background image

256 

 User Guide Integrated Lights-Out 

 

For customers using a utility other than cpqlocfg.exe, such as Perl scripts, the 
following steps can help ensure the iLO firmware returns properly formatted 
XML. Assuming the version of firmware is 1.50, 

<LOCFG 

version="2.21">

 should be incorporated into the script sent to iLO. This tag 

can be placed in either the Perl script or the XML script. Placement of this tag is 
important. If placing this tag in the Perl script, the tag should be sent after 

<?xml version="1.0"?> 

and before the XML script is sent. If placing the 

tag in the XML script, the tag should be placed before 

<RIBCL 

version="2.0">.

 If you are using the Perl script provided by HP, then the 

bold line in the following example can be added to return properly formatted 
XML syntax. 

• 

• 

Perl script modification 

… 
# Open the SSL connection and the input file 
my $client = new IO::Socket::SSL->new(PeerAddr => 
$host); 
open(F, "<$file") || die "Can't open $file\n"; 
 
# Send the XML header and begin processing the file 
print $client '<?xml version="1.0"?>' . "\r\n"; 
#Send tag to iLO firmware to insure properly formatted 
XML is returned. 
print $client '<LOCFG version="2.21">' . "\r\n";

 

… 

XML script modification 

<!-- 
The bold line could be added for the return of properly 
formatted XML. 
--> 
<LOCFG version="2.21"/>

 

<RIBCL version="2.0"> 

<LOGIN USER_LOGIN="Adminname" PASSWORD = "password"> 

<!-- 
Add XML script here. 
-->         

</LOGIN> 

</RIBCL> 
</LOCFG>

 

 

 

Summary of Contents for HP Integrated Lights-Out

Page 1: ...HP Integrated Lights Out User Guide July 2004 Sixth Edition Part Number 238882 006 ...

Page 2: ...ervices Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Microsoft Windows Windows NT and MS DOS are U S registered trademarks of Microsoft Corporation Linux is a U S registered trademark of Linus Torvalds Java is a U S trademark of Sun Microsystems Inc UNIX is a registered trademark of ...

Page 3: ...r Support 27 Enabling iLO Advanced Functionality 28 iLO Advanced Evaluation License 29 iLO Advanced License Options 29 Activating iLO Advanced Features Using a Browser 29 Activating iLO Advanced Using Scripting 31 ProLiant BL p Class Configuration 31 Static IP Bay Configuration 32 ProLiant BL p Class User Requirements 32 Configuring a ProLiant BL p Class Blade Enclosure 33 Configuring Static IP Ba...

Page 4: ... 62 Virtual Media 64 Virtual Indicators 83 Virtual Serial Port 84 Administration 86 User Administration 86 Global Settings 89 Network Settings 91 SNMP Insight Manager Settings 95 Upgrade iLO Firmware 98 Licensing 100 Certificate Administration 100 Directory Settings 101 ProLiant BL p Class Advanced Management 101 Rack Settings 103 Server Blade Management Module 104 Power Management Module 104 Redu...

Page 5: ...CLI Commands 131 iLO Security 135 Security Features 135 General Security Guidelines 135 Encryption 136 iLO Security Override Switch Administration 136 User Accounts 137 Privileges 138 Login Security 138 Global Security Settings 139 Password Guidelines 139 Certificates 140 Securing RBSU 141 Directory Services 143 Benefits of Directory Integration 143 Features Supported by Directory Integration 144 ...

Page 6: ...ry Tests 186 User Login Using Directory Services 187 Certificate Services 189 Introduction to Certificate Services 189 Installing Certificate Services 189 Verifying Directory Services 190 Configuring Automatic Certificate Request 190 Directory Enabled Remote Management 193 Introduction to Directory Enabled Remote Management 193 Using Bulk Import Tools 194 Using Existing Groups 195 Using Multiple R...

Page 7: ...229 ProLiant BL p Class Rack Visualization 231 Systems Insight Manager Integration 233 Integrating iLO with Systems Insight Manager 233 Systems Insight Manager Functional Overview 234 System Insight Manager Identification and Association 235 System Insight Manager Status 235 System Insight Manager Links 236 System Insight Manager Systems Lists 236 Configuring System Insight Manager Identification ...

Page 8: ...ending the XML Header and Script Body 258 HPONCFG Online Configuration Utility 261 HPONCFG 261 HPONCFG Supported Operating Systems 261 HPONCFG Requirements 262 HPONCFG Installation and Usage 262 Windows Server Installation 263 Linux Server Installation 263 Using HPONCFG 264 HPONCFG Command Line Parameters 264 HPONCFG Usage Model 265 Obtaining an Entire Configuration 265 Creating a User Account 266...

Page 9: ...GET_ALL_USERS 284 GET_ALL_USERS Parameters 284 GET_ALL_USERS Runtime Error 284 GET_ALL_USERS Return Messages 284 GET_ALL_USER_INFO 285 GET_ALL_USER_INFO Parameters 285 GET_ALL_USER_INFO Runtime Errors 285 GET_ALL_USER_INFO Return Messages 286 RIB_INFO 286 RIB_INFO Parameter 287 RIB_INFO Runtime Errors 287 RESET_RIB 287 RESET_RIB Parameters 287 RESET_RIB Runtime Errors 287 GET_NETWORK_SETTINGS 288 ...

Page 10: ..._RIB_FIRMWARE Parameters 302 UPDATE_RIB_FIRMWARE Runtime Errors 302 GET_FW_VERSION 303 GET_FW_VERSION Parameters 303 GET_FW_VERSION Runtime Errors 303 GET_FW_VERSION Return Messages 303 HOTKEY_CONFIG 304 HOTKEY_CONFIG Parameters 304 HOTKEY_CONFIG Runtime Errors 305 LICENSE 305 LICENSE Parameters 306 LICENSE Runtime Errors 306 DIR_INFO 307 DIR_INFO Parameters 307 DIR_INFO Runtime Errors 307 GET_DIR...

Page 11: ...WER 318 SET_HOST_POWER Parameters 319 SET_HOST_POWER Runtime Errors 319 RESET_SERVER 319 RESET_SERVER Parameters 320 RESET_SERVER Errors 320 PRESS_PWR_BTN 320 PRESS_PWR_BTN Parameters 320 PRESS_PWR_BTN Runtime Errors 321 HOLD_PWR_BTN 321 HOLD_PWR_BTN Parameters 321 HOLD_PWR_BTN Runtime Errors 321 COLD_BOOT_SERVER 322 COLD_BOOT_SERVER Parameters 322 COLD_BOOT_SERVER Runtime Errors 322 WARM_BOOT_SER...

Page 12: ... 338 Server Mouse 338 User Administration Parameters 338 User Name 338 Login Name 338 Password 339 Administer User Accounts 339 Remote Console Access 339 Virtual Power and Reset 339 Virtual Media 339 Configure iLO Settings 339 Directory Services Schema 353 HP Management Core LDAP OID Classes and Attributes 353 Core Classes 353 Core Attributes 353 Core Class Definitions 354 Core Attribute Definitio...

Page 13: ...ms 377 Inability to Receive Insight Manager 7 or Systems Insight Manager Alarms SNMP Traps from iLO 377 iLO Security Override Switch 378 Authentication Code Error Message 378 Troubleshooting Mouse Problems 379 Local USB Mouse and Linux 379 Mouse Issue Using SuSE Linux 380 Remote Console Mouse Control Issue 380 Emulating a PS 2 Keyboard in a Headless Server Environment 381 Troubleshooting Remote Co...

Page 14: ...ve 387 Troubleshooting Miscellaneous Problems 387 Cookie Sharing Between Browser Instances and iLO 388 Inability to Get SNMP Information from Insight Manager 7 or Systems Insight Manager 390 Incorrect Time or Date of the Entries in the Event Log 391 Inability to Upgrade iLO Firmware 391 iLO Does Not Respond to SSL Requests 394 Testing SSL 394 Resetting iLO 395 Server Name Still Present after ERASE...

Page 15: ...O Shared Network Port on page 125 Command Line Interface on page 130 ProLiant BL p Class Configuration on page 31 Telnet Simple Command Set on page 117 Updated Web interface screens Global Settings on page 89 Network Settings on page 91 New and updated RIBCL commands RIBCL RACK_INFO commands on page 36 MOD_GLOBAL_SETTINGS on page 294 MOD_NETWORK_SETTINGS on page 289 GET_EVENT_LOG iLO Event Log INS...

Page 16: ... connecting to iLO using the SSH interface instead of a browser Network Connection Overview There are three general network connection scenarios iLO can be connected on A corporate network with both ports connected to the corporate network In this configuration the server has two network ports one server NIC and one iLO NIC connected to a corporate network This connection enables access to iLO fro...

Page 17: ...t configuration Supported Server Operating System Software iLO is an independent microprocessor running an embedded operating system The architecture ensures that the majority of iLO functionality is available regardless of the host operating system Graceful host operating system shutdown Insight Manager 7 and Systems Insight Manager integration require Health Drivers and Management Agents or remo...

Page 18: ... Novell NetWare 6 NetWare 6 5 Supported Browsers Microsoft Internet Explorer Minimum Microsoft Internet Explorer 6 with Service Pack 1 or later for Windows 2000 or Windows XP If using single cursor mode in Remote Console Java 1 3 1_02 or greater JVM is required Recommended Microsoft Internet Explorer 6 0 or later and Java 1 4 X JVM for Windows 2000 or Windows XP To download the recommended JVM for...

Page 19: ...focus If a clickable item is behind the pop up menu the click event is handled as if you had clicked that item Otherwise the mouse click will have no effect The font configuration of the desktop and browser can affect the placement of pop up tab menus A fixed font of 12 points is required for proper placement If the pop up menus are not in their proper position you will find it difficult to move t...

Page 20: ......

Page 21: ...ing DNS or DHCP you can use it immediately without changing any settings For greater security and reliability you can connect iLO to a separate dedicated management network Some advanced features require the operating system Supported Server Operating System Software on page 17 drivers be installed iLO offers several configuration options iLO RBSU on page 22 Browser based setup on page 23 Remote s...

Page 22: ...uration from the host unless the iLO Security Override Switch is set To run iLO RBSU 1 Restart or power up the server 2 Press the F8 key when prompted during POST The iLO RBSU runs 3 If prompted enter a valid iLO user ID and password with the appropriate iLO privileges Administer User Accounts Configure iLO Settings Default account information is located on the iLO Default Network Settings tag att...

Page 23: ...twork using a browser You can also use this method to reconfigure a previously configured iLO 1 Access iLO from a remote network client using a supported Web browser and provide the default DNS name user name and password Default DNS name and account information is located on the iLO Network Settings tag attached to the server containing the iLO management processor When you successfully log onto ...

Page 24: ...rk CPQLODOS Lights Out DOS Utility on page 249 is a DOS deployment utility part of the SmartStart scripting toolkit that runs on the host during SmartStart or RDP deployment Perl Perl Scripting on page 255 is a scripting language that can be used from Linux clients to send RIBCL scripts to iLO over the network HPONCFG is a utility that runs on the host and passes RIBCL scripts to the local iLO The...

Page 25: ...he latest Windows Service Pack iLO Pre requisite Files for Microsoft The CPQCIDRV SYS file provides the iLO Management Interface Driver support The CPQASM2 SYS SYSMGMT SYS SYSDOWN SYS files provide the iLO Advanced Server Management Controller Driver support Installing or Updating the iLO Drivers for Microsoft The PSP for Microsoft Windows products includes an installer that analyzes system requir...

Page 26: ...ling or Updating iLO Drivers for NetWare The PSP for Novell NetWare includes an installer that analyzes system requirements and installs all drivers The PSP is available on the HP website http www hp com support and on the SmartStart CD When updating iLO drivers be sure iLO is running the latest version of the iLO firmware The latest version can be obtained as a Smart Component from the HP website...

Page 27: ... the website The HP Management Agents for Linux are ASM package hpasm which combines the health driver IML viewer foundation agents health agent and standard equipment agent into one package RSM package hprsm which combines the RIB driver rack daemon RIB agent and rack agent into one package Instaling or Updating iLO Linux and SuSE Drivers If necessary uninstall earlier agents To uninstall earlier...

Page 28: ... page 52 Virtual Media on page 64 including Virtual Floppy and Virtual CD Directory based authentication and authorization Directory Enabled Remote Management on page 193 Terminal Services pass through option on page 109 Advanced functionality is enabled by licensing the optional iLO Advanced Pack The iLO Advanced Pack contains an activation key that you must enter into iLO to enable advanced func...

Page 29: ...er or using RIBCL scripts iLO Advanced License Options In addition to the standard single server iLO Advanced two other licensing options are available The Flexible Quantity License Kit allows customers to purchase a single software package one copy of the documentation and a single license key to activate the exact number of licenses requested The MLA is available for customers who want a single ...

Page 30: ...license activation screen 4 Enter the activation key in the space provided The EULA confirmation appears The EULA details are available on the HP website http www hp com servers lights out and with the Advanced Pack License kit 5 Click OK The advanced features of iLO are now enabled ...

Page 31: ...for more information on using CPQLODOS To activate iLO Advanced using CPQLOCFG or HPONCFG Use the following RIBCL sample script with CPQLOCFG and HPONCFG to install an iLO Advanced license key RIBCL version 2 0 LOGIN USER_LOGIN Administrator PASSWORD password RIB_INFO MODE w LICENSE ACTIVATE KEY 1234567890ABCDEFGHIJKLMNO LICENSE RIB_INFO LOGIN RIBCL ProLiant BL p Class Configuration ProLiant BL p ...

Page 32: ...ration automates the first step of BL p Class blade deployment by enabling the iLO management processor in each blade slot to obtain a predefined IP address without relying on DHCP iLO is immediately accessible for server deployment using Virtual Media and other remote administration functions Static IP bay configuration uses the Static IP Bay Configuration addressing method which enables you to a...

Page 33: ...ab provides a user interface for configuring the enclosure level static IP addresses 4 Select a reasonable starting IP address with the last digit s of the address corresponding to the bay number of each blade example 192 168 100 1 through 192 168 100 16 to build an easy to remember numbering system 5 Reset bay 1 if necessary The blade in bay 1 must only be reset if you intend the blade to use a S...

Page 34: ...ettings option is only available on blade servers When Static IP Bay Configuration is enabled all fields except iLO Subsystem Name are disabled Only Static IP Bay Configuration or DHCP can be enabled at one time Disabling both Static IP Bay Configuration and DHCP signals iLO to use a user defined IP address The Enable Static IP Bay Configuration Settings option remains disabled if the infrastructu...

Page 35: ...f the network router that connects the Remote Insight subnet to another subnet where the management PC resides This field may be filled in if either Static IP Bay Configuration or DHCP is enabled ProLiant BL p Class Advanced Configuration Parameters Domain Name Enables you to assign the name of the domain in which the iLO will participate Primary DNS Server Assigns a unique DNS server IP address o...

Page 36: ...URE_IP_SETTINGS Modifies the Static IP Bay Configuration settings This command is only valid inside a RACK_INFO block The logged in user must have the configure iLO privilege This attribute must appear inside the RACK_INFO command block with MODE write BAY_ENABLEMASK Enables the use of Static IP Bay Configuration addressing The attribute MASK is a 16 bit number Each bit represents a slot in the en...

Page 37: ...tic IP Bay Configuration Settings RIBCL VERSION 2 0 LOGIN USER_LOGIN Admin PASSWORD password RACK_INFO MODE write MOD_ENCLOSURE_IP_SETTINGS BAY_ENABLE MASK 0x3FE IP_ADDRESS VALUE 16 100 222 111 SUBNET_MASK VALUE 255 255 252 0 GATEWAY_IP_ADDRESS VALUE 16 100 222 1 DOMAIN_NAME VALUE sum won here now PRIM_DNS_SERVER VALUE 16 11 1 111 SEC_DNS_SERVER VALUE TER_DNS_SERVER VALUE PRIM_WINS_SERVER VALUE 16...

Page 38: ...e Remote Insight boards such as the Remote Insight board PCI and the original RILOE are not supported in servers with iLO iLO firmware detects the presence of RILOE II and automatically disables iLO functionality Additionally if iLO firmware detects the presence of the original RILOE and iLO displays an invalid configuration message To re enable iLO functionality after a RILOE II is removed use th...

Page 39: ...nd Line Interface 130 CLI Commands 131 Logging in to iLO for the First Time iLO is configured with a default user name password and DNS name Default user information is located on the iLO Network Settings tag attached to the server containing the iLO management processor Use these values to access iLO remotely from a network client using a standard Web browser For security reasons HP recommends ch...

Page 40: ...uration option sets iLO to display the assigned IP address while the host is booting 1 Enter the iLO IP address or DNS name using the address bar of the Web browser NOTE This procedure assumes that your network supports DNS DHCP If not you must configure the IP address using the RBSU or for ProLiant BL p Class servers through the iLO Diagnostic Port When connecting to iLO in a browser for the firs...

Page 41: ... processor in a browser Click No to return to the Welcome screen of iLO Click View Certificate to display the certificate information Installing the default certificate onto the browser prevents the security alert message from being displayed in the future To install the certificate proceed to step 3 If you choose not to install the certificate proceed to step 4 ...

Page 42: ...ificates and may cause problems when attempting to store a different certificate with the same name 3 Install the default certificate to your browser NOTE Unless you have installed a certificate generated by a CA iLO issues a self signed certificate that lasts until iLO is reset for any reason a Click Install Certificate The Certificate Import Wizard starts b Click Next c Click Next for the browse...

