upgrading ilo3 on proliant servers

proliant delivery firmwares ilo3

assuming firmware is up-to-date

warning // lessons learned

enabling AES & FIPS resets all settings but network and also resets users!

ilo3 (F8)

get back to sane defaults

file
    set defaults

then

network
    dns/dhcp
        dhcp X
        dns name node2-ilo
    nic and tcp/ip
        x.x.x.x
        255.255.255.0
        NO GATEWAY (0.0.0.0)

user settings
    add user... (password with 8 chars minimum)

settings
    cli
        status  enabled no auth
        speed   115200

ilo3 web ui

fw upgrade done with centos6 already

check that you’ve got latest fw

administration
    ilo firmware ...

first enable AES & FIPS

    security
        encryption/ aes/3des V
                fips V

wait for ilo3 to reboot

and finally after yet another ilo reset –either– login with factory defaults, namely use front-panel tag as administrator password –or– use the ilo3 (F8) prompt again just to re-create additional user and/or edit the administrator password

and only then take the time to fine-tune everything

network
    ilo dedicated network port (active)

        general/    ilo subsystem name HOSTNAME-ilo

        ipv4/       (gw already 0.0.0.0)
                primary dns 0.0.0.0
                (everything else X)

        ipv6/       (everything X)

        sntp/       (everything X)
                time-zone Europe/Moscow

    shared network port
        general/    (already inactive)

administration

    # eventually improve password
    user administration
        update administrator password
        update other user password

    access settings
        ipmi/dcmi X (already disabled on v1.94)
        idle 120 minutes
        enabled no auth
        115200
        server name HOSTNAME

    security
        login security banner   enable V

management

    snmp alerts         everything X

    insight management integration
        level of data returned  X

    licensing
        3246W-B24WW-YXK93-T56QW-2JP6M

power mgmt

    power settings
        high performance mode (PROD ONLY)
        power cap ...

cli usage

    show system1/firmware1
    show system1/cpu1

troubleshooting

while booting up without RAID setup

POST Error: 1785-Drive Array not Configured

==> configure RAID arrays

chrome gives

ERR_SSL_PROTOCOL_ERROR

firefox gives

Error code: SSL_ERROR_UNSUPPORTED_VERSION

This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox.

resources

ssh pem

https://serverfault.com/questions/706336/how-to-get-a-pem-file-from-ssh-key-pair

ssh ilo3

https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0

https://serverfault.com/questions/758673/how-to-disable-diffie-hellman-group1-sha1-for-ssh

https://serverfault.com/questions/1047019/ssh-no-matching-key-exchange-method-found-when-kexalgorithm-is-listed-as-avai

https://www.rfc-editor.org/rfc/rfc9142.html

https://www.openssh.com/legacy.html

ilo web ui

https://download-installer.cdn.mozilla.net/pub/firefox/releases/52.9.0esr/

license

https://luxcrack.wordpress.com/2016/03/15/hp-ilo-useful-commands/

https://community.hpe.com/t5/proliant-servers-ml-dl-sl/system-firmware-version-ssh-through-ilo/td-p/1151731

https://kevin-wang-xin.medium.com/how-to-enable-ipmitool-vsp-login-on-hpe-server-ilo5-e1d2475901e9

http://systemmanager.ru/c02063194.en/116744.htm


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun