Contents Operational overview ........................9 Guide overview ............................9 New in this release of iLO 2 ........................9 iLO 2 overview ............................10 Differences between iLO 2 and iLO ....................10 HP Insight Essentials Rapid Deployment Pack integration ..............11 Server management through IPMI version 2.0 compliant applications...........
Page 5
iLO 2 BL c-Class tab........................128 Enclosure bay IP addressing ......................128 Dynamic power capping for server blades..................130 iLO 2 Virtual Fan ......................... 131 iLO option ..........................131 Web Administration........................132 BL p-Class and BL c-Class features....................132 Directory services........................134 Overview of directory integration ......................
Page 6
Configuring directories when schema-free integration is selected ............180 Setting up management processors for directories................181 HP Systems Insight Manager integration ..................183 Integrating iLO 2 with HP SIM......................... 183 HP SIM functional overview ........................183 Establishing SSO with HP SIM ........................ 184 HP SIM identification and association ......................
Page 7
No console replay while server is powered down................203 Skipping information during boot and fault buffer playback .............. 203 Out of Memory error starting Integrated Remote Console..............203 Session leader does not receive connection request when IRC is in replay mode........203 Keyboard LED does not display correctly ..................
Page 8
Lights-Out Management attribute definitions ..................218 Technical support........................220 Support information ..........................220 HP contact information ........................... 221 Before you contact HP..........................221 Acronyms and abbreviations...................... 222 Index............................229 Contents 8...
Operational overview Guide overview HP iLO 2 provides multiple ways to configure, update, and operate servers remotely. The HP Integrated Lights-Out 2 User Guide describes these features and how to use them with the browser-based interface and RBSU. Some features are licensed features and may only be accessed after purchasing an optional license.
iLO 2 overview iLO 2 can remotely perform most functions that otherwise require a visit to servers at the data center, computer room, or remote location. The following are just a few examples of using iLO 2 features. • iLO 2 Remote Console and virtual power enables you to view a stalled remote server with blue screen conditions and restart the server without onsite assistance.
Feature iLO 2 Support for Microsoft® JVM Remote Console Acquire button Terminal Services integration HP schema directory integration Schema-free directory integration Two-factor authentication Power Regulator reporting Virtual Floppy and CD/DVD-ROM USB key virtual media Virtual folder HP Insight Essentials Rapid Deployment Pack integration HP Insight Essentials Rapid Deployment Pack integrates with iLO 2 to enable the management of remote servers and the performance of remote console operations regardless of the state of the operating system or hardware.
iLO 2 provides the KCS interface, or open interface, for SMS communications. The KCS interface provides a set of I/O mapped communications registers. The default system base address for the I/O mapped SMS Interface is 0xCA2 and is byte aligned at this system address. The KCS interface is accessible to SMS software that is running on the local system.
• Status The WS-Management in iLO 2 returns status information for fans, temperatures, power supplies, and VRMs. iLO 2 browser interface overview The iLO 2 browser interface groups similar tasks for easy navigation and workflow. These tasks are organized under high-level tabs across the top of the iLO 2 interface. These tabs are always visible and include System Status, Remote Console, Virtual Media, Power Management, and Administration.
HP supports Microsoft® JVM and SUN Java™ 1.4.2_13. To download the recommended JVM for your system configuration, refer to the HP website (http://www.hp.com/servers/manage/jvm). • Firefox 2.0 This browser is supported on Red Hat Enterprise Linux Desktop 4 and Novell Linux Desktop 9. HP supports Microsoft®...
Page 15
SUSE LINUX Enterprise Server 10 Operational overview 15...
iLO 2 setup Quick setup To quickly setup iLO 2 using the default settings for iLO 2 Standard and iLO Advanced features, follow the steps below: Prepare—Decide how you want to handle networking and security ("Preparing to setup iLO 2" on page 16) Connect iLO 2 to the network ("Connecting to the...
Page 17
To access iLO 2 after connecting it to the network, the management processor must acquire an IP address and subnet mask using either a dynamic or static process: Dynamic IP address is set by default. iLO 2 obtains the IP address and subnet mask from DNS/DHCP servers.
Connecting to the network Typically iLO 2 is connected to the network in one of two ways. iLO 2 can be connected through a: • Corporate network where both ports are connected to the corporate network. In this configuration, the server has two network ports (one server NIC, and one iLO 2 NIC) connected to a corporate network.
To configure a static IP address, use the iLO 2 RBSU with the following procedure to disable DNS and DHCP and configure the IP address and the subnet mask: Restart or power up the server. Press the F8 key when prompted during POST. The iLO 2 RBSU runs. Select Network>DNS/DHCP, press the Enter key, and then select DHCP Enable.
Setting up iLO 2 using iLO 2 RBSU HP recommends iLO 2 RBSU to initially set up iLO 2 and configure iLO 2 network parameters for environments that do not use DHCP and DNS or WINS. RBSU provides the basic tools to configure iLO 2 network settings and user accounts to get iLO 2 on the network.
Click Administration>Licensing to display the iLO 2 license activation screen. Enter the license key. Press the Tab key or click inside a field to move between fields. The Activation Key field advances automatically as you enter data. Click Licensing to clear the fields and reload the page.
• CPQASM2.SYS, SYSMGMT.SYS, and SYSDOWN.SYS provide the iLO 2 Advanced Server Management Controller Driver support. PSP for Microsoft® Windows® products includes an installer that analyzes system requirements and installs all drivers. The PSP is available on the HP website (http://www.hp.com/support) or on the SmartStart CD.
Page 23
To install the drivers download the PSP from the HP website (http://www.hp.com/support) to a NetWare server. After downloading the PSP, follow the Novell NetWare component installation instructions to complete the installation. For additional information about the PSP installation, read the text file included in the PSP download.
Configuring iLO 2 iLO 2 configuration overview Typically, an advanced or administrative user who must manage users and configure global and network settings configures iLO 2. You can configure iLO 2 using the iLO 2 browser-based GUI or scripting tools such as CPQLOCFG and HPONCFG (described in the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide.) The iLO 2 Administration tab enables you to configure and manage user settings, SNMP alerting (through...
• Firmware Maintenance CD-ROM—Download the component to create a bootable CD that contains many firmware updates for ProLiant servers and options. • Scripting with CPQLOCFG—Download the CPQLOCFG component to get the network-based scripting utility, CPQLOCFG. CPQLOCFG enables you to use RIBCL scripts that perform firmware updates, iLO 2 configuration, and iLO 2 operations in bulk, securely over the network.
If the firmware upgrade is interrupted or fails, attempt the upgrade again immediately. Do not reset the iLO 2 system before reattempting a firmware upgrade. Updating the firmware using the maintenance CD To use HP Smart Update Manager on the Firmware Maintenance CD: Place the Firmware Maintenance CD on a USB key using the USB Key Creator Utility.
Page 27
If you purchase the iLO Advanced Pack or the iLO Advanced Pack for BladeSystem with any Insight Control software suite or iLO Power Management Pack, HP provides Technical Support and Update Services. For more information, see "Support information (on page 220)." If you purchase the iLO Advanced Pack or the iLO Advanced Pack for Blade System as a one-time activation of licensed features, you must purchase future functional upgrades.
To access local accounts, click Administration>User Administration>Local Accounts. iLO 2 Directory Accounts enables you to view iLO 2 groups and modify the settings for those groups. You must have the Administer Directory Groups privilege. To access Directory Accounts, click Administration>User Administration>Group Accounts. Adding a new user IMPORTANT: Only users with the Administer User Accounts privilege can manage other users...
Page 30
Select User Administration>Local Accounts. Click New. Complete the fields. The following options are available: User Name is displayed in the user list and on the home page. It is not necessarily the same as the Login name. The maximum length for a User Name is 39 characters. The User Name must use printable characters.
Certificate button. Click this button to map a certificate to the user. After a certificate is mapped to the user account, a 40-digit thumbprint of the certificate appears, along with the Remove this Certificate button, which can be used to remove the certificate. If Two-Factor Authentication is enabled, a different certificate should be mapped to each user.
Click User Administration and select from the list the name of the user whose information you want to change. Click Delete User. A pop-up window is displayed asking, Are you sure you want to delete the selected user? Click OK. Group administration iLO 2 enables you to view iLO 2 groups and modify settings for those groups.
After iLO 2 is correctly configured, revoking this privilege from all groups prevents reconfiguration. Users with the Administer Group Accounts privilege can enable or disable this privilege. iLO 2 can also be reconfigured if iLO 2 RBSU is enabled. Click Save Group Information to save updated information, or click Cancel to discard changes and return to the Group Administration page.
Page 34
Parameter Default value Description Secure shell (SSH) This setting enables you to configure the iLO 2 SSH port to Port be used for SSH communications. Telnet Access Disabled This setting enables you to connect a telnet client to the Remote Console/Telnet port, providing access to the iLO 2 CLP.
Page 35
Parameter Default value Description Console Replay Port 17990 This setting enables you to specify the Console Replay Port. The Console Replay Port is opened on the client to enable the transfer of internal capture buffers to the client for replay. This port is only open when a capture buffer is being transferred to the client.
Page 36
• Windows® XP On Windows® XP servers, the Terminal Services client and RDP connection is built in. The client is part of the operating system and is activated using Remote Desktop sharing. To activate desktop sharing, select Start>Programs>Accessories>Communications>Remote Desktop. The Terminal Services client in Windows®...
Page 37
Enabling the Terminal Services Passthrough option By default, the Terminal Services Passthrough feature is disabled and can be enabled on the Administration>Access>Services page. The Terminal Services button in the Remote Console is deactivated until the Terminal Services Pass-Through feature is enabled. To use of the Terminal Services Passthrough feature, install the latest Lights-Out Management Interface Driver and then install Terminal Services passthrough service for Microsoft®...
Page 38
When using the Terminal Services pass-through option with Windows Server® 2003 and Windows Server® 2008, there is approximately a 30-second delay after the CTRL-ALT-DEL dialog box appears before the Terminal Services client launches. The 30-second delay represents how long it takes for the service to connect to the RDP client running on the server.
Access options iLO 2 enables you to modify iLO 2 access, including connection idle time, iLO 2 functionality, iLO 2 RBSU, login requirements, CLI parameters, minimum password length, and server name. Settings on the Access Options page apply to all iLO 2 users. You must have the Configure iLO 2 Settings privilege to modify settings on this page.
Page 40
Parameter Default value Descriptions iLO 2 ROM-Based Enabled This setting enables or disables the iLO 2 ROM-Based Setup Setup Utility Utility. Normally, the iLO2 Option ROM prompts you to press F8 to enter RBSU, but if iLO 2 is disabled or iLO 2 RBSU is disabled, the RBSU prompt is bypassed.
When logging in to iLO 2 with Telnet or SSH clients, the number of login name and password prompts offered by iLO 2 matches the value of the Authentication Failure Logging parameter (or 3 when it is disabled.) However, the number of prompts might also be affected by your Telnet and SSH client configurations.
• Encrypted communication using: SSH key administration SSL certificate administration • Support for optional LDAP-based directory services Some of these options are licensed features. To verify your available options, see the section, "Licensing (on page 26)." General security guidelines The following are general guidelines concerning security for iLO 2: •...
• RBSU Disabled (most secure) If iLO 2 RBSU is disabled, user access is prohibited. This prevents modification using the RBSU interface. iLO 2 Security Override Switch administration The iLO 2 Security Override Switch allows the administrator full access to the iLO 2 processor. This access may be necessary for any of the following conditions: •...
iLO 2 provides support for the TPM mezzanine module in ProLiant 100 and ProLiant 300/500 series servers. On a supported system, iLO 2 decodes the TPM record and passes the configuration status to iLO 2, CLP, and XML interface. The System Status page displays the TPM configuration status. If the host system or System ROM does not support TPM, TPM Status is not displayed in Status Summary page.
iLO 2 saves a detailed log entry for failed login attempts, which imposes a delay of 60 seconds. SSH key administration iLO 2 enables you to authorize up to four SSH keys at one time on the SSH Key tab. The SSH Key tab also displays the owner (if any keys are authorized) of each authorized SSH key.
Base64-encoded. A CA processes this request and returns a response (X.509 certificate) that can be imported into iLO 2. The CR contains a public/private key pair that validates communications between the client browser and iLO 2. The generated CR is held in memory until a new CR is generated, iLO 2 is reset, or a certificate is imported by the generation process.
Page 47
When two-factor authentication is enabled, access by the CPQLOCFG utility is disabled because CPQLOCFG does not meet all authentication requirements. However, the HPONCFG utility works because administrator privileges on the host system are required to execute the utility. A trusted CA certificate is required for two-factor authentication to function. You cannot change the Two- Factor Authentication Enforcement setting to Enabled if a trusted CA certificate is not configured.
Page 48
From your desktop, open the file for the user certificate in Notepad, select all the text, and copy the text to the clipboard by pressing the Ctrl+C keys. Browse to the User Administration page on iLO 2, and select the user for which you have obtained a public certificate or create a new user.
Page 49
Select the certificate added to the user in iLO 2. Click OK. If prompted to do so, insert your smart card, or enter your PIN or password. The login page should be displayed with the e-mail address for the user in the Directory User field. You cannot change the Directory User field.
Page 50
After you have selected a certificate, if the certificate is protected with a password or if the certificate is stored on a smart card, a second page appears prompting you to enter the PIN or password associated with the chosen certificate. The certificate is examined by iLO 2 to ensure it was issued by a trusted CA by checking the signature against the CA certificate configured in iLO 2.
with CN=John Doe,OU=IT,DC=MyCompany,DC=com, which is the user's actual distinguished name. If the correct password is entered, the user is authenticated. Authentication using Default Directory Schema, part 2: The distinguished name for a user in the directory is [email protected],OU=IT,DC=MyCompany,DC=com, and the following are the attributes of John Doe's certificate: •...
Page 52
Configuring directory settings iLO 2 enables administrators to centralize user account administration using directory services. You must have the Configure iLO 2 Settings privilege to configure and test the iLO 2 directory services. To access Directory Settings, click Administration>Security>Directory. iLO 2 directory settings enable you to control directory-related behavior for the iLO 2 directory you are logged into.
Page 53
• Directory Server Address—Enables you to specify the network DNS name or IP address of the directory server. You can specify multiple servers, separated by a comma (,) or space ( ). If Use Directory Default Schema is selected, enter a DNS name in the Directory Server Address field to allow authentication with user ID.
To test the communication between the directory server and iLO 2, click Test Settings. For more information, see the section, "Directory Tests (on page 54)." Directory tests To validate current directory settings for iLO 2, click Test Settings on the Directory Settings page. The Directory Tests page appears.
Page 55
By default, remote console data uses 128-bit RC4 bi-directional encryption. The CPQLOCFG utility uses a 168-bit Triple DES with RSA and a SHA1 MAC cipher to securely send RIBCL scripts to iLO 2 over the network. Encryption settings You can view or modify the current encryption settings using the iLO 2 interface, CLP, or RIBCL. To view or modify current encryption settings using the iLO 2 interface: Click Administration>Security>Encryption.
IMPORTANT: Incorrectly editing the registry can severely damage your system. HP recommends creating a back up of any valued data on the computer before making changes to the registry. For information on how to restore your registry, see the Microsoft Knowledge base article (http://support.microsoft.com/kb/307545).
Page 57
certificates and iLO 2 server names. When the allocated storage is used, no more imports are accepted. After setting up SSO in iLO 2, log into HP SIM, locate the LOM processor, select Tools>System Information>iLO as... HP SIM launches a new browser that is logged in to the LOM management processor.
Page 58
Setting up HP SIM SSO The HP SIM SSO page allows you to view and configure the existing iLO 2 Single Sign-On settings. You must have the Configure iLO 2 privilege to alter these settings. To access iLO 2 SSO settings, click Administration>Security>HP SIM SSO.
by Certificate, SSO is not allowed from that server. Likewise, if a HP SIM server certificate is imported, but the certificate has expired, SSO is not allowed from that server. Additionally, the records are not used when SSO is disabled. iLO 2 does not enforce SSO server certificate revocation.
R_ALT L_SHIFT R_SHIFT L-CTRL R_CTRL L_GUI R_GUI " " (Space) : HOME " < PG_UP > PG_DN ENTER & BREAK BACKSPACE NUM PLUS NUM MINUS SCRL LCK SYS RQ Click Apply to save changes. This feature can also be configured using scripting or command lines. For more information, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide.
