-N • R-NVDIMM Memory Details pane Physical Memory Manufacturer The memory module manufacturer. HPE Memory Indicates whether the memory module is HPE SmartMemory. Yes is displayed for HPE SmartMemory, and No is displayed for other memory types, including HPE memory that is not SmartMemory.
Page 59
Memory Controller The memory controller number. Slot The memory module slot number. Socket The memory module socket number. State The memory state. Vendor ID The memory vendor ID. Armed The current backup-ready status of the NVDIMM-N, if available. Last Operation The status of the last operation.
Memory Media The proprietary media source of the memory module. For example, NAND or Proprietary. State The memory state. Armed The current backup-ready status of an NVDIMM-N, if available. Last Operation The status of the last operation. Media Life The percentage of media life left. Viewing network information If the server is powered off, the health status information on this page is current as of the last power off.
Page 61
If NetworkManager is used to manage the NIC, the default status is Up and the link status is displayed in iLO. If Linux legacy utilities are used to manage the NIC, iLO displays the link status only if the NIC is configured by an administrator.
Logical Network Adapters This section displays the following information about network adapters that use NIC teaming to combine two or more ports into a single logical network connection: • Adapter name—The name of the configured link between the physical ports that form the logical network adapter.
• Firmware Version—The installed device firmware version. • Status—The device status. Device status values The Device Inventory page uses the following status values: • OK—The device is working correctly. • Other—The device status could not be determined. • No Supporting CPU—The CPU that supports the device slot is not installed. •...
The information displayed on this page depends on your storage configuration. Some storage configurations will not display information for every category. Fibre Channel adapters are not listed on this page. To view information about Fibre Channel adapters, click System Information in the navigation tree, and then click the Network tab. Procedure 1.
Page 65
depending on the failure type. If the controller hardware has a Failed status, the top-level controller status is Failed. • Controller Status—Controller hardware status (OK or Failed) • Serial Number • Model • Firmware Version • Controller Type • Cache Module Status •...
Logical drives When the Logical View option is selected, the following information is listed for the logical drives attached to a Smart Array controller. • Logical drive number • Status • Capacity • Fault Tolerance • Logical Drive Type • Encryption Status Logical drives must be configured through the Smart Storage Administrator software before they can be displayed on this page.
Page 67
associated hardware has a failure, the top-level controller status changes to Major Warning or Degraded, depending on the failure type. If the controller hardware has a Failed status, the top-level controller status is Failed. • Controller Status—Controller hardware status (OK or Failed) •...
Managing firmware, OS software, and language packs Firmware updates Firmware updates enhance server and iLO functionality with new features, improvements, and security updates. You can update firmware by using an online or offline firmware update method. Online firmware update When you use an online method to update firmware, you can perform the update without shutting down the server operating system.
Sample scripts are available at http://www.hpe.com/support/ilo5. For more information about scripting, see the iLO scripting and CLI guide. When iLO is configured to use the SuiteB security state, only HPONCFG for Linux is supported. Out-of-band firmware updates • iLO web interface—Download a supported firmware file and install it by using the iLO web interface.
Viewing and updating firmware from the iLO web interface The iLO web interface supports the following firmware and software management features: • Viewing installed firmware. • Viewing installed software. • Using the Flash Firmware controls to install firmware on the local managed server. •...
Page 71
Optional: To save a copy of the component to the iLO Repository, select the Also store in iLO Repository check box. To start the update process, click Flash. Depending on the server configuration, iLO notifies you that: • When you update the iLO firmware, iLO will reboot automatically. Some types of server firmware might require a server reboot, but the server will not reboot automatically.
Page 72
Requirements for firmware update to take effect • iLO firmware or language pack—Requires an iLO reset, which is triggered automatically. • System ROM (BIOS)—Requires a server reboot. • Chassis firmware (Power Management) and Edgeline Chassis Controller Firmware—Take effect immediately. • System Programmable Logic Device (CPLD)—Requires a server reboot.
Server firmware file type details • When you update the system ROM, you must use a signed image or the signed ROMPAQ image: ◦ Signed image example: http://<server.example.com:8080>/<wwwroot>/P79_1.00_10_25_2013.signed.flash ◦ Signed ROMPAQ image example: http://<server.example.com>/<wwwroot>/CPQPJ0612.A48 • The Power Management Controller, chassis firmware, and NVMe backplane files use the file extension .hex.
• Power Supply firmware • Embedded Video Controller Firmware details The Installed Firmware page displays the following information for each listed firmware type: • Firmware Name—The name of the firmware. • Firmware Version—The version of the firmware. • Location—The location of the component that uses the listed firmware. Replacing the active system ROM with the redundant system ROM Prerequisites •...
If the Upload to iLO Repository option is not displayed, click the ellipsis icon in the top right corner of the iLO web interface, then click Upload to iLO Repository. 2. Select the Local file or Remote file option. 3. Depending on the option you selected, do one of the following: •...
iLO notifies you that the component will be added to the end of the installation queue, and prompts you to confirm the request. 3. Click Yes, add to the end of the queue. If the installation queue is empty, and iLO can initiate the component installation, the button is labeled Yes, install now.
iLO Repository contents The Contents section of the iLO Repository page displays the following details about each firmware or software component: • Name • Version iLO Repository individual component details When you click an individual component, the following details are displayed: •...
Procedure 1. Click Firmware & OS Software in the navigation tree, and then click Install Sets. 2. Click the install icon next to the install set you want to install. iLO notifies you that the contents of the install set will be added to the end of the installation queue, and prompts you to confirm the request.
Use the install set icons to add an install set to the installation queue or to remove an install set. The protected install set is displayed with a lock icon. Individual install set details When you click an individual install set, the following details are displayed: •...
Viewing the Installation Queue Procedure 1. Click Firmware & OS Software in the navigation tree, and then click the Installation Queue tab. 2. Optional: To view detailed information, click an individual task. Queued task details Task summary details The Installation Queue tab displays the following details about each task: State Status of the task.
Removing a task from the Installation Queue Prerequisites Configure iLO Settings privilege Procedure 1. Click Firmware & OS Software in the navigation tree, and then click Installation Queue. 2. Click the remove component icon iLO prompts you to confirm the request. 3.
Procedure 1. Click Firmware & OS Software in the navigation tree, and then click the Software tab. 2. Optional: To update the software information data, click The information on this page is cached in the browser, and iLO displays the date and time of the last update.
Configuring and using iLO Federation iLO Federation iLO Federation enables you to manage multiple servers from one system using the iLO web interface. When configured for iLO Federation, iLO uses multicast discovery and peer-to-peer communication to enable communication between the systems in an iLO Federation group. When an iLO Federation page loads, a data request is sent from the iLO system running the web interface to its peers, and from those peers to other peers until all data for the selected iLO Federation group is retrieved.
iLO Federation network requirements • Servers that will be used with iLO Federation must use the iLO Dedicated Network Port configuration. The iLO Federation features cannot be used with the iLO Shared Network Port configuration. • Optional: iLO Federation supports both IPv4 and IPv6. If both options have valid configurations, you can configure iLO to use IPv4 instead of IPv6.
To ensure that multicast discovery works correctly, make sure that all iLO systems in the same group use the same value for Multicast Time to Live (TTL). 7. Click Apply. Network changes and changes you make on this page take effect after the next multicast announcement.
Page 86
iLO Federation group memberships for a set of iLO systems When you add group memberships for multiple iLO systems at one time, you specify the privileges that members of the group have for configuring the other members of the group. For example, if you configure group2 based on the DEFAULT group, and you assign the Virtual Power and Reset privilege, the users of iLO systems in group2 can change the power state of all the servers in the group.
• There is no limit on the number of iLO systems that can be in a group. • You must have the Configure iLO Settings privilege to configure group memberships. • You can use the iLO web interface to configure group memberships for a local iLO system or a group of iLO systems.
Page 88
If you enter the name and key for an existing group, the local iLO system is added to that group. If you enter the name and key for a group that does not exist, the group is created and the local iLO system is added to the new group.
6. Click Update Group. 7. If you updated the group name or group key, update them on the other systems in the affected group. Removing a local iLO system from an iLO Federation group Prerequisites Configure iLO Settings privilege Procedure 1.
Page 90
• Administer User Accounts • Remote Console Access • Virtual Power and Reset • Virtual Media • Configure iLO Settings • Login Privilege This step defines the privileges that members of the group have for configuring the other members of the group.
Page 91
• Group Name—The group name, which can be 1 to 31 characters long. • Group Key—The group password, which can be from the configured minimum password length to 31 characters long. • Group Key Confirm—Confirm the group password. 5. Select from the following privileges: •...
Configuring Enclosure iLO Federation Support If you want to use iLO Federation with server blades in a BladeSystem c-Class enclosure, the Enable Enclosure iLO Federation Support option must be enabled in the Onboard Administrator software. This setting is required to allow peer-to-peer communication between the server blades in an enclosure. The Enable Enclosure iLO Federation Support option is enabled by default.
When you select a group from the Selected Group list: • The servers affected by a change on the Group Virtual Media, Group Power, Group Firmware Update, Group Licensing, and Group Configuration pages are listed in the Affected Systems table. •...
• Group Power • Group Firmware Update • Group Licensing • Group Configuration Procedure 1. Navigate to a page that supports the file export feature. 2. Click View CSV. 3. In the CSV Output window, click Save, and then follow the browser prompts to save or open the file. If multiple pages of servers are included in the list, the CSV file will contain only the servers that are currently displayed on the iLO web interface page.
Page 95
Viewing server health and model information Procedure 1. Click iLO Federation in the navigation tree, and then click the Multi-System View tab. 2. Select a group from the Selected Group menu. 3. Optional: To filter the list of servers, click a health status, server model, or server name link. Server health and model details •...
Viewing the iLO Federation Multi-System Map The Multi-System Map page displays information about the peers of the local iLO system. The local iLO system identifies its peers through multicast discovery. When an iLO Federation page loads, a data request is sent from the iLO system running the web interface to its peers, and from those peers to other peers until all the data for the selected group is retrieved.
Page 97
Connecting scripted media for groups Prerequisites • An iLO license that supports this feature is installed. • Each member of the selected iLO Federation group has granted the Virtual Media privilege to the group. Procedure 1. Click iLO Federation in the navigation tree, and then click the Group Virtual Media tab. 2.
Ejecting a scripted media device Prerequisites • An iLO license that supports this feature is installed. • Each member of the selected iLO Federation group has granted the Virtual Media privilege to the group. Procedure 1. Click iLO Federation in the navigation tree, and then click the Group Virtual Media tab. 2.
Page 99
Changing the power state for a group of servers The Virtual Power Button section on the Group Power page summarizes the current power state of the servers in a group. The summary information includes the total number of servers that are in the ON, OFF, or Reset state.
a graceful operating system shutdown before you attempt to shut down by using the Virtual Power Button. • Press and Hold—The same as pressing the physical power button for 5 seconds and then releasing The servers in the selected group are powered off as a result of this operation. Using this option might circumvent a graceful operating system shutdown.
Page 101
Changes you make on this page affect all systems in the selected group. 3. Select the Enable power capping check box. 4. Enter the Power Cap Value in watts, BTU/hr, or as a percentage. The percentage is the difference between the maximum and minimum power values. The power cap value cannot be set lower than the server minimum power value.
• Power capping is not supported on all servers. For more information, check the server specifications. • Power capping settings for some servers must be managed outside of the iLO web interface with tools such as the following: ◦ HPE Advanced Power Manager See the server specifications at http://www.hpe.com/info/qs for information about the power management features your server supports.
Page 103
• Chassis firmware (Power Management) • Power Management Controller • System Programmable Logic Device (CPLD) • NVMe Backplane Firmware • Language packs Updating the firmware for multiple servers Prerequisites • Each member of the selected iLO Federation group has granted the Configure iLO Settings privilege to the group.
Page 104
Some firmware update types might require a system reset, iLO reset, or a server reboot for the new firmware to take effect. More information Obtaining the iLO firmware image file on page 72 Obtaining supported server firmware image files on page 72 Viewing group firmware information Procedure 1.