Page 43: ... 43 4 When the browser completes the SSL connection to iLO the Account Login screen prompts you for a user name and password Use the default user name and password from the Network Settings tag and click Log In ...

Page 44: ...owser Login Attempts After an initial failed log in attempt iLO imposes a security delay For more information on login security refer to Login Security on page 138 Help Assistance for all iLO options is available by means of the iLO Help option These links provide summary information about the features of iLO and helpful information for optimizing its operation To access page specific help click t...

Page 45: ...mmary screen also shows whether iLO has been configured to use HP Web Based Management and Insight Management Web agents iLO Status The iLO Status option provides comprehensive iLO status information including Current user Status and availability of the Remote Console Status and availability of Terminal Services pass through Date and time currently in use by iLO NOTE Date and time are set during P...

Page 46: ...tatus option provides comprehensive status information about the server including Server name associated with the iLO management processor The Server Name field reports host is unnamed if the HP Management Agents are not loaded on the host server Server power status Server video mode Server keyboard and mouse type ...

Page 47: ...ddresses expansion slots and memory modules present at POST iLO Event Log The iLO Event Log is a record of significant events detected by iLO Logged events include major server events such as a server power outage or a server reset and iLO events such as an unauthorized login attempt ...

Page 48: ...are the event will be listed as UNKNOWN EVENT TYPE You may clear the event log to eliminate these entries or update firmware to the latest supported version to resolve this cosmetic issue Integrated Management Log The IML is a record of significant events that have occurred to the host platform The events are generated by the system ROM and by services like the System Management Health driver iLO ...

Page 49: ... codes The POST codes document the booting process of the ROM BIOS A code indicates the start of a particular phase of the boot process The POST code results can be used to determine the general phase in which the boot process stopped prematurely Use of the POST codes alone is usually not sufficient to diagnose the actual root cause of a stopped boot process The POST codes should be used in conjun...

Page 50: ...empting PXE Boot FE50 Passing control to boot sector code FE54 No bootable devices NVRAM Environment Variables Listing HP uses NVRAM to store server environment variable information for example host controller boot order This information can be useful to HP engineers and advanced customers who have detailed knowledge of HP System Management architecture Virtual NMI Button The Virtual NMI button ha...

Page 51: ...ation hangs the system the NMI capability can be used to engage the operating system debugger Initiate dump of an unresponsive host A vendor might be interested in capturing the server context iLO Self Test Results The results of the iLO Self Test are displayed on the Server and iLO Diagnostics screen All tested subsystems should display Passed under normal situations ...

Page 52: ...s such as shutdown and startup operations Remote Console Option The Remote Console option redirects the host server console to the network client browser providing full text standard and graphical mode video keyboard and mouse access to the remote host server if licensed with the iLO Advanced Pack With the Remote Console you have complete control over a remote host server as if you were in front o...

Page 53: ...emote Console options available as well as a link to download an updated Java Runtime Environment which is necessary for using Remote Console with the single cursor option Remote Console Single Cursor on page 59 Although up to 10 users are allowed to simultaneously log in to iLO only one user at a time can access the Remote Console If you attempt to open the Remote Console while it is already in u...

Page 54: ...Lock When selected any key pressed is sent to the server as if you pressed the Alt key and another key simultaneously Character Set Changes the default character set used by the Remote Console Modifying the Remote Console character set ensures the correct display of characters Close Closes the Remote Console window and ends the Remote Console session Optimizing Performance for Graphical Remote Con...

Page 55: ... the Mouse Pointer Acceleration to low or disable the pointer acceleration Remote Console Linux Settings When using the iLO Remote Console to display text screens in Linux border characters or other line drawing characters might not display correctly To properly configure the Remote Console text mode character set 1 Click the Character Set dropdown menu from the Remote Console applet 2 Select the ...

Page 56: ... or Pointer Options and set the pointer Speed slider to the middle position Set pointer Acceleration to None Microsoft Windows Server 2003 Settings Use the following settings to optimize performance Server Display Properties Plain Background no wallpaper pattern Display resolution of 800 x 600 or 1024 x 768 pixels 256 color or 24 bit color mode Server Mouse Properties Select None for mouse pointer...

Page 57: ...on to 1x For KDE access the Control Center select Peripherals Mouse then select the Advanced tab X Display Properties On the X Preferences screen set the font size to 12 Novell NetWare Settings Use the following settings to optimize performance Server Display Properties 800 x 600 pixels or lower screen resolution 256 colors Remote Console Hot Keys The Remote Console hot keys feature enables you to...

Page 58: ...ontains a Reset Hot Keys option This option clears all entries in the hot key fields Click Save Hot Keys to save the cleared fields Supported Hot Keys The Program Remote Console Hot Keys page allows you to define up to 6 different sets of hot keys for use during a Remote Console session Each hot key represents a combination of up to 5 different keys which are sent to the host machine whenever the ...

Page 59: ...pported JVM might be required for support Remote Console Single Cursor Single cursor means the local cursor is not displayed when the mouse cursor is over the Remote Console screen Synchronization of two cursors is eliminated making navigation easier in the Remote Console window On the client download and install Java 1 3 1 JVM or later for Microsoft Internet Explorer or Java 1 4 2 Runtime Environ...

Page 60: ...ent computer mouse cursor is located For best performance be sure to configure the host operating system display as described in Optimizing Performance for Graphical Remote Console on page 54 The dual cursor option is your only Remote Console option if you choose not to download an updated Java Runtime Environment The dual cursor option is supported with Java 1 1 VM and later To synchronize the re...

Page 61: ...Using iLO 61 Virtual Devices Within the Virtual Devices tab are Virtual Power on page 62 Virtual Media on page 64 Virtual Indicators on page 83 Virtual Serial Port on page 84 ...

Page 62: ...ost server is not responding this feature enables an administrator to initiate a cold or warm reboot to bring the server back online Some of these features will not gracefully shut down the operating system An operating system shutdown should be initiated using the Remote Console before using the Virtual Power button Use the refresh feature of the browser to keep the status of the power indicator ...

Page 63: ...ower This will immediately remove power from the system The system will restart after approximately six seconds This option is not displayed when the server is off Warm Boot of system This option causes the server to reset without turning it off To use this option select Warm Boot of system and click Virtual Power This option is not displayed when the server is off This feature will not gracefully...

Page 64: ...l Media devices connect to the host server using USB technology Using USB also enables new capabilities for the iLO Virtual Media devices when connected to USB supported operating systems Different operating systems provide varying levels of USB support The iLO Virtual Media is configurable to address these varying levels of support Operating System USB Support on page 65 If the Virtual Floppy cap...

Page 65: ...rdless of the server operating system The following server operating systems do not support USB media and therefore do not have access to Virtual Media during operating system run time MS DOS Microsoft Windows NT 4 0 Linux Red Hat before 7 2 SuSE Linux before 7 0 Novell NetWare 5 x and 6 Certain Linux operating systems do not correctly support USB Virtual Media drives at operating system install t...

Page 66: ...USB CD2 NetWare 5 x or 6 Yes Yes No No No No NetWare 6 5 Yes Yes Yes No Yes Yes SUSE Linux Enterprise Server 7 Yes Yes No Yes Yes Yes UnitedLinux 1 0 Yes Yes Yes 3 Yes Yes Yes Red Hat Linux 7 2 Yes Yes Yes Yes Yes Yes Red Hat Linux 7 3 Yes Yes Yes Yes Yes Yes Red Hat Linux 8 0 Yes Yes Yes Yes Yes Yes Red Hat Enterprise Linux AS 2 1 Yes Yes Yes 3 Yes Yes Yes Red Hat Enterprise Linux 3 Yes Yes Yes Y...

Page 67: ...ystems among other tasks If the host server operating system supports USB mass storage devices then the iLO Virtual Floppy is also available after the host server operating system loads You can use the iLO Virtual Floppy when the host server operating system is running to upgrade device drivers create an emergency repair diskette and perform other tasks Having the Virtual Floppy available when the...

Page 68: ...al Media applet When you are finished using the Virtual Floppy you can either select to disconnect the device from the host server or close the applet NOTE The Virtual Media applet must remain open in your browser as long as you continue to use a Virtual Media Device The iLO Virtual Media floppy are available to the host server at run time if the operating system on the host server supports USB fl...

Page 69: ...isplay as A An existing physically attached floppy drive is obscured and unavailable during this time You cannot use a physical local floppy drive and the Virtual Floppy simultaneously Windows 2000 Windows XP and Windows Server 2003 The Virtual Floppy displays automatically after Microsoft Windows has recognized the mounting of the USB device Use it as you would a locally attached floppy device Ne...

Page 70: ...ll now be accessible through the server s GUI as well as the system console When the Virtual Floppy Drive is mounted if the media is changed in the local floppy drive the lfvmount command must be re issued on the server console to see the new media in the NetWare 6 5 operating system Mounting USB Virtual Media Floppy in Linux 1 Access iLO through a browser 2 Select Virtual Media in the Virtual Dev...

Page 71: ...mage The iLO Virtual Media feature enables you to create floppy image files within the same applet You can create image files from diskettes and create diskettes from existing image files The performance of iLO Virtual Floppy is faster when image files are used To create a Virtual Media image file 1 Click Create Disk Image 2 Select the drive letter and the image file name You can use the Browse fe...

Page 72: ...perating systems among other tasks If the host server operating system supports USB mass storage devices then the iLO Virtual CD ROM is also available after the host server operating system loads You can use the iLO Virtual CD ROM when the host server operating system is running to upgrade device drivers install software and perform other tasks Having the Virtual CD ROM available when the server i...

Page 73: ...the Virtual Media applet When you are finished using the Virtual CD ROM you can choose to disconnect the device from the host server or close the applet The Virtual Media applet must remain open when using a Virtual Media Device iLO Virtual Media CD ROM will be available to the host server at run time if the operating system on the host server supports USB floppy drives Refer to Operating System U...

Page 74: ...zed the mounting of the USB device Use it as you would a locally attached CD ROM device On Windows 2000 SP3 or later My Computer on the host server displays an additional CD ROM drive when the Virtual Media applet is connected If the server operating system is up and running and you attempt to disconnect and reconnect within the Virtual Media applet it can fail The icon will turn green but the add...

Page 75: ...CD ROM device using mount dev scd0 mnt cdrom UnitedLinux 1 0 The UnitedLinux 1 0 operating system might not properly support USB connected CD ROM devices To ensure proper handling of the virtual CD ROM you must boot the operating system with the acpi oldboot parameter The UnitedLinux 1 0 operating system places USB connected CD ROMs in a different location so the virtual CD ROM can be found at dev...

Page 76: ...ill be accessible through the server s GUI and the system console Mounting USB Virtual Media CD ROM in Linux 1 Access iLO through a browser 2 Select Virtual Media in the Virtual Devices tab 3 Select a CD ROM to be used and click Connect 4 Load the USB drivers using the following commands modprobe usbcore modprobe usb storage modprobe usb ohci 5 Load the SCSI CD ROM disk driver using the following ...

Page 77: ... The Image Disk option is not valid for a Virtual CD ROM image Virtual Media Composite Device Support Composite device support allows both the Virtual Media Floppy Drive and the CD ROM device to be connected to the host simultaneously The drive selected can be either a physical drive or an image file or any combination of the two devices Composite USB devices are only supported on Microsoft Window...

Page 78: ...ed physical floppy drive on your client PC from the dropdown menu or select Local Image File within the Virtual Floppy section of the Virtual Media applet and enter the name of the diskette image in the text box or click Browse to locate image files 3 Click Connect If Virtual Media is configured for composite device support whenever you connect just one of the devices both devices become visible t...

Page 79: ...ce and connect it to the host server Do not attempt to upgrade the iLO firmware from a ROMPaq diskette using the iLO Virtual Floppy If you attempt to remotely upgrade iLO using ROMPaq iLO resets and you will lose the connection iLO will not reconnect Using the browser to upgrade iLO remotely makes the lost connection temporary and you are automatically reconnected HP recommends remotely upgrading ...

Page 80: ... VFLOP exe utility which is part of the SmartStart Scripting Toolkit Command line syntax HPLOVM device floppy cdrom insert url eject wp y n boot once always never mgmt ilo riloe ver Command Line Input Result device floppy cdrom Defines which Virtual Media device is active insert url Defines the location of the Virtual Media image file that will be connected eject Ejects the media that is currently...

Page 81: ...oth Web Server Read Support Write Support Authorization SSL Support Microsoft IIS 5 0 Yes Yes Not tested Not Tested Apache Yes Yes Yes Yes Apache Win32 Yes Yes Yes Yes IIS does not support Content Range for DAV transactions A CGI helper program must be used for write support Virtual Media Image Files Valid diskette images may be raw disk images produced by the iLO Virtual Media applet the UNIX uti...

Page 82: ...meter contains a hexadecimal string representing the data to be written The helper script must transform the file parameter into a path relative to its working directory This function might involve prefixing it with or it might involve transforming an aliased URL path into the true path on the file system The helper script requires write access to the target file Diskette image files must have the...

Page 83: ...seek F start SEEK_SET syswrite F decode len close F Virtual Indicators The Unit ID LED is the blue LED on the HP server that is used for identifying systems in a rack full of servers iLO enables you to view the status of the Unit ID LED and change the status using iLO Web pages The Unit ID LED flashes whenever a critical Remote Management task that should not be interrupted is currently active on ...

Page 84: ... server serial port The Java applet provides VT320 terminal emulation to access an application configured for the serial port Windows EMS Console The Windows EMS Console if enabled provides the ability to perform Emergency Management Services in cases where video device drivers or other operating system features have prevented normal operation and normal corrective actions from being performed iLO...

Page 85: ...g of the Remote Virtual Serial Port Refer to the host system RBSU documentation for the specific server for exact details Generally the RBSU contains a tab called BIOS Serial Console EMS Support tab Selecting this tab displays the EMS Console tab which should be set to Remote This enables both the Virtual Serial Port and the Windows EMS Console To begin a shell session on the configured UART the a...

Page 86: ...el redirection Full configurability to standard UART IO addresses are provided in the 1 60 version of the iLO firmware but a compatible host system ROM must be used If the compatible host system ROM is available for the specific server then the setserial command does not need to be used and LILO booting redirection will appear on the Virtual Serial Port using the standard kernel Administration The...

Page 87: ...rectory based user accounts Adding a New User IMPORTANT Only users with the Administer User Accounts privilege can manage other users on iLO You can assign a different access privilege to each user Each user can have a unique set of privileges designed for the tasks that the user must perform Access to critical functions such as Remote Console Managing Users Virtual Power button and other features...

Page 88: ...ring a new user click Restore User Information Viewing or Modifying an Existing User s Settings IMPORTANT Only users with the Administer User Accounts privilege can manage other users on iLO All users can change their own password using the View Modify User feature To view or modify an existing user s information 1 Log on to iLO using an account that has the Administer User Accounts privilege Clic...

Page 89: ...e of the user whose information you want to change 3 Click Delete User A pop up window is displayed asking Are you sure you want to delete the selected user Click OK Global Settings The Global Settings option enables you to view and modify security settings for iLO The Global Settings screen enables you to configure the Remote Console timeout and the iLO ports to be used for the iLO Web Server Rem...

Page 90: ...ure iLO Settings privilege can only view the assigned settings This privilege is managed through the Configure Local Device Settings field in the directory administration snap ins for directory users The Global Settings option enables you to define the following functions Idle Connection Timeout Minutes on page 340 Enable Lights Out Functionality on page 340 ...

Page 91: ...42 Remote Console Port on page 342 Terminal Services Port on page 342 Secure Shell SSH Port on page 342 Secure Shell SSH Status on page 343 Serial Command Line Interface Status on page 343 Serial Command Line Interface Speed bits second on page 343 Minimum Password Length on page 343 Remote Keyboard Model on page 343 Network Settings The Network Settings option enables you to view and modify the N...

Page 92: ...s privilege Click Administration IMPORTANT Only users with the Configure iLO can change these settings Users that do not have the Configure iLO Settings privilege can only view the assigned settings 2 Click Network Settings 3 Change the network settings as needed by entering your selections in the fields ...

Page 93: ...gs Parameters on page 343 changes click Apply to complete the changes When you click Apply iLO restarts and the connection of your browser to iLO terminates To re establish a connection wait 60 seconds before launching another Web browser session and logging in ...

Page 94: ... The following are the fields that can be configured for the diagnostic port Enable NIC If Enable NIC is set to Yes the diagnostic port is enabled Transceiver Speed Autoselect Speed Duplex on page 344 IP Address Use this parameter to assign a static IP address to iLO on your network By default the IP address is assigned by DHCP By default the IP address is 192 168 1 1 for all iLO Diagnostic Ports ...

Page 95: ...s inside the server to see if they are strobing in a regular pattern from LED 8 7 6 5 4 3 2 1 If the iLO LED pattern is visible proceed to step 4 3 Attempt to re flash over the network You might be able to initiate a firmware update using RIBCL or a browser If network flash failed try the on line flash component Components are available for both Windowst and Linux 4 If the on line flash component ...

Page 96: ...PORTANT Only users with the Configure iLO can change these settings Users that do not have the Configure iLO Settings privilege can only view the assigned settings Three alert options are available in the SNMP Insight Manager Settings screen Enable iLO SNMP Alerts Forward Insight Manager Agent SNMP Alerts Enable SNMP Pass Through on page 347 To configure alerts 1 Log on to iLO using an account tha...

Page 97: ... Generating Test Alerts Test alerts are generated by means of the SNMP Insight Manager Settings in the Administration section of the iLO navigation frame These alerts include an Insight Manager SNMP trap and are used to verify the network connectivity of iLO in Insight Manager 7 and Systems Insight Manager Only users with the Configure iLO Settings privilege can send test alerts Click Apply Settin...

Page 98: ...ure the level of data returned with Insight Manager 7 or Systems Insight Manager identification information NOTE The expected entry in the Insight Manager Web Agent URL field is the IP address or the DNS name only The protocol for example http and a port ID for example 2301 should not be entered The link to the Insight Web Agents is found on the blue header bar next to the Log out link Upgrade iLO...

Page 99: ...e of minutes A progress bar displays the progress of the firmware upgrade Do not interrupt an Upgrade iLO Firmware session that is in progress If the upgrade process is interrupted refer to the Inability to Upgrade iLO Firmware on page 391 section The iLO system automatically resets at the end of a successful firmware upgrade The host operating system and server are not affected by the iLO system ...

Page 100: ... The Enabling iLO Advanced Functionality on page 28 section discusses the steps required to enter the activation key and enable the advanced features Certificate Administration Certificate Information displays the information associated with the stored certificate Information is encoded in the certificate by the CA and is extracted by iLO for display Issued To is the entity to whom the certificate...

Page 101: ...nt microprocessor secure memory and a dedicated network interface This design makes iLO independent of the host server blade and its operating system iLO provides remote access to any authorized network client sends alerts and provides other server blade management functions Using a supported Web browser you can Remotely access the console of the host server blade including all text mode and graph...

Page 102: ...s method requires you to power the server blade with the optional diagnostic station and connect to an external computer using the static IP address and the local I O cable For cabling instructions refer to the documentation that ships with the diagnostic station or to the Documentation CD Through the server blade rear panel connectors out of the rack with the diagnostic station This method enable...

Page 103: ...temperature power supplies The Rack Settings option enables you to configure this communication The following fields are available Rack Name Enclosure Name Bay Name on page 349 Bay on page 349 Rack Serial Number on page 349 Enclosure Serial Number on page 349 Blade Serial Number on page 350 Power Source Enable Automatic Power On on page 350 ...

Page 104: ...ss server blade enclosure Reads and displays the current firmware version of the controller for the server blade enclosure Detects and displays the fuse state and power state of blade servers Enables you to activate the enclosure Unit Identification LEDs Displays network component information Power Management Module The Power Management Module screen Detects and displays the main power supplies ...

Page 105: ...Ds Redundant Power Management Module If the rack topology consists of a redundant power supply the Redundant Power Management Module screen will be available The Redundant Power Management Module screen provides the same information concerning the redundant power management module as the Power Management Module screen provides for the power management module iLO Control of ProLiant BL p Class Serv...

Page 106: ...g Keyboard Hot plug keyboard functionality was implemented for all servers with iLO The hot plug keyboard feature supports connecting a local keyboard to the server while the server is in a powered on state It is not necessary to power cycle the server to get local keyboard functionality after hot plugging a keyboard If a keyboard is connected to the server after the operating system has booted th...

Page 107: ...ailable while powering on the server or booting the operating system without a local keyboard connected Perform these actions before powering on the server or after the operating system has booted If performing these actions before powering on the server wait 30 seconds until applying power Failure to follow the preceding guidelines can result in loss of local and Remote Console keyboard functiona...

Page 108: ...oard functionality If iLO should become so busy that it is unable to respond in a timely fashion to keyboard commands sent by operating system while the operating system is loading and a local keyboard is not present the operating system will assume that no keyboard is connected This situation is unlikely but can theoretically occur any time iLO becomes extremely busy An example of this condition ...

Page 109: ...ervice is provided to facilitate communications between the iLO firmware and the RDP server such that the RDP server believes that an external RDP connection has been established For more information on RDP service refer to the Windows RDP Pass Through Service on page 110 section A Terminal Services session provides a performance enhanced view of the host system console When the operating system i...

Page 110: ... and seamless launches from the Remote Console applet Windows XP On Windows XP servers the Terminal Services client and RDP connection is built in The client is an integral part of the operating system and is executed by selecting Start Programs Accessories Communications Remote Desktop The Terminal Services client in Windows XP provides command line options and seamless launches from the Remote C...

Page 111: ...rebooted when the driver is installed c Install or activate the Terminal Services client Microsoft Windows 2000 servers require the installation of Microsoft NET Framework to support the use of Terminal Services After NET Framework is installed the Terminal Services client must be installed from diskettes created by the Terminal Services server or by downloading the client from the Microsoft websi...

Page 112: ...er Port 3389 Replace 3389 with your new port number and save the file 4 From the Client Connection Manager highlight the New Connection icon and click File Import 5 Double click the newly created icon to launch terminal server and connect to the new port Enabling the Terminal Services Pass Through Option By default the Terminal Services pass through feature is disabled and must be enabled in Globa...

Page 113: ...detected Available for use In use The UID light flashes whenever a Terminal Services connection is active through the iLO It flashes at the same frequency and duty cycle as when the Remote Console is active Terminal Services Warning Message Terminals Services users operating on Windows 2003 Server might notice the following when using the Terminal Services pass through feature of iLO If a Terminal...

Page 114: ...O Remote Console and the Terminal Services client will be seamless as the server progresses from pre OS environment to OS running environment to OS not available environment The seamless operation is available as long as the Terminal Services client is not started before Remote Console is available If Remote Console is available and the Terminal Services client is available Remote Console will sta...

Page 115: ...e Terminal Services client is closed by the user The Windows operating system is shut down The Windows operating system locks up Terminal Services Troubleshooting If you are experiencing problems with iLO Terminal Services Pass through check the following 1 Verify that Terminal Services is enabled on the host by selecting My Computer Properties Remote Remote Desktop 2 Verify that the iLO pass thro...

Page 116: ...are The Deployment Server provides the ability to use the power management features of iLO to power on power off or cycle power on the target server Each time a server connects to the Deployment Server the Deployment Server polls the target server to see if a LOM management device is installed If installed the server gathers information including the DNS name IP address and first user name Securit...

Page 117: ...s through telnet will be disabled if the remote console port configuration on the Global Settings tab is set to Disabled or Automatic or if remote console data encryption is enabled To terminate a telnet session 1 Press the Ctrl keys and press the Enter key at the prompt 2 If you see an extra carriage return each time the Enter key is pressed press the Ctrl keys and enter set crlf off at the promp...

Page 118: ...CTRL U 0 CTRL U is the prefix for the UID commands The 0 indicates an OFF selection Key sequences operate during a telnet Remote Console session or Virtual Serial Port session The keys do not work before authentication The power control requests are correctly ignored when you do not have the correct power control privileges Telnet Security Telnet is an unsecured network protocol To reduce any secu...

Page 119: ...equence e H HOME_KEY sequence e F END_KEY ALT_CAPITAL_O and ALT_LEFT_SQBRACKET are ambiguous Terminate longer sequences that start with eO and e with Key Sequence Key Sequence 010 177 ALT_AMPER e UP_KEY e A ALT_APOS e DOWN_KEY e B ALT_OPAREN e RIGHT_KEY e C ALT_CPAREN e LEFT_KEY e D ALT_STAR e ALT_A eA ALT_PLUS e ALT_B eB ALT_COMMA e ALT_C eC ALT_MINUS e ALT_D eD ALT_PERIOD e ALT_E eE ALT_SLASH e ...

Page 120: ..._R eR ALT_ACCENT e ALT_T eT ALT_PIPE e ALT_U eU ALT_CBRACK e ALT_V eV ALT_TILDE e ALT_W eW ALT_TAB e t ALT_X eX ALT_BS e 010 ALT_Y eY ALT_CR e r ALT_Z eZ ALT_ESC e e ALT_LOWER_A ea ALT_F1 e eOP ALT_LOWER_B eb ALT_F2 e eOQ ALT_LOWER_C ec ALT_F3 e eOR ALT_LOWER_D ed ALT_F4 e eOS ALT_LOWER_E ee ALT_F5 e eOT ALT_LOWER_F ef ALT_F6 e eOU ALT_LOWER_G eg ALT_F7 e eOV ALT_LOWER_H eh ALT_F8 e eOW ALT_LOWER_...

Page 121: ..._Q eq ALT_F9 e e 20 ALT_LOWER_R er ALT_F10 e e 21 ALT_LOWER_S es ALT_F11 e e 23 ALT_LOWER_T et ALT_F12 e e 24 ALT_LOWER_U eu ALT_HOME e e 1 ALT_LOWER_V ev ALT_INS e e 2 ALT_LOWER_W ew ALT_DEL e e 3 ALT_LOWER_X ex ALT_END e e 4 ALT_LOWER_Y ey ALT_PGUP e e 5 ALT_LOWER_Z ez ALT_PGDN e e 6 ALT_SPACE e 040 ALT_HOME e e H ALT_EXCL e ALT_END e e F ALT_QUOTE e ALT_UP e e A ALT_POUND e ALT_DOWN e e B ALT_D...

Page 122: ...eOQ F3_KEY eOR F4_KEY eOS F5_KEY eOT F6_KEY eOU F7_KEY eOV F8_KEY eOW F9_KEY eOX F10_KEY eOY F11_KEY eOZ F12_KEY eO Linux Codes for the F Keys Key Sequence F5_KEY e 15 F6_KEY e 17 F7_KEY e 18 F8_KEY e 19 F9_KEY e 20 F10_KEY e 21 F11_KEY e 23 F12_KEY e 24 HOME_KEY e 1 INSERT_KEY e 2 DELETE_KEY e 3 ...

Page 123: ...wnload on the Internet When using PuTTY versions before 0 54 may display 2 line feeds instead on a single line feed when the ENTER key is pressed To avoid this issue and for best results HP recommends using version 0 54 or later OpenSSH which is a free version of the SSH protocol available for download on the Internet When upgrading the firmware to version 1 60 there will be a one time 25 minute d...

Page 124: ...er called host putty exe ssh telnet rlogin raw user host For telnet sessions the following alternative syntax is supported putty exe telnet host port To start an existing saved session called sessionname putty exe load session name iLO Supported SSH Features The iLO library only supports version 2 SSH 2 of the protocol The different algorithms supported are Feature Server host key algorithms ssh d...

Page 125: ...hared Network Port Requirements on page 125 section Not all iLO management features are available when using the iLO Shared Network Port Refer to the iLO Shared Management Port Features and Restrictions on page 126 section for a list of supported and unsupported iLO management features iLO Shared Network Port Requirements The iLO Shared Network Port feature is only available on servers with hardwa...

Page 126: ...on to iLO through the shared Network Port because the port is no longer shared with iLO The speed of the Shared Network Port is relatively low compared to the dedicated iLO Management Port Only a limited number of iLO features are supported through the Shared Network Port These include Command line interface XML scripting Virtual Serial Port Text based Remote Console SNMP protocol Due to the relat...

Page 127: ...est packets are split into multiple packets using IP fragmentation This may be a problem if your DHCP server is on a different subnet and your DHCP relay agent commonly your Layer 3 Ethernet Switch does not support forwarding of fragmented DHCP frames The DHCP server will never receive the DHCP request from iLO and iLO will not be able to obtain an IP address In this situation you must configure i...

Page 128: ...etwork Port feature will be active Any network traffic going to or originating from iLO is directed through the system s NIC port 1 Enabling the iLO Shared Network Port Feature through the Web Interface 1 Connect iLO NIC port 1 to a LAN 2 Open a browser and browse to the iLO IP address or DNS name 3 Select Administration Network Settings 4 On the Network Settings page select Shared Network Port Th...

Page 129: ...PORT command to enable the iLO Shared Network Port through XML scripting refer to the Remote Insight Command Language on page 269 section The following sample script configures iLO to select the Shared Network Port You can tailor this script to your needs Using this script on platforms that do not support the Shared Network Port will cause an error RIBCL version 2 21 LOGIN USER_LOGIN adminname PAS...

Page 130: ... key After iLO resets the iLO dedicated management NIC Port is active The following sample RIBCL script configures iLO to select the iLO Network Port You can modify this script for your specific needs Using this script on platforms that do not support the Shared Network Port will cause an error RIBCL version 2 21 LOGIN USER_LOGIN adminname PASSWORD password RIB_INFO MODE WRITE MOD_NETWORK_SETTINGS...

Page 131: ...n user is checked against the privilege required for the command The command is only executed if the privilege levels match If the serial and Virtual Serial Port CLI session status is set to Enabled No Authentication then all the commands except Remcons are executed without checking the privilege level The Remote Console Virtual Serial Port session displays the login prompt The supported commands ...

Page 132: ...sets the server server power off followed by server power on power warm warm boots the server UID The UID command is used to change the state of the Unit ID light on the server uid displays the current Unit ID state on the server uid on turns the Unit ID light on uid off turns the Unit ID light off NMI The NMI command is used to generate and send an NMI to the server and is limited to users with t...

Page 133: ... names are floppy or cdrom The path is the URL to the media image Boot options are boot_once boot_always no_boot connect or disconnect Access options are write_protect or write_allow Please refer to the commands INSERT_VIRTUAL_MEDIA EJECT_VIRTUAL_MEDIA GET_VM_STATUS and SET_VM_STATUS in the Remote Insight Command Language on page 269 section for more details on how to use these commands Composite ...

Page 134: ......

Page 135: ... User actions logged in the iLO Event Log Progressive delays for failed login attempts Login Security on page 138 Support for X 509 CA signed certificates on page 140 Support for RBSU settings Global Security Settings on page 139 Support for optional LDAP based directory services authentication and authorization requires iLO Advanced Encrypted communication using SSL and SSH General Security Guide...

Page 136: ...his access may be necessary for any of the following conditions iLO must be re enabled after it has been disabled All user accounts with the Administer User Accounts privilege have been locked out A bad configuration keeps the iLO from displaying on the network and RBSU has been disabled The boot block must be flashed Ramifications of setting the Security Override Switch include All security autho...

Page 137: ...HP recommends that you disconnect the iLO from the network until the reset is complete The iLO Security Override Switch is located inside the server and cannot be accessed without opening the server enclosure To set the iLO Security Override Switch 1 Power off the server 2 Set the switch 3 Power on the server Reverse the procedure to clear the iLO Security Override Switch Depending on the server t...

Page 138: ...unction Each feature available through iLO can be controlled through privileges including Administer User Accounts Remote Console Access Virtual Power and Reset Virtual Media and Configure iLO Settings Privileges for each user can be configured on the User Administration page of the Administration tab Login Security iLO provides several login security features After an initial failed login attempt...

Page 139: ...enerally found in a dictionary or easy to guess words such as the company name product names the user s name or the user s User ID Include at least three of the four following characteristics At least one numeric character At least one special character At least one lowercase character At least one uppercase character Passwords issued for a temporary user ID password reset or a locked out user ID ...

Page 140: ... and copy it to the client clipboard leave the iLO website to retrieve the certificate then return to import the certificate When submitting the request to the CA be sure to Use the iLO name as listed on the System Status screen as the URL for the server Request the certificate be generated in the RAW format Include the Begin and End certificate lines Every time you click Create Certificate Reques...

Page 141: ...ed most secure If iLO RBSU is disabled user access is prohibited This prevents modification using the RBSU interface RBSU Login Required more secure If RBSU login is required then the active configuration menus are controlled by the authenticated user s access rights RBSU Login Not Required default Anyone with access to the host during POST may enter the iLO RBSU to view and modify configuration s...

Page 142: ......

Page 143: ...ory Services 187 Benefits of Directory Integration Scalability The directory can be leveraged to support thousands of users on thousands of iLOs Security Robust user password policies are inherited from the directory User password complexity rotation frequency and expiration are policy examples Anonymity lack thereof In some environments users share Lights Out accounts which results in the lack of...

Page 144: ... and RILOE II products The integration supports the popular Active Directory and eDirectory Standards Lights Out directory support builds on top of the LDAP 2 0 standard for secure directory access Features Supported by Directory Integration iLO Directory Services functionality enables you to Authenticate users from a shared consolidated scalable user database Control user privileges authorization...

Page 145: ...taller on page 148 once to extend the schema c Run the management snap in installer on page 152 and install the appropriate snap in for your directory service on one or more management workstations 3 Update a Flash the ROM Upgrade iLO Firmware on page 98 on the Lights Out management processor with the directory enabled firmware b Set directory server settings and the distinguished name of the mana...

Page 146: ...u might need to manually update the firmware using a browser Minimum firmware requirements for remote firmware update using RIBCL and directory migration utility are LOM Product Minimum Supported Firmware RILOE 2 41 RILOE II All versions iLO 1 10 After the schema has been extended you can complete the directory services setup by using HP Lights Out Directories Migration Utilities on page 205 The m...

Page 147: ...rosoft Active Directory or Novell eDirectory This solution makes no distinction between eDirectory running on NetWare Linux or Windows To spawn an eDirectory schema extension requires Java 1 4 0 or later for SSL authentication iLO supports Microsoft Active Directory running on one of the following operating systems Windows 2000 family Windows Server 2003 family iLO supports eDirectory 8 6 2 and 8 ...

Page 148: ... Unknown objects in a mixed environment TID10059954 How to test whether LDAP is working correctly TID10023209 How to configure LDAP for SSL secure connections TID10075010 How to test LDAP authentication Schema Required Software iLO requires specific software which will extend the schema and provide snap ins to manage the iLO network An HP Smart Component is available for download that contains the...