Network Settings The Network Settings page displays the NIC IP address, subnet mask, and other TCP/IP-related information and settings. From the Network Settings screen, you can enable or disable DHCP and configure a static IP address for servers not using DHCP. All users can view the network settings, but only users with the Configure iLO 2 Settings privilege can change these settings.
Page 62
iLO 2 subsystem name limitations The iLO 2 subsystem name represents the DNS name of the iLO 2 subsystem. For example, ilo instead of ilo.hp.com. This name can only be used, if DHCP and DNS are configured properly to connect to the iLO 2 subsystem name instead of the IP address.
Page 63
NIC port for iLO 2 server management. The iLO 2 Shared Network Port and the iLO 2 Dedicated Management NIC port cannot operate simultaneously. If you enable the dedicated iLO 2 NIC, you will disable the iLO 2 Shared Network Port. If you enable the iLO 2 Shared Network Port, you will disable the dedicated iLO 2 Dedicated Management NIC.
Page 64
After iLO 2 resets, the Shared Network Port feature is active. Any network traffic going to or originating from iLO 2 is directed through the system's NIC port 1. Enabling the iLO 2 Shared Network Port feature through the web interface Connect iLO 2 NIC port 1 to a LAN.
DHCP/DNS Settings The iLO 2 DHCP/DNS Settings page displays DHCP/DNS configuration information for iLO 2. All users can view the DHCP/DNS settings, but you must have the Configure iLO 2 Settings privilege to change them. These settings can also be changed using the iLO 2 RBSU (F8 during POST). To access DHCP/DNS settings, click Administration>Network>DHCP/DNS.
Use DHCP Supplied Domain Name—Toggles if iLO 2 uses the DHCP server-supplied domain name. If not, enter a domain name in the Domain Name box. • WINS Server Registration toggles if iLO 2 registers its name with a WINS server. •...
For more information see to the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide. To configure alerts: Log in to iLO 2 using an account that has the Configure iLO 2 Settings privilege. Select Management in the Administration tab. The SNMP/Insight Manager Settings screen appears. In the SNMP Alert Destination(s) fields, enter up to three IP addresses that you want to receive the SNMP alerts and select the alert options you want iLO 2 to support.
the iLO 2 interface, CLI, RIBCL or other management feature. If the server is powered down because of the operating system, physical power button presses, or other methods, the alert is generated and sent. • ALERT_SERVER_RESET occurs when the iLO 2 management processor is used to perform a cold boot or warm boot of the host system.
To see the results of changes made, click Apply Settings to save the changes. Click Reset Settings to return the page to its clear the fields and return to its previous state. The Reset Settings button does not save any changes.
Page 70
Static IP Bay Configuration is not supported in G1 BL-series blade enclosures. To view the enclosure generation, click BL p-Class>Rack View>Details for a specific enclosure. Static IP Bay configuration is not supported on an enclosure when Enclosure Type details displays the message BL Enclosure G1. When a blade is redeployed, Static IP Bay Configuration might not complete as expected.
Page 71
The Enable Static IP Bay Configuration Settings checkbox, available on the Network Settings tab (not shown), allows you to enable or disable Static IP Bay Configuration. The new Enable Static IP Bay Configuration Settings option is only available on blade servers. When Static IP Bay Configuration is enabled, all fields except iLO 2 Subsystem Name are disabled.
Static Route #1, #2, and #3 (destination gateway)—Assigns the appropriate static route destination and gateway IP address on your network (the default IP values are 0.0.0.0 and 0.0.0.0, where the first IP address corresponds to the destination IP, and the second IP address corresponds to the gateway IP). Enabling iLO 2 IP address assignment The bay #1 through bay #16 checkboxes enable you to select which BL p-Class blade servers will be configured.
Page 73
iLO 2 configuration Server RAID verification Virtual media connection Software installation iLO 2 configuration screen This screen enables you to change the following settings: • Administrator password. HP recommends changing the default password. • Network configuration settings. The following are the default settings: Enable DHCP—Yes Enable Static IP Bay Configuration—No •...
indicating that this action is occurring. The page is refreshed automatically every 10 seconds. After the server reboots, the next page in the installation wizard displays again. If an error occurs during the RAID reset process, the RAID Configuration page will redisplay with an indication of the error. An error is most likely to occur if the server is in POST.
Page 75
• Speed • Duplex • IP Address Use this parameter to assign a static IP address to iLO 2 on your network. By default, the IP address is assigned by DHCP. By default, the IP address is 192.168.1.1 for all iLO 2 Diagnostic Ports. •...
Using iLO 2 System status and status summary information When you first access iLO 2, the interface displays the Status Summary page with system status and status summary information, and provides access to health information, system logs, and Insight Agent information.
Page 77
• Internal Health LED—Represents the server internal health indicator (if supported). It summarizes problems with fans, temperature sensors, VRMs, and other monitored subsystems in the server. For more information, see "System Information Summary (on page 78)." • TPM Status—Displays TPM status configuration. If the host system or System ROM does not support TPM, TPM Status does not appear in Status Summary page.
System Information Summary System Information displays the health of the monitored system. Many of the features necessary to operate and manage the components of the HP ProLiant server have migrated from the health driver to the iLO 2 microprocessor. These features are available without installing and loading the health driver for the installed operating system.
Page 79
Monitoring the fan sub-system includes the sufficient, redundant, and non-redundant configurations of the fans. Fan failure is a rare occurrence, but to ensure reliability and uptime, ProLiant servers have redundant fan configurations. In ProLiant servers that support redundant configurations, fan or fans might fail and still provide sufficient cooling to continue operation.
Processors The Processors tab displays the available processor slots, the type of processor installed in the slot, and a brief status summary of the processor subsystem. If available, installed processor speed in MHz and cache capabilities are displayed. Memory The Memory tab displays the available memory slots and the type of memory, if any, installed in the slot. The NIC tab displays the MAC addresses of the integrated NICs.
view the event log even when the server is off can be helpful when troubleshooting remote host server problems. You can sort the log by clicking the header of any column of data. After the sort completes, clicking the same column header again sorts the log in reverse of its current order. Very large logs will take several minutes to sort and display.
Use the Debug feature if a software application hangs the system. The Generate NMI to System button can be used to engage the operating system debugger. Initiate the dump of an unresponsive host if you want to capture the server context. The Virtual Power and Reset privilege is required to generate an NMI.
iLO 2 Remote Console iLO 2 Remote Console redirects the host server console to the network client browser, providing full text (standard), graphical mode video, keyboard, and mouse access to the remote host server (if licensed). iLO 2 uses virtual KVM technology to improve remote console performance comparable with other KVM solutions.
Remote console access to the host server after server POST is a licensed feature available with the purchase of optional licenses. For more information, see "Licensing (on page 26)". To access iLO 2 Remote Console, click Remote Console. The Remote Console Information page appears. Remote Console overview and licensing options Remote Console and Integrated Remote Console connections are graphical and must be rendered using a client program that can process iLO 2 graphics commands.
Page 85
• High Performance Mouse settings can help alleviate remote console mouse synchronization issues, but this feature is not supported on all operating systems. The effects of changing the settings take place when remote console is started or restarted. The following options are available: Disabled—Enables the mouse to use the relative coordinates mode which is compatible with most host operating systems.
Page 86
Export enables you to trigger an export manually. Export username is the username for the web server that is specified in the URL. Password is the password of the web server that is specified in the URL. After making changes, click Apply. •...
Page 87
information, refer to "Remote Console hot keys (on page 86)." The following table lists keys available to combine in a Remote Console hot key sequence. L_ALT " " < (Space) R_ALT > L_SHIFT R_SHIFT & HOME PG UP PG DN ENTER BREAK ’...
Hot keys and international keyboards To set up hot keys on an international keyboard, select keys on your keyboard in the same position on a US keyboard. To create a hot key using the international AltGR key, use R_ALT in the key list. Use the US keyboard layout shown to select your keys.
Page 89
feature available with the purchase of optional licenses. For more information, see "Licensing (on page 26)". The Integrated Remote Console supports four simultaneous remote console sessions with the same server if enabled through the Remote Console Settings screen, SMASH CLI (OEM), or RIBCL. For more information about using multiple remote console sessions, see the section, "Shared Remote Console (on page 93)."...