Installing license keys (iLO Federation group) The Group Licensing page displays the license status for members of a selected iLO Federation group. Use the following procedure to enter a key to activate iLO licensed features. Prerequisites • Configure iLO Settings privilege •...
Page 106
More information Exporting iLO Federation information to a CSV file on page 93 Viewing license information Procedure 1. Click iLO Federation in the navigation tree, and then click the Group Licensing tab. 2. Select a group from the Selected Group menu. 3.
iLO Integrated Remote Console The iLO Integrated Remote Console is a graphical remote console that can be used to control the display, keyboard, and mouse of the host server. The Integrated Remote Console provides access to the remote file system and network drives. With Integrated Remote Console access, you can observe POST messages as the server starts, and initiate ROM-based setup activities to configure the server hardware.
• Do not run the Integrated Remote Console from the host operating system on the server that contains the iLO processor. • Hewlett Packard Enterprise recommends that users who log in to a server through the Integrated Remote Console logout before closing the console. •...
Microsoft ClickOnce The .NET IRC is launched using Microsoft ClickOnce, which is part of the .NET Framework. ClickOnce requires that any application installed from an SSL connection must be from a trusted source. If a browser is not configured to trust an iLO system, and the IRC requires a trusted certificate in iLO setting is set to Enabled, ClickOnce displays the following error message: Cannot Start Application - Application download did not succeed...
• An iLO license that supports this feature is installed. • Your system meets the requirements for using the .NET IRC. Procedure 1. Click Information in the navigation tree, and then click the Overview tab. 2. Click the .NET link. Starting the Java IRC (Oracle JRE) Use this procedure to start the Java IRC in environments with Windows or Linux and the Oracle JRE.
Prerequisites • Remote Console privilege • The Remote Console feature is enabled on the Access Settings page. • An iLO license that supports this feature is installed. • Your system meets the requirements for using the Java IRC. Procedure 1. Click Remote Console & Media in the navigation tree. The Launch tab displays the Remote Console launch options.
The Launch tab displays the Remote Console launch options. 2. Click the button for the Remote Console you want to use. iLO notifies you that another user is working in the Remote Console. 3. Click Acquire. The other user is prompted to approve or deny permission to acquire the Remote Console. If there is no response in 10 seconds, permission is granted.
This option provides the ACPI functionality that some operating systems implement. These operating systems behave differently depending on a short press or long press. • Reset—Forces the server to warm-boot: CPUs and I/O resources are reset. Using this option circumvents the graceful shutdown features of the operating system. •...
The session leader receives your request to join the .NET IRC session. If the session leader clicks Yes, you are granted access to the .NET IRC session with access to the keyboard and mouse. Console Capture (.NET IRC only) Console Capture allows you to record and play back video streams of events such as startup, ASR events, and sensed operating system faults.
Procedure 1. Click Remote Console & Media in the navigation tree. The Launch tab displays the Remote Console launch options. 2. Start the .NET IRC. 3. Press the Play button. The Playback Source dialog box opens. 4. Select Server Startup or Server Prefailure. 5.
The Launch tab displays the Remote Console launch options. 2. Start the .NET IRC. 3. Click the Record button. The Save Video dialog box opens. 4. Enter a file name and save location, and then click Save. 5. When you are finished recording, press the Record button again to stop recording. Viewing saved video files Prerequisites •...
Creating hot keys Prerequisites Configure iLO Settings privilege Procedure 1. Click Remote Console & Media in the navigation tree, and then click the Hot Keys tab. 2. For each hot key that you want to create, select the key combination to send to the remote server. To configure hot keys to generate key sequences from international keyboards, select the key on a U.S.
PG DN ENTER SPACE BREAK BACKSPACE NUM PLUS NUM MINUS Resetting hot keys Resetting the hot keys clears all current hot key assignments. Prerequisites Configure iLO Settings privilege Procedure 1. Click Remote Console & Media in the navigation tree, and then click the Hot Keys tab. 2.
Configuring Remote Console Computer Lock settings This feature locks the OS or logs a user out when a Remote Console session ends or the network link to iLO is lost. If you open a .NET IRC or Java IRC window when this feature is configured, the operating system will be locked when you close the window.
Page 120
Procedure 1. Click Remote Console & Media in the navigation tree, and then click the Security tab. 2. To enable or disable the IRC requires a trusted certificate in iLO setting, click the toggle switch. 3. To save the changes, click Apply. iLO Integrated Remote Console...
Using a text-based Remote Console iLO supports a true text-based Remote Console. Video information is obtained from the server, and the contents of the video memory are sent to the iLO management processor, compressed, encrypted, and forwarded to the management client application. iLO uses a screen-frame buffer that sends the characters (including screen positioning information) to text-based client applications.
Configuring the iLO Virtual Serial Port in the UEFI System Utilities The following procedure describes the settings you must configure before you can use the iLO Virtual Serial Port. This procedure is required for both Windows and Linux systems. Procedure 1.
Page 123
Configuring Linux 6 to use the iLO Virtual Serial Port Procedure 1. Configure GRUB based on the following configuration examples. NOTE: In the following configuration examples, ttyS0 and unit 0 are for com1 and ttyS1 and unit 1 are for com2.
Page 124
This configuration example uses ttys0. • At the end of the line GRUB_CMD_LINELINUX, enter console=ttys0. • Remove rhgb quiet. • Enter the following parameters: GRUB_TIMEOUT=5 GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap console=ttyS0,115200n8" GRUB_DISABLE_RECOVERY="true" 2. Enter the following command to create the grub.cfg file: grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg 3.
For example: systemctl enable serial-getty@ttyS0.service 5. To begin a shell session on a configured serial port, add the following line to the /etc/inittab file to start the login process automatically during system boot: The following example initiates the login console on /dev/ttyS0: S0:2345:respawn:/sbin/agetty 115200 ttyS0 vt100 6.
4. To enable or disable emergency management services for a boot application, enter the following command: bcdedit /bootems on 5. Reboot the operating system. More information Configuring the iLO Virtual Serial Port in the UEFI System Utilities on page 122 Starting an iLO Virtual Serial Port session Prerequisites •...
3. Use the vsp command to view iLO Virtual Serial Port activity. 4. Enter ESC ( to exit. 5. To view the iLO Virtual Serial Port log, enter vsp log. More information Configuring iLO access options on page 228 Text-based Remote Console (Textcons) You can access the Text-based Remote Console (Textcons) using a licensed iLO system and SSH.
Controlling smoothing iLO attempts to transmit data only when it changes and becomes stable on the screen. If a line of the text screen is changing faster than iLO can sample the change, the line is not transmitted until it becomes stable.
Make sure that the terminal application character encoding is set to Western (ISO-8859-1). 2. Log in to iLO. 3. At the prompt, enter textcons. A message appears, indicating that the Text-based Remote Console is initiating. 4. To exit the Text-based Remote Console and return to the CLI session, press Esc+Shift+9. Using Linux with the Text-based Remote Console You can run the Text-based Remote Console on a Linux system that is configured to present a terminal session on the serial port.
Using iLO Virtual Media iLO Virtual Media iLO Virtual Media provides a virtual device that can be used to boot a remote host server from standard media anywhere on the network. Virtual Media devices are available when the host system is booting. Virtual Media devices connect to the host server by using USB technology.
◦ The Virtual CD/DVD-ROM can be the physical CD/DVD-ROM drive on which the web browser is running, or an image file stored on your local hard drive or network drive. ◦ For optimal performance, Hewlett Packard Enterprise recommends using image files stored on the hard drive of your client PC or on a network drive accessible through a high-speed network link.
Operating system considerations: Virtual Floppy/USB key • Boot process and DOS sessions—During the boot process and DOS sessions, the virtual floppy device appears as a standard BIOS floppy drive (drive A). If a physically attached floppy drive exists, it is unavailable at this time. You cannot use a physical local floppy drive and a virtual floppy drive simultaneously.
You can mount the Virtual CD/DVD-ROM as a normal CD/DVD-ROM device by using the following command: mount /mnt/cdrom1 • SuSE Linux Enterprise Server—The Virtual CD/DVD-ROM can be found at /dev/scd0, unless a USB-connected local CD/DVD-ROM is present. In that case, the Virtual CD/DVD-ROM uses /dev/scd1.
• View or eject local media, including locally stored image files, floppy disks, USB keys, CDs/DVD- ROMs, and virtual folders. • View, connect, eject, or boot from scripted media. Scripted media refers to connecting images hosted on a web server by using a URL. iLO will accept URLs in HTTP or HTTPS format. FTP is not supported.
Local Media is displayed when local media is connected. • Connected—Indicates whether a Virtual Media device is connected. Ejecting a local media device Prerequisites • Virtual Media privilege • The Virtual Media feature is enabled on the Access Settings page. Procedure 1.
Viewing connected scripted media Prerequisites • Virtual Media privilege • The Virtual Media feature is enabled on the Access Settings page. Procedure Click Remote Console & Media in the navigation tree, and then click the Virtual Media tab. Scripted media details When scripted Virtual Media is connected, the details are listed in the Virtual Floppy/Virtual Folder Status or Virtual CD/DVD-ROM Status section: •...
Virtual Drives The Virtual Drive feature supports the use of a physical floppy disk or CD/DVD-ROM, a USB key drive, an image file, or an image file through a URL. Using a virtual drive (physical drive on a client PC) Prerequisites •...
Using a virtual drive (image file through a URL with IIS/Apache) You can connect scripted media by using the .NET IRC or Java IRC. Scripted media supports only 1.44 MB floppy disk images (IMG) and CD/DVD-ROM images (ISO). Prerequisites • Remote Console privilege •...
Page 139
The Launch tab displays the Remote Console launch options. 2. Start the Java IRC. 3. Select Virtual Drives > Create Disk Image. The Create Media Image dialog box opens. 4. Verify that the Disk>>Image button is displayed. If the button label is Image>>Disk, click the button to change it to Disk>>Image.
iLO notifies you when the disk creation is complete. 7. Click Close. 8. Confirm that the files were copied to the specified location. Using a Virtual Folder (.NET IRC only) Prerequisites • Remote Console privilege • The Remote Console feature is enabled on the Access Settings page. •...
For example, if your diskette image files use the extension .img, you must add a MIME type for that extension. Use the IIS Manager to access the Properties dialog box of your website. On the HTTP Headers tab, click MIME Types to add MIME types. Hewlett Packard Enterprise recommends adding the following types: •...
Figure 3: Perl configuration example 7. Verify that Web Service Extensions allows Perl scripts to execute. If not, click Web Service Extensions and set Perl CGI Extension to Allowed. 8. Verify that the prefix variable in the helper application is set correctly. More information Sample Virtual Media helper application on page 142 Inserting Virtual Media with a helper application...
Page 143
When you are using the helper application, the iLO firmware posts a request to this application using the following parameters: • The file parameter contains the name of the file provided in the original URL. • The range parameter contains an inclusive range (in hexadecimal) that designates where to write the data.
Using the power and thermal features Server power-on Secure recovery When power is applied to the server, iLO validates and starts its own firmware. If the iLO firmware fails validation, the system automatically flashes the iLO firmware if a recovery image is available. This feature is supported with the iLO Standard license.
Graceful shutdown The ability of the iLO processor to perform a graceful shutdown requires cooperation from the operating system. To perform a graceful shutdown, the iLO health driver must be loaded. iLO communicates with the health driver and uses the appropriate operating system method of shutting down the system safely to ensure that data integrity is preserved.
Power allocation (blade servers and compute modules) Blade servers operate in a shared power environment with an enclosure or frame. Before a server can be powered on, it must obtain a power allocation from its enclosure (ProLiant servers) or frame (Synergy compute modules).
Virtual Power Button options • Momentary Press—The same as pressing the physical power button. If the server is powered off, a momentary press will turn on the server power. Some operating systems might be configured to initiate a graceful shutdown after a momentary press, or to ignore this event.
• Always Power On—Power on the server after the power-on delay. This option is the default setting for server blades. • Always Remain Off—The server remains off until directed to power on. • Restore Last Power State—Returns the server to the power state when power was lost. If the server was on, it powers on;...