Page 149: ...view The Schema Preview screen enables the user to view the proposed extensions to the schema This screen reads the selected schema files parses the XML and displays it as a tree view It lists all of the details of the attributes and classes that will be installed ...

Page 150: ...quires that the user be an authenticated Schema Administrator that the schema is not write protected and the directory is the FSMO role owner in the tree The installer will attempt to make the target directory server the FSMO Schema Master of the forest To get write access to the schema on Windows 2000 requires a change to the registry safety interlock If the user selects the Active Directory opti...

Page 151: ... Use SSL during authentication option sets the form of secure authentication to be used If selected directory authentication using SSL is used If not selected and Active Directory is selected Windows NT authentication is used If not selected and eDirectory is selected the administrator authentication and the schema extension will proceed using an unencrypted clear text connection ...

Page 152: ... Management Snap In Installer The management snap in installer installs the snap ins required to manage iLO objects in a Microsoft Active Directory Users and Computers directory or Novell ConsoleOne directory iLO snap ins are used to perform the following tasks in creating an iLO directory Creating and managing the iLO and role objects policy objects will be supported at a later date ...

Page 153: ...s Out object classes and properties The Integrated Lights Out firmware must be version 1 40 or later iLO Advanced features must be licensed You can evaluate iLO Advanced with a free evaluation license key that you can download from the HP website http h10018 www1 hp com wwsolutions ilo iloeval html Directory Services for iLO uses LDAP over SSL to communicate with the directory servers Before insta...

Page 154: ...ion of the Microsoft CA Refer to the following Microsoft technical references Appendix D Configuring Digital Certificates on Domain Controllers for Secure LDAP and SMTP Replication http www microsoft com technet treeview default asp url technet securit y prodtech win2000 secwin2k a0701 asp Microsoft Knowledge Base Article 321051 How to Enable LDAP over SSL with a Third Party Certification Authorit...

Page 155: ...ive Directory Schema snap in in MMC c Right click Active Directory Schema and select Operations Master d Select The Schema may be modified on this Domain Controller e Click OK The Active Directory Schema folder might need to be expanded for the checkbox to be available 4 Create a certificate or install Certificate Services This step is necessary to create a certificate or install Certificate Servi...

Page 156: ...Microsoft website http www microsoft com Snap In Installation and Initialization for Active Directory 1 Run the snap in installation application to install the snap ins 2 Configure the directory service to have the appropriate objects and relationships for iLO management a Use the management snap ins from HP to create iLO Policy Admin and User Role objects b Use the management snap ins from HP to ...

Page 157: ...es and RILOES Assume that a company has an enterprise directory including the domain testdomain local arranged as shown in the following screen 1 Create an organizational unit which will contain the Lights Out Devices managed by the domain In this example two organizational units are created called Roles and RILOES 2 Use the HP provided Active Directory Users and Computers snap ins to create Light...

Page 158: ... iLO device rib email server will be used as the name of the Lights Out Management object and the surname will be RILOEII d Enter and confirm a password in the Device LDAP Password and Confirm fields The device will use this password to authenticate to the directory and should be unique to the device This password is the password that is used in the Directory Settings screen of the iLO e Click OK ...

Page 159: ...ll contain users trusted for remote server administration and will be called remoteAdmins Click OK d Repeat the process creating a role for remote server monitors called remoteMonitors 4 Use the HP provided Active Directory Users and Computers snap ins to assign the roles rights and associate the roles with users and devices a Right click the remoteAdmins role in the Roles organizational unit in t...

Page 160: ...ated Lights Out c Using the Select Users dialog box select the Lights Out Management object created in step 2 rib email server in folder testdomain local RILOES Click OK to close the dialog then click Apply to save the list ...

Page 161: ...users in the remoteAdmins role will be given full access to the iLO functionality Select the boxes next to each right and then click Apply Click OK to close the property sheet 6 Using the same procedure as in step 4 edit the properties of the remoteMonitors role add the rib email server device to the Managed Devices list on the HP Devices tab and add users to the remoteMonitors role using the Memb...

Page 162: ... the testdomain local domain who is also a member of one of the remoteAdmins or remoteMonitors roles would be allowed to log in to the iLO They would enter testdomain moorem or moorem testdomain local or Mel Moore in the Login Name field of the iLO login screen and use their Active Directory password in the Password field of that screen Directory Services Objects One of the keys to directory based...

Page 163: ...and Computers tool the user will Create iLO and role objects Add users to the role objects Set the rights and restrictions of the role objects Active Directory Snap Ins The following sections discuss the additional management options available within Active Directory Users and Computers after the HP snap ins have been installed ...

Page 164: ...b is used to add the HP devices to be managed within a role Clicking Add enables you to browse to a specific HP device and add it to the list of member devices Clicking Remove enables you to browse to a specific HP device and remove it from the list of member devices ...

Page 165: ...the role Clicking Add enables you to browse to the specific user you want to add Highlighting an existing user and clicking Remove removes the user from the list of valid members Active Directory Role Restrictions The Role Restrictions subtab allows you to set login restrictions for the role These restrictions include ...

Page 166: ...166 User Guide Integrated Lights Out Time Restrictions IP Network Address Restrictions IP Mask IP Range DNS Name ...

Page 167: ...on Hours pop up window you can select the times available for logon for each day of the week in half hour increments You can change a single square by clicking it or you can change a section of squares by clicking and holding the mouse button dragging the cursor across the squares to be changed and releasing the mouse button The default setting is to allow access at all times ...

Page 168: ...ses except the specified IP addresses IP address ranges and DNS names 2 Select the addresses to be added select the type of restriction and click Add 3 In the new restriction pop up window enter the information and click OK The new restriction pop up window displays The DNS Name option allows you to restrict access based on a single DNS name or a subdomain entered in the form of host company com o...

Page 169: ...Directory Services 169 To remove any of the entries highlight the entry in the display list and click Remove ...

Page 170: ...agement After a role is created rights for the role can be selected Users and group objects can now be made members of the role giving the users or group of users the rights granted by the role Rights are managed on the Lights Out Management tab The available rights are ...

Page 171: ... These settings include the options available on the Global Settings Network Settings SNMP Settings and Directory Settings screens of the iLO Web browser Directory Services for eDirectory The following sections provide installation prerequisites preparation and a working example of Directory Services for eDirectory Snap in Installation and Initialization for eDirectory Refer to Snap In Installatio...

Page 172: ...region1 and region2 2 Use the HP provided ConsoleOne snap ins to create Lights Out Management objects in the hp devices organizational unit for several iLO devices a Right click the hp devices organizational unit found in the region1 organizational unit and select New then Object b Select hpqTarget from the list of classes and click OK c Enter an appropriate name and surname in the New hpqTarget d...

Page 173: ...2 and rib app server in hp devices under region2 3 Use the HP provided ConsoleOne snap ins to create HP Role objects in the roles organizational units a Right click the roles organizational unit found in the region2 organizational unit and select New then Object b Select hpqRole from the list of classes and click OK c Enter an appropriate name in the New hpqRole dialog box In this example the role...

Page 174: ...soleOne snap ins to assign rights to the role and associate the roles with users and devices a Right click on the remoteAdmins role in the roles organizational unit in the region1 organizational unit and select Properties b Select the Role Managed Devices subtab of the HP Management tab and click Add c Using the Select Objects dialog box browse to the hp devices organizational unit in the region1 ...

Page 175: ...n this example the users in the remoteAdmins role will be given full access to the iLO functionality Select the boxes next to each right and click Apply Click Close to close the property sheet 5 Using the same procedure as in step 4 edit the properties of the remoteMonitors role a Add the three iLO devices within hp devices under region1 to the Managed Devices list on the Role Managed Devices subt...

Page 176: ...s Out Management object used in this example use settings similar to the following on the Directory Settings screen NOTE Commas not periods are used in LDAP distinguished names to separate each component RIB Object DN cn rib email server ou hp devices ou region1 o samplecorp Directory User Context 1 ou users o samplecorp For example user CSmith located in the users organizational unit within the s...

Page 177: ...le Managed Devices The Role Managed Devices subtab under the HP Management tab is used to add the HP devices to be managed within a role Clicking Add allows you to browse to the specific HP device and add it as a managed device ...

Page 178: ...ing Add allows you to browse to the specific user you want to add Highlighting an existing user and clicking Delete removes the user from the list of valid members Role Restrictions The Role Restrictions subtab allows you to set login restrictions for the role These restrictions include Time Restrictions IP Network Address Restrictions IP Mask ...

Page 179: ...79 IP Range DNS Name eDirectory Role Restrictions The Role Restrictions subtab allows you to set login restrictions for the role These restrictions include Time Restrictions IP Network Address Restrictions IP Mask IP Range ...

Page 180: ...e for logon for each day of the week in half hour increments You can change a single square by clicking it or a section of squares by clicking and holding the mouse button dragging the cursor across the squares to be changed and releasing the mouse button The default setting is to allow access at all times Enforced Client IP Address or DNS Name Access Access can be granted or denied to an IP addre...

Page 181: ...striction and click Add 3 In the Add New Restriction pop up window enter the information and click OK The Add New Restriction pop up for the IP Mask option is shown The DNS Name option allows you to restrict access based on a single DNS name or a subdomain entered in the form of host company com or domain company com 4 Click Apply to save the changes To remove any of the entries highlight the entr...

Page 182: ... group of users the rights granted by the role Rights are managed on the Lights Out Management Device Rights subtab of the HP Management tab The available rights are Login This option controls whether users can to log in to the associated devices Login access can be used to create a user who is a service provider and who receives alerts from the board but does not have login access to the RILOE II...

Page 183: ...t the server or power it down Administer Local User Accounts This option allows the user to administer accounts The user can modify their account settings modify other user account settings add users and delete users Administer Local Device Settings This option allows the user to configure the RILOE II board settings These settings include the options available on the Global Settings Network Setti...

Page 184: ...rectory Authentication on page 351 Enable Local User Accounts on page 351 Directory Server Address on page 351 Directory Server LDAP Port LOM Object Distinguished Name on page 351 LOM Object Password on page 351 NOTE At this time the LOM Object Password field is not used This field is to provide forward compatibility with future firmware releases ...

Page 185: ...ext 1 Directory User Context 2 Directory User Context 3 on page 352 Click Apply Settings to save any changes To test the communication between the directory server and iLO click Test Settings Refer to Testing Directory Settings on page 352 for additional information ...

Page 186: ...186 User Guide Integrated Lights Out Directory Tests To validate current directory settings for iLO click Test Settings on the Directory Settings page The Directory Tests page will display ...

Page 187: ... be the same account as the directory administrator however the tests will be unable to verify user authentication with a superuser account These credentials are not stored by iLO 3 Click Start Test several tests begin in the background starting with a network ping of the directory user through establishing an SSL connection to the server and evaluating user privileges as they would be evaluated d...

Page 188: ...earchable contexts which are configured within Directory Settings User name form Example John Smith NOTE Directory users specified using the user name form may be located in one of three searchable contexts which are configured within Directory Settings Local users Login ID NOTE On the iLO login page the maximum length of the Login Name is 39 characters for local users For Directory Services users...

Page 189: ...nect to the directory service Without a certificate iLO cannot connect to the directory server Each directory server that you want iLO to connect to must be issued a certificate If you install an Enterprise Certificate Service Active Directory can automatically request and install certificates for all of the Active Directory controllers on the network Installing Certificate Services 1 Select Start...

Page 190: ...stall an enterprise CA because you will be issuing certificates to objects within your organizational domain To verify that certificate services is installed 1 Select Start Programs Administrative Tools Certification Authority 2 If Certificate Services is not installed an error message appears Configuring Automatic Certificate Request To specify that a certificate be issued to the server 1 Select ...

Page 191: ...c Certificate Request Setup wizard starts 9 Select the Domain Controller template and click Next 10 Select the certificate authority listed It is the same CA defined during the Certificate Services installation Click Next 11 Click Finish to close the wizard ...

Page 192: ......

Page 193: ...rvices on page 143 section and comfortable with setting up and understanding the examples Directory enabled remote management allows you to Create Lights Out Management Objects Administrators must create one LOM device object to represent each device that will use the directory service to authenticate and authorize users Refer to the Directory Services on page 143 section for additional informatio...

Page 194: ...ts Out Migration utility HPQLOMIG EXE imports and configures multiple LOM devices HPQLOMIG EXE includes a GUI that provides a step by step approach to implementing or upgrading large numbers of management processors HP recommends using this GUI method when upgrading numerous management processors For more information refer to the Lights Out Directories Migration Utilities on page 205 section HP Li...

Page 195: ...ated directory objects are created Traditional Import Utilities Administrators familiar with tools such as LDIFDE or the NDS Import Export Wizard can use these utilities to import or create many LOM device objects in the directory However administrators must still configure the devices manually as described above but can do so at any time Programmatic or scripting interfaces can also be used to cr...

Page 196: ...authenticate users Using Multiple Roles Most deployments do not require the same user to be in multiple roles managing the same device However these configurations are useful for building complex rights relationships When building multiple role relationships users receive all the rights assigned by every applicable role Roles can only grant rights never revoke them If one role grants a user a righ...

Page 197: ...More advanced rights are assigned through the Admin role which assigns additional rights Server Reset and Remote Console A d m inU se r U se r A d m inR o le S e rve r R o le The Admin role assigns all admin rights Server Reset Remote Console and Login A d m inR o le A d m inU se r U se r R o le S e rve r ...

Page 198: ... Role Restrictions on page 165 or eDirectory Role Restrictions on page 179 Role Restrictions on page 178 sections Role Time Restrictions Administrators can place time restrictions on LOM roles Users are granted the rights specified for the LOM devices listed in the role only if they are members of the role and meet the time restrictions for that role LOM devices use local host time to enforce time...

Page 199: ...ddress bit mask that identifies addresses that are on the same logical network In binary math if the bits of a client machine address added with the bits of the subnet mask match the restriction subnet address then the client machine meets the restriction DNS Based Restrictions DNS based restrictions use the network naming service to examine the logical name of the client machine by looking up mac...

Page 200: ...hrough network proxies Either of these mechanisms can change the apparent network address of the client causing the address restrictions to be enforced in an unexpected manner How Directory Login Restrictions are Enforced Two sets of restrictions potentially limit a directory user s access to LOM devices User access restrictions limit a user s access to authenticate to the directory Role access re...

Page 201: ...ust for relative time The directory server evaluates user time restrictions but the determination can be complicated by time zone changes or authentication mechanism 7 5 6 12 11 10 8 4 2 1 9 3 7 5 6 12 11 10 8 4 2 1 9 3 User Client Workstation Directory Server LOM 7 5 6 12 11 10 8 4 2 1 9 3 User time restrictions are enforced by the directory server 7 5 6 12 11 10 8 4 2 1 9 3 User Address Restrict...

Page 202: ...oles includes restricting one or more roles so that rights do not apply in all situations Other roles provide different rights under different constraints Using multiple restrictions and roles enables the administrator to create arbitrary complex rights relationships with a minimum number of roles For example an organization might have a security policy in which LOM administrators are allowed to u...

Page 203: ...ict it to the corporate network then create another role that grants only the server reset right and restrict it to after hours operation This configuration is easier to manage but more dangerous because on going administration might create another role that grants users from addresses outside the corporate network the login right which could unintentionally grant the LOM administrators in the ser...

Page 204: ... corporate security policy However adding another role that grants the login right can inadvertently grant server reset privileges from outside the corporate subnet after hours A more manageable solution would be to restrict the Reset role as well as the General Use role ...

Page 205: ...nagement processors to support Directories Services The utilities Discover management processors in the network HPQLOMIG only Upgrade the firmware on the management processors to the version that supports Directory Services Name the management processors to identify them in the directory Create objects in the directory corresponding to each management processor and associating them to a role Confi...

Page 206: ...e device object to a role HPQLOMGC can also be launched by itself or from within a script for example a batch file or Perl script Compatibility HPQLOMIG and HPQLOMGC run on Microsoft Windows versions that support the Microsoft NET Framework The Microsoft NET Framework is required Additional information and download of the NET framework can be found at http www microsoft com net Both utilities supp...

Page 207: ...ment snap ins are packaged together in an HP Smart Component To complete the migration of your management processors the schema must be extended and the management snap ins must be installed before the migration tool is run The Smart Component can be found on the HP Lights Out Management website http www hp com servers lights out To install the migration utilities click LDAP Migration Utility in t...

Page 208: ...p to migrating is to discover all management processors you want to enable for directory services You can search for management processors using DNS names IP addresses or IP address wildcards The following rules apply to the variables entered in the Addresses field DNS names IP addresses and IP address wildcards must be delimited with a semicolon The IP address wildcard uses the character in the t...

Page 209: ...ress are completed but those on subsequent network addresses are cancelled To start the process of discovering your management processors 1 Select Start Programs Hewlett Packard HPQLOMIG to start the migration utility 2 Click Next to move past the Welcome screen 3 Enter the variables to perform the management processor search in the Addresses field ...

Page 210: ... from the H http www hp com servers lights out P website Management Processor Minimum Firmware Version RILOE 2 50 RILOE II 1 10 iLO 1 40 The upgrade process might take a long time depending on the number of management processors selected The firmware upgrade of a single management processor can take as long as five minutes to complete If an upgrade fails a message is displayed in the Results colum...

Page 211: ...pgraded simultaneously Network activity is considerable during this process 4 After the upgrade is complete click Next During the firmware upgrade process all buttons are deactivated to prevent navigation You can still close the application using the X at the top right of the screen If the GUI is closed while programming firmware the application will continue to run in the background and complete ...