Page 90
Replay file—Displays an Open dialog box enabling you to view a previously saved file. After you select a file and click Open, the Remote Console menu changes to the Replay Console menu. • Replay (play icon on the main menu)—Displays the Replay Console. The Replay Console provides playback control of the selected data buffer and displays elapsed playback time.
Page 91
• Drive—Displays all available media. • Power (green power icon)—Displays the power status and allows you to access the power options. The power button is green when the server is powered up. When you press Power the Virtual Power Button screen appears with four options: Momentary Press, Press and Hold, Cold Boot, and Reset System.
Page 92
location similar to a USB tablet mouse. A conventional mouse sends relative position information (such as the mouse has moved 12 pixels to the right). The host computer can modify relative position information to enable features like mouse acceleration. When using the Remote Console, the client is not aware of these modifications.
Shared Remote Console Shared Remote Console is an iLO 2 feature that allows the connection of up to four sessions on the same on the same server. This feature does not replace the Acquire feature described in "Acquiring the Remote console (on page 96)"...
Using HP iLO Video Player HP iLO Video Player enables you to playback iLO 2 console capture files without installing iLO 2 on your local system. iLO Video Player is designed as a typical media player with similar controls. You can run iLO Video Player as a standalone application on either a server or client.
Page 95
• Help Help Topics—Opens the iLO Video Player help file. About—Opens the iLO Video Player About page. iLO Video Player controls Control Name Function Play/Pause Starts playback if the currently selected file is not playing or is paused. If playback is in progress, it pauses the file. If no file is selected, the button is disabled.
Acquiring the Remote Console When the Remote Console Acquire setting on the Remote Console Settings screen is enabled, the Remote Console page displays the Acquire button. If you have opened the Remote Console page and are notified that another user is currently using Remote Console, clicking the Acquire button ends the other user's Remote Console session and starts a Remote Console session in your current window.
Page 97
client operating systems (on page 13)" section. Remote Console is a licensed feature available with the purchase of optional licenses. For more information, see "Licensing (on page 26)". Remote Console uses dual cursors to help you distinguish between the local and remote mouse pointers. The client computer's mouse cursor appears in the Remote Console as a crosshair symbol.
• Close ends the Remote Console session and closes the Remote Console window. Recommended client settings Ideally, the remote server operating system display resolution should be the same resolution, or smaller, than that of the browser computer. Higher server resolutions transmit more information, slowing the overall performance.
Page 99
The Remote Console uses Virtual KVM and does not provide a true text-based console. iLO 2 uses the video adapter DVO port to access video memory directly. This method significantly increases iLO 2 performance. However, the digital video stream does not contain useful text data. Data obtained from the DVO port represents graphical data (non-character-based), and is not comprehensible ASCII or text data.
Page 100
Other text-based operating systems Text mode screen support does not include graphics, other VGA text resolutions (132x48, 80x48), or other text resolutions implemented through a driver (implemented graphically). • Remote Console hot keys • International language keyboards (if the server and client system are configured similarly) •...
Page 101
To control the translation, use the xlt option with the appropriate reference number. For example to set iLO 2 Text Console to a sampling rate of 50 ms using the translation of a British keyboard, enter: textcons speed 50 xlt 41 To translate to another language, use one of the following: Keyboard Reference number...
Page 102
Character value Description Mapped equivalent 0x1F Down pointer 0xFF Shaded block blank space Using a Linux session You can run an iLO 2 virtual serial port on a Linux system, if the system is configured to present a terminal session on the serial port. This feature enables you to use a remote logging service. You can remotely log on to the serial port and redirect output to a log file.
Page 103
operating system, interacting with the operating system; and executing and interacting with applications on the server operating system. Users of the Microsoft® Windows Server™ 2003 operating system have the ability to execute the EMS subsystem through the remote serial console. EMS is useful for debugging operating system boot and problems at the operating system kernel level.
Page 104
After the server completes POST, the server system ROM transfers control to the operating system boot loader. If you are using Linux, you can configure the operating system boot loader to interact with the server serial port instead of the keyboard, mouse, and VGA console. This configuration enables you to view and interact with the operating system boot sequence through the Remote Serial console.
ROM that the session is no longer active. Then, the server system ROM cancels the redirection to the server serial port. The system ROM RBSU setup must be configured to use iLO 2 Virtual Serial Port for this enhancement to be operational.
Page 106
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Debug (com2)" /fastdetect /debug /debugport=com2 /baudrate=115200 If the server is configured to boot into debug mode, and a normal virtual serial port connection is established while the server is booting, several bytes of debug data are sent to the virtual serial port client.
• -u Username = —Sets the Username for iLO 2 login. If not provided username is requested. is a series of characters. Options can occur in any order. Example command lines: • To connect to iLO 2 at 16.100.226.57, validate the user with the user name of admin with the password mypass, and start WinDBG.exe with the additional command line: wilodbg 16.100.226.57 -c "-b"...
You can also access virtual media through the Integrated Remote Console. The Integrated Remote Console enables you to access the system KVM and control Virtual Power and Virtual Media from a single console under Microsoft® Internet Explorer. For more information on accessing Virtual Power and Virtual Media using the Integrated Remote Console, see the section, "Integrated Remote Console option (on page 88)."...
Page 109
Click Connect. The connected drive icon and LED will change state to reflect the current status of the Virtual Floppy Drive. To use an image file: Select Local Image File within the Virtual Floppy/USBKey section of the Virtual Media applet. Enter the path or file name of the image in the text-box, or click Browse to locate the image file using the Choose Disk Image File dialog.
Page 110
During boot and MS-DOS sessions, the Virtual Floppy device appears as a standard BIOS floppy drive. This device appears as drive A. If a physically attached floppy drive exists, is obscured and unavailable during this time. You cannot use a physical local floppy drive and the Virtual Floppy simultaneously.
Page 111
In NetWare 6.5, use the lfvmount command on the server console to assign the device a drive letter. The NetWare 6.5 operating system will pick the first available drive letter for the Virtual Floppy drive. The volumes command can now be used by the server console to show the mount status of this new drive. When the drive letter shows as mounted, the drive will now be accessible through the server GUI as well as the system console.
Page 112
mcopy /tmp/XXX.dat v: mdir v: mcopy v:foo.dat /tmp/XXX Changing diskettes When using the iLO 2 Virtual Floppy or USB key drive, and the physical diskette drive on the client machine is a USB diskette drive, disk change operations will not be recognized. For example, in this configuration, if a directory listing is obtained from a floppy diskette and the diskette is changed, a subsequent directory listing will show the listing for the first diskette.
Page 113
Click Connect. To use an image file: Select Local Image File within the Virtual CD/DVD-ROM section of the Virtual Media applet. Enter the path or file name of the image in the text box or click Browse to locate the image file using the Choose Disk Image File dialog.
• Linux Red Hat Linux On servers with a locally attached IDE CD/DVD-ROM, the virtual CD/DVD-ROM device is accessible at /dev/cdrom1. However, on servers without a locally attached CD/DVD-ROM, such as the BL-class blade systems, the virtual CD/DVD-ROM is the first CD/DVD-ROM accessible at /dev/cdrom.
Click Create. The virtual media applet begins the process of creating the image file. The process is complete when the progress bar reaches 100%. To cancel the creation of an image file, click Cancel. The Disk>>Image option is used to create image files from physical diskettes or CD-ROMs. The Image>>Disk option is not valid for a Virtual CD-ROM image.
• Red Hat and SLES Linux Linux supports the use of Virtual Folder. Virtual Folder uses a FAT 16 file system format. For more information, see the section, "Mounting USB Virtual Media/USBKey in Linux (on page 111)." Power management iLO 2 Power Management enables you to view and control the power state of the server, monitor power usage, monitor the processor, and modify power settings.
• Automatically Power On Server enables iLO 2 to turn on a server when power is applied, such as when the server is plugged in, or when a UPS is activated after a power outage. You must have Virtual Power and Reset privilege to alter this setting. If power is unexpectedly lost while the server is powering up, the server always powers back on, even if Automatically Power On Server is set to No.