• Power Cap • Maximum • Average • Minimum 4. Optional: Choose how to refresh data on this page. By default, the page data is not refreshed after you open the page. • To refresh the page immediately, click the refresh icon •...
• Average—The mean power reading during the sample. Average power data is displayed in blue in power meter graphs. • Minimum—The minimum value observed during a measurement period. The 20-minute graph displays a minimum value that matches the lowest average reading every 10 seconds. The 24-hour graph displays minimum values lower than the 5-minute average value.
• Power Regulator Mode—The configured mode. For information about the possible settings, see Power settings on page 152. This value is displayed for all servers. • Power Supply Capacity—The server power capacity. This value is displayed for XL servers. • Peak Measured Power—The highest measured power reading.
Prerequisites Configure iLO Settings privilege Procedure 1. Click Power & Thermal in the navigation tree, and then click the Power Settings tab. 2. Select a Power Regulator mode. 3. Click Apply. If the server is off or in POST, the changes will not take effect until POST is complete. For the Dynamic Power Savings Mode, Static Low Power Mode, and Static High Performance Mode settings, iLO notifies you that the Power Regulator settings changed.
Page 154
3. Enter the Power Cap Value in watts, BTU/hr, or as a percentage. The percentage is the difference between the maximum and minimum power values. The power cap value cannot be set lower than the server minimum power value. 4. Optional: When values are displayed in watts, click Show values in BTU/hr to change the display to BTU/hr.
Configuring battery backup unit settings When the power supplies cannot provide power to a server with a battery backup unit, the server runs on power provided by the battery backup unit. Use the following procedure to choose the action iLO takes when a server is running on a battery backup unit.
3. If you selected Peak Power Consumption or Average Power Consumption, enter the following: • Warning Threshold • Duration 4. Optional: To change the Warning Threshold display to Watts or BTU/hr, click Show values in Watts or Show values in BTU/hr. 5.
Viewing power information Procedure 1. Click Power & Thermal in the navigation tree, and then click the Power tab. The information displayed on the Power Information page varies depending on the server type. The following sections are possible: • Power Supply Summary •...
Page 158
If Power Discovery Services is integrated into the infrastructure, this value indicates whether the externally supplied power to the internal power supplies is redundant. • Not Redundant—Indicates that at least one of the power supplies or iPDUs (if Power Discovery Services is used) is not providing power to the server.
Power Supplies list Some power supplies do not provide information for all the values in this list. If a power supply does not provide information for a value, N/A is displayed. This section is displayed for nonblade servers (DL, ML). •...
• Capacity—The power supply capacity (watts). • Firmware—The installed power supply firmware version. Power Discovery Services iPDU Summary This section is displayed for nonblade servers if the server power supplies are connected to an iPDU. After iLO is reset, or when an iPDU is attached, it takes approximately 2 minutes for the iLO web interface to display iPDU summary data.
Power Readings This section is displayed for server blades and Synergy compute modules. Present Power Reading The most recent power reading from the server. Although this value is typically equal to the sum of all active power supply outputs, there might be some small variance as a result of reading the individual power supplies.
Power monitoring iLO monitors the power supplies in the server to ensure the longest available uptime of the server and operating system. Brownouts and other electrical conditions might affect power supplies, or AC cords might be unplugged accidentally. These conditions result in a loss of redundancy if redundant power supplies are configured, or result in a loss of operation if redundant power supplies are not used.
• Status—The fan health status. • Speed—The fan speed (percent). Fans The iLO firmware, in conjunction with the hardware, controls the operation and speed of the fans. Fans provide essential cooling of components to ensure reliability and continued operation. The fans react to the temperatures monitored throughout the system to provide sufficient cooling with minimal noise.
Temperature graph details When you view the temperature graph, the circles on the graph correspond to the sensors listed in the Sensor Data table. The color on the graph is a gradient that ranges from green to red. Green represents a temperature of 0°C and red represents the critical threshold.
Page 165
If the temperature exceeds the caution threshold for 60 seconds, a graceful server shutdown is attempted. • Critical—If temperatures are uncontrollable or rise quickly, the critical temperature threshold prevents system failure by physically shutting down the server before the high temperature causes an electronic component failure.
Configuring iLO network settings iLO network settings iLO provides the following options for network connection: • iLO Dedicated Network Port—Uses an independent NIC that is dedicated to iLO network traffic only. When supported, this port uses an RJ-45 jack (labeled iLO) on the back of the server. •...
• Link State—The current link speed of the selected iLO network interface. The default value is Auto- Negotiate. • Duplex Option—The current link duplex setting for the selected iLO network interface. The default value is Auto-Negotiate. You can configure the iLO hostname and NIC settings on the Network General Settings page. IPv4 Summary details •...
General network settings Use the iLO Dedicated Network Port or iLO Shared Network Port Network General Settings page to configure the iLO Hostname and NIC settings. Configuring the iLO Hostname Settings Prerequisites Configure iLO Settings privilege Procedure 1. Click iLO Dedicated Network Port or iLO Shared Network Port in the navigation tree. 2.
◦ If you are using both DNS and WINS, verify that they resolve the iLO network address correctly. ◦ Flush the DNS name if you make any namespace changes. NIC settings Enable the iLO Dedicated Network Port or the iLO Shared Network Port and configure the associated NIC settings in the NIC Settings section of the Network General Settings tab.
Page 170
Enabling the iLO Shared Network Port through the iLO web interface Prerequisites Configure iLO Settings privilege Procedure 1. Connect the Shared Network Port LOM or FlexibleLOM port to a LAN. 2. Click iLO Shared Network Port in the navigation tree, and then click the General tab. 3.
iLO network connection considerations • Only one of the Dedicated Network Port or Shared Network Port options can be enabled at a time because iLO supports only one active NIC connection. • By default, the iLO Shared Network Port uses port 1 on the server NIC. Depending on the server configuration, this NIC might be a LOM or FlexibleLOM adapter.
8. To save the changes you made on the IPv4 Settings page, click Apply. 9. If you are finished configuring the iLO network settings on the General, IPv4, IPv6, and SNTP tabs, click Reset to restart iLO. It might take several minutes before you can re-establish a connection. IPv4 settings DHCPv4 Configuration settings Enable DHCPv4...
DNS Configuration settings Primary DNS Server If Use DHCPv4 Supplied DNS Servers is enabled, this value is supplied automatically. If not, enter the Primary DNS Server address. Secondary DNS Server If Use DHCPv4 Supplied DNS Servers is enabled, this value is supplied automatically. If not, enter the Secondary DNS Server address.
3. Configure the DHCPv6 Configuration settings. 4. Configure the DNS Configuration settings. 5. Configure the Static IPv6 Address Configuration settings. 6. Configure the Static Route Configuration settings. 7. To save the changes you made on the IPv6 Settings page, click Apply. 8.
• Use DHCPv6 Supplied Domain Name—Select this check box to use the DHCPv6 server- supplied domain name. • Use DHCPv6 Supplied DNS Servers—Select this check box to use IPv6 addresses provided by the DHCPv6 server for DNS server locations. This setting can be enabled at the same time as the IPv4 DNS server location options.
Procedure 1. Click iLO Dedicated Network Port or iLO Shared Network Port in the navigation tree. 2. Click the SNTP tab. 3. Do one of the following: • To use DHCP-provided NTP server addresses, enable Use DHCPv4 Supplied Time Settings, Use DHCPv6 Supplied Time Settings, or both.
Secondary Time Server Configures iLO to use a secondary time server with the specified address. You can enter the server address by using the server FQDN, IPv4 address, or IPv6 address. Time Zone Determines how iLO adjusts UTC time to obtain the local time, and how it adjusts for Daylight Savings Time (Summer Time).
contacted through the Shared Network Port. When you use iLO NIC auto-selection, you can install a server in either data center and iLO will select the correct network port. By default, NIC auto-selection is disabled. More information Enabling iLO NIC auto-selection on page 180 NIC auto-selection support •...
Enabling iLO NIC auto-selection Procedure 1. Configure both iLO network ports. Before enabling and using the NIC auto-selection feature, both iLO network ports must be configured for their respective network environments. 2. Do one of the following: • Use the CLI command oemhp_nicautosel to configure NIC auto-selection. •...
Page 181
The Properties window includes the following: ◦ Device Details—iLO manufacturer and version information. To start the iLO web interface, click the Device webpage link. ◦ Troubleshooting Information—The serial number, MAC address, UUID, and IP address. Configuring iLO network settings...
Managing remote support HPE embedded remote support HPE iLO 5 includes the embedded remote support feature, which allows you to register HPE ProLiant Gen10 servers for HPE remote support. You can also use iLO to monitor service events and remote support data collections.
Server Insight RS Firewall host server Figure 5: Insight Remote Support central connect with a server Device support Embedded remote support registration is supported for the following device types. IMPORTANT: If you use HPE OneView to manage your environment, use it to register for remote support. For more information, see the HPE OneView user guide.
• Server model • Serial number • Part number of the hardware component • Description, location, and other identifying characteristics of the hardware component Configuration During data collection, iLO collects data to enable proactive advice and consulting. Configuration data includes the following: •...
3. Navigate to the following website and verify that the product you will register for remote support has an active Hewlett Packard Enterprise warranty or contract: http://www.hpe.com/info/hpesc. 4. Collect the following information for use during the Insight Online direct connect registration procedure or the Insight Remote Support central connect host server configuration procedure: •...
Insight Online • Microsoft Internet Explorer: 11 or later • Mozilla Firefox: Latest version • Google Chrome: Latest version Setting up a ProLiant server for remote support registration Prerequisites Ensure that you have the required files to set up or update a ProLiant server. Depending on your configuration, you might need the following files: •...
5. If you did not install AMS, do one of the following to ensure that the server name is displayed correctly in Insight Online and Insight RS: • For Windows systems only, start the operating system. Insight Online and Insight RS will use the Windows computer name to identify the server.
Page 188
Procedure 1. Verify that the server you will use for the Insight RS host server meets the requirements listed in the Insight Remote Support release notes. NOTE: The host server is called the Hosting Device in the Insight RS software. 2.
Verifying access to Insight Online Procedure 1. Navigate to the following website: http://www.hpe.com/info/insightonline. 2. Enter your HPE Passport user ID and password, and then click Sign in. If you do not have an HPE Passport account, follow the onscreen instructions to create one. The Hewlett Packard Enterprise Support Center website is displayed with the Insight Online My IT Environment tab selected.
• Web Proxy Server—Enter the host name or IP address. • Web Proxy Port • Web Proxy Username • Web Proxy Password 5. To accept the licensing terms and conditions, select the I accept the terms and conditions check box. You can view these documents at the following website: http://www.hpe.com/info/SWLicensing.
Confirming registration is complete (iLO web interface) Procedure 1. Click Remote Support in the navigation tree. The Registration page is displayed. 2. Select the Confirm that you have completed the HPE Connected Products registration process check box, and then click Apply. iLO notifies you that the registration process is finished.
The Registration page is displayed. 2. Select Connect this server through an HPE remote support host server. 3. Enter the Host server hostname or IP address and Port number. The default port is 7906. 4. Click Register. iLO notifies you that the registration process is finished. 5.
The Registration page is displayed. 4. Verify that the server is not registered. Remote support service events Use the Service Events page to monitor service events, send test events, and set maintenance mode. When iLO detects a hardware failure—for example, a problem with a memory DIMM or fan—a service event is generated.
Maintenance mode ends automatically when the specified amount of time has passed. iLO notifies you when maintenance mode is cleared. Sending a test service event by using iLO You can send a test event to verify that your remote support configuration is working correctly. Prerequisites Configure iLO Settings privilege.
6. Insight RS converts the service event Time Generated value to the time zone of the browser used to access the Insight RS Console. 7. Test events are closed automatically because no further action is necessary. Viewing the Service Event Log Procedure Click Remote Support in the navigation tree, and then click the Service Events tab.
Event ID Description SAS Physical Drive Status Changed Event ATA Disk Drive Status Changed Event Fibre Channel Host Controller Status Changed Event Memory Module Failed or Predicted to Fail Event Storage System Fan Status Changed Event Storage System Power Supply Status Changed Event Uncorrectable Machine Check Exception Event Clearing the Service Event Log Prerequisites...