Page 212: ... more of the following The network address An index A prepend prefix to all An append suffix to all To name the management processors click the Name field and enter the name or 1 Select either Use Network Address or Create Name Using Index 2 Enter text to either prepend or append all names optional 3 Click Generate Names The names display in the Name column as they are generated 4 To change the na...

Page 213: ... to create a device object for each discovered management processor and to associate the new device object to a previously defined role For example the directory defines a user as a member of a role such as administrator who has a collection of privileges on a specific device object such as a RILOE II card The fields in the Configure Directory screen are ...

Page 214: ...e to navigate for the Container and Role DNs The container distinguished name is where the migration utility will create all of the management processor objects in the directory Role DN The role distinguished name is where the role to be associated with the device objects resides and must be created before to running this utility To configure the device objects to be associated with a role 1 Enter...

Page 215: ...ole click Next Setting Up Management Processors for Directories The last step in the migration process is to configure the management processors to communicate with the directory This screen enables you to create user contexts and designate whether or not Directory Support and Local Accounts are enabled ...

Page 216: ...upported For example RILOETEST2 HP in a context field allows the user to log in using jsmith assuming that jsmith is the user s short name To configure the management processors to communicate with the directory 1 Enter the user contexts or click Browse 2 Select whether Directories Support and Local Accounts are enabled or disabled Remote access will be disabled if both Directory Support and Local...

Page 217: ...peration The command line utility is intended to be used in conjunction with Insight Manager 7 and Systems Insight Manager If you are not using Insight Manager 7 or Systems Insight Manager consider using the HPQLOMIG utility The command line mode does not present a GUI and runs unattended This mode is intended to work in conjunction with the Application Launch Application Launch Using Insight Mana...

Page 218: ...et the minimum requirement Upgrading Firmware on Management Processors on page 210 HPQLOMGC upgrades the firmware and resets the management processor After the management processor resets HPQLOMGC begins the next phase 2 The management processor directory settings are updated HPQLOMGC uses the scripting interface to send the directory settings to the management processor 3 The directory is updated...

Page 219: ...he IP address of the management processor is automatically provided The environment variable DEVICEIPADDRESS0 can also be used to specify a network address Use the S switch to override the default behavior If present this switch has precedence over the IP address environment variable DEVICEIPADDRESS0 F filename This switch contains the path of the XML file that has the management processor directo...

Page 220: ...s for the management processor are read from an XML file The script used is a subset of the RIBCL and has been extended to support multiple management processor firmware images For more information concerning RIBCL for your management processor refer to the RILOE RILOE II or iLO user guide The following is an example of an XML file RIBCL VERSION 2 0 LOGIN USER_LOGIN user PASSWORD password DIR_INFO...

Page 221: ...ora MOD_DIR_CONFIG DIR_INFO LOGIN RIBCL ILO_CONFIG RIBCL allows for only one firmware image per XML file The command language for HPQLOMGC has been modified to allow for each management processor to have a specified firmware image within a single XML file These commands must be displayed within a DIR_INFO block and DIR_INFO must be in write mode The management processor is reset after the firmware...

Page 222: ......

Page 223: ...rowser to access While the operating system is running you can establish a connection to iLO using Insight Manager 7 Integration with Insight Manager 7 provides Support for SNMP trap delivery to an Insight Manager 7 console Delivery to an Insight Manager Console can be configured to forward SNMP traps to a pager or email Support for SNMP management Insight Manager 7 is allowed to access the Insigh...

Page 224: ...s Create an association between iLO and its server Create links between iLO and its server View iLO and server information and status Control the amount of detailed information displayed for iLO Draw a visualization of the ProLiant BL p Class rack infrastructure The following sections give a summary of each function For detailed information on these benefits and how to use Insight Manager 7 refer ...

Page 225: ...on represents the status of the management processor For a complete list of device statuses refer to the HP Insight Manager 7 Technical Reference Guide provided with Insight Manager 7 Queries iLO management processors can be queried within Insight Manager 7 The administrator can save and use these queries to create groups of management processors Refer to the HP Insight Manager 7 Technical Referen...

Page 226: ...vice Within the summary page are the status IP address and link for the associated device Configuring Identification of iLO iLO enables you to set how much data is returned on a Systems Insight Manager request for more information The level of data returned is controlled on the SNMP Insight Manager Settings screen The identification data level options are High Associations are present and all data...

Page 227: ... to forward alerts from the host operating system management agents and it can also be configured to send iLO generated alerts to the Insight Manager 7 console Insight Manager 7 provides support for full SNMP management and iLO supports SNMP trap delivery to an Insight Manager 7 console You can view the event log select the event and view the additional information about the alert Configuring rece...

Page 228: ...k Execute Discovery Now to add iLO to Insight Manager 7 The Status section displays the system being updated c After the discovery is complete subsequent queries will display the device as a management processor d You might need to select Edit Device from the Discovery tab and edit the monitor community string for example by changing it to public so that iLO is displayed in the list of monitored d...

Page 229: ...device page Reserved 1 is reserved and should be set to a space Reserved 2 is reserved and should be set to true Reserved 3 is reserved and should be set to false Class Name specifies the name of the Insight Manager 7 Java class that does the processing for the additional management processor port This information should not be changed Example 80 iLO true false compaq ID MgmtProc MgmtProcessorPars...

Page 230: ...nse information of the management processors appears To be sure that this data is current run the device identification task for your management processors Refer to the Insight Manager 7 documentation for additional details about initiating tasks ...

Page 231: ...tion Insight Manager 7 can draw a visualization of the ProLiant BL p Class rack enclosures and servers using information from iLO The SNMP Insight Manager setting for the level of data to be returned must be Medium or High for Insight Manager 7 to draw the visualization ...

Page 232: ...232 User Guide Integrated Lights Out ...

Page 233: ...Systems Insight Manager iLO fully integrates with HP Systems Insight Manager in key operating environments Full integration with Systems Insight Manager also provides a single management console for launching a standard Web browser to access While the operating system is running you can establish a connection to iLO using Systems Insight Manager Integration with Systems Insight Manager provides Su...

Page 234: ...ice page to launch and connect to iLO HP Management Agents iLO combined with HP Management Agents provides remote access to system management information through the iLO Web browser interface Systems Insight Manager Functional Overview Systems Insight Manager enables you to Identify iLO processors Create an association between iLO and its server Create links between iLO and its server View iLO and...

Page 235: ...figure iLO to respond to Systems Insight Manager identification requests System Insight Manager Status In Systems Insight Manager iLO is identified as a management processor Systems Insight Manager displays the management processor status within the systems list The iLO management processor is displayed as an icon in the device list on the same row as its host server The color of the icon represen...

Page 236: ... Web interface Clicking on the hardware status icon takes you to the Insight Management Agents for the device Clicking on the iLO or server name takes you to the System Page of the device Within the System Page are the Identity Links and Event tabs These tabs provide identity and status information event information and links for the associated device System Insight Manager Systems Lists iLO manag...

Page 237: ...of the iLO navigation frame to enable SNMP alerting and to provide an SNMP trap IP address to iLO This IP address should be the address of the computer running Systems Insight Manager Refer to the Enabling SNMP Alerts on page 96 section for details 2 To discover iLO in Systems Insight Manager configure iLO as a managed device for Systems Insight Manager Adding iLO to Systems Insight Manager allows...

Page 238: ...ment of iLO Refer to Installing iLO Device Drivers on page 24 for additional details about installing and configuring agents System Insight Manager Port Matching Systems Insight Manager is configured to start an HTTP session to check for iLO at port 80 The port can be changed If you want to change the port number you must also change it in Network Settings and Systems Insight Manager To change the...

Page 239: ...n for additional details about initiating tasks System Insight Manager ProLiant BL p Class Rack Visualization HP System Insight Manager provides comprehensive management of ProLiant BL p Class server blades HP System Insight Manager enables systems administrators to quickly identify hardware failures isolate and update systems running out of date system software and easily access onboard managemen...

Page 240: ......

Page 241: ...and prompt for batch processing This utility can be downloaded from the HP website http h18004 www1 hp com support files lights out us index html Version 2 20 or later of CPQLOCFG EXE is required to configure iLO Directory Settings using RIBCL scripts Insight Manager 7 and System Insight Manager discover iLO devices as management processors The Lights Out Configuration Utility sends a RIBCL file t...

Page 242: ...IBCL section Remote Insight Command Language on page 269 for a complete listing of errors Group Administration Using the Lights Out Configuration Utility The IT administrator can manage multiple iLO processors through Insight Manager 7 The components of Group Administration are Insight Manager 7 RIBCL Remote Insight Command Language on page 269 Lights Out Configuration Utility on page 241 Query De...

Page 243: ... window If a query category exists proceed to step 7 otherwise proceed to step 5 5 Click New to create a new category For this example the name of the new category is RIB Cards Click Create Category 6 Click Queries to return to the Device Queries screen 7 Click New within the appropriate query category to open the Create Edit Query screen where the query definition is created 8 Define the query na...

Page 244: ...Out Configuration Utility in the area provided If the CPQLOCFG EXE file is in the root directory of the C drive then the path is C cpqlocfg exe 6 Enter the parameters in the area provided Insight Manager 7 requires the following parameters for the Lights Out Configuration Utility F is the full path of the RIBCL file name V is the verbose message optional If the RIBCL file is in the root directory ...

Page 245: ...s 1 Creating a customized list 2 Creating a custom command 3 Creating a task Create a Customized List A customized list allows you to create a list of a group of management processors and run a task on that list To create a customized list 1 In the Systems List pane in the left window click Customize 2 In the Customize Lists window select System List using the Show dropdown menu and click New List...

Page 246: ...t the custom command from the Tools Custom Commands dropdown menu The Target Selection page is displayed 2 Choose targets by selecting either All systems in the list Selecting an option in the drop down menu automatically targets all systems in that list Individual systems in the list Selecting an option in the drop down menu displays the available systems for the selected list Select the target s...

Page 247: ...The following example shows a sample batch file that can be used to perform the Group Administration for iLO REM Updating the Integrated Lights Out board REM Repeat line for each board to be updated REM CPQLOCFG S RIB1 F C SCRIPT XML L RIB1LOG TXT V CPQLOCFG S RIB2 F C SCRIPT XML L RIB2LOG TXT V CPQLOCFG S RIB3 F C SCRIPT XML L RIB3LOG TXT V RIBNLOG S RIBN F C SCRIPT XML L LOGFILE TXT V The Lights...

Page 248: ...ith the DNS name or the IP address is created in the same directory used to launch CPQLOCFG Do not use this switch if launching from Insight Manager 7 or Systems Insight Manager NOTE The L parameter cannot designate an output log file A default log file named with the DNS name or the IP address is created in the same directory where CPQLOCFG is launched V is the optional switch that turns on the v...

Page 249: ...ODOS is a DOS only tool that requires MS DOS 6 22 CPQLODOS can also be executed from a DOS bootable diskette or a PXE diskette image as part of the SmartStart Scripting Tool kit Lights Out scripting is not supported on Linux operating systems or when using the Novell NetWare Client This utility does not require a user ID or password because it is executed locally CPQLODOS enables you to configure ...

Page 250: ...delines An opening command opens a database The database remains open until the matching closing command is sent All changes made within a single command block are applied simultaneously when the database is closed Any errors within the block cause the enclosed changes to be discarded An example of an opening command and its matching closing command are USER_INFO USER_INFO In all examples the open...

Page 251: ...stored in the iLO management processor board and displays the names login names and security mask information GET_NICCONFIG Retrieves and displays the NIC settings stored in the iLO management processor GET_DHCPCONFIG Retrieves and displays the DHCP settings stored in the iLO management processor GET_DIRCONFIG Retrieves and displays the DIRECTORY settings in the iLO management processo WRITE_XML p...

Page 252: ...ADD_USER SET_LICENSE on page 254 CPQLODOS This command is used to start and end a CPQLODOS session It can be used only once in a script and it must be the first and last statement in an XML script Example CPQLODOS VERSION 2 0 CPQLODOS CPQLODOS Parameter VERSION is a numeric string that indicates the version of CPQLODOS necessary to process this script The VERSION string is compared to the version ...

Page 253: ...nsitive can be any valid string and has a maximum length of 39 characters The string must never be blank PASSWORD is the password associated with the user This parameter is case sensitive and can be a combination of any printable characters The length is user defined and can be a minimum of zero characters and a maximum of 39 characters The minimum length is defined in the iLO Global Settings and ...

Page 254: ...tures are activated by default Example SET_LICENSE LICENSE_KEY VALUE 12345ABCDE12345FGHIJ12345 SET_LICENSE SET_LICENSE Parameter LICENSE_KEY is the text value of the iLO Advanced Pack activation key This is a 25 byte alphanumeric string Do not include any hyphens or spaces in the string SET_LICENSE Runtime Errors The possible SET_LICENSE error messages include License key error License is already ...

Page 255: ... scripting in conjunction with the Lights Out XML scripting language Perl scripts require a valid user ID and password with appropriate privileges Sample XML scripts for Lights Out devices and a sample Perl script are available on the HP website http www hp com servers lights out in the Best Practices section XML Enhancements Previous versions of iLO firmware do not return properly formatted XML s...

Page 256: ...ML script the tag should be placed before RIBCL version 2 0 If you are using the Perl script provided by HP then the bold line in the following example can be added to return properly formatted XML syntax Perl script modification Open the SSL connection and the input file my client new IO Socket SSL new PeerAddr host open F file die Can t open file n Send the XML header and begin processing the fi...

Page 257: ...shift my ctx ssl sin ip nip if not ip inet_aton host sin sockaddr_in 443 ip ctx Net SSLeay CTX_new or die_now ERROR Failed to create SSL_CTX Net SSLeay set_fd ssl fileno S print host is a DNS Name performing lookup n if debug ip gethostbyname host or die ERROR Host hostname not found n nip inet_ntoa ip print STDERR Connecting to nip 443 n socket S AF_INET SOCK_STREAM 0 or die ERROR socket connect ...

Page 258: ...hed the first line of script sent must be an XML document header which tells the device s HTTPS Web server that the following content is an XML script The header must match the header used in the example exactly After the header has been completely sent the remainder of the script can be sent In this example the script is sent all at once For example sends the xmlscript script to host returns repl...

Page 259: ...READ lastreply n if debug if 1 eq 0x0000 print STDERR 3 n if 3 else print STDERR ERROR STATUS 1 MESSAGE 2 n reply lastreply closeSSLconnection ssl return reply PERL scripts can also send a portion of the XML script wait for the reply and send more XML later Using this technique it is possible to use the reply produced by an earlier command as input to a later command However the PERL script must s...

Page 260: ...XML scripts cannot contain the update firmware command which requires extra work on the part of the PERL script to open the file containing the firmware image and send it to the device Only one XML document is allowed per connection which means one pair of RIBCL tags The device will not accept additional XML tags after a syntax error occurs To send additional XML a new connection must be establish...

Page 261: ...OE II from the host The utility runs in a command line mode and must be executed from the operating system administrator or root context HPONCFG takes RIBCL scripts and passes them to the iLO in the host system instead of over the network HPONCFG replaces the control panel applet used with RILOE You can download HPONCFG from the HP website http h18004 www1 hp com support files lights out us index ...

Page 262: ...e loaded on the server This file is automatically loaded along with the HP Insight Management Agents During execution HPONCFG will display an error message if the sm2user dll file cannot be found This file can be installed separately from the component HP Insight Management Agents for Windows 2000 or Windows Server 2003 component number CP003732 which can be downloaded as a part of the ProLiant Su...

Page 263: ...ity to extract all of the files The package contains the following files hponcfg 1 0 rh72 0 1 i386 rpm RPM package for Red Hat 7 2 hponcfg 1 0 rh73 0 1 i386 rpm RPM package for Red Hat 7 3 hponcfg 1 0 rh8 0 1 i386 rpm RPM package for Red Hat 8 0 hponcfg 1 0 sles7 0 1 i386 rpm RPM package for SLES 7 hponcfg 1 0 ul10 0 1 i386 rpm RPM package for United Linux 1 0 3 Install the appropriate package usi...

Page 264: ...s HPONCFG accepts the following command line parameters help or Displays the help page reset Resets the RILOE II or iLO to factory default values f filename Sets the RILOE II or iLO configuration from the information given in the XML input file that has name filename w filename Writes the RILOE II or iLO configuration obtained from the device to the XML output file that has name filename l filenam...

Page 265: ...or security reasons If completed successfully HPONCFG indicates that it obtained the data and generated the output file as requested The sample configuration file was generated using the following command HPONCFG w config xml The following is a typical configuration output file HPONCFG VERSION 2 0 Generated 04 15 04 15 20 36 MOD_DIR_CONFIG DIR_AUTHENTICATION_ENABLED VALUE N DIR_LOCAL_USER_ACCT VAL...

Page 266: ... 0 0 0 0 GATEWAY 0 0 0 0 STATIC_ROUTE_3 DEST 0 0 0 0 GATEWAY 0 0 0 0 MOD_NETWORK_SETTINGS ADD_USER USER_NAME Administrator USER_LOGIN Administrator PASSWORD ADD_USER ADD_USER USER_NAME supervisor USER_LOGIN supervisor PASSWORD ADD_USER RESET_RIB VALUE Y HPONCFG Creating a User Account If iLO user credentials are unknown an account on iLO can be created using HPONCFG HPONCFG runs from the host oper...