Page 118
HP Static High Performance Mode sets the processor to the highest supported processor state and forces it to stay in that state. Enable OS Control Mode sets the processor to maximum power. After selecting a Power Regulator for ProLiant option, click Apply to save the setting. The server requires a reboot for the change to take affect.
Warnings Triggered By—Determines if warnings are based on peak power consumption, average power consumption, or disabled. Warning Threshold—Sets the threshold at which power consumption must remain above in order to trigger an SNMP alert. Duration—Sets the length of time, in minutes, that power consumption must remain above the warning threshold before an SNMP alert is triggered.
• Present Power Cap displays the current power cap setting. The 24-Hour History section displays the following: • Average Power Reading displays the average of the power readings from the server over the last 24- hour period. If the server has not been running for 24 hours, the value is the average of all the readings since the server was booted.
differently for each p-state the processor was in, with each colored portion scaled to represent the percentage of the total time the processor spent in that p-state. Pausing the mouse over the bar graph displays a tool tip that indicates the numeric percentage that portion of the bar represents. Power efficiency iLO 2 enables you to implement improved power usage using a High Efficiency Mode (HEM).
Graceful shutdown The ability of the iLO 2 microprocessor to perform a graceful shutdown requires cooperation from the operating system. In order to perform a graceful shutdown, the health driver must be loaded. iLO 2 communicates with the health driver, and the appropriate operating system method of safely shutting the system down to ensure data integrity is performed.
The server blade must be properly cabled for iLO 2 connectivity. Connect to the server blade with one of the following methods: • Through an existing network (in the rack)—This method requires you to install the server blade in its enclosure and assign it an IP address manually or using DHCP.
Page 124
• Rack name • Logged-in iLO Location This section annotates the blade you are logged into. You can only configure blade settings for this blade. • Selected Bay Location This section annotates the currently selected bay. You can view information for many different types of components, including blades, power supplies, network components, and enclosures.
Page 125
• Power On Control Power Source Enable Automatic Power On Enable Rack Alert Logging (IML) Enclosure information Enclosure information is specific to the selected enclosure. Information about a particular enclosure is viewed by selecting Details located on the enumerated enclosure headers. A limited amount of rack information is available, including the name and serial number A basic set of information is available for the enclosures that do not contain the blade that you are logged into.
Page 126
Power enclosure information The Power Enclosure Information page provides diagnostic information regarding the power management module and the power components contained in the power enclosure. This information provides an overview on the health and condition of the power enclosure and components. The following fields are available: •...
iLO 2 control of ProLiant BL p-Class server LEDs iLO 2 can monitor BL p-Class servers through POST tracking and the Server Health LED. Server POST tracking Feedback is limited while the server is booting because of the headless nature of the ProLiant BL p-Class servers.
You can access iLO 2 through the HP Onboard Administrator iLO option (on page 131) using the Web Administration (on page 132) link or directly. To log in to iLO 2 directly, see the "Log into iLO 2 for the first time ("Logging in to iLO 2 for the first time"...
Page 129
Manual—If your facility prefers static IP address assignment, you can individually change each of the server blade iLO 2 ports and interconnect module management ports to unique static addresses or use EBIPA to assign a range of static IP addresses to individual server blade and interconnect module bays.
Field Possible value Description Subnet Mask ###.###.###.### where Subnet mask for the device or interconnect ### ranges from 0 to 255 bays Gateway ###.###.###.### where Gateway address for the device or ### ranges from 0 to 255 interconnect bays Domain A character string, including The domain name for the device or all alphanumeric characters...
As the servers run, the demand for power varies for each server. A power cap for each server is set to provide the server with enough power to meet its workload demands while still conforming to the Enclosure Dynamic Power Cap. You can use either the Static Power Limit or the Enclosure Dynamic Power Cap in the following situations: If the facility power is limited to the enclosure, you can enter a fixed limit into each enclosure.
If your browser settings prevent new windows from opening, the links will not function properly. For help with turning off pop-up window blockers, see online help. Web Administration The Web Administration link on the HP Onboard Administrator interface accesses the iLO 2 GUI. The System Status page is displayed giving an overview of the health of the server.
Page 133
Feature BL c-Class BL p-Class Enclosure communications Ethernet Enclosure-based IP addressing DHCP SBIPC Enclosure authentication to iLO Mutual Not supported Server fan Virtual Physical Blade server information and Unrestricted Restricted configuration Power-on override Not supported Supported Front dongle SUV (no iLO 2) SUVi Rack management Full support through...
Directory services Overview of directory integration iLO 2 can be configured to use a directory to authenticate and authorize its users. Before configuring iLO 2 for directories, you must decide whether or not you want to use the HP Extended schema option. The advantages of using the HP Extended schema option are: •...
• Compatibility—Lights-Out directory integration applies to iLO 2, RILOE and RILOE II products. The integration supports the popular Active Directory and eDirectory. • Standards—Lights-Out directory support builds on top of the LDAP 2.0 standard for secure directory access. Advantages and disadvantages of schema-free directories and HP schema directory Directories enhance security, enabling you to manage access and rights from a centralized location.
Schema-free directory integration Using the schema-free directory integration method, users and group memberships reside in the directory, but group privileges reside in the individual iLO 2. iLO 2 uses login credentials to read the user object in the directory and retrieve the user group memberships, which are compared to those stored in iLO 2. If there is a match, authorization is granted.
Page 137
A role contains one or more iLO 2 and one or more users, and has a list of privileges that these users have with the iLO 2 in the role. All iLO 2 access is managed by adding and removing users and iLO 2 to and from the role, and by managing the privileges on the role.
• Multiple targets You do not need to use multiple targets in the directory. HP schema directory integration only requires one hpqTarget object, which can represent many LOM devices. Setup for Schema-free directory integration Before setting up the Schema-free option, your system must meet all the prerequisites outlined in the "Active Directory Preparation (on page 138)"...
Click OK at the warning that the server cannot be renamed. The Enterprise root CA option is selected because there is no CA registered in the active directory. Enter the information appropriate for your site and organization. Accept the default time period of two years for the Valid for field.
Click Apply Settings. Click Test Settings. Schema-free scripted setup To setup the schema-free directories option using RIBCL XML scripting: Download and review the scripting and command line resource guide. Write a script that configures iLO 2 for schema-free directories support and run it. The following script can be used as a template.
At login time, the login name and user context are combined to make the user's distinguished name. For instance, if the user logs in as "JOHN.SMITH" and a user context is set up as "CN=USERS,DC=HP,DC=COM", then the distinguished name that iLO 2 will try will be "CN=JOHN.SMITH,CN=USERS,DC=HP,DC=COM."...
Setting up HP schema directory integration When using the HP schema directory integration, iLO 2 supports both Active Directory and eDirectory. However, these directory services require the schema being extended. Features supported by HP schema directory integration iLO 2 Directory Services functionality enables you to: •...
Add users to the role object. For more information on managing the directory service, refer to "Directory-enabled remote management (on page 166)." Examples are available in the "Directory services for Active Directory (on page 147)" and "Directory services for eDirectory (on page 157)" sections. Handle exceptions Lights-Out migration utilities are easier to use with a single Lights-Out role.
• Windows Server® 2008 • Windows Server® 2003 iLO 2 supports eDirectory running on Novell. Schema required software iLO 2 requires specific software, which will extend the schema and provide snap-ins to manage the iLO 2 network. An HP Smart Component is available for download that contains the schema installer and the management snap-in installer.
Page 145
Schema Preview The Schema Preview screen enables the user to view the proposed extensions to the schema. This screen reads the selected schema files, parses the XML, and displays it as a tree view. It lists all of the details of the attributes and classes that will be installed.
Page 146
The Directory Login section of the Setup screen enables you to enter your login name and password. These might be required to complete the schema extension. The Use SSL during authentication option sets the form of secure authentication to be used. If selected, directory authentication using SSL is used. If not selected and Active Directory is selected, Windows NT®...
Management snap-in installer The management snap-in installer installs the snap-ins required to manage iLO 2 objects in a Microsoft® Active Directory Users and Computers directory or Novell ConsoleOne directory. iLO 2 snap-ins are used to perform the following tasks in creating an iLO 2 directory: •...
Page 148
iLO 2 requires a secure connection to communicate with the directory service. This requires the installation of the Microsoft® CA. Refer to the Microsoft® technical reference Knowledge Base Article 321051: How to Enable LDAP over SSL with a Third-Party Certification Authority. Installing Active Directory on Windows Server 2008 For the Default Schema: Disable IPV6, and install Active Directory, DNS, and root CA to Windows Server®...
Page 149
IMPORTANT: Incorrectly editing the registry can severely damage your system. HP recommends creating a back up of any valued data on the computer before making changes to the registry. Start MMC. Install the Active Directory Schema snap-in in MMC. Right-click Active Directory Schema and select Operations Master. Select The Schema may be modified on this Domain Controller.
Page 150
• One iLO 2 object corresponding to each iLO 2 management processor that will be using the directory. Example: Creating and configuring directory objects for use with iLO 2 in Active Directory The following example shows how to set up roles and HP devices in an enterprise directory with the domain testdomain.local, which consists of two organizational units, Roles and RILOES.
Page 151
Click OK. Use the HP provided Active Directory Users and Computers snap-ins to create HP Role objects in the Roles organizational unit. Right-click the Roles organizational unit, select New then Object. Select Role for the field type in the Create New HP Management Object dialog box. Enter an appropriate name in the Name field of the New HP Management Object dialog box.
Page 152
Add users to the role. Click the Members tab, and add users using the Add button and the Select Users dialog box. The devices and users are now associated. Use the Lights Out Management tab to set the rights for the role. All users and groups within a role will have the rights assigned to the role on all of the iLO 2 devices managed by the role.
Page 153
• Role object • User objects Each object represents a device, user, or relationship that is required for directory-based management. NOTE: After the snap-ins are installed, ConsoleOne and MMC must be restarted to show the new entries. After the snap-in is installed, iLO 2 objects and iLO 2 roles can be created in the directory. Using the Users and Computers tool, the user will: •...
Page 154
Members After user objects are created, the Members tab enables you to manage the users within the role. Clicking Add enables you to browse to the specific user you want to add. Highlighting an existing user and clicking Remove removes the user from the list of valid members. Active Directory role restrictions The Role Restrictions subtab allows you to set login restrictions for the role.
Page 155
Time restrictions You can manage the hours available for logon by members of the role by clicking Effective Hours in the Role Restrictions tab. In the Logon Hours pop-up window, you can select the times available for logon for each day of the week in half-hour increments. You can change a single square by clicking it, or you can change a section of squares by clicking and holding the mouse button, dragging the cursor across the squares to be changed, and releasing the mouse button.
Page 156
To remove any of the entries, highlight the entry in the display list and click Remove. Active Directory Lights-Out management After a role is created, rights for the role can be selected. Users and group objects can now be made members of the role, giving the users or group of users the rights granted by the role.
• Administer Local Device Settings—This option enables the user to configure the iLO 2 management processor settings. These settings include the options available on the Global Settings, Network Settings, SNMP Settings, and Directory Settings screens of the iLO 2 Web browser. Directory services for eDirectory The following sections provide installation prerequisites, preparation, and a working example of Directory Services for eDirectory.
Page 158
Assume samplecorp has an enterprise directory arranged according to the following screen. Create organizational units in each region. Each organizational unit should contain the LOM devices and roles specific to that region. In this example, two organizational units are created, called "roles"...
Page 159
Repeat the process for several more iLO 2 devices with DNS names "rib-nntp-server" and "rib-file- server-users1" in hp devices under region1, and "rib-file-server-users2" and "rib-app-server" in hp devices under region2. Create HP Role objects in the roles organizational unit using the HP provided ConsoleOne snap-ins tool.
Page 160
given full access to the iLO 2 functionality. Select the check boxes next to each right, and click Apply. To close the property sheet, click Close. Using the same procedure as in step 4, edit the properties of the remoteMonitors role: Add the three iLO 2 devices within hp devices under region1 to the Managed Devices list on the Role Managed Devices option of the HP Management tab.
Page 161
Directory Services objects for eDirectory Directory Services objects enable virtualization of the managed devices and the relationships between the managed device and user or groups already contained within the directory service. Role managed devices The Role Managed Devices subtab under the HP Management tab is used to add the HP devices to be managed within a role.
Page 162
Members After user objects are created, the Members tab allows you to manage the users within the role. Clicking Add allows you to browse to the specific user you want to add. Highlighting an existing user and clicking Delete removes the user from the list of valid members. eDirectory Role Restrictions The Role Restrictions subtab allows you to set login restrictions for the role.
Page 163
• DNS name Time restrictions You can manage the hours available for logon by members of the role by using the time grid displayed in the Role Restrictions subtab. You can select the times available for logon for each day of the week in half- hour increments.
Page 164
To remove any of the entries, highlight the entry in the display field and click Delete. eDirectory Lights-Out Management After a role is created, rights for the role can be selected. Users and group objects can now be made members of the role, giving the users or group of users the rights granted by the role. Rights are managed on the Lights Out Management Device Rights subtab of the HP Management tab.
• Remote Console—This option allows the user access to the Remote Console. • Virtual Media—This option allows the user access to the iLO 2 Virtual Floppy and Virtual Media functionality. • Server Reset and Power—This option allows the user to remotely reset the server or power it down. •...
Directory-enabled remote management Introduction to directory-enabled remote management This section is for administrators who are familiar with directory services and the iLO 2 product and want to use the HP schema directory integration option for iLO 2. You must be familiar with the “Directory services (on page 134)"...
nested group directly to the role, and assign the appropriate rights and restrictions. New users can be added to either the existing group or the role. Novell eDirectory does not allow nested groups. In eDirectory, any user that can read a role is considered a member of that role.
How directory login restrictions are enforced Two sets of restrictions potentially limit a directory user's access to LOM devices. User access restrictions limit a user's access to authenticate to the directory. Role access restrictions limit an authenticated user's ability to receive LOM privileges based on rights specified in one or more Roles. Restricting roles Restrictions allow administrators to limit the scope of a role.
host. Events, such as unexpected power loss or flashing LOM firmware, can cause the LOM device clock to not be set. Also, the host time must be correct for the LOM device to preserve time across firmware flashes. Role address restrictions Role address restrictions are enforced by the LOM firmware, based on the client's IP network address.
name server. If the name service goes down or cannot be reached, DNS restrictions cannot be matched and will fail. DNS-based restrictions can limit access to a single, specific machine name or to machines sharing a common domain suffix. For example, the DNS restriction, www.hp.com, matches hosts that are assigned the domain name www.hp.com.
Directory administrators might be tempted to create two roles to address this situation, but extra caution is required. Creating a role that provides the required server reset rights and restricting it to an after-hours application might allow administrators outside the corporate network to reset the server, which is contrary to most security policies.
Page 172
• HP Lights-Out Migration Command utility The HP Lights-Out Migration Command utility, HPQLOMGC.EXE, offers a command-line approach to migration, rather than a GUI-based approach. This utility works in conjunction with the Application Launch and query features of HP SIM to configure many devices at a time. Customers that must configure only a few LOM devices to use directory services might also prefer the command-line approach.
HPQLOMIG, the required DLLs, the license agreement, and other files into the C:\Program Files\Hewlett-Packard\HP Lights-Out Migration Tool directory. You can select a different directory. The installer creates a shortcut to HPQLOMIG on the Start menu and installs a sample XML file.
NOTE: The installation utility will present an error message and exit if it detects that the .NET Framework is not installed. Using HPQLOMIG The HPQLOMIG utility automates the process of migrating management processors by creating objects in the directory corresponding to each management processor and associating them to a role. HPQLOMIG has a GUI and provides the user with a wizard approach to implementing or upgrading large amounts of management processors.
Page 175
To start the process of discovering your management processors: Click Start and select Programs>Hewlett-Packard, Lights-Out Migration Utility to start the migration process. Click Next to move past the Welcome screen.
If for security reasons the user name and password cannot be in the file, then leave these fields blank, but keep the semicolons. Upgrading firmware on management processors The Upgrade Firmware screen enables you to update the management processors to the firmware version that supports directories.
After the upgrade is complete, click Next. During the firmware upgrade process, all buttons are deactivated to prevent navigation. You can still close the application using the "X" at the top right of the screen. If the GUI is closed while programming firmware, the application continues to run in the background and completes the firmware upgrade on all selected devices.