Hewlett Packard Enterprise. This information is used for troubleshooting issues and closed-loop quality analysis. • Insight Online direct connect—Data is transmitted every seven days. You cannot edit or delete the Active Health System reporting schedule. • Insight Remote Support central connect—Data is transmitted every seven days. You can change the day of the week for Active Health System reporting transmission in the Insight RS Console.
Viewing data collection status in iLO Procedure Click Remote Support in the navigation tree, and then click the Data Collections tab. Data Collection details • Data Collection Frequency (days) (Insight Online direct connect only)—The frequency at which data is sent to Hewlett Packard Enterprise. •...
TIP: To view activities that occurred after you signed in to Insight Online, click the refresh button. Viewing data collection status in the Insight RS Console (Insight Remote Support central connect only) Procedure 1. Log in to the Insight RS Console (https://<Insight RS host server IP address or FQDN>:7906). 2.
For more information about the Insight RS tasks in this procedure, see the Insight Remote Support monitored devices configuration guide and the Insight Remote Support installation and configuration guide. More information Unregistering from Insight Remote Support central connect on page 192 Registering for Insight Online direct connect on page 189 Changing the remote support configuration of a supported device...
Page 201
for Insight Remote Support central connect. If you do not wait, the re-registered device will not be displayed in Insight Online (if enabled). 3. Register the device for Insight Remote Support central connect. Managing remote support...
Using the iLO administration features iLO user accounts iLO enables you to manage user accounts stored locally in secure memory. You can create up to 12 local user accounts with custom login names and advanced password encryption. Privileges control individual user settings, and can be customized to meet user access requirements.
To select all available user privileges, click the select all check box. 5. To save the new user, click Add User. Editing local user accounts Prerequisites Administer User Accounts privilege Procedure 1. Click Administration in the navigation tree. The User Administration tab is displayed. 2.
Procedure 1. Click Administration in the navigation tree. The User Administration tab is displayed. 2. Select the check box next to one or more user accounts that you want to delete. 3. Click Delete. 4. When prompted to confirm the request, click Yes, delete. iLO user account options •...
• Administer User Accounts—Enables a user to add, edit, and delete local iLO user accounts. A user with this privilege can change privileges for all users. If you do not have this privilege, you can view your own settings and change your own password. •...
IMPORTANT: Hewlett Packard Enterprise does not recommend setting the Minimum Password Length to fewer than eight characters unless you have a physically secure management network that does not extend outside the secure data center. More information Configuring iLO access options on page 228 IPMI/DCMI users The iLO firmware follows the IPMI 2.0 specification.
Adding directory groups Prerequisites • Configure iLO Settings privilege • An iLO license that supports this feature is installed. Procedure 1. Click Administration in the navigation tree, and then click the Directory Groups tab. 2. Click New. 3. Provide the following details in the Group Information section: •...
• Group DN • Group SID (Kerberos authentication and Active Directory integration only) 4. Select from the following privileges: • Login • Remote Console • Virtual Power and Reset • Virtual Media • Host BIOS • Configure iLO Settings • Administer User Accounts •...
of this group. Enter a DN from the directory (for example, CN=Group1, OU=Managed Groups, DC=domain, DC=extension). Shortened DNs are also supported (for example, Group1). The shortened DN is not a unique match. Hewlett Packard Enterprise recommends using the fully qualified DN. •...
The Host BIOS, Host NIC, and Host Storage privileges do not affect configuration through host-based utilities. Viewing directory groups Procedure 1. Click Administration in the navigation tree, and then click the Directory Groups tab. The Directory Groups table shows the group DN, group SID, and the assigned privileges for the configured groups.
When Virtual Media is connected, the iLO web interface displays the Virtual Media type next to the Virtual Floppy/USB key and Virtual CD/DVD-ROM text at the top of the page. 2. To move a device up or down in the boot order, select the device in the Server Boot Order list, and then click Up or Down.
The Current One-Time Boot Option value is updated to show the selection. Changing the one-time boot status in UEFI mode Procedure 1. Click Administration in the navigation tree, and then click the Boot Order tab. 2. Select an option from the Select One-Time Boot Option list. The following options are available: •...
Procedure 1. Click Administration in the navigation tree, and then click the Boot Order tab. 2. To use the additional options, do one of the following: • To load the ROM-based setup utility on the next server reset, click Boot to System Setup Utilities. •...
Lost license key recovery If an iLO license key is lost, send a replacement request and your proof of purchase to one of the following email addresses: • Americas: licensing.ams@hpe.com • Europe, Middle East, and Africa: licensing.emea@hpe.com • Asia-Pacific and Japan: licensing.apj@hpe.com iLO licensing iLO standard features are included with every server to simplify server setup, perform health monitoring, monitor power and thermal control, and facilitate remote administration.
Using Enterprise Secure Key Manager with iLO iLO 5 supports Enterprise Secure Key Manager (ESKM) 3.1 and later, which can be used in conjunction with HPE Smart Array Secure Encryption. ESKM 5.0 or later is required when the FIPS security state is enabled. ESKM is not supported when the SuiteB security state is enabled.
Adding key manager configuration details Prerequisites • Configure iLO Settings privilege • An iLO license that supports this feature is installed. Procedure 1. Click Administration in the navigation tree, and then click the Key Manager tab. The listed iLO Account on ESKM account name is ilo-<iLO MAC address>. The account name is read-only and is used when iLO communicates with the ESKM.
Prerequisites • An iLO license that supports this feature is installed. • Key manager is set up and the key manager configuration is complete in iLO. Procedure 1. Click Administration in the navigation tree, and then click the Key Manager tab. 2.
If a language pack is installed, installing a newer language pack of the same language replaces the installed language pack. • The Java IRC and .NET IRC use the language of the current iLO session. • For localization support with the Java IRC on Windows systems, you must select the correct language in the Regional and Language Options Control Panel.
Configuring the current iLO web interface session language Procedure 1. Click Administration in the navigation tree, and then click the Language tab. 2. Click the name of a language in the Installed Languages list. The iLO web interface for the current browser session changes to the selected language. Uninstalling a language pack Prerequisites Configure iLO Settings privilege...
• iLO Firmware • System ROM (BIOS) • System Programmable Logic Device (CPLD) • Server Platform Services (SPS) Firmware • Innovation Engine (IE) Firmware When a firmware verification scan is in progress, you cannot install firmware updates or upload firmware to the iLO Repository.
Running a firmware verification scan Prerequisites • Configure iLO Settings privilege • An iLO license that supports this feature is installed. Procedure 1. Navigate to the Administration page, and then click the Firmware Verification tab. 2. Click Run Scan. When a firmware verification scan is in progress, you cannot install firmware updates or upload firmware to the iLO Repository.
iLO Backup & Restore The Backup & Restore feature allows you to restore the iLO configuration on a system with the same hardware configuration as the system that was backed up. This feature is not meant to duplicate a configuration and apply it to a different iLO system. In general, it is not expected that you will need to perform an iLO restore operation.
Integrated Management Log To preserve information about events that occurred between the backup and the time or event that required the restore, this information is not restored. iLO Event Log To preserve information about events that occurred between the backup and the time or event that required the restore, this information is not restored.
Procedure 1. Click Administration in the navigation tree, and then click Backup & Restore. 2. Click Restore. 3. Depending on your browser, click Browse or Choose File, and then navigate to the backup file. 4. If the backup file is password protected, enter the password. 5.
Using the iLO security features iLO security To access the security features that you can configure with the iLO web interface, click Security in the navigation tree. For in-depth information about iLO security, see the HPE Gen10 Security Reference Guide. General security guidelines When you set up and use iLO, consider the following guidelines for maximizing security: •...
Directory Configure Kerberos authentication and Directory integration. You can configure iLO to use a directory service to authenticate and authorize its users. This configuration enables an unlimited number of users and easily scales to the number of iLO devices in an enterprise.
Page 227
Procedure 1. Click Security in the navigation tree. The Access Settings page is displayed. 2. Update the service settings as needed. When you disable a service setting, iLO notifies you that the features that depend on the service setting will be unavailable if you apply the changes. 3.
When this option is disabled, virtual media and scripted virtual media are disabled. The configured virtual media port is not detected in a security audit that uses a port scanner to scan for security vulnerabilities. Virtual Media Port The port that iLO uses to listen for incoming local Virtual Media connections. The default value is 17988.
Page 229
3. Click Apply. If you changed a value that does not require a reset, iLO completes the change and refreshes the page. If you changed a value that requires a reset to take effect, iLO prompts you to confirm that you want to apply the changes and reset iLO.
Page 230
RIBCL over HTTP/HTTPS, RIBCL through in-band communication, and RIBCL through the OA port do not work when this feature is disabled. This option must be enabled when you register a server for Insight Remote Support central connect or Remote Support from HPE OneView. The following message is displayed if you try to use RIBCL when it is disabled: <?xml version="1.0"?>...
Page 231
XML Reply Controls the XML object iLO provides in response to an anonymous request for basic system information. When this setting is enabled (default), other software is allowed to discover and identify an iLO system on the network. To view the XML response that iLO provides, click View. When this option is disabled, iLO responds to requests with an empty XML object.
Server FQDN/IP Address Enables you to specify the server FQDN or IP address. You can assign this value manually, but it might be overwritten by the host software when the operating system loads. • You can enter an FQDN or IP address that is up to 255 bytes. •...
You receive three password prompts. After the third incorrect password, the connection ends and the third login failure is recorded. The SSH login failure counter is set to 3. The iLO firmware records an SSH failed login log entry, and sets the SSH login failure counter to 0. iLO Service Port The Service Port is a USB port with the label iLO on the front of ProLiant Gen10 servers and Synergy Gen10 compute modules.
If the command is not successful, the iLO Service Port status changes to Error, and the UID flashes at a rate of eight fast flashes then off for one second. The file system is unmounted. 4. Remove the USB flash drive. The iLO Service Port status changes to Ready, and the UID stops flashing or flashes to indicate another state such as Remote Console access or a firmware update in progress.
• iLO Service Port • USB flash drives • Require authentication • USB Ethernet adapters 3. Click Apply. The updated settings take effect immediately, and information about the configuration change is logged in the iLO Event Log. iLO Service Port options •...
◦ Edge, Chrome, Internet Explorer: 169.254.* ◦ Firefox: 169.254.0.0/16 • Disable web proxy settings on the client. For more information about proxy settings, see your operating system documentation. iLO Service Port supported devices Mass storage devices The iLO Service Port supports USB keys with the following characteristics: •...
Page 237
command.txt file template Use the following example as a template for your command.txt file: "/ahsdata/" : { "POST" : { "downloadAll" : "0", "from" : "2016-08-25", "to" : "2016-08-26", "case_no" : "ABC0123XYZ", "contact_name" : "My Name", "company" : "My Company, Inc.", "phone"...
Hewlett Packard Enterprise recommends using an online JSON formatter to verify the file syntax. A free utility is available at the following website: http://www.freeformatter.com/json-formatter.html. • Do not include comments in the file. • The text in the file is case-sensitive. •...
3. Verify that Secure Shell (SSH) Access is enabled on the Access Settings page. 4. Use Putty.exe to open an SSH session using port 22. 5. Change to the cd /Map1/Config1 directory. 6. Enter the following command: load sshkey type "oemhpe_loadSSHkey -source <protocol://username:password@hostname:port/filename>" When you use this command: •...
SSH keys When you add an SSH key to iLO, you paste the SSH key file into iLO. The file must contain the user- generated public key. The iLO firmware associates each key with the selected local user account. If a user is removed after an SSH key is authorized for that user, the SSH key is removed.
OpenSSH key format iLO legacy format The iLO legacy format keys are OpenSSH keys surrounded by the BEGIN/END headers needed for RIBCL. This format must be one line between the BEGIN SSH KEY and END SSH KEY text. CAC Smartcard Authentication A common access card (CAC) is a United States Department of Defense (DoD) smartcard for multifactor authentication.
Configuring CAC Smartcard Authentication settings Prerequisites • An iLO license that supports this feature is installed. • Optional: Install the LDAP server CA certificates for directory integration. • Optional: Configure LDAP directory integration in Directory Default Schema mode for directory integration.
NOTE: If you do not have a trusted certificate, you cannot access iLO. Attempts to browse to the iLO web interface will generate an error. Directory User Certificate Name Mapping • For Directory Username—Allows you to select the portion of the user certificate to use as your directory user name: ◦...
Page 244
Deleting a trusted CA certificate Prerequisites • Configure iLO Settings privilege • An iLO license that supports this feature is installed. Procedure 1. Click Security in the navigation tree, and then click the CAC/Smartcard tab. 2. Scroll to the Manage Trusted CA Certificates section. 3.
Procedure 1. Click Security in the navigation tree, and then click the CAC/Smartcard tab. 2. Scroll to the Certificate Revocation List (CRL) section. 3. Click Delete. Certificate mapping The Certificate Mappings page displays the local users of the system and their associated SHA-256 certificate thumbprints.
Procedure 1. Click Security in the navigation tree, and then click the Certificate Mappings tab. iLO displays a list of local user accounts with their associated SHA-256 certificate thumbprints. 2. Select one or more local user accounts by clicking the check box next to the Login Name. 3.
Page 247
previous CSR is imported, the certificate does not work. In that case, a new CSR must be generated and used to obtain a new certificate from a CA. Prerequisites Configure iLO Settings privilege Procedure 1. Obtain a trusted certificate from a Certificate Authority (CA). 2.
Page 248
Open a browser window and navigate to a third-party CA. Follow the onscreen instructions and submit the CSR to the CA. When you submit the CSR to the CA, your environment might require the specification of Subject Alternative Names. If necessary, enter the iLO DNS name. The CA generates a certificate.
iLO supports SSL certificates that are up to 3 KB (including the 609 bytes or 1,187 bytes used by the private key, for 1,024-bit and 2,048-bit certificates, respectively). 5. Reset iLO. Directory authentication and authorization The iLO firmware supports Kerberos authentication with Microsoft Active Directory. It also supports directory integration with an Active Directory or OpenLDAP directory server.
Kerberos settings • Kerberos Authentication—Enables or disables Kerberos login. If Kerberos login is enabled and configured correctly, the Zero Sign In button appears on the login page. • Kerberos Realm—The name of the Kerberos realm in which the iLO processor operates. This value can be up to 128 characters.
Page 251
a. Click View in the Certificate Status box. b. Click New in the Certificate Details window. c. Paste the Base64-encoded X.509 certificate data into the Import Certificate window, and then click Import. 10. Enter valid search contexts in one or more of the Directory User Context boxes. 11.
Configuring HPE Extended Schema directory settings in iLO Prerequisites Your environment meets the prerequisites for using this feature. Procedure Click Security in the navigation tree, and then click the Directory tab. Select Use HPE Extended Schema from the LDAP Directory Authentication menu. Set Local User Accounts to enabled if you want to use local user accounts at the same time as directory integration.
If you enter the FQDN, ensure that the DNS settings are configured in iLO. Hewlett Packard Enterprise recommends using DNS round-robin when you define the directory server. • Directory Server LDAP Port—Specifies the port number for the secure LDAP service on the server. The default value is 636.
To use this format, you must enable Generic LDAP on the Security - Directory page. Directory Server CA Certificate During LDAP authentication, iLO validates the directory server certificate if the CA certificate is already imported. For successful certificate validation, make sure that you import the correct CA certificate. If certificate validation fails, iLO login is denied and an event is logged.
Page 255
While the tests are running, the page refreshes periodically. You can stop the tests or manually refresh the page at any time. Directory test input values Enter the following values when you run directory tests: • Directory Administrator Distinguished Name—Searches the directory for iLO objects, roles, and search contexts.
Page 256
• Result—Reports status for a specific directory setting or an operation that uses one or more directory settings. These results are generated when a sequence of tests is run. The results stop when the tests run to completion, when a test failure prevents further progress, or when the tests are stopped. Test results follow: ◦...
If the test is successful, the directory server accepted the binding. Directory Administrator Login If Directory Administrator Distinguished Name and Directory Administrator Password were specified, iLO uses these values to log in to the directory server as an administrator. Providing these values is optional.
It might take several minutes before you can re-establish a connection. 5. After you select the Production or HighSecurity security state and click Apply, close all open browser windows. Any browser sessions that remain open might use the wrong cipher for the configured security state. Enabling the FIPS and SuiteB security states Use this procedure to configure iLO to use the FIPS and SuiteB security states.
a. Log in to iLO by using the default user credentials. b. Click Security in the navigation tree, and then click the Encryption tab. c. Select SuiteB in the Security State menu, and then click Apply. iLO prompts you to confirm the request. d.
Log out of iLO through the current browser before changing the browser cipher setting. Any changes made to the cipher settings while you are logged in to iLO might enable the browser to continue using a non-AES cipher. SSH connection For information about setting the available ciphers, see the SSH utility documentation.
CAUTION: When you reset iLO to the factory default settings, all iLO settings are erased, including user data, license data, configuration settings, and logs. If the server has a factory installed license key, the license key is retained. Events related to the reset are not logged to the iLO Event Log and Integrated Management Log because this step clears all the data in the logs.
Page 262
• iLO enforces the use of AES ciphers over the secure channels, including secure HTTP transmissions through the browser, SSH port, iLO RESTful API, and RIBCL. When HighSecurity is enabled, you must use a supported cipher to connect to iLO through these secure channels. This security state does not affect communications and connections over less-secure channels.
• iLO operates in a mode intended to comply with the SuiteB requirements defined by the NSA, and intended to secure systems used to hold United States government top secret classified data. • You cannot connect to the server with network-based tools that do not support TLS 1.2. •...
Page 264
• 256-bit AES-GCM with RSA, DH, and an AEAD MAC (DHE-RSA-AES256-GCM-SHA384) • 256-bit AES with RSA, DH, and a SHA256 MAC (DHE-RSA-AES256-SHA256) • 256-bit AES with RSA, DH, and a SHA1 MAC (DHE-RSA-AES256-SHA) • 256-bit AES-GCM with RSA, and an AEAD MAC (AES256-GCM-SHA384) •...
256-bit AES-GCM with ECDSA, ECDH, and an AEAD MAC (ECDHE-ECDSA-AES256-GCM- SHA384) HPE SSO HPE SSO enables you to browse directly from an HPE SSO-compliant application to iLO, bypassing an intermediate login step. To use this feature: • You must have a supported version of an HPE SSO-compliant application. •...
◦ When the HighSecurity or FIPS security state is enabled, a 2048-bit certificate is required. ◦ When the SuiteB security state is enabled, a certificate containing a 3072-bit RSA key or a 384- bit ECDSA key with NIST P-384 curve is required. The list of trusted servers is not used when SSO is disabled.
Procedure 1. Click Security in the navigation tree, and then click the HPE SSO tab. 2. Click Import. 3. Use one of the following methods to add a trusted certificate: • Direct import—Copy the Base64-encoded certificate X.509 data, paste it into the text box in the Direct Import section, and then click Apply.
Viewing trusted certificates and records The Manage Trusted Certificates and Records table displays the status of the trusted certificates and records configured to use SSO with the current iLO management processor. Procedure Click Security in the navigation tree, and then click the HPE SSO tab. Trusted certificate and record details Status The status of the certificate or record.
3. Click Delete. iLO prompts you to confirm that you want to delete the selected certificates or records. If you delete the certificate of a remote management system, you might experience impaired functionality when using the remote management system with iLO. 4.
Page 270
Reasons to disable iLO security • All user accounts that have the Administer User Accounts privilege are locked out. • An invalid configuration prevents iLO from being displayed on the network, and the ROM-based configuration utility is disabled. • The iLO NIC is turned off, and it is not possible or convenient to run the ROM-based configuration utility to turn it back on.
Configuring iLO management settings Agentless Management and AMS Agentless Management uses out-of-band communication for increased security and stability. With Agentless Management, health monitoring and alerting is built into the system and begins working the moment a power cord is connected to the server. This feature runs on the iLO hardware, independent of the operating system and processor.
Component Agentless Management without AMS Additional information provided when AMS is installed Other • iLO data • OS information (host SNMP MIB) • Firmware inventory • Driver/service inventory 1, 2 • Device inventory • Logging events to OS logs Prefailure warranty •...
• Download the SPP (Windows, Red Hat Enterprise Linux, SuSE Linux Enterprise Server) from the following website: http://www.hpe.com/servers/spp. • Download the software from the Hewlett Packard Enterprise Support Center (Windows, Red Hat Enterprise Linux, SuSE Linux Enterprise Server, VMware) at http://www.hpe.com/support/hpesc. •...
Verifying AMS status: SuSE and Red Hat Enterprise Linux Procedure 1. To verify that AMS is installed, enter the following command: rpm –qi amsd. 2. To verify that AMS is running, enter one of the following commands: • SuSE Linux Enterprise Server 12 and Red Hat Enterprise Linux 7—systemctl status smad;...
• SuSE Linux Enterprise Server 11 and Red Hat Enterprise Linux 6—Enter the following command: service smad restart; service amsd restart. • VMware—Enter the following command: /etc/init.d/ams.sh restart. • Ubuntu 14—Enter the following command: sudo systemctl restart smad; sudo systemctl restart amsd.
Page 276
Information provided when SMA is enabled • Windows and Linux—SMA provides the same information that is listed in the Agentless Management with AMS column in the Information provided by Agentless Management with and without AMS table. • VMware—SMA provides only SNMP traps. Using the System Management Assistant (Windows) You can choose whether to enable the SMA during an interactive AMS installation, and the SMA is not enabled during a silent installation.
Page 277
i. Enter a community name in the Community Name section, and then click Add to list. j. In the Trap Destination section, click Add, and then enter the IP address of a trap destination. k. Click OK. 3. Start the SMA service. a.
Page 278
For example: esxcli system snmp set -e 1 -c public -t <trap dest IP address>@162/public 2. Enter the following command to verify that SNMP is enabled: esxcli system snmp get 3. Enter the following command to enable and start SMA: esxcli sma enable 4.
• SuSE Linux Enterprise Server 12 and Red Hat Enterprise Linux 7—Enter the following command: systemctl enable amsd_rev; systemctl start amsd_rev. • SuSE Linux Enterprise Server 11 and Red Hat Enterprise Linux 6—Enter the following command: service amsd_rev start. • Ubuntu 14—Enter the following command: sudo systemctl enable amsd_rev;...
• System Role—A string of up to 64 characters that describes the server role or function. • System Role Detail—A string of up to 512 characters that describes specific tasks that the server might perform. • Read Community—The configured SNMP read-only community string. The following formats are supported: ◦...
Configuring SNMPv3 users Prerequisites Configure iLO Settings privilege Procedure 1. Click Management in the navigation tree. The SNMP Settings page is displayed. 2. Select a user profile in the SNMPv3 Users section, and then click Edit. If user profiles are not configured, the Security Name column displays each profile with the value unset.
The SNMP Settings page is displayed. 2. Scroll to the SNMPv3 Users section. 3. Select a user profile in the SNMPv3 Users section, and then click Delete. 4. When prompted to confirm the request, click OK. Configuring the SNMPv3 Engine ID The SNMPv3 Engine ID sets the unique identifier of an SNMP engine belonging to an SNMP agent entity.
Test alerts are used to verify the network connectivity of iLO with the SNMP Alert Destination(s) addresses. After the alert is generated, check the alert destination for receipt of the alert. 6. To save the configuration, click Apply. SNMP alert settings Trap Source Identifier Determines the host name that is used in the SNMP-defined sysName variable when iLO generates SNMP traps.
Test alerts are used to verify the network connectivity of iLO with the Trap Destination(s) addresses. After the alert is generated, check the alert destination for receipt of the alert. 5. To save the configuration, click Apply. SNMP traps SNMP traps lists the SNMP traps that you can generate with iLO 5 and supported ProLiant servers and Synergy compute modules.
Page 285
Trap Trap name Description number 1020 cpqSePciDeviceRemovedOrPoweredOff A PCI device was removed or powered off. 2014 cpqSiIntrusionInstalled System intrusion hardware installed. 2015 cpqSiIntrusionRemoved System intrusion hardware removed. 2016 cpqSiHoodReplaced System hood replaced. 2017 cpqSiHoodRemovedOnPowerOff System hood removed when server power was off. 3033 cpqDa6CntlrStatusChange A change has been detected in the...
Page 286
Trap Trap name Description number 6034 cpqHe3FltTolPowerSupplyRemoved A fault-tolerant power supply has been removed. 6035 cpqHe3FltTolFanDegraded The fault-tolerant fan condition has been set to Degraded. 6036 cpqHe3FltTolFanFailed The fault-tolerant fan condition has been set to Failed. 6037 cpqHe3FltTolFanRedundancyLost The fault-tolerant fans have lost redundancy.
Page 287
Trap Trap name Description number 6062 cpqHeManagementProcReady The management processor is ready. 6064 cpqHe5CorrMemReplaceMemModule Memory errors have been corrected. Replace the memory module. 6069 cpqHe4FltTolPowerSupplyACpowerloss The fault-tolerant power supply in the specified chassis and bay reported AC power loss. 6070 cpqHeSysBatteryFailed The HPE Smart Storage Battery has failed.
Page 288
Trap Trap name Description number 9013 cpqSm2SecurityOverrideDisengaged iLO 5 detected that the security override jumper has been toggled to the disengaged position. 9017 cpqSm2ServerPowerOn The server has been powered on. 9018 cpqSm2ServerPowerOff The server has been powered off. 9019 cpqSm2ServerPowerOnFailure A request was made to power on the server, but the server could not be powered on because of a failure...
Trap Trap name Description number 18013 cpqNic3RedundancyIncreased AMS detected that a previously failed physical adapter in a connected logical adapter group returned to the OK status. 18014 cpqNic3RedundancyReduced AMS detected that a physical adapter in a logical adapter group changed to Failed status, but at least one physical adapter remains in OK status.
Enabling AlertMail Prerequisites • An iLO license that supports this feature is installed. • Configure iLO Settings privilege Procedure 1. Click Management in the navigation tree, and then click the AlertMail tab. 2. Set the Enable iLO AlertMail option to enabled. 3.
Procedure 1. Click Management in the navigation tree, and then click the AlertMail tab. 2. Set the Enable iLO AlertMail option to disabled. 3. To save the changes, click Apply. Remote Syslog The Remote Syslog feature allows iLO to send event notification messages to Syslog servers. The iLO firmware Remote Syslog includes the IML and iLO Event Log.
Disabling iLO Remote Syslog Prerequisites • An iLO license that supports this feature is installed. • Configure iLO Settings privilege Procedure 1. Click Management in the navigation tree, and then click the Remote Syslog tab. 2. Set the Enable iLO Remote Syslog option to disabled. 3.
Working with enclosures, frames, and chassis Using the Active Onboard Administrator OA is the enclosure management processor, subsystem, and firmware base that supports the HPE BladeSystem and all managed devices in the enclosure. The Active Onboard Administrator page allows you to view enclosure information, start the OA web interface, and toggle the enclosure UID LED.
The OA web interface starts in a new browser window. Toggling the enclosure UID LED Procedure 1. Click BL c-Class in the navigation tree. 2. To change the state of the enclosure UID LED where iLO is located, click the Toggle UID button. The UID LED status on the Active Onboard Administrator page represents the enclosure UID LED status when the iLO page loaded.
Frame details • Frame health—The frame health status. This status is also displayed in the frame diagram. • Enclosure UID light—The state of the frame UID LED. The UID LED helps you identify and locate a frame. This status value represents the frame UID LED status when the iLO page loaded. To update the status, refresh the page.
Toggling the server UID LED Procedure To change the state of the server UID LED, click the server UID icon in the frame diagram. Viewing chassis information Procedure Click Chassis Information in the navigation tree. Power Supplies list The Chassis Information page displays the following details about the power supplies in the chassis. Some power supplies do not provide information for all the values on this page.
• High Vaux Warning • Low Vaux Warning • Mismatched Power Supplies Whether the installed power supply is enabled for Power Discovery Services. Power Discovery Services is an enhancement to the iPDU technology. If the chassis power supply is connected to an iPDU, an additional summary table on this page displays the linked iPDUs. Hotplug Whether the power supply bay supports swapping the power supply when the chassis is powered on.
Page 298
• Index—The battery index number. • Present—Whether a battery is installed. The possible values are OK and Not Installed. • Status—The battery status. The possible values are OK, Degraded, Failed, or Other. • Model—The battery model number. • Spare—The part number of the spare battery. •...
Using iLO with other software products and tools iLO and remote management tools iLO 5 supports remote management through supported tools such as HPE OneView. The association between iLO and a remote management tool is configured by using the remote management tool.
iLO warns you to proceed only if the managed server is no longer managed by the remote management tool. 3. Click OK. 4. The <Remote Management Tool Name> page is removed from the iLO navigation tree. Using iLO with HPE OneView HPE OneView interacts with the iLO management processor to configure, monitor, and manage supported servers.
The server signature data cannot be viewed or edited in the iLO web interface, but it can be read with a REST client. For more information, see http://www.hpe.com/support/restfulinterface/docs. Starting Intelligent Provisioning from iLO Always On Intelligent Provisioning is a web interface you can use to perform operating system deployments and review in-depth hardware configuration details.
• IPMI version 2.0 Command Test Tool—A low-level MS-DOS command-line tool that enables hex- formatted IPMI commands to be sent to an IPMI BMC that implements the KCS interface. You can download this tool from the Intel website at http://www.intel.com. •...
Grouping of iLO management processors All iLO devices can be grouped logically and displayed on one page. Agentless Management iLO, combined with Agentless Management, provides remote access to system management information through the iLO web interface. Support for SNMP management HPE SIM can access SNMP information through iLO.
The port entry must be on a single line with the port number first, and with all other items identical to the following example (including capitalization). The following example shows the correct entry for discovering iLO at port 55000: 55000=iLO 5, ,true,false,com.hp.mx.core.tools.identification.mgmtproc.MgmtProcessorParser Viewing iLO in HPE SIM System lists...
Reviewing iLO license information in HPE SIM HPE SIM displays the license status of the iLO management processors. You can use this information to determine how many and which iLO devices have a license installed. To view license information, select Deploy > License Manager. To ensure that the displayed data is current, run the Identify Systems task for your management processors.
Kerberos authentication and Directory services Kerberos authentication with iLO Kerberos support enables a user to log in to iLO by clicking the Zero Sign In button on the login page instead of entering a user name and password. To log in successfully, the client workstation must be logged in to the domain, and the user must be a member of a directory group for which iLO is configured.
• Use DHCPv6 Supplied Domain Name • Use DHCPv6 Supplied DNS Servers Click the General tab. Optional: Update the iLO Subsystem Name (Hostname). Update the Domain Name. Click Submit. 10. To restart iLO, click Reset. iLO hostname and domain name requirements for Kerberos authentication •...
Page 308
For Windows Vista only: See Microsoft hotfix KB960830 and use Ktpass.exe version 6.0.6001.22331 or later. 2. Optional: Use the Setspn command to assign the Kerberos SPN to the iLO system. 3. Optional: Use the Setspn -L <iLO name> command to view the SPN for the iLO system. Verify that the HTTP/myilo.somedomain.net service is displayed.
Example command Ktpass +rndPass -ptype KRB5_NT_SRV_HST -princ HTTP/myilo.somedomain.net@SOMEDOMAIN.NET -mapuser myilo$@somedomain.net -out myilo.keytab Example output Targeting domain controller: domaincontroller.example.net Using legacy password setting method Successfully mapped HTTP/iloname.example.net to iloname. WARNING: pType and account type do not match. This might cause problems. Key created.
Procedure 1. Verify that the date and time of the following are set to within 5 minutes of one another: • The iLO date and time setting • The client running the web browser • The servers performing the authentication Configuring Kerberos support in iLO Procedure 1.
Page 311
g. On a corporate network, *.example.net is sufficient. h. Click Add. i. Click Close. j. To close the Local intranet dialog box, click OK. k. To close the Internet Options dialog box, click OK. 3. Enable the Automatic login only in Intranet zone setting. a.
Verifying the single sign-on (Zero Sign In) configuration Procedure 1. Navigate to the iLO login page (for example, http://iloname.example.net). 2. Click the Zero Sign In button. Verifying that login by name works Procedure 1. Navigate to the iLO login page. 2.
Choosing a directory configuration to use with iLO Before you configure iLO for directories, you must choose between the schema-free and HPE Extended Schema configuration options. Consider the following questions: 1. Can you apply schema extensions to your directory? • Yes—Continue to question 2.
Disadvantage of schema-free directory integration Group privileges are administered on each iLO system. This disadvantage has minimal impact because group privileges rarely change, and the task of changing group membership is administered in the directory and not on each iLO system. Hewlett Packard Enterprise provides tools that enable you to configure many iLO systems at the same time.
3. Ensure that the directory DN of at least one user and the DN of a security group that contains that user are available. This information is used for validating the directory setup. 4. Install an iLO license that enables Directory Service Authentication. 5.
• Directory-enabled remote management • Directory services schema • Active Directory requirements for the HPE Extended Schema configuration 2. Install a. Install an iLO license to enable directory service authentication. b. Download the Directories Support for ProLiant Management Processors package and install the utilities required by your environment.
iLO requires a secure connection to communicate with the directory service. This connection requires the installation of the Microsoft CA. For more information, see the Microsoft Knowledge Base Article 321051: How to Enable LDAP over SSL with a Third-Party Certification Authority. 3.
Page 318
The Installation Complete window opens. 8. To install the Directories Support for ProLiant Management Processors software, click Directories Support for ProLiant Management Processors. a. In the Welcome window, click Next. b. In the License Agreement window, select I Agree, and then click Next. c.
More information Running the Schema Extender on page 319 Directories Support for ProLiant Management Processors (HPLOMIG) on page 333 Managing roles and objects with the Active Directory snap-ins on page 320 Running the Schema Extender Procedure 1. Start the Management Devices Schema Extender from the Windows Start menu. •...
in the tree. The installer attempts to make the target directory server the FSMO schema master of the forest. • Password—A password to log in to the directory. • Use SSL for this Session—Sets the form of secure authentication to be used. If this option is selected, directory authentication through SSL is used.
Page 321
HP Devices tab This tab enables you to add the Hewlett Packard Enterprise devices to be managed within a role. Clicking Add enables you to navigate to a device and add it to the list of member devices. Selecting an existing device and clicking Remove removes the device from the list of valid member devices.
Page 322
Role Restrictions tab This tab enables you to set the following types of role restrictions: • Time restrictions—Click Effective Hours to select the times available for logon for each day of the week, in half-hour increments. You can change a single square by clicking it. To change a section of squares, click and hold the mouse button, drag the cursor across the squares to be changed, and then release the mouse button.
Page 323
the remoteAdmins and remoteMonitors roles, they will have all available rights, because the remoteAdmins role has all rights. The available rights follow: • Login—Controls whether users can log in to the associated devices. • Remote Console—Enables users to access the iLO Remote Console. •...
4. Click OK. The changes are saved, and the iLORole Properties dialog box closes. Sample configuration: Active Directory and HPE Extended Schema The following sections provide an example of how to configure Active Directory with iLO. Configuration process overview Procedure 1.
Page 325
Procedure 1. Create an organizational unit called iLOs that contains the iLO devices managed by the domain. 2. Right-click the iLOs organizational unit in the testdomain.local domain, and then select New HP Object. 3. Select Device in the Create New Object dialog box.
Page 326
Right-click the remoteAdmins role in the Roles organizational unit in the testdomain.local domain, and then select Properties. In the remoteAdmins Properties dialog box, click the HP Devices tab, and then click Add. In the Select Users dialog box, enter the Lights-Out Management object (rib-email-server in folder testdomain.local/iLOs).
Add the rib-email-server device to the list on the HP Devices tab. b. Add users to the remoteMonitors role on the Members tab. c. Select the Login right on the Lights Out Management tab. With this right, members of the remoteMonitors role will be able to authenticate and view the server status.
nested group directly to the role, and assign the appropriate rights and restrictions. You can add new users to either the existing group or the role. When you use trustee or directory rights assignments to extend role membership, users must be able to read the LOM object that represents the LOM device.
• User access restrictions limit user access to authenticate to the directory. • Role access restrictions limit the ability of an authenticated user to receive LOM privileges based on rights specified in one or more roles. User restrictions must be met to Role restrictions must be authenticate to the directory.
In binary math, if the bits of a client machine address, combined with the bits of the subnet mask, match the subnet address in the restriction, the client meets the restriction. DNS-based restrictions DNS-based restrictions use the network name service to examine the logical name of the client machine by looking up machine names assigned to the client IP addresses.
Page 331
To view the access control list, navigate to Active Directory Users and Computers, open the Properties page for the role object, and then click the Security tab. The Advanced View must be enabled in MMC to view the Security tab. Role-based time restrictions Administrators can place time restrictions on LOM roles.
Alternatively, the directory administrator might create a role that grants the login right and restrict it to the corporate network, and then create another role that grants only the server reset right and restrict it to after-hours operation. This configuration is easier to manage but more dangerous because ongoing administration might create another role that grants the login right to users from addresses outside the corporate network.
Directory users The following formats are supported: • LDAP fully distinguished names (Active Directory and OpenLDAP) Example: CN=John Smith,CN=Users,DC=HPE,DC=COM, or @HPE.com The short form of the login name does not notify the directory which domain you are trying to access. Provide the domain name or use the LDAP DN of your account. •...
• Windows 7 • Windows Vista Requirements If enhanced security features, such as the FIPS, SuiteB, or HighSecurity security states, are enabled on the iLO systems to be configured with HPLOMIG, the HPLOMIG client must meet the following requirements: • Windows .NET Framework v4.5 is installed.
a. Name the management processors (HPE Extended Schema only) b. Configure the directory (HPE Extended Schema only) c. Configure the management processors to use the default schema (Schema-free only) 5. Configure communication between iLO and the directory. 6. Import an LDAP CA Certificate. 7.
Page 336
HPLOMIG management processor search criteria You can search for management processors by using DNS names, IP addresses, or IP address wildcards. The following rules apply when you enter values in the Addresses box: • DNS names, IP addresses, and IP address wildcards must be delimited either with semicolons or commas, not both.
• TPM Status • User Name • Password • LDAP Status • Kerberos Status • License Type • FIPS Status For example, one line in the text file might have the following information: 16.100.225.20;iLO;1.10;ILOTPILOT2210;Not Present;user;password;Default Schema;Kerberos Disabled;iLO Advanced;Enabled If, for security reasons, the user name and password cannot be included in the file, leave these columns blank, but enter the semicolons.
2. Select the management processors to upgrade. 3. For each selected management processor, click Browse, and then select a firmware image file. You can also manually enter the path to the firmware image. 4. Click Upgrade Firmware. During the firmware upgrade process, all buttons are deactivated to prevent navigation. The selected management processors are upgraded.
Page 339
2. Select the iLO management processors to configure. The selection filters help to prevent an accidental overwrite of iLOs that are already configured for HPE schema, or iLOs that have directories disabled. 3. Select the directory, Kerberos, and local account settings in the Directory Configuration, Kerberos authentication, and Local accounts sections.
Directory access methods and settings • Disable Directories support—Disable directory support on the selected systems. • Use HPE Extended Schema—Use a directory with the HPE Extended Schema with the selected systems. • Use Directory’s default schema—Use a schema-free directory with the selected systems. •...
The names appear in the Object Name column as they are generated. At this point, names are not written to the directory or the management processors. The names are stored until the next Directories Support for ProLiant Management Processors window is displayed. 4.
Page 342
Procedure 1. In the Directory Server section, enter the Network Address, Login Name, and Password for the designated directory server. 2. Enter the Container DN value, or click Browse to select a container DN. 3. Enter the Role(s) DN value, or click Browse to select a role DN. Kerberos authentication and Directory services...
Page 343
4. Click Update Directory. HPLOMIG connects to the directory, creates the management processor objects, and adds them to the selected roles. 5. After the device objects have been associated to roles, click Next. The values you entered are displayed in the Configure Directory window. Kerberos authentication and Directory services...
6. Click Next. The Set up Management Processors for Directories window opens. 7. Continue with Setting up management processors for directories on page 345. Configure directory window options The boxes on the Configure Directory window follow: • Network Address—The network address of the directory server, which can be a valid DNS name or IP address.
2. Enter the directory server settings. 3. Enter the security group DN. 4. Select the iLO privileges you want to associate with the security group. 5. Click Next. The Set up Management Processors for Directories window opens. 6. Continue to Setting up management processors for directories on page 345. Management processor settings •...
Procedure 1. Navigate to the Set up Management Processors for Directories window if it is not already open. 2. Define the user contexts. The user contexts define where the users who will log in to iLO are located in the LDAP structure. You can enter the organizational unit DN in the User Context boxes, or click Browse to select user contexts.
2. Select the iLO systems for which you will import a certificate, paste the certificate in the text box, and then click Import. 3. When you are finished importing certificates, click Next. The Directory Tests window opens. 4. Continue with Running directory tests with HPLOMIG (optional) on page 347. Running directory tests with HPLOMIG (optional) After you click Next in the LDAP CA Certificate Import, the next step is to test the directory configuration.
Page 348
2. Test the directory settings. a. Select one or more iLO systems b. In the Directory Test Controls section, enter the following: • Directory Administrator Distinguished Name and Directory Administrator Password— Searches the directory for iLO objects, roles, and search contexts. This user must have the right to read the directory.
For more information, see Running directory tests on page 254. 4. Click Done. Directory services schema This appendix describes the classes and attributes that are used to store Hewlett Packard Enterprise Lights-Out management authorization data in the directory service. HPE Management Core LDAP OID classes and attributes Changes made to the schema during the schema setup process include changes to the following: •...
Core attributes Attribute name Assigned OID hpqPolicyDN 1.3.6.1.4.1.232.1001.1.1.2.1 hpqRoleMembership 1.3.6.1.4.1.232.1001.1.1.2.2 hpqTargetMembership 1.3.6.1.4.1.232.1001.1.1.2.3 hpqRoleIPRestrictionDefault 1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleIPRestrictions 1.3.6.1.4.1.232.1001.1.1.2.5 hpqRoleTimeRestriction 1.3.6.1.4.1.232.1001.1.1.2.6 Core class definitions The following tables define the Hewlett Packard Enterprise Management core classes. hpqTarget 1.3.6.1.4.1.232.1001.1.1.1.1 Description This class defines target objects, providing the basis for Hewlett Packard Enterprise products that use directory- enabled management.
Attributes hpqRoleIPRestrictions - 1.3.6.1.4.1.232.1001.1.1.2.5 hpqRoleIPRestrictionDefault - 1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleTimeRestriction - 1.3.6.1.4.1.232.1001.1.1.2.6 hpqTargetMembership - 1.3.6.1.4.1.232.1001.1.1.2.3 Remarks None hpqPolicy 1.3.6.1.4.1.232.1001.1.1.1.3 Description This class defines policy objects, providing the basis for Hewlett Packard Enterprise products that use directory-enabled management. Class Type Structural SuperClasses Attributes hpqPolicyDN - 1.3.6.1.4.1.232.1001.1.1.2.1 Remarks None...
Page 352
hpqTargetMembership 1.3.6.1.4.1.232.1001.1.1.2.3 Description Provides a list of hpqTarget objects that belong to this object. Syntax Distinguished Name - 1.3.6.1.4.1.1466.115.121.1.12 Options Multivalued Remarks None hpqRoleIPRestrictionDefault 1.3.6.1.4.1.232.1001.1.1.2.4 Description A Boolean that represents access by unspecified clients and that partially specifies rights restrictions under an IP network address constraint.
Page 353
Options Multivalued Remarks This attribute is used only on role objects. IP restrictions are satisfied when the address matches and general access is denied. They are unsatisfied when the address matches and general access is allowed. Values are an identifier byte followed by a type-specific number of bytes that specify a network address.
Lights-Out Management specific LDAP OID classes and attributes The following schema attributes and classes might depend on attributes or classes defined in the Hewlett Packard Enterprise Management core classes and attributes. Table 4: Lights-Out Management classes Class name Assigned OID hpqLOMv100 1.3.6.1.4.1.232.1001.1.8.1.1 Lights-Out Management attributes...
Lights-Out Management attribute definitions The following tables define the Lights-Out Management core class attributes. hpqLOMRightLogin 1.3.6.1.4.1.232.1001.1.8.2.3 Description Login right for Lights-Out Management products Syntax Boolean - 1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks Meaningful only on role objects. If TRUE, members of the role are granted the right.
Page 356
Syntax Boolean - 1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is used only on role objects. If this attribute is TRUE, members of the role are granted the right. hpqLOMRightLocalUserAdmin 1.3.6.1.4.1.232.1001.1.8.2.2 Description Local User Database Administration right for Lights-Out Management products. Syntax Boolean - 1.3.6.1.4.1.1466.115.121.1.7 Options...
Managing iLO reboots, factory reset, and NMI Rebooting (resetting) iLO In some cases, it might be necessary to reset iLO; for example, if iLO is not responding to the browser. Using the Reset option does not make any configuration changes, but ends all active connections to the iLO firmware.
4. From the System Utilities screen, click System Configuration, and then click iLO 5 Configuration Utility. 5. Select Yes in the Reset iLO menu. The iLO 5 Configuration Utility prompts you to confirm the reset. 6. Click OK. 7. iLO resets and all active connections are ended. If you are managing iLO remotely, the remote console session is automatically ended.
CAUTION: Initiating a hardware iLO reboot does not make any configuration changes, but ends all active connections to iLO. If a firmware flash is in progress, it is interrupted, which might cause data corruption on the flash device. If data corruption occurs on the flash device, use the secure recovery or iLO network failed flash recovery features.
Click OK. iLO resets to the factory default settings. If you are managing iLO remotely, the remote console session is automatically ended. You cannot access the iLO 5 Configuration Utility again until after the next system reboot. Resume the boot process: a.
Troubleshooting Using the iLO Virtual Serial Port with Windbg If you want to debug a server, you can use the iLO Virtual Serial Port feature with the Windows Windbg kernel debugger running on a local test system. Prerequisites PuTTY is installed on the local test system. You can download PuTTY from the following website: http:// www.putty.org/.
11. Go to the server console (or access the iLO Remote Console), and press Enter to boot the debug selection on the OS load menu. This step might take several minutes. 12. When you are finished debugging the host server, use PuTTY to connect to the CLI and turn off the debug socket to the Virtual Serial Port.
2. Press the UID button again to close the Server Health Summary screen. Server Health Summary details Server screen thumbnail A thumbnail image of the server screen. Server Power The server power status. Product Name The server model. Serial Number The server serial number.
Embedded Smart Array The installed Smart Array firmware version. This value is displayed only if server POST has successfully completed since the last auxiliary power cycle. iLO IPv4 The iLO IPv4 address. This value is displayed only if Show iLO IP during POST is enabled on the Access Settings page.
IML troubleshooting links Troubleshooting information is available for selected IML events. Supported events are displayed as Learn More links in the IML event pane. Login and iLO access issues iLO firmware login name and password not accepted Symptom An iLO firmware login attempt fails. Cause The user account information was entered incorrectly.
If you use a WINS server and a nondynamic DNS server, iLO management port access might be faster if you configure the DNS server to use the WINS server for name resolution. For more information, see the Microsoft documentation. Unable to access the iLO login page Symptom The iLO web interface login page will not load.
For example, if one side is autoselecting the connection, the other side must use the same setting. Unable to return to iLO login page after iLO reset Symptom The iLO login page will not open after an iLO reset. Action Clear the browser cache and restart the browser.
Action Remove the self-signed certificate from the browser certificate store. The self-signed certificate has iLO in the certificate name, and the Issued By value includes the text Default Issuer. Do not install the iLO self-signed certificate in the browser certificate store. If you want to install a certificate, request a permanent certificate from a CA and import it into iLO.
Action 1. Click the menu button, and then select Options. 2. Click Advanced. 3. Click Certificates. 4. Click View Certificates. 5. Click the Servers tab, and then delete any certificates related to iLO. 6. Click the Others tab, and then delete any certificates related to iLO. 7.
Solution 2 Action 1. Navigate to the Administration > Security > SSL Certificate page. 2. Obtain and import an SSL certificate. 3. Reset iLO. Certificate error when navigating to iLO web interface with Chrome Symptom When you navigate to the iLO web interface with Chrome, a certificate error appears. Solution 1 Action 1.
Solution 2 Action 1. Navigate to the Administration > Security > SSL Certificate page. 2. Obtain and import an SSL certificate. 3. Reset iLO. iLO login page displays a Website Certified by an Unknown Authority message Cause The message Website Certified by an Unknown Authority is displayed when you navigate to the iLO login page.
Action Use HPE OneView to refresh the frame that contains the server. Unable connect to an iLO system with the iOS mobile app Symptom The connection fails when you try to connect to an iLO system by using the iOS mobile app. Solution 1 Cause iLO is configured incorrectly or there is a local network problem.
Cause iLO is configured to use the Shared Network Port, and NIC teaming is enabled for the NIC the Shared Network Port uses. In this configuration, network communications might be blocked in the following cases: • The selected NIC teaming mode causes the switch that iLO is connected with to ignore traffic from the server NIC/port that iLO is configured to share.
Action To lock the client PC and get a new ticket, press Ctrl+Alt+Del. Solution 2 Cause Kerberos login is configured incorrectly. Possible reasons follow: • The Kerberos realm that the client PC is logged in to does not match the Kerberos realm for which iLO is configured.
Action Configure the browser to support Kerberos login. iLO credential prompt appears during Kerberos login by name attempt Symptom A credential prompt appears when a user tries to log in to iLO with a user name in Kerberos SPN format and the associated domain password.
Action • Verify that the full DN of the user object exists in the directory. This information appears after the first CN= in the DN. • Verify that the remainder of the DN was added as a user context. User contexts are not case-sensitive, and any other characters, including spaces, are part of the user context.
OpenLDAP authentication fails when configured with nested groups or posixgroups Symptom OpenLDAP authentication fails when the directory is configured with nested groups or posixgroups. Cause iLO does not support nested groups or posixgroups with OpenLDAP. Action Configure iLO with a group in which the LDAP user has a direct membership. Make sure the OpenLDAP directory group has an objectClass of the type groupOfNames.
5. Select the Personal > Certificates folder. 6. Right-click the folder and select Request New Certificate. 7. Verify that the Type is domain controller, and click Next until a certificate is issued. Directory Server DNS Name test reports a failure Symptom The Directory Server DNS Name test reports the status Failed.
Action • Verify that the configured directory server is the correct host. • Verify that iLO has a clear communication path to the directory server through port 636 (consider any routers or firewalls between iLO and the directory server). • Verify that any local firewall on the directory server is enabled to allow communications through port 636.
Action Verify that the directory administrator credentials were entered correctly. User Authentication test reports a failure Symptom The User Authentication test reports the status Failed. Cause Authentication failed with the provided user name and password. Action • Verify that the user credentials were entered correctly. •...
Action Verify that the search contexts were entered correctly. LOM Object Exists test reports a failure Symptom The LOM Object Exists test reports the status Failed. Cause iLO failed to locate the directory object specified by the iLO Object Distinguished Name configured on the Security - Directory page.
Cause You cannot run the Java IRC without accepting the security warning and confirming that you want to run the application. Action 1. Click the Clear button in the Java Console window. 2. To close the Java Console window, click the Close button. 3.
Solution 1 Action 1. Close the .NET IRC or Java IRC. 2. Navigate to the Power Settings page. 3. Clear the Enable persistent mouse and keyboard check box, and then click Apply. 4. Start the .NET IRC or Java IRC again. Solution 2 Action Right-click and drag the mouse cursor outside the Remote Console window, and then drag it back inside.
Viewing your changes before you click Apply might reset the Runtime Parameters dialog box, causing your edits to be lost. 7. Start the browser and log in to iLO. 8. Start the Java IRC again. iLO .NET IRC sends characters continuously after switching windows Symptom When you switch to a different window, the .NET IRC sends characters continuously.
Caps Lock out of sync between iLO and Java IRC Symptom When you log in to the Java IRC, the Caps Lock setting might be out of sync between iLO and the Java IRC. Action To synchronize the Caps Lock settings, select Keyboard > Caps Lock in the Java IRC. Num Lock out of sync between iLO and Shared Remote Console Symptom When you log in to a Shared Remote Console session, the Num Lock setting might be out of sync...
The exact name of these settings varies depending on the OS you are using. For more information about changing the typematic delay and rate, see your OS documentation. Session leader does not receive connection request when iLO .NET IRC is in replay mode Symptom When a Remote Console session leader plays captured video data, a prompt is not displayed when...
Action • Reduce the number of simultaneous iLO user sessions. • Reset iLO. Solution 2 Cause A connected Virtual Media session is being used to perform a continuous copy operation. The continuous copy operation takes priority and, consequently, the .NET IRC loses synchronization. Eventually, the Virtual Media connection resets multiple times and causes the USB media drive for the OS to lose synchronization with the Virtual Media client.
Action Contact the .NET IRC session leader and retry the request, or use the Remote Console acquire feature. File not present after copy from server to iLO Virtual Media USB key Symptom If you copy files from a target server to an iLO virtual drive, the files are not visible in Windows Explorer on the client computer.
5. Optional: If needed, configure the proxy server settings. 6. Close all of the browser windows. 7. Restart the browser and start the .NET IRC. iLO .NET IRC will not start Symptom When you start the .NET IRC, the Cannot Start Application dialog box appears with the message Application cannot be started.
You can download the Standalone IRC from the following website: http://www.hpe.com/support/ hpesc. • Use the iLO mobile app. For more information, seehttp://www.hpe.com/info/ilo/mobileapp. iLO .NET IRC will not start in Google Chrome Symptom When you launch the .NET IRC in Google Chrome, the application fails to start. Cause Previous versions of Google Chrome could run the .NET IRC with an NPAPI plug-in that supported ClickOnce.
Action • Right-click Internet Explorer, and then select Run as administrator. Start the iLO web interface, launch the Remote Console, and then boot to the USB key. • Plug the USB key directly into the server. SSH issues Initial PuTTY input slow with iLO Symptom During the initial connection to iLO through a PuTTY client, input is accepted slowly for approximately 5 seconds.
Action Hewlett Packard Enterprise recommends configuring the text application in 80 x 25 mode or using the graphical Remote Console. An SSH session fails to start or terminates unexpectedly Symptom An SSH session fails to start or terminates unexpectedly. Cause iLO is configured to use the Shared Network Port, and NIC teaming is enabled for the NIC the Shared Network Port uses.
Cause If you use an SSH terminal to access the text console, SSH might intercept keystroke data and not pass the action to the text-based Remote Console. When this behavior occurs, it looks like the keystroke did not perform its function. Action Disable SSH terminal shortcuts.
Action 1. Click Information in the navigation tree, and then click the Diagnostics tab. 2. Click Reset. Clicking Reset does not make any configuration changes, but it terminates any active connections to iLO and completes any firmware updates in progress. The Configure iLO Settings privilege is required to reset iLO.
• AMS is enabled and the OS is running. • For Insight Remote Support central connect only: A supported version of Insight RS is installed on the host server. For more information, see http://www.hpe.com/support/InsightRS-Support- Matrix. • For Insight Remote Support central connect only: The RIBCL credentials for the server have been entered in the Insight RS Console and are associated with the ProLiant server.
Cause The server warranty expired. Action You must have a valid contract or warranty to receive remote support. You can continue to use the iLO features to monitor and manage your server, even after the warranty expires. Server not identified by server name in Insight Online or Insight RS Symptom A server is not identified as <server name>...
Action • To continue using Insight Remote Support central connect, unregister the server from Insight Online direct connect, and then rediscover the server on the Insight RS host server. • To continue using Insight Online direct connect, unregister the server from Insight Remote Support central connect as described in and the Insight Remote Support monitored devices configuration guide.
Cause Duplicate records for a device might be created in Insight Online in the following cases: • Insight RS discovered an incomplete set of details about the device. It discovered the OS and network information, but did not discover the serial number or product number. When Insight RS rediscovered the device, it obtains a complete set of information about the device.
Action Check the time and time zone setting on the monitored device. If the time zone is set using a time server or DHCP, verify that the time server or DHCP is correctly configured and set to the appropriate time. This issue does not affect service delivery by Hewlett Packard Enterprise or a Hewlett Packard Enterprise Authorized Service Partner because the host server time is used as a reference.
Cause This error might occur in the following situations: • A peer of the local iLO system has a peer that has failed. • An intermediate firewall is preventing communication between the local iLO system and a peer. • Network configuration changes are preventing communication between the local iLO system and a peer.
Action Ensure that the group key matches for all iLO systems that are members of the selected group. iLO peers are not displayed on iLO Federation pages Symptom iLO peers (systems in the same group as the local iLO system) are not displayed on iLO Federation pages.
• iLO firmware is not responding. • iLO did not accept the firmware update request. • An iLO firmware update stopped before the update was complete. Solution 1 Cause A communication or network issue occurred. Action 1. Attempt to connect to iLO through the web browser. If you cannot connect, there is a communication issue.
Action 1. Refresh the browser window. 2. Retry the iLO firmware update. iLO network Failed Flash Recovery Most firmware upgrades finish successfully. In the unlikely event of server power loss during an iLO firmware upgrade, iLO might be recoverable when power is restored. When the iLO starts, the startup code performs image validation on the main image.
Licensing issues License key installation errors Symptom You see a License Key Error or a License Installation Failed message. Solution 1 Cause The key is not an iLO license key. Action Obtain an iLO license key, and then try again. Solution 2 Cause An evaluation key was submitted when a regular license was previously installed.
Cause You enable the iLO Virtual Media and graphical Remote Console features by installing an optional iLO license. If a license is not installed, a message informs you that these features are not available without a license. Action Install an iLO license that supports these features. Recovering an iLO license key Symptom A previously licensed iLO system is no longer licensed, and you want to recover and reinstall the license...
For instructions, see the iLO Licensing Guide at the following website: http://www.hpe.com/support/ilo- docs. Agentless Management, AMS, and SNMP issues AMS is installed but unavailable in iLO Symptom AMS is installed on a server, but it is listed as Not available in the iLO web interface. Action 1.
Websites General websites Hewlett Packard Enterprise Information Library www.hpe.com/info/EIL For additional websites, see Support and other resources. Product websites http://www.hpe.com/info/ilo iLO 5 Information Library http://www.hpe.com/support/ilo-docs iLO Support http://www.hpe.com/support/ilo5 iLO Advanced http://www.hpe.com/servers/iloadvanced iLO Advanced Premium Security Edition http://www.hpe.com/servers/ilopremium iLO mobile app http://www.hpe.com/info/ilo/mobileapp Active Health System Viewer http://www.hpe.com/servers/ahsv...
Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: http://www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: http://www.hpe.com/support/hpesc Information to collect •...
www.hpe.com/support/AccessToSupportMaterials IMPORTANT: Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HPE Passport set up with relevant entitlements. Customer self repair Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your convenience.
Additional warranty information HPE ProLiant and x86 Servers and Options www.hpe.com/support/ProLiantServers-Warranties HPE Enterprise Servers www.hpe.com/support/EnterpriseServers-Warranties HPE Storage Products www.hpe.com/support/Storage-Warranties HPE Networking Products www.hpe.com/support/Networking-Warranties Regulatory information To view the regulatory information for your product, view the Safety and Compliance Information for Server, Storage, Power, Networking, and Rack Products, available at the Hewlett Packard Enterprise Support Center: www.hpe.com/support/Safety-Compliance-EnterpriseProducts...