Page 267: ...ivileges RIBCL version 2 0 LOGIN USER_LOGIN Administrator PASSWORD password USER_INFO MODE write ADD_USER USER_NAME Adam Smith USER_LOGIN Adam PASSWORD password ADMIN_PRIV N REMOTE_CONS_PRIV Y RESET_SERVER_PRIV Y VIRTUAL_MEDIA_PRIV Y CONFIG_ILO_PRIV N ADD_USER USER_INFO LOGIN RIBCL ...

Page 268: ......

Page 269: ...3 LOGIN 274 USER_INFO 275 ADD_USER 276 DELETE_USER 279 GET_USER 280 MOD_USER 281 GET_ALL_USERS 284 GET_ALL_USER_INFO 285 RIB_INFO 286 RESET_RIB 287 GET_NETWORK_SETTINGS 288 MOD_NETWORK_SETTINGS 289 GET_GLOBAL_SETTINGS 293 MOD_GLOBAL_SETTINGS 294 GET_SNMP_IM_SETTINGS 298 MOD_SNMP_IM_SETTINGS 299 CLEAR_EVENTLOG 301 UPDATE_RIB_FIRMWARE 302 GET_FW_VERSION 303 HOTKEY_CONFIG 304 LICENSE 305 DIR_INFO 307...

Page 270: ... the Remote Insight Board Command Language The Remote Insight Board Command Language enables you to write scripts to manage user accounts and to configure settings IMPORTANT Comments should not interrupt a command If they do an error message will be generated RIBCL and ProLiant BL p Class Servers The Remote Insight Command Language section describes the XML commands and their parameters common to ...

Page 271: ...rent kinds of information An opening command opens a database The database remains open until the matching closing command is sent All changes made within a single command block are applied simultaneously when the database is closed Any errors within the block cause the enclosed changes to be discarded An example of an opening command and its matching closing command are as follows USER_INFO USER_...

Page 272: ...ing A specific string is one that is required to contain certain characters In general you have a choice of words that are accepted as correct syntax and all other words produce an error Boolean String A Boolean string is a specific string that specifies a yes or no condition Acceptable Boolean strings are yes y no n true t false and f These strings are not case sensitive Response Definitions Ever...

Page 273: ...ion You can use it only once to start an RIBCL session and it must be the first command to display in the script The RIBCL tags are required to mark the beginning and the end of the RIBCL document Example RIBCL VERSION 2 0 RIBCL RIBCL Parameter VERSION is a string that indicates the version of the RIBCL that the client application is expecting to use The VERSION string is compared to the version o...

Page 274: ...ASSWORD password LOGIN Alternatively the CPQLOCFG utility can specify the login information as parameters on its command line cpqlocfg u username p password When using this format the utility returns an Overriding credentials warning message but still shows the error log message entry as Login name must not be blank LOGIN Parameters USER_LOGIN is the login name of the user account This parameter i...

Page 275: ...O command generates a response that indicates to the host application whether the database was successfully read or not If database is open for writing by another application then this call will fail Example USER_INFO MODE write USER_INFO commands USER_INFO USER_INFO Parameter MODE is a specific string parameter with a maximum length of 10 characters that specifies what you intend to do with the i...

Page 276: ... 0 LOGIN USER_LOGIN loginname PASSWORD password USER_INFO MODE write ADD_USER USER_NAME User USER_LOGIN username PASSWORD password ADMIN_PRIV value No REMOTE_CONS_PRIV value Yes RESET_SERVER_PRIV value No VIRTUAL_MEDIA_PRIV value No CONFIG_ILO_PRIV value No ADD_USER USER_INFO LOGIN RIBCL ADD_USER Parameters USER_NAME is the actual name of the user This parameter can be a combination of any printab...

Page 277: ...y manipulate the server power setting This parameter is optional and the Boolean string must be set to Yes if the user should have this privilege If this parameter is used the Boolean string value must never be left blank Omitting this parameter prevents the user from manipulating the server power settings VIRTUAL_MEDIA_PRIV is a Boolean parameter that gives the user permission to access the virtu...

Page 278: ...ILO_PRIV is a Boolean parameter that allows the user to copy a new firmware image into the iLO system ROM This parameter is optional and the Boolean string must be set to Yes if the user should be allowed to configure iLO If this parameter is used the Boolean string value must never be blank CONFIG_RACK_PRIV is a Boolean parameter that gives the user permission to configure and manage the server r...

Page 279: ...e DELETE_USER command is used to remove an existing local user s account The USER_LOGIN parameter must exist in the current user database For this command to parse correctly the command must appear within a USER_INFO command block and USER_INFO MODE must be set to write The user must have the administrative privilege Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password USER_INFO ...

Page 280: ...rrent user database For this command to parse correctly the command must appear within a USER_INFO command block and USER_INFO MODE can be in read or write The user must have the administrative privilege to retrieve other user accounts else the user can only view their individual account information Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password USER_INFO MODE read GET_USER...

Page 281: ...The MOD_USER command is used to modify an existing local user s account The USER_LOGIN parameter must exist in the current user database For this command to parse correctly the command must appear within a USER_INFO command block and USER_INFO MODE must be set to write The user must have the administrative privilege A user without the administrative privilege can only modify their individual accou...

Page 282: ...ever be blank PASSWORD is the password associated with the user This parameter is case sensitive and can be a combination of any printable characters The length is user defined and can be a minimum of zero characters and a maximum of 39 characters The minimum length is defined in the iLO Global Settings and has a default value of eight characters ADMIN_PRIV is a Boolean parameter that allows the u...

Page 283: ... left blank Omitting this parameter denies the user virtual media privileges CONFIG_ILO_PRIV is a Boolean parameter that allows the user to configure iLO settings This privilege includes network settings global settings Insight Manager settings and SNMP settings This parameter is optional and the Boolean string must be set to Yes if the user should have this privilege If this parameter is used the...

Page 284: ...trieve all user accounts Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password USER_INFO MODE read GET_ALL_USERS USER_INFO LOGIN RIBCL GET_ALL_USERS Parameters None GET_ALL_USERS Runtime Error The possible GET_ALL_USERS error messages include User does not have correct privilege for action ADMIN_PRIV required GET_ALL_USERS Return Messages A possible GET_ALL_USERS return message is...

Page 285: ...will return all local users information in the user database excluding passwords For this command to parse correctly the command must appear within a USER_INFO command block and USER_INFO MODE can be in read or write The user must have administrative privilege to execute this command LOGIN USER_LOGIN adminname PASSWORD password GET_ALL_USER_INFO Example RIBCL VERSION 2 0 USER_INFO MODE read GET_AL...

Page 286: ... A possible unsuccessful request is RESPONSE STATUS 0x0001 MSG Error Message RIB_INFO The RIB_INFO command can only appear within a LOGIN command block When the command is parsed it reads the iLO configuration information database into memory and prepares to edit it Only commands that are RIB_INFO type commands are valid inside the RIB_INFO command block The RIB_INFO command generates a response t...

Page 287: ... iLO information RIB_INFO Runtime Errors None RESET_RIB The RESET_RIB command is used to reset iLO For this command to parse correctly the command must appear within a RIB_INFO command block and RIB_INFO MODE can be set to read or write The user must have the configure iLO privilege to execute this command Example RIBCL VERSION 2 0 LOGIN USER_LOGIN Admin PASSWORD Password RIB_INFO MODE write RESET...

Page 288: ...INFO MODE can be set to read or write Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password RIB_INFO MODE read GET_NETWORK_SETTINGS RIB_INFO LOGIN RIBCL GET_NETWORK_SETTINGS Parameters None GET_NETWORK_SETTINGS Runtime Errors None GET_NETWORK_SETTINGS Return Messages A possible GET_NETWORK_SETTINGS return message is GET_NETWORK_SETTINGS SPEED_AUTOSELECT VALUE Y NIC_SPEED VALUE 100...

Page 289: ...SE STATUS 0x0001 MSG Error Message MOD_NETWORK_SETTINGS MOD_NETWORK_SETTINGS is used to modify network settings For this command to parse correctly the command must appear within a RIB_INFO command block and RIB_INFO MODE must be set to write The user must have the configure iLO privilege to execute this command iLO scripting firmware does not attempt to decipher if the network modifications are a...

Page 290: ...lue Yes DHCP_ENABLE value Yes IP_ADDRESS value 192 168 132 25 SUBNET_MASK value 255 255 0 0 GATEWAY_IP_ADDRESS value 192 168 132 2 DNS_NAME value demorib DOMAIN_NAME value internal net DHCP_GATEWAY value No DHCP_DNS_SERVER value No DHCP_WINS_SERVER value No DHCP_STATIC_ROUTE value No REG_WINS_SERVER value No REG_DDNS_SERVER value No PING_GATEWAY value Yes PRIM_DNS_SERVER value 192 168 12 14 SEC_DN...

Page 291: ...eter is used the Boolean string value must never be left blank The possible values are Yes or No It is case insensitive FULL_DUPLEX is used to decide if the iLO is to support full duplex or half duplex mode It is only applicable if SPEED_AUTOSELECT was set to No The possible values are Yes or No It is case insensitive NIC_SPEED is used to set the transceiver speed if SPEED_AUTOSELECT was set to No...

Page 292: ... or No It is case sensitive This selection is only valid if DHCP is enabled REG_WINS_SERVER specifies if the iLO must be register with the WINS server The possible values are Yes or No It is case sensitive This selection is only valid if DHCP is enabled PRIM_DNS_SERVER specifies the IP address of the primary DNS server This parameter is only relevant if the DHCP assigned DNS server address feature...

Page 293: ...ered the current value is deleted GATEWAY specifies the gateway IP addresses of the static route This parameter is only relevant if the DHCP assigned static route feature is disabled If an empty string is entered the current value is deleted WEB_AGENT_IP_ADDRESS specifies the address for the Web enabled agents If an empty string is entered the current value is deleted MOD_NETWORK_SETTINGS Runtime ...

Page 294: ...TP_PORT VALUE 80 REMOTE_CONSOLE_PORT VALUE 23 TERMINAL_SERVICES_PORT VALUE 3389 VIRTUAL_MEDIA_PORT VALUE 17988 MIN_PASSWORD VALUE 8 REMOTE_KEYBOARD_MODEL VALUE US SSH_PORT value 22 SSH_STATUS value YES SERIAL_CLI_STATUS value 3 SERIAL_CLI_SPEED value 1 GET_GLOBAL_SETTINGS This reply differs from RILOE II MOD_GLOBAL_SETTINGS MOD_GLOBAL_SETTINGS is used to modify global settings For this command to ...

Page 295: ...S VIRTUAL_MEDIA_PORT value 55 SSH_PORT value 22 SSH_STATUS value YES SERIAL_CLI_STATUS value 3 SERIAL_CLI_SPEED value 1 MOD_GLOBAL_SETTINGS RIB_INFO LOGIN MOD_GLOBAL_SETTINGS Parameters All of the following parameters are optional If a parameter is not specified then the parameter value for the specified setting is preserved SESSION_TIMEOUT determines the maximum session timeout value in minutes T...

Page 296: ...less a remote console session is started 3 Enabled The remote console port is always enabled This will allow remote console and telnet sessions to be utilized REMOTE_CONSOLE_ENCRYPTION determines if remote console data encryption is enabled or disabled The possible values are Yes and No PASSTHROUGH_CONFIG determines the behavior of a Microsoft Terminal Services client The possible values are 0 No ...

Page 297: ...S Belgian British Danish Finnish French French Canadian German Italian Japanese Latin American Portuguese Spanish Swedish Swiss French Swiss German SSH_PORT specifies the port used for SSH connection on iLO The processor must be reset if this value is changed SSH_STATUS determines if SSH is enabled The valid value are Yes or No which enables or disables SSH functionality SERIAL_CLI_STATUS specifie...

Page 298: ...IV required Unrecognized keyboard model GET_SNMP_IM_SETTINGS The GET_SNMP_IM_SETTINGS command requests the respective iLO SNMP IM settings For this command to parse correctly the GET_SNMP_IM_SETTINGS command must appear within a RIB_INFO command block and RIB_INFO MODE can be set to read or write GET_SNMP_IM_SETTINGS Parameters None GET_SNMP_IM_SETTINGS Runtime Errors None GET_SNMP_IM_SETTINGS Ret...

Page 299: ...ODE must be set to write The user must have the configure iLO privilege to execute this command Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password RIB_INFO MODE write MOD_SNMP_IM_SETTINGS WEB_AGENT_IP_ADDRESS value 192 168 125 120 SNMP_ADDRESS_1 value 192 168 125 121 SNMP_ADDRESS_2 value 192 168 125 122 SNMP_ADDRESS_3 value 192 168 125 123 OS_TRAPS value Yes RIB_TRAPS value No ...

Page 300: ...raps that are generated by the RIB The possible values are Yes and No By default the value is set to No SNMP_PASSTHROUGH_STATUS determines if iLO can receive send SNMP request from to the host OS By default the value is set to Yes CIM_SECURITY_MASK accepts an integer between 0 and 4 The possible values are 0 No change 1 None No data is returned 2 Low Name and status data are returned Associations ...

Page 301: ... a RIB_INFO command block and RIB_INFO MODE must be set to write The user must have the configure iLO privilege to execute this command Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password RIB_INFO MODE write CLEAR_EVENTLOG RIB_INFO LOGIN RIBCL CLEAR_EVENTLOG Parameters None CLEAR_EVENTLOG Runtime Errors The possible CLEAR_EVENTLOG error messages are RIB information is open for r...

Page 302: ...SWORD password RIB_INFO MODE write UPDATE_RIB_FIRMWARE IMAGE_LOCATION C ILO140 BIN RIB_INFO LOGIN RIBCL UPDATE_RIB_FIRMWARE Parameters IMAGE_LOCATION takes the full path file name of the firmware upgrade file UPDATE_RIB_FIRMWARE Runtime Errors The possible UPDATE_RIB_FIRMWARE error messages include RIB information is open for read only access Write access is required for this operation Unable to o...

Page 303: ...d RIB_INFO MODE must be set to write The user must have the configure iLO privilege to execute this command RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password RIB_INFO MODE read GET_FW_VERSION RIB_INFO LOGIN RIBCL GET_FW_VERSION Parameters None GET_FW_VERSION Runtime Errors None GET_FW_VERSION Return Messages The following information is returned within the response GET_FW_VERSION FIRM...

Page 304: ...ifying a blank string removes the current value Refer to the Supported Hot Keys section for a complete list of supported hotkeys Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password RIB_INFO MODE write HOTKEY_CONFIG CTRL_T value CTRL ALT ESC CTRL_U value L_SHIFT F10 F12 CTRL_V value CTRL_Y value CTRL_X value CTRL_Y value HOTKEY_CONFIG RIB_INFO LOGIN RIBCL HOTKEY_CONFIG Parameters...

Page 305: ...TRL_X CTRL ALT ESC Up to five keystrokes can be configured for each hot key CTRL_Y specifies settings for the CTRL_Y hot key The settings must be separated by commas For example CTRL_Y CTRL ALT ESC Up to five keystrokes can be configured for each hot key HOTKEY_CONFIG Runtime Errors The possible HOTKEY_CONFIG error messages include RIB information is open for read only access Write access is requi...

Page 306: ...LO advanced pack licensing KEY specifies the license key value The key should be entered as one continuous string Commas periods or other characters should not separate the key value The key will only accept 25 characters other characters entered to separate key values will be interpreted as a part of the key and result in the wrong key being entered DEACTIVATE signals the deactivation of the iLO ...

Page 307: ...ication then this call will fail Example DIR_INFO MODE read DIR_INFO commands DIR_INFO DIR_INFO Parameters MODE is a specific string parameter with a maximum length of 10 characters that specifies what you intend to do with the information Valid arguments are read and write Write mode enables both reading and writing of directory information Read mode prevents modification of directory information...

Page 308: ...NFIG Return Messages A possible GET_DIR_CONFIG return message is GET_DIR_CONFIG DIR_AUTHENTICATION_ENABLED VALUE Y DIR_LOCAL_USER_ACCT VALUE Y DIR_SERVER_ADDRESS VALUE server1 hprib labs DIR_SERVER_PORT VALUE 636 DIR_OBJECT_DN VALUE CN SERVER1_RIB OU RIB DC HPRIB DC LABS DIR_USER_CONTEXT1 VALUE CN Users0 DC HPRIB0 DC LABS DIR_USER_CONTEXT2 VALUE CN Users1 DC HPRIB1 DC LABS DIR_USER_CONTEXT3 VALUE ...

Page 309: ...lue 16 141 100 44 DIR_SERVER_PORT value 636 DIR_OBJECT_DN value CN server1_rib OU RIB DC HPRIB DC LABS DIR_OBJECT_PASSWORD value password DIR_USER_CONTEXT_1 value CN Users DC HPRIB DC LABS MOD_DIR_CONFIG DIR_INFO LOGIN RIBCL MOD_DIR_CONFIG Parameters All of the following parameters are optional If a parameter is not specified then the parameter value for the specified setting is preserved DIR_AUTH...

Page 310: ...ot be located using the first path then the parameters specified in the second and third paths are used The values for these parameters are obtained from the directory administrator Directory User Contexts are limited to 128 characters each MOD_DIR_CONFIG Runtime Errors The possible MOD_DIR_CONFIG error messages include Directory information is open for read only access Write access is required fo...

Page 311: ...on of rack infrastructure information RACK_INFO Runtime Errors The possible RACK_INFO error messages include Invalid Mode Server is not a rack server rack commands do not apply MOD_BLADE_RACK MOD_BLADE_RACK command is used to modify the rack infrastructure settings For this command to parse properly the MOD_BLADE_RACK command must appear within a RACK_INFO command block and RACK_INFO MODE must be ...