The Select Directory Access Method page helps to prevent an accidental overwrite of iLO 2s already configured for HP schema or those that have directories turned off. This page determines if the HP Extended schema, schema-free (default schema), or no directories support configuration pages follow.
To name the management processors, click the Name field, and enter the name, or: Select Use Network Address, Use DNS Names, or Create Name Using Index. You can also name each management processor directory object by clicking twice in the name field with a delay between clicks.
• Login Name and Password—These fields are used to log in with an account that has domain administrator access to the directory. • Container DN—After you have the network address, port, and login information, you can click Browse to navigate for the container and role distinguished name. The container Distinguished Name is where the migration utility will create all of the management processor objects in the directory.
• Login Name and Password—These fields are used to log in with an account that has domain administrator access to the directory. • Security Group Distinguished Name—The distinguished name of the group in the directory that contains a set of iLO 2 users with a common set of privileges. If the directory name, login name, and password are correct, you can click the Browse button to navigate to and select the group.
Page 182
For Directories Support and Local Accounts option, select Enabled or Disabled. Remote access is disabled if both Directory Support and Local Accounts are disabled. To reestablish access, reboot the server and use RBSU F8 to restore access. Click Configure. The migration utility connects to all of the selected management processors and updates their configuration as you have specified.
HP Systems Insight Manager integration Integrating iLO 2 with HP SIM iLO 2 fully integrates with HP SIM in key operating environments. Full integration with Systems Insight Manager also provides a single management console for launching a standard Web browser to access. While the operating system is running, you can establish a connection to iLO 2 using HP SIM.
The following sections give a summary of each function. For detailed information on these benefits and how to use HP SIM, see the HP Systems Insight Manager Technical Reference Guide, provided with HP SIM and available on the HP website (http://www.hp.com/go/hpsim). Establishing SSO with HP SIM Browse to an iLO 2 and login using Administrator credentials.
The iLO 2 management processor is displayed as an icon in the device list on the same row as its host server. The color of the icon represents the status of the management processor. For a complete list of device statuses, see the HP Systems Insight Manager Technical Reference Guide located on the HP website (http://www.hp.com/go/hpsim).
Receiving SNMP alerts in HP SIM You can configure iLO 2 to forward alerts from the host operating system management agents and to send iLO 2-generated alerts to HP SIM. HP SIM provides support for full SNMP management, and iLO 2 supports SNMP trap delivery to HP SIM. You can view the event log, select the event, and view the additional information about the alert.
needs to be in this file for iLO 2 if it remains at the standard Port 80. It is very important that the entry is on a single line and the port number is first, with all other items identical to the following example (including capitalization).
Troubleshooting iLO 2 iLO 2 POST LED indicators During the initial boot of iLO 2, the POST LED indicators flash to display the progress through the iLO 2 boot process. After the boot process is complete, the HB LED flashes every second. LED 7 also flashes intermittently during normal operation.
LED indicator POST code Description Failure indicated (activity completed) 4, 3, and 1 Boot Block Main started. Boot block could not find a valid image. None Start C Run time initialization. 4, 3, and 2 Main() has received control. Main self-test failed. Varies Varies Each subsystem may self-...
Page 190
Event log display Event log explanation iLO 2 Self Test Error: # Displays when iLO 2 has failed an internal test. The probable cause is that a critical component has failed. Further use of iLO 2 on this server is not recommended.
Page 191
Event log display Event log explanation Virtual Floppy in use by: User Displays when a user begins using a Virtual Floppy. Remote Console login: User Displays when a user logs on a Remote Console session. Remote Console Closed Displays when a Remote Console session is closed. Failed Console login - IP Address: IP address Displays a failed console login and IP address.
Event log display Event log explanation Virtual Floppy connected by User Displays when an authorized user connects the Virtual Floppy. Virtual Floppy disconnected by User Displays when an authorized user disconnects the Virtual Floppy. License added by: User Displays when an authorized user adds a license. License removed by: User Displays when an authorized user removes a license.
JVM support To ensure that the iLO 2 Remote Console applet and Virtual Media applet operate as expected, install Java Runtime Environment, Standard Edition 1.4.2_13. To locate a link to the latest supported version of JRE, from the iLO 2 browser interface, select Remote Console>Settings>Java. The iLO 2 Remote Console, Remote Serial Console, and Virtual Media applets require that JVM be installed on the client server.
privilege log in and change your password. If you are still unable to connect, have the user log in again and delete and re-add your user account. NOTE: The RBSU can also be used to correct login problems. Directory user premature logout Network errors can cause iLO 2 to conclude that a directory connection is no longer valid.
Inability to access the login page If you cannot access the login page, you must verify the SSL encryption level of your browser is set to 128 bits. The SSL encryption level in iLO 2 is set to 128 bits and cannot be changed. The browser and iLO 2 encryption levels must be the same.
Inability to connect to the iLO 2 processor through the NIC If you cannot connect to the iLO 2 processor through the NIC, try any or all of the following troubleshooting methods: • Confirm that the green LED indicator (link status) on the iLO 2 RJ-45 connector is on. This condition indicates a good connection between the PCI NIC and the network hub.
2. For example, in Internet Explorer, select Tools>Internet Options>Connections>LAN Settings>Advanced, and then enter the iLO 2 IP address or DNS name in the Exceptions field. Two-factor authentication error When attempting to authenticate to iLO 2 using two-factor authentication, you might receive the message The page cannot be displayed.
Alert Explanation Rack Server Power On The server was manually forced by the customer to power on despite the Manual Override BL p-Class reporting insufficient power. Rack Name Changed The name of the ProLiant BL p-Class rack was changed. Inability to receive HP SIM alarms (SNMP traps) from iLO 2 A user with the Configure iLO 2 Settings privilege must connect to iLO 2 to configure SNMP trap parameters.
Domain/name format login issues To login using the domain/name format, ActiveX controls must be enabled. To verify that your browser is letting the login script call ActiveX controls open Internet Explorer and set ActiveX controls to Prompt. You should see a similar to the following figure. ActiveX controls are enabled and I see a prompt but the domain/name login format does not work Log in with a local account and determine the directory server name.
Remote Console applet has a red X when running Linux client browser Mozilla browsers must be configured to accept cookies. Open the Preferences menu, and select Privacy & Security>Cookies. On the Level of Privacy screen, select Allow cookies based on privacy settings and click View. On the Cookies screen, select Allow cookies based on privacy settings.
while the rest of the text window remains static. After the scrolling is complete, click Refresh to properly update the text window. One known example of this issue is during the Linux booting and posting process, in which some of the POST messages can be lost.
Configuring Apache to accept exported capture buffers To enable the Console Replay Export feature to work correctly, you must configure a web server to accept the buffer data. The following is an example of configuration changes made to Apache version 2.0.59(Win32) on a server running Microsoft Windows Server™...
No console replay while server is powered down Playback of capture buffers and recorded console sessions are not available any time the server is powered down. You can play back the captured buffers by exporting the buffers to a web server and playing the files on another server IRC console.
Inactive IRC The iLO 2 IRC might become inactive or disconnected during periods of high activity. The problem is indicated by an inactive IRC. IRC activity slows before becoming inactive. Symptoms of an affected IRC include: • The IRC display does not update. •...
Click View Objects. Right-click iLO 2 Remote Console Applet and click Remove. Click OK to remove the object, and then click OK to close. GNOME interface does not lock Terminating an iLO 2 Remote Console or losing iLO 2 network connectivity does not lock the GNOME interface when iLO 2 and the GNOME interface are configured for the Remote Console Lock feature.
SSH text support from a Remote Console session The telnet and SSH access from text Remote Console supports the standard 80 x 25 configuration of the text screen. This mode is compatible for text Remote Console for the majority of available text mode interfaces in current operating systems.
To correct this adjust the DOS® windows properties to limit its size to 80x25, before maximizing the DOS window. • On the title bar of the DOS® window, right-click the mouse and select Properties and select Layout. • On the Layout tab, change the Screen Buffer Size height to 25. Video applications not displaying in the Remote Console Some video applications, such as Microsoft®...
Video capture file plays erratically iLO 2 capture files are recordings of screen activity. During long periods of screen inactivity, the recorded inactivity is truncated to reduce file size and improve playback performance. This can cause the playback to appear to start and stop, or play erratically. Troubleshooting Remote Text Console problems The following sections discuss items to be aware of when attempting to resolve Remote Text Console issues.
Page 209
server based redirection, selecting File>New>Window or pressing the Ctrl+N keys, opens a duplicate instance of the original browser. Cookie order behavior During login, the login page builds a browser session cookie that links the window to the appropriate session in the firmware. The firmware tracks browser logins as separate sessions listed in the Active Sessions section of the iLO 2 Status page.
Preventing cookie-related user issues To prevent cookie-based behavioral problems: • Start a new browser for each login by double-clicking the browser icon or shortcut. • Click the Log Out link to close the iLO 2 session before closing the browser window. Inability to access ActiveX downloads If your network does not allow ActiveX controls you can capture the DVC.DLL from a single system and then distribute the file to client machines on the network.
• Scripting with CPQLOCFG—Download CPQLOCFG component to get the network-based scripting utility, CPQLOCFG. CPQLOCFG allows you to use RIBCL scripts that perform firmware updates, iLO 2 configuration, and iLO 2 operations in bulk, securely over the network. Linux users should consider reviewing the HP Lights-Out XML PERL scripting samples for Linux.
You can also use Microsoft® LDP tool to verify SSL connections. For more information on the LDP tool, go to the Microsoft® website (http://www.microsoft.com/support). An old certificate can cause problems with SSL can on the domain controller when it points to a previously trusted CA with the same name, which is rare but might happen if a certificate service is added and removed and then added again on the domain controller.
Directory services schema HP Management Core LDAP OID classes and attributes Changes made to the schema during the schema setup process include changes to the: • Core classes (on page 213) • Core attributes (on page 213) Core classes Class name Assigned OID hpqTarget 1.3.6.1.4.1.232.1001.1.1.1.1...
Attributes hpqPolicyDN—1.3.6.1.4.1.232.1001.1.1.2.1 hpqRoleMembership—1.3.6.1.4.1.232.1001.1.1.2.2 Remarks None hpqRole 1.3.6.1.4.1.232.1001.1.1.1.2 Description This class defines Role objects, providing the basis for HP products using directory-enabled management. Class type Structural SuperClasses group Attributes hpqRoleIPRestrictions—1.3.6.1.4.1.232.1001.1.1.2.5 hpqRoleIPRestrictionDefault— 1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleTimeRestriction—1.3.6.1.4.1.232.1001.1.1.2.6 hpqTargetMembership—1.3.6.1.4.1.232.1001.1.1.2.3 Remarks None hpqPolicy 1.3.6.1.4.1.232.1001.1.1.1.3 Description This class defines Policy objects, providing the basis for HP products using directory-enabled management.
Page 215
hpqRoleMembership 1.3.6.1.4.1.232.1001.1.1.2.2 Description Provides a list of hpqTarget objects to which this object belongs. Syntax Distinguished Name—1.3.6.1.4.1.1466.115.121.1.12 Options Multi Valued Remarks None hpqTargetMembership 1.3.6.1.4.1.232.1001.1.1.2.3 Description Provides a list of hpqTarget objects that belong to this object. Syntax Distinguished Name—1.3.6.1.4.1.1466.115.121.1.12 Options Multi Valued Remarks None...
Page 216
Remarks This attribute is only used on role objects. IP restrictions are satisfied when the address matches and general access is denied, and unsatisfied when the address matches and general access is allowed. Values are an identifier byte followed by a type-specific number of bytes specifying a network address.
Lights-Out Management specific LDAP OID classes and attributes The following schema attributes and classes might depend on attributes or classes defined in the HP Management core classes and attributes. Lights-Out Management classes Class name Assigned OID hpqLOMv100 1.3.6.1.4.1.232.1001.1.8.1.1 Lights-Out Management attributes Class name Assigned OID hpqLOMRightLogin...
Attributes hpqLOMRightConfigureSettings— 1.3.6.1.4.1.232.1001.1.8.2.1 hpqLOMRightLocalUserAdmin— 1.3.6.1.4.1.232.1001.1.8.2.2 hpqLOMRightLogin—1.3.6.1.4.1.232.1001.1.8.2.3 hpqLOMRightRemoteConsole— 1.3.6.1.4.1.232.1001.1.8.2.4 hpqLOMRightServerReset— 1.3.6.1.4.1.232.1001.1.8.2.5 hpqLOMRightVirtualMedia— 1.3.6.1.4.1.232.1001.1.8.2.6 Remarks None Lights-Out Management attribute definitions The following defines the Lights-Out Management core class attributes. hpqLOMRightLogin 1.3.6.1.4.1.232.1001.1.8.2.1 Description Login Right for HP Lights-Out Management products Syntax Boolean—1.3.6.1.4.1.1466.115.121.1.7 Options Single Valued Remarks Meaningful only on ROLE objects, if TRUE, members of the...
Page 219
hpqLOMRightServerReset 1.3.6.1.4.1.232.1001.1.8.2.4 Description Remote Server Reset and Power Button Right for HP Lights- Out Management products Syntax Boolean—1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is only used on ROLE objects. If this attribute is TRUE, members of the role are granted the right. hpqLOMRightLocalUserAdmin 1.3.6.1.4.1.232.1001.1.8.2.5 Description...
Technical support Support information HP iLO Advanced Pack and HP iLO Advanced Pack for Blade System included with Insight Control suites and iLO Power Management Pack include one year of 24 x 7 HP Software Technical Support and Update Service. This service provides access to HP technical resources for help in resolving software implementation or operations problems.
• Join the discussion (http://forums.itrc.hp.com)—The HP Support Forum is a community-based, user- supported tool designed so that HP customers can discuss HP products. To discuss Insight Control and Insight Essentials software, click Management Software and System Tools. • Software and Drivers download pages (http://www.hp.com/support)—These pages provide the latest software and drivers for your ProLiant products.
Acronyms and abbreviations ACPI Advanced Configuration and Power Interface Address Resolution Protocol ASCII American Standard Code for Information Interchange Advanced Server Management Automatic Server Recovery baseboard management controller certificate authority Command Line Interface command line protocol Certificate Request certificate revocation list Distributed Authoring and Versioning Acronyms and abbreviations 222...
Page 223
DDNS Dynamic Domain Name System DHCP Dynamic Host Configuration Protocol dynamic link library DMTF Distributed Management Task Force domain name system Digital Video Out EAAS Environment Abnormality Auto-Shutdown EBIPA Enclosure Bay IP Addressing Emergency Management Services EULA end user license agreement fatal exception handler GNOME GNU Network Object Model Environment...
Page 224
High Efficiency Mode human interface device HP SIM HP Systems Insight Manager HPONCFG HP Lights-Out Online Configuration utility HPQLOMGC HP Lights-Out Migration Command Line HPQLOMIG HP Lights-Out Migration ICMP Internet Control Message Protocol Integrated Lights-Out iLO 2 Integrated Lights-Out 2 Integrated Management Log Internet Protocol IPMI...
Page 225
Java Virtual Machine Keyboard Controller Style K Desktop Environment (for Linux) keyboard, video, and mouse local-area network LDAP Lightweight Directory Access Protocol light-emitting diode Lights-Out Management least significant bit Media Access Control Master License Agreement Microsoft® Management Console Multilink Point-to-Point Protocol maximum transmission unit Acronyms and abbreviations 225...
Page 226
network interface controller non-maskable interrupt NVRAM non-volatile memory PERL Practical Extraction and Report Language PKCS Public-Key Cryptography Standards POST Power-On Self Test ProLiant Support Pack remote access service RBSU ROM-Based Setup Utility Remote Desktop Protocol Remote Insight Board RIBCL Remote Insight Board Command Language RILOE Remote Insight Lights-Out Edition RILOE II...
Page 227
read-only memory Rivest, Shamir, and Adelman public encryption key Remote Server Management SAID Service Agreement Identifier SBIPC Static Bay IP Configuration SLES SUSE Linux Enterprise Server SMASH System Management Architecture for Server Hardware SNMP Simple Network Management Protocol Secure Shell Secure Sockets Layer single sign-on software update manager...
Page 228
trusted platform module UART universal asynchronous receiver-transmitter unit identification universal serial bus Virtual Machine virtual private networking voltage regulator module WINS Windows® Internet Naming Service web services extensible markup language Acronyms and abbreviations 228...