upgrading ilo3 on proliant servers

proliant delivery firmwares java-web & ilo3

assuming firmware is up-to-date

warning // lessons learnedwarning // lessons learned

enabling AES & FIPS resets all settings (incl. users) but network

ilo3 (F8)ilo3 (F8)

get back to sane defaults

file
    set defaults

then

network
    dns/dhcp
        dhcp X
        dns name node2-ilo
    nic and tcp/ip
        x.x.x.x
        255.255.255.0
        NO GATEWAY (0.0.0.0)

user settings
    add user... (password with 8 chars minimum)

settings
    cli
        status  enabled no auth
        speed   115200

ilo3 web uiilo3 web ui

fw upgrade done with centos6 already

check that you’ve got latest fw

administration
    ilo firmware ...

first enable AES & FIPS

    security
        encryption/ aes/3des V
                fips V

wait for ilo3 to reboot

and finally after yet another ilo reset –either– login with factory defaults, namely use front-panel tag as administrator password –or– use the ilo3 (F8) prompt again just to re-create additional user and/or edit the administrator password

and only then take the time to fine-tune everything

network
    ilo dedicated network port (active)

        general/    ilo subsystem name HOSTNAME-ilo

        ipv4/       (gw already 0.0.0.0)
                primary dns 0.0.0.0
                (everything else X)

        ipv6/       (everything X)

        sntp/       (everything X)
                time-zone Europe/Moscow

    shared network port
        general/    (already inactive)

administration

    licensing
        3246W-B24WW-YXK93-T56QW-2JP6M

    # eventually improve password
    user administration
        update administrator password
        update other user password

    access settings
        ipmi/dcmi X (already disabled on v1.94)
        idle 120 minutes
        enabled no auth
        115200
        server name HOSTNAME-serial
        failure 5th failure

    security
        select user ==> authorize new key
        add dsa ssh pubkeys (openssh format is fine)

    management
        snmp alerts (everything X)

        insight management integration
            level of data returned X

# at last since we had to setup license before that
power mgmt

    server power
        auto power-on       PROD ONLY

    power settings
        #high performance mode  PROD ONLY
        show values in Watts

eventually reset the board

information
    diagnostics > reset

usageusage

restart the machine

power mgmt

    server power
        force system reset

troubleshootingtroubleshooting

while booting up without RAID setup

POST Error: 1785-Drive Array not Configured

==> configure RAID arrays

chrome gives

ERR_SSL_PROTOCOL_ERROR

firefox gives

Error code: SSL_ERROR_UNSUPPORTED_VERSION

This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox.

resourcesresources

ssh pem

https://serverfault.com/questions/706336/how-to-get-a-pem-file-from-ssh-key-pair

ssh ilo3

https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0

https://serverfault.com/questions/758673/how-to-disable-diffie-hellman-group1-sha1-for-ssh

https://serverfault.com/questions/1047019/ssh-no-matching-key-exchange-method-found-when-kexalgorithm-is-listed-as-avai

https://www.rfc-editor.org/rfc/rfc9142.html

https://www.openssh.com/legacy.html

ilo web ui

https://download-installer.cdn.mozilla.net/pub/firefox/releases/52.9.0esr/

license

https://luxcrack.wordpress.com/2016/03/15/hp-ilo-useful-commands/

https://community.hpe.com/t5/proliant-servers-ml-dl-sl/system-firmware-version-ssh-through-ilo/td-p/1151731

https://kevin-wang-xin.medium.com/how-to-enable-ipmitool-vsp-login-on-hpe-server-ilo5-e1d2475901e9

http://systemmanager.ru/c02063194.en/116744.htm