Page 312: ...rs up to a maximum length of 31 characters BAY_NAME is the name used to identifying a particular ProLiant BL class server This parameter can be a combination of any printable characters up to a maximum length of 31 characters FACILITY_PWR_SOURCE determines the source of power for the blade servers A value of Yes directs the server to use facility power and a value of No directs the server to use t...

Page 313: ...ion CONFIG_ILO_PRIV required GET_DIAGPORT_SETTINGS The GET_DIAGPORT_SETTINGS command requests the respective iLO diagnostic port settings For this command to parse correctly the GET_DIAGPORT_SETTINGS command must appear within a RACK_INFO command block and RACK_INFO MODE can be set to read or write Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password RACK_INFO MODE read GET_DIAGP...

Page 314: ...ettings on iLO For this command to parse correctly the MOD_DIAGPORT_SETTINGS command must appear within a RACK_INFO command block and RACK_INFO MODE must be set to write The user must have the configure iLO privilege to execute this command Example RIBCL VERSION 2 0 LOGIN USER_LOGIN username PASSWORD password MOD_DIAGPORT_SETTINGS DP_SPEED_AUTOSELECT value No DP_FULL_DUPLEX value Yes DP_IP_ADDRESS...

Page 315: ...or the iLO Diagnostic Port If an empty string is entered the current address is unchanged The expected format is XXX XXX XXX XXX DP_SUBNET_MASK is used to select the subnet mask for the iLO Diagnostic Port If an empty string is entered the current address is unchanged The expected format is XXX XXX XXX XXX The iLO management processor will be rebooted to apply the changes after the script has comp...

Page 316: ...B ADDR 0xAA55 MFG 232 PROD_ID NNN SER 123 NAME Power_1 LEFT RIGHT ADDR 0xAB66 SER 123 NAME Server_1 ICMB ICMB ADDR 0xAB66 MFG 232 PROD_ID NNN SER 456 NAME Server_1 LEFT ADDR 0xAA55 SER 123 NAME Power_1 RIGHT ADDR 0xAC77 SER 123 NAME Power_2 ICMB ICMB ADDR 0xAC77 MFG 232 PROD_ID NNN SER 789 NAME Power_2 RIGHT ICMB RK_TPLGY SERVER_INFO The SERVER_INFO command can only appear within a LOGIN command b...

Page 317: ...nd modifying of server functionality Read mode prevents modification of server functionality SERVER_INFO Runtime Errors None RIBCL VERSION 2 0 GET_HOST_POWER_STATUS The GET_HOST_POWER_STATUS command requests the power state of the server For this command to parse correctly the GET_HOST_POWER_STATUS command must appear within a SERVER_INFO command block and SEVER_INFO MODE can be set to read or wri...

Page 318: ... within the response GET_HOST_POWER HOST POWER OFF SET_HOST_POWER The SET_HOST_POWER command is used to toggle the power button of server For this command to parse correctly the SET_HOST_POWER command must appear within a SERVER_INFO command block and SERVER_INFO MODE must be set to write The user must have the virtual power and reset privilege to execute this command Example LOGIN USER_LOGIN admi...

Page 319: ... server Host power is already ON Host power is already OFF User does not have correct privilege for action RESET_SERVER_PRIV required RESET_SERVER The RESET_SERVER command resets the server if the server is turned on For this command to parse correctly the SET_HOST_POWER command must appear within a SERVER_INFO command block and SERVER_INFO MODE must be set to write The user must have the virtual ...

Page 320: ...n RESET_SERVER_PRIV required PRESS_PWR_BTN This PRESS_PWR_BTN command is used to toggle server power For this command to parse correctly the PRESS_PWR_BTN command must appear within a SERVER_INFO command block and SERVER_INFO MODE must be set to write The user must have the virtual power and reset privilege to execute this command Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD passw...

Page 321: ...to parse correctly the HOLD_PWR_BTN command must appear within a SERVER_INFO command block and SERVER_INFO MODE must be set to write The user must have the virtual power and reset privilege to execute this command Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password SERVER_INFO MODE write HOLD_PWR_BTN SERVER_INFO LOGIN RIBCL HOLD_PWR_BTN Parameters There are no parameters for thi...

Page 322: ...E must be set to write The user must have the virtual power and reset privilege to execute this command Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password COLD_BOOT_SERVER SERVER_INFO LOGIN RIBCL COLD_BOOT_SERVER Parameters There are no parameters for this command COLD_BOOT_SERVER Runtime Errors The possible error messages include Server information is open for read only access...

Page 323: ...ERVER_INFO MODE write WARM_BOOT_SERVER SERVER_INFO LOGIN RIBCL WARM_BOOT_SERVER Parameters There are no parameters for this command WARM_BOOT_SERVER Runtime Errors The possible error messages include Server information is open for read only access Write access is required for this operation Host power is already OFF User does not have correct privilege for action RESET_SERVER_PRIV required GET_UID...

Page 324: ... The following information is returned within the response GET_UID_STATUS UID OFF UID_CONTROL The UID_CONTROL command toggles the server UID For this command to parse correctly the UID_CONTROL command must appear within a SERVER_INFO command block and SEVER_INFO MODE must be set to write Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password SERVER_INFO MODE write UID_CONTROL UID Y...

Page 325: ...The INSERT_VIRTUAL_MEDIA command must display within a RIB_INFO element and RIB_INFO must be in write mode Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password RIB_INFO MODE write INSERT_VIRTUAL_MEDIA FLOPPY IMAGE_URL http servername path to file RIB_INFO LOGIN RIBCL INSERT_VIRTUAL_MEDIA Parameters DEVICE specifies the Virtual Media device target The possible values are FLOPPY or...

Page 326: ...e Examples http john abc123 imgserver company com disk win98dos b in cgi bin hpvfhelp pl http imgserver company com disk boot m bin This command only specifies the location of the image to be used For the image to be connected to the server the appropriate BOOT_OPTION must be specified using the SET_VM_STATUS command If BOOT_OPTION is set to BOOT_ONCE and the server is rebooted any subsequent serv...

Page 327: ...w media EJECT_VIRTUAL_MEDIA EJECT_VIRTUAL_MEDIA ejects the Virtual Media image if one is inserted The EJECT_VIRTUAL_MEDIA command must display within a RIB_INFO element and RIB_INFO must be in write mode Example RIBCL VERSION 2 0 LOGIN USER_LOGIN Admin PASSWORD Password RIB_INFO MODE write EJECT_VIRTUAL_FLOPPY RIB_INFO LOGIN RIBCL EJECT_VIRTUAL_MEDIA Parameters DEVICE specifies the Virtual Media d...

Page 328: ...is command must display within a RIB_INFO element Example RIBCL VERSION 2 0 LOGIN USER_LOGIN adminname PASSWORD password RIB_INFO MODE read GET_VM_STATUS DEVICE CDROM RIB_INFO LOGIN RIBCL GET_VM_STATUS Parameters DEVICE specifies the Virtual Media device target The possible values are FLOPPY or CDROM If the DEVICE is not specified FLOPPY is assumed This value is case sensitive GET_VM_STATUS Runtim...

Page 329: ...CE VM_WRITE_PROTECT value Y SET_VF_STATUS RIB_INFO LOGIN RIBCL SET_VM_STATUS Parameters DEVICE specifies the Virtual Media device target The possible values are FLOPPY or CDROM If the DEVICE is not specified FLOPPY is assumed This value is case sensitive VM_BOOT_OPTION specifies the boot option parameter for the Virtual Media For the device to act like the RIBLO Virtual Floppy functionality the po...

Page 330: ...cant for the Virtual Media CD ROM The possible values are Y or N SET_VM_STATUS Runtime Errors The possible runtime errors are RIB information is open for read only access Write access is required for this operation User does not have correct privilege for action VIRTUAL_MEDIA_PRIV required An invalid Virtual Media option has been given ...

Page 331: ...You can record your settings in the Your Value column of the table Parameters Default Value or Setting Your Value iLO Status Current User Disabled iLO Time iLO Date iLO Firmware Version XX XX iLO Serial Number iLOXXXXXXXXXXXX Product Version Server Status Server Name Server ID Server Power Status Server Video Mode Server Keyboard Server Mouse Terminal Services ...

Page 332: ...nfigure iLO Settings Yes Global Settings Idle Connection Timeout minutes 30 minutes Enable Lights Out Functionality Yes Pass Through Configuration Disabled Enable iLO ROM Based Setup Utility Yes Require Login for iLO RBSU No Show iLO during POST No Remote Console Port Configuration Automatic Remote Console Data Encryption Yes 128 bit Current Cipher Negotiated by the iLO and the browser Web Server ...

Page 333: ...terface Speed bits second 9600 Minimum Password Length 8 Remote Keyboard Model US Network Settings Enable NIC Yes Shared Network Port No Transceiver Speed Autoselect Yes Speed N A autoselect autoselect Enable DHCP Yes Use DHCP Supplied Gateway Yes Use DHCP Supplied DNS Servers Yes Use DHCP Supplied WINS Servers Yes Use DHCP Supplied Static Routes Yes Use DHCP Supplied Domain Name Yes Register With...

Page 334: ...HCP DHCP Server N A DHCP Primary Secondary and Tertiary DNS Server N A DHCP Primary and Secondary WINS Server N A DHCP Static Routes 1 2 3 N A for both the destination and gateway address DHCP Blade server parameters iLO Diagnostic Port Configuration Parameters Transceiver Speed Autoselect Yes Speed N A autoselect Duplex N A autoselect IP Address 192 168 1 1 Subnet Mask 255 255 255 0 SNMP Insight ...

Page 335: ...by rack Provided by rack Enclosure Serial Number Provided by rack Blade Serial Number Provided by blade server Power Source Rack Provides Power Enable Automatic Power On On Enable Rack Alert Logging IML On Directory Settings Enable Directory Authentication No Enable Local User Accounts Yes Directory Server Address 0 0 0 0 Directory Server LDAP Port 636 LOM Object Distinguished Name LOM Object Pass...

Page 336: ...iLO Status option provides comprehensive iLO status information including Current user Status and availability of the Remote Console Status and availability of Terminal Services pass through Date and time currently in use by iLO NOTE Date and time are set during POST and maintained by the MP Management Agents Revision information of the iLO firmware ...

Page 337: ...r Status Parameters The following parameters provide information about the host server Server Name If the Insight Management agents are being used with the host server operating system they will provide iLO with the server name Server ID Displays the serial number of the server ...

Page 338: ...mulated by Remote Console User Administration Parameters The User Administration section enables you to define the users currently configured for access to iLO Up to 12 users can be specified User configurations can be added deleted or modified by using the Web interface User Name This parameter is the user s real name as it is displayed in the user list and event log It is not the name used to lo...

Page 339: ...mote Console Access This privilege allows a user to remotely manage the Remote Console of a managed system including video keyboard and mouse controls Virtual Power and Reset This privilege allows a user to power cycle or reset the host platform Virtual Media This privilege allows a user to use virtual media on the host platform Configure iLO Settings This privilege enables a user to configure mos...

Page 340: ...ts Out functionality is disabled The iLO Diagnostic Port for a ProLiant BL p Class server will be disabled as well Enable iLO RBSU This option enables a user with access physical or virtual to the host to configure iLO for that system using iLO RBSU RBSU is invoked when the host system reboots and performs POST The default setting is Yes You can restrict RBSU access to authorized users by selectin...

Page 341: ...sole applet access but not Telnet access Disabled turns off both Telnet and Remote Console applet access Remote Console Data Encryption must be set to No to use Telnet to access the text Remote Console Remote Console Data Encryption This option enables encryption of Remote Console data If using a standard Telnet client to access iLO this setting must be set to No When using the Remote Console appl...

Page 342: ...port 23 for Remote Console communications This port setting is configurable in the Global Settings option of the Administration tab Virtual Media Port Remote Console Port Terminal Services Port Secure Shell SSH Port The Terminal Services port is the port that iLO uses to communicate with Terminal Services pass through software on the server The iLO Terminal Services pass through is configured by d...

Page 343: ...ty 8 data bits and 1 stop bit N 8 1 for proper operation The serial port speed set by this parameter must match the speed of the serial port set in the System ROM RBSU setup This option specifies the minimum number of characters allowed when a user password is set or changed The character length can be set at a value from zero to 39 The default setting is eight characters This setting allows you t...

Page 344: ... host NIC Refer to your server documentation for additional information Transceiver Speed Autoselect Autoselect detects the interface speed and sets the interface to operate at 10 Mb s or 100 Mb s and at half or full duplex If necessary this parameter can be set to manual to allow manual adjustment of speed and duplex settings Speed Use this setting to assign 10 Mb s or 100 Mb s connect speeds if ...

Page 345: ... Server iLO automatically registers with a DNS server The default setting is Yes By default DNS server addresses are assigned by DHCP This option causes iLO to send four ICMP echo request packets to the gateway when iLO initializes This option ensures that the ARP cache entry for iLO is current on the router responsible for routing packets to and from iLO iLO IP Address Use this parameter to assig...

Page 346: ... default the domain name is assigned by DHCP DHCP Server This setting is automatically detected if DHCP is set to Yes You cannot change this setting Primary Secondary and Tertiary DNS Server Use this parameter to assign a unique DNS server IP address on the network By default the primary secondary and tertiary DNS servers are assigned by DHCP Primary and Secondary WINS Server Use this parameter to...

Page 347: ... disabled or failed login attempt iLO forwards the alerts to an Insight Manager 7 or Systems Insight Manager console using the destinations provided The default setting is No Forward Insight Manager Agent SNMP Alerts These alerts are generated by the Insight Management agents which are provided for each supported network operating system The agents must be installed on the host server to receive t...

Page 348: ...on with Insight Manager 7 The Medium and High settings enable Insight Manager 7 and Systems Insight Manager to associate the management processor with the host server The None Data Level prevents iLO from responding to the Insight Manager 7 and Systems Insight Manager requests The default setting is Medium iLO Advanced License Activation Settings The following parameter provides information about ...

Page 349: ... used when logging and alerting to assist in identifying a component or its function Bay The ProLiant BL p Class enclosure can support one to eight server blades The bays are numbered from left to right starting with 1 and finishing with 8 The bay number is used to assist in physically identifying the faulty server blade or other error conditions This information is for viewing only Rack Serial Nu...

Page 350: ...o ensure proper power consumption without risking power failures If the facility can provide 48 V DC power directly without the need for the provided power supplies then select Facility Provides 48V Each server blade will not be required to communicate with the infrastructure for power when powering on or off NOTE It is essential that proper power sizing requirements be performed to ensure suffici...

Page 351: ...me or multi host DNS name If an IP address is used the directory will not be available if that server is down Directory Server LDAP Port This option sets the port number used to connect to the directory server The SSL secured LDAP port number is 636 LOM Object Distinguished Name This option specifies the unique name for the iLO in the directory LOM Object Distinguished Names are limited to 256 cha...

Page 352: ... for example directory corp 2 Click Test Settings A series of tests will begin and the page will automatically refresh as the tests progress View the test status to diagnose the results and consult the help page for specific test result details The test results are cleared if any directory settings are changed if iLO is reset or if the tests are restarted Testing Directory Settings After updating ...

Page 353: ...rocess include changes to the 353 Core Classes on page 353 Core Attributes on page Class Name Assigned OID Core Classes hpqTarget 1 3 6 1 4 1 232 1001 1 1 1 1 hpqRole 1 3 6 1 4 1 232 1001 1 1 1 2 hpqPolicy 1 3 6 1 4 1 232 1001 1 1 1 3 Attribute Name Core Attributes Assigned OID hpqPolicyDN 1 3 6 1 4 1 232 1001 1 1 2 1 hpqRoleMembership 1 3 6 1 4 1 232 1001 1 1 2 2 hpqTargetMembership 1 3 6 1 4 1 2...

Page 354: ...gement Class Type Structural user Attributes hpqPolicyDN 1 3 6 1 4 1 232 1001 1 1 2 1 hpqRoleMembership 1 3 6 1 4 1 232 1001 1 1 2 2 Remarks None Description SuperClasses hpqRole OID 1 3 6 1 4 1 232 1001 1 1 1 2 Description This class defines Role objects providing the basis for HP products using directory enabled management Class Type Structural SuperClasses group Attributes hpqRoleIPRestrictions...

Page 355: ...ute Definitions The following defines the HP Management core class attributes hpqPolicyDN OID 1 3 6 1 4 1 232 1001 1 1 2 1 Description Distinguished Name of the policy that controls the general configuration of this target Syntax Distinguished Name 1 3 6 1 4 1 1466 115 121 1 12 Options Single Valued Remarks None hpqRoleMembership OID 1 3 6 1 4 1 232 1001 1 1 2 2 Description Provides a list of hpqT...

Page 356: ...hts restrictions under an IP network address constraint Syntax Boolean 1 3 6 1 4 1 1466 115 121 1 7 Options Single Valued Remarks If this attribute is TRUE then IP restrictions will be satisfied for unexceptional network clients If this attribute is FALSE then IP restrictions will be unsatisfied for unexceptional network clients hpqRoleIPRestrictions OID 1 3 6 1 4 1 232 1001 1 1 2 5 Description Pr...

Page 357: ... 0x02 followed by the lower bound IP address followed by the upper bound IP address Both are inclusive and in network order for example the IP range 10 0 0 1 to 10 0 10 255 would be represented as 0x02 0x0A 0x00 0x00 0x01 0x0A 0x00 0x0A 0xFF For DNS names or domains the identifier is 0x03 followed by the ASCII encoded DNS name DNS names can be prefixed with a ASCII 0x2A to indicate they should mat...

Page 358: ...ost significant 8th bit of the 42nd byte corresponds to Saturday at 11 30 PM to Sunday at 12 midnight Lights Out Management Specific LDAP OID Classes and Attributes The following schema attributes and classes might depend on attributes or classes defined in the HP Management core classes and attributes Lights Out Management Classes Class Name Assigned OID hpqLOMv100 1 3 6 1 4 1 232 1001 1 8 1 1 Li...

Page 359: ...s and Settings used with HP Lights Out Management Products Class Type Auxiliary SuperClasses None Attributes hpqLOMRightConfigureSettings 1 3 6 1 4 1 232 1001 1 8 2 1 hpqLOMRightLocalUserAdmin 1 3 6 1 4 1 232 1001 1 8 2 2 hpqLOMRightLogin 1 3 6 1 4 1 232 1001 1 8 2 3 hpqLOMRightRemoteConsole 1 3 6 1 4 1 232 1001 1 8 2 4 hpqLOMRightServerReset 1 3 6 1 4 1 232 1001 1 8 2 5 hpqLOMRightVirtualMedia 1 ...

Page 360: ...e Console Right for Lights Out Management Products Meaningful only on ROLE objects Syntax Boolean 1 3 6 1 4 1 1466 115 121 1 7 Options Single valued Remarks This attribute is only used on ROLE objects If this attribute is TRUE members of the role are granted the right hpqLOMRightVirtualMedia OID 1 3 6 1 4 1 232 1001 1 8 2 3 Description Virtual Media Right for HP Lights Out Management products Synt...

Page 361: ... 1 8 2 5 Description Local User Database Administration Right for HP Lights Out Management products Syntax Boolean 1 3 6 1 4 1 1466 115 121 1 7 Options Single valued Remarks This attribute is only used on ROLE objects If this attribute is TRUE members of the role are granted the right hpqLOMRightConfigureSettings OID 1 3 6 1 4 1 232 1001 1 8 2 6 Description Configure Devices Settings Right for HP ...

Page 362: ......

Page 363: ...Problems 381 Troubleshooting SSH and Telnet Problems 384 Troubleshooting Terminal Services Problems 385 Troubleshooting Video and Monitor Problems 386 Troubleshooting Virtual Media Problems 387 Troubleshooting Miscellaneous Problems 387 Minimum Requirements iLO has the following minimum requirements Windows clients Windows 2000 Microsoft Internet Explorer 6 0 with 128 bit encryption Java 1 3 1 JVM...

Page 364: ...flashes intermittently during normal operation The LED indicators 1 through 6 light up after the system has booted to indicate a hardware failure If a hardware failure is detected reset iLO For the location of the LED indicators refer to the server documentation A runtime failure of iLO is indicated by HB and LED 7 remaining in either the On of Off state constantly A runtime failure of iLO can als...

Page 365: ...mage None Start C Run time initialization 4 3 and 2 0e Main has received control Main self test failed Varies Varies Each subsystem may self test 4 3 2 and 1 0f Start ThreadX RTOS startup failed None 00 Main_init completed Subsystem startup failed HB and 7 Flashes as the iLO processor executes firmware code It does not change the value of the lower six LEDs The iLO microprocessor firmware includes...

Page 366: ...er that logged in Server power restored Displays when the server power is restored Browser logout IP address Displays the IP address for the browser that logged out Server reset Displays when the server is reset Failed Browser login IP Address IP address Displays when a browser login fails iLO Self Test Error Displays when iLO has failed an internal test The probable cause is that a critical compo...

Page 367: ...p alert failed for IP address Displays when the SNMP trap does not connect to the specified IP address Illegal login SNMP trap alert failed for IP address Displays when the SNMP trap does not connect to the specified IP address Diagnostic error SNMP trap alert failed for IP address Displays when the SNMP trap does not connect to the specified IP address Host generated SNMP trap alert failed for IP...

Page 368: ...s Displays when a browser login attempt fails Remote Console login User Displays when an authorized user logs on using the Remote Console port Remote Console Closed Displays when an authorized Remote Console user is logged out or when the Remote Console port is closed following a failed login attempt Failed Console login IP Address IP address Displays when an unauthorized user has failed three log...

Page 369: ...dress Virtual Floppy connected by User Displays when an authorized user connects the Virtual Floppy Virtual Floppy disconnected by User Displays when an authorized user disconnects the Virtual Floppy License added by User Displays when an authorized user adds a license License removed by User Displays when an authorized user removes a license License activation error by User Displays when there is...

Page 370: ...turned Version incompatibility Wrong operating system MS DOS is required No Lights Out processor found Flash in progress Virtual floppy inhibited Communication error XML error An XML error implies that there was a problem during the XML transport but not that there was a problem with the XML content XML content errors can go undetected and result in a zero error return To work around this issue us...

Page 371: ... in the F8 option ROM setup or from the Network Settings Web page The default DNS name appears on the network settings tag and can be used to locate iLO without knowing the assigned IP address If a direct connection to a PC is used then a static IP address must be used because there is no DHCP server on the link Within the iLO RBSU you may press the F1 key inside the DNS DHCP page for advanced opt...

Page 372: ... longer valid If iLO cannot detect the directory iLO terminates the directory connection Any additional attempts to continue using the terminated connection redirects the browser to the Login Page Redirection to the Login Page can appear to be a premature session timeout A premature session timeout can occur during an active session if The network connection is severed The directory server is shut...

Page 373: ...o the iLO Management Port might be significantly faster if you configure the DNS server to use the WINS server for name resolution Refer to the appropriate Microsoft documentation for more information iLO RBSU Unavailable after iLO and Server Reset If the iLO processor is reset and the server is immediately reset there is a small chance that the iLO firmware will not be fully initialized when the ...

Page 374: ...nto iLO only one user can access the remote console A warning message is displayed to say that the Remote Console is already in use Inability to Connect to iLO after Changing Network Settings Verify that both sides of the connection the NIC and the switch have the same settings for transceiver speed autoselect speed and duplex For example if one side is autoselecting the connection then the other ...

Page 375: ... should be 255 255 255 0 Inability to Connect to the iLO Processor through the NIC If you cannot connect to the iLO processor through the NIC try any or all of the following troubleshooting methods Confirm that the green LED indicator link status on the iLO RJ 45 connector is on This indicates a good connection between the PCI NIC and the network hub Look for intermittent flashes of the green LED ...

Page 376: ...ificate with the same name To avoid this problem the iLO self signed certificate should not be installed into the browser certificate store If you want to install the iLO certificate a permanent certificate should be requested from a CA and imported into the iLO This permanent certificate can then be installed into the browser certificate store In particular Netscape 7 1 will not display the iLO l...

Page 377: ...that is not predefined by the hard coded MIB Logs Circular log has been overrun Security Override Switch Changed On Off The state of the Security Override Switch has changed On Off Rack Server Power On Failed The server was unable to power on because the BL p Class rack indicated that insufficient power was available to power on the server Rack Server Power On Manual Override The server was manual...

Page 378: ...lso be sent upon setting or clearing the iLO Security Override Switch In the unlikely event that it is necessary setting the iLO Security Override Switch also enables you to flash the iLO boot block The boot block is exposed until iLO is reset HP recommends that you disconnect iLO from the network until the reset is complete Depending on the server the iLO Security Override Switch may be a single ...

Page 379: ...the following InputDevice Mouse1 SendCoreEvents For example Section ServerLayout Identifier Default Layout Screen 0 Screen0 0 0 InputDevice Mouse0 CorePointer InputDevice Mouse1 SendCoreEvents InputDevice Keyboard0 CoreKeyboard EndSection In the InputDevice section add the following Section InputDevice Identifier Mouse1 Driver mouse Option Protocol PS 2 Option Device dev psaux Option Emulate3Butto...

Page 380: ... in text mode If iLO Remote Console is closed and use of the mouse wheel is desired on a wheel mouse connected to the server run YaST2 Control Center and select Intelli Wheel mouse Aux port Remote Console Mouse Control Issue While using Remote Console on a server running Microsoft Windows Server 2003 mouse movement can be slow and it might be difficult to navigate to each of the four corners of th...

Page 381: ...troubleshooting Remote Console issues In general Pop up blockers prevent Remote Console and Virtual Serial Port from starting Pop up blocking applications that are set to prevent the automatic opening of new windows prevent Remote Console and Virtual Serial Port from running Disable any pop up blocking programs before starting Remote Console or Virtual Serial Port Linux Remote Console When using a...

Page 382: ...e Cursor of the Remote Console to Corners of the Remote Console Window In some cases you may be unable to navigate the mouse cursor to the corners of the Remote Console window If so right click and drag the mouse cursor outside the Remote Console window and back inside If the mouse still fails to operate correctly or if this situation occurs frequently verify that your mouse settings match those r...

Page 383: ...t a time 3 Return to Client 1 and close the Remote Console session 4 From Client 2 click the Remote Console link with the old Remote Console applet still open The remote console session will not refresh and the old message discussed in step 2 is still displayed Although this behavior is different than in previous versions of iLO firmware this is expected behavior in this version of the iLO firmwar...

Page 384: ... iLO remote console should take over but the Remote Console screen will turn gray or black When the screen returns the Remote Console functions normally Troubleshooting SSH and Telnet Problems The following sections discuss troubleshooting SSH and telnet issues Initial PuTTY Input Slow During initial connection using a PuTTY client input is accepted slowly for approximately 5 seconds This can be a...

Page 385: ...s option will not function if the Deny option is selected on the Java security warning popup When the Deny option is selected you are telling the browser that the Remote Console applet is not trustworthy The Remote Console will not be allowed to execute any code requiring a higher level of trust If the Deny option is select the Remote Console is not allowed to launch the code required to activate ...

Page 386: ...hat is integrated in the system The Remote Console functionality of iLO does not work if you install a plug in video card All other iLO functionality is available if you choose to use a plug in video card Only one user at a time is allowed to access the Remote Console Check to see if another user is logged into iLO Telnet Displays Incorrectly in DOS When using the iLO Telnet session to display tex...

Page 387: ...ot enabled To correct this ensure you are using a supported browser and JVM on your client by reviewing the support matrix found in the Supported Browsers on page 18 section Also be sure Enable All Cookies is selected on the browser Preferences or Options menu Some browsers do not enable this cookies by default Virtual Floppy Media Applet is Unresponsive iLO Virtual Floppy media applet can become ...

Page 388: ...le Virtual Media or Help this window shares the same connection to iLO and the session cookie The iLO Web server makes URL decisions based on each request received For example if a request does not have access rights it is redirected to the login page regardless of the original request Web server based redirection selecting File New Window or pressing the Ctrl N keys opens a duplicate instance of ...

Page 389: ...ser2 s session cookie settings even though it is not readily apparent If User1 continues to navigate in this mode User1 and User2 sharing the same process because User2 logged in and reset the session cookie the following can occur User1 s session behaves consistently with the privileges assigned to User2 User1 s activity keeps User2 s session alive but User1 s session can time out unexpectedly Lo...

Page 390: ...ems 24 Start a new browser for each login by double clicking the browser icon or shortcut Click the Log Out link to close the iLO session before closing the browser window Inability to Get SNMP Information from Insight Manager 7 or Systems Insight Manager The agents running on the managed server supply SNMP information to insight_namanger or Systems Insight Manager For agents to pass information t...

Page 391: ...ailed firmware upgrade The flash recovery payload uses FTP which can only be used when the flash recovery payload is active to transfer the firmware image to iLO The flash recovery payload should only be used if Previous firmware upgrade attempts have failed You are unable to connect to the Web browser No other firmware upgrade option is available Servers with a floppy drive can use the ROMPaq opt...

Page 392: ...o the IP address or DNS name of iLO 2 Log in to iLO using the fixed username flash and the password of recovery The username and password are case sensitive 3 At the FTP prompt enter the put command and the file name of the firmware image The following is an example of the entries used for the flash recovery process ftp 192 168 177 142 login flash password recovery put iLO160 bin If the file is fo...

Page 393: ...t the SoftPaq image for diskettes and save it to the hard drive The SoftPaq can be downloaded from the HP website http www hp com servers lights out 2 Execute the SoftPaq to create diskettes Complete this procedure only on the iLO host server 1 Boot the system from the ROMPaq diskette 2 Press the Enter key at the ROMPaq welcome screen A screen displays the devices in your server that can be upgrad...

Page 394: ...r is logging into an iLO browser connection and does not complete the login process by responding to the Java certificate warning iLO does not respond to future browser requests The user must continue the login process to free the iLO Web server Testing SSL The following test checks for the correct security dialog prompt A non working server will proceed to a Page cannot be displayed message If th...

Page 395: ...DP tool go to the Microsoft website http www microsoft com support An old certificate can cause problems with SSL can on the domain controller pointing when it points to a previously trusted CA with the same name which is rare but might happen if a certificate service is added and removed and then added again on the domain controller To remove old certificates and issue a new one follow the instru...

Page 396: ...d after a redeployment of a server load the Insight Manager Agents to update the Server Name field with the new server name To remove the Server Name field after a redeployment of a server use the Reset to Factory Defaults feature of the iLO RBSU utility to clear the Server Name field This procedure clears all iLO configuration information not just the Server Name information Troubleshooting a Rem...

Page 397: ... Center at 1 800 633 3600 This service is available 24 hours a day 7 days a week For continuous quality improvement calls may be recorded or monitored Outside North America call the nearest HP Technical Support Phone Center For telephone numbers for worldwide Technical Support Centers refer to the HP website http www hp com Before You Contact HP Be sure to have the following information available ...

Page 398: ...398 User Guide Integrated Lights Out Third party hardware or software Operating system type and revision level ...

Page 399: ...tion and Power Interface ARP Address Resolution Protocol ASCII American Standard Code for Information Interchange ASM Advanced Server Management ASR Automatic Server Recovery CA certificate authority CGI Common Gateway Interface CLI Command Line Interface ...

Page 400: ...ed Authoring and Versioning DDNS Dynamic Domain Name System DHCP Dynamic Host Configuration Protocol DLL dynamic link library DNS domain name system DSA Digital Signature Algorithm EMS Emergency Management Services EULA end user license agreement FEH fatal exception handler ...

Page 401: ...hical user interface HB heartbeat Integrated Lights Out HPONCFG HP Lights Out Online Configuration utility HPQLOMGC HP Lights Out Migration Command Line HPQLOMIG HP Lights Out Migration ICMP Internet Control Message Protocol iLO IML Integrated Management Log IP Internet Protocol ...

Page 402: ...ghtweight Directory Access Protocol LAN local area network LDAP LED light emitting diode LOM Lights Out Management LSB least significant bit MAC medium access control MLA Master License Agreement MMC Microsoft Management Console MP Multilink Point to Point Protocol ...

Page 403: ...twork interface controller NMI non maskable interrupt NVRAM non volatile memory PERL Practical Extraction and Report Language PKCS Public Key Cryptography Standards ProLiant Support Pack POST Power On Self Test PSP RAS remote access service RBSU ROM Based Setup Utility ...

Page 404: ... Remote Insight Board Command Language RILOE Remote Insight Lights Out Edition RILOE II Remote Insight Lights Out Edition II RSA Rivest Shamir and Adelman public encryption key RSM Remote Server Management SLES SuSE Linux Enterprise Server SNMP Simple Network Management Protocol SSH Secure Shell ...

Page 405: ...yer TCP Transmission Control Protocol UART universal asynchronous receiver transmitter UID unit identification USB universal serial bus VM Virtual Machine VPN virtual private networking WINS Windows Internet Naming Service XML extensible markup language ...

Page 406: ......

Page 407: ...2 303 305 306 307 308 310 311 312 313 315 316 318 319 320 321 322 324 325 326 327 328 329 330 332 333 334 composite device support 63 79 configuration options 23 24 25 26 33 59 96 configuration parameters 34 35 37 337 343 344 354 357 configuration procedures 269 configuration utilities 265 connection overview 18 contacting HP 403 CPQLODOS 254 256 257 258 cursor modes 61 62 data protection methods ...

Page 408: ...24 global settings 88 91 Linux procedures 20 26 Graphical Remote Console 54 Linux server support 20 26 groups 199 Linux adjusting the mouse acceleration 385 LOGIN 278 H login problems 377 hardware troubleshooting 376 help resources 403 M HOLD_PWR_BTN 326 Microsoft procedures 26 54 63 host server troubleshooting 402 Microsoft software 145 155 HOTKEY_CONFIG 308 Microsoft support 20 hot plug keyboard...

Page 409: ... 143 POST messages 51 server identification 343 Power Button 63 server states 48 power management 106 107 server warnings and cautions 231 241 preinstallation guidelines 155 SERVER_INFO 321 preparation procedures 156 SET_VM_STATUS 334 product registration 30 settings 57 58 59 145 187 189 setup browser based 23 25 31 41 R setup scripted 23 26 33 42 259 shared network port features 128 rack settings...

Page 410: ...6 397 398 400 402 U UID_CONTROL 329 UnitedLinux procedures 20 54 63 385 387 UPDATE_RIB_FIRMWARE 306 updating drivers 26 updating the firmware 100 usage model 18 109 269 user 139 user access 46 139 190 205 user account adding 273 user and configuration settings 89 91 user profile 139 user roles 168 170 171 181 182 183 200 202 203 204 205 206 user settings 139 344 USER_INFO 279 using virutal media 6...

Reviews: