HP Ilo 2 User Guide

							4.Changeuserinformationasrequired.
5.Afterchangingthefields,returntotheUserAdministrationscreenbyclickingSaveUser
Information.Torecovertheoriginaluserinformation,clickRestoreUserInformation.All
changesmadetotheprofilearediscarded.
Deletingauser
NOTE:OnlyuserswiththeAdministerUserAccountsprivilegecanmanageotherusersoniLO
2.
Todeleteexistinguserinformation:
1.LogintoiLO2usinganaccountthathastheAdministerUserAccountsprivilege.
2.ClickAdministration.
3.ClickUserAdministrationandselectfromthelistthenameoftheuserwhoseinformationyou
wanttochange.
4.ClickDeleteUser.
Apop-upwindowdisplays:
Are you sure you want to delete the selected user?
5.ClickOK.
Groupadministration
TheiLO2firmwareenablesyoutoviewiLO2groupsandmodifysettingsforthosegroups.You
musthavetheAdministerDirectoryGroupsprivilege.Toviewormodifyagroup:
1.ClickAdministration>UserAdministration>GroupAccounts.
2.Selectthegroup,andclickView/ModifyGroup.TheModifyGrouppageappears.
ClickCanceltoreturntotheGroupAdministrationpage.
Useradministration31 
						

							Thefollowingsettingsareavailable:
•SecurityGroupDistinguishedNameisthedistinguishednameofagroupwithinthedirectory.
Allmembersofthisgrouparegrantedtheprivilegessetforthegroup.Thegroupspecifiedin
theSecurityGroupDistinguishedNamemustexistwithinthedirectory,anduserswhoneed
accesstoiLO2mustbemembersofthisgroup.CompletethisfieldwithaDistinguishedName
fromthedirectory(forexample,CN=Group1,OU=Managed Groups, DC=domain,
DC=extension).
•AdministerGroupAccountsenablesuserswhobelongtothisgrouptoalterprivilegesforany
group.
•RemoteConsoleAccessenablesyoutoremotelyaccessthehostsystemRemoteConsole,
includingtheRemoteSerialConsole.Youmusthaveaccesstotheremotesystemtousethis
capability.
•VirtualPowerandResetenablesyoutopowercycleorresetthehostplatform.Theseactivities
interrupttheavailabilityofthesystem.Ifselected,thisoptionalsoallowsyoutodiagnosethe
systemusingthevirtualNMIbutton.
•VirtualMediaenablesyoutousevirtualmediaonthehostplatform.
•ConfigureiLO2SettingsenablesyoutoconfiguremostiLO2settings,includingsecurity
settings.Ifselected,youcanremotelyupdateiLO2firmware.Thissettingdoesnotinclude
groupaccountadministration.Thesesettingsrarelychange.
AfteriLO2iscorrectlyconfigured,revokingthisprivilegefromallgroupsprevents
reconfiguration.UserswiththeAdministerGroupAccountsprivilegecanenableordisable
thisprivilege.TheiLO2firmwarecanalsobereconfiguredifiLO2RBSUisenabled.
Tosaveupdatedinformation,clickSaveGroupInformation,ortodiscardchangesandreturnto
theGroupAdministrationpage,clickCancel.
ConfiguringiLO2access
TheiLO2firmwareenablesyoutoconfigurewhichservicesareenabledoniLO2anduseraccess
toiLO2.ToconfigureiLO2servicesoptions,clickAdministration>Access.TheServicespage(tab)
appears.ToconfigureiLO2accessoptions),clickAdministration>Access>Options(tab).Youmust
havetheConfigureiLO2SettingsprivilegetomodifyiLO2servicesandaccessoptions.Formore
information,see“Accessoptions”(page38).
32ConfiguringiLO2 
						

							Servicesoptions
TheServicestabenablesyoutoselectwhichservicesyouwanttoenableoniLO2,includingSSH,
SSL,RemoteConsole,Telnet,andTerminalServices.TheServicestabalsoenablesyoutosetthe
portsforeachselectedoption.SettingsontheServicespageapplytoalliLO2users.Youmust
havetheConfigureiLO2Settingsprivilegetomodifysettingsonthispage.
ToaccessServices,clickAdministration>Access>Services.ClickApplytosaveupdatedinformation.
YoumustrestartiLO2beforeanychangestakeeffect.Ifanychangeshavebeenmadetoenable
ordisableLights-Outfunctionality,clickingApplyterminatesyourbrowserconnectionandrestarts
iLO2.Youmustwaitatleast30secondsbeforeattemptingtoreestablishaconnection.
TheServicestabincludesthefollowingsettings:
DescriptionDefaultvalueParameter
ThissettingenablesyoutospecifywhethertheSSHfeatureon
theiLO2isenabledordisabled.
EnabledSecureShell(SSH)Access
ThissettingenablesyoutoconfiguretheiLO2SSHporttobe
usedforSSHcommunications.
22Secureshell(SSH)Port
ThissettingenablesyoutoconnectaTelnetclienttotheRemote
Console/Telnetport,providingaccesstotheiLO2CLP.The
followingsettingsarevalid:
DisabledTelnetAccess
•Enabled–iLO2enablesTelnetclientstoconnecttothe
RemoteConsole/Telnetport.Networkportscannerscan
detectthatiLO2islisteningonthisport.Unencrypted
communicationisallowedbetweentheiLO2CLPandTelnet
clients.
•Disabled–iLO2doesnotallowTelnetclientstoconnectto
theRemoteConsole/Telnetport.Networkportscannerswill
ConfiguringiLO2access33 
						

							DescriptionDefaultvalueParameter
notnormallydetectifthisportisopenoniLO2.iLO2listens
onthisportforafewsecondswhentheRemoteConsoleis
opened,butTelnetconnectionsarenotaccepted.
CommunicationbetweentheiLO2andRemoteConsoleis
alwaysencrypted.
ThissettingenablesyoutospecifywhichporttheiLO2Remote
Consoleusesforremoteconsolecommunications.
23RemoteConsole/TelnetPort
Thissettingenablesyoutospecifywhichporttheembedded
webserveriniLO2usesforunencryptedcommunications.
80WebServerNon-SSLPort
Thissettingenablesyoutospecifywhichporttheembedded
webserveriniLO2usesforencryptedcommunications.
443WebServerSSLPort
Thissettingenablesyoutocontroltheabilitytosupporta
connectionthroughiLO2betweenaMicrosoftTerminalServices
DisabledTerminalServicesPassthrough
clientandTerminalServicesserverrunningonthehost.The
followingsettingsarevalid:
•Automatic–Whenremoteconsoleisstarted,theTerminal
Servicesclientislaunched.
•Enabled–Thepassthroughfeatureisenabledandcan
connecttheTerminalServicesclientdirectlytotheiLO2
withoutlogging-intotheiLO2.
•Disabled–Thepassthroughfeatureisoff.
ThissettingenablesyoutospecifytheTerminalServicesPort
thattheiLO2usesforencryptedcommunicationswithTerminal
3389TerminalServicesPort
Servicespassthroughsoftwareontheserver.IftheTerminal
Servicesportisconfiguredtoanythingotherthanthedefault,
youmustmanuallychangetheportnumber.
Thissettingenablesyoutospecifywhetherthevirtualmedia
portontheiLO2isenabledordisabled.Thefollowingsettings
arevalid:
EnabledVirtualMedia
•Enabled–iLO2enablestheVirtualmediaport.
•Disabled–iLO2disablestheVirtualmediaport.
Thissettingenablesyoutospecifytheportforvirtualmedia
supportiniLO2communications.
17988VirtualMediaPort
ThissettingenablesyoutospecifytheSharedRemoteConsole
Port.TheSharedRemoteConsolePortisopenedontheclient
9300SharedRemoteConsolePort
toallowadditionaluserstoconnecttoremoteconsoleina
peer-to-peerfashion.ThisportisonlyopenwhenSharedRemote
Consoleisinuse.
ThissettingenablesyoutospecifytheConsoleReplayPort.The
ConsoleReplayPortisopenedontheclienttoenablethe
17990ConsoleReplayPort
transferofinternalcapturebufferstotheclientforreplay.This
portisonlyopenwhenacapturebufferisbeingtransferredto
theclient.
ThissettingspecifiestheRawSerialDataportaddress.TheRaw
SerialDataportisonlyopenwhiletheWiLODbg.exeutilityis
beingusedtodebugthehostserverremotely.
3002RawSerialDataPort
TerminalServicesPassthroughoption
TerminalServicesisprovidedbytheMicrosoftWindowsoperatingsystems.TheiLO2Terminal
ServicesPassthroughoptionprovidesaconnectionbetweentheTerminalServicesserveronthe
hostsystemandtheTerminalServicesclientontheclientsystem.WhentheTerminalServices
Passthroughoptionisenabled,theiLO2firmwareenablesasocket,listeningbydefaultonport
34ConfiguringiLO2 
						

							3389.AlldatareceivedfromTerminalServicesonthisportisforwardedtotheserverandalldata
TerminalServicesreceivesfromtheserverisforwardedbacktothesocket.TheiLO2firmware
readsanythingreceivedonthisportasanRDPpacket.RDPpacketsareexchangedbetweenthe
iLO2firmwareandtheserverTerminalServices(RDP)serverthroughthelocalhostaddresson
theserver.TheserviceprovidedfacilitatescommunicationsbetweentheiLO2firmwareandthe
RDPserver.TheRDPserverinterpretstheserviceasanestablishedexternalRDPconnection.For
moreinformationonRDPservices,see“WindowsRDPPassthroughservice”(page35).
ATerminalServicessessionprovidesaperformance-enhancedviewofthehostsystemconsole.
Whentheoperatingsystemisunavailable(ortheTerminalServicesserverorclientisunavailable),
thetraditionaliLO2RemoteConsoleprovidesaviewofthehostsystemconsole.Formore
informationonRemoteConsoleandTerminalServices,see“RemoteConsoleandTerminalServices
clients”(page37).
ToconfiguretheTerminalServicesPassthroughoption,seethe“TerminalServicesclient
requirements”(page35)and“TerminalServicesPassthroughinstallation”(page36).
TerminalServicesclientrequirements
TheTerminalServicesclientisavailableonMicrosoftWindowsclientmachinesrunning:
•WindowsServer2003
OnWindowsServer2003servers,theTerminalServicesclientandRDPconnectionisbuilt-in.
TheclientispartoftheoperatingsystemandisactivatedusingRemoteDesktopsharing.To
activatedesktopsharing,selectMyComputer>Properties>Remote>RemoteDesktop.The
TerminalServicesclientinWindowsServer2003providescommand-lineoptionsandseamless
launchesfromtheRemoteConsoleapplet.
•WindowsServer2008
OnWindowsServer2008servers,theTerminalServicesclientandRDPconnectionisbuilt-in.
TheclientispartoftheoperatingsystemandisactivatedusingRemoteDesktopsharing.To
activatedesktopsharing,selectMyComputer>Properties>Remote>RemoteDesktop.The
TerminalServicesclientinWindowsServer2008providescommand-lineoptionsandseamless
launchesfromtheRemoteConsoleapplet.
•WindowsXP
OnWindowsXPservers,theTerminalServicesclientandRDPconnectionisbuiltin.Theclient
ispartoftheoperatingsystemandisactivatedusingRemoteDesktopsharing.Toactivate
desktopsharing,selectStart>Programs>Accessories>Communications>RemoteDesktop.The
TerminalServicesclientinWindowsXPprovidescommand-lineoptionsandlaunchesfrom
theremoteconsoleapplet.
WindowsRDPPassthroughservice
TousetheiLO2TerminalServicesPassthroughfeature,youmustinstallapassthroughserviceon
thehostsystem.ThisservicedisplaysthenameoftheiLO2Proxyinthehostlistofavailable
services.TheserviceutilizesMicrosoft.NETframeworksecurityandreliability.Aftertheserviceis
started,theservicepollsiLO2todetectifanRDPconnectionwiththeclientisestablished.Ifan
RDPconnectionwiththeclientisestablished,theserviceestablishesaTCPconnectionwithlocal
hostandbeginsexchangingpackets.Theportusedtocommunicatewiththelocalhostisread
fromtheWindowsregistryat:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\
Wds
dpwd\Tds	cp\PortNumber
Theportistypicallyport3389.
ConfiguringiLO2access35 
						

							TerminalServicesPassthroughinstallation
ThefollowingsectiondescribeshowtoinstallTerminalServicesPassthroughonWindowsServer
2008,WindowsServer2003,andMicrosoftWindowsXP.
•WindowsServer2003andWindowsServer2008
WindowsserversrequireMicrosoft.NETFrameworktosupporttheuseofiLO2Terminal
Services.TheTerminalServicesPassthroughserviceandtheiLO2ManagementInterface
driverforWindowsServer2008andWindowsServer2003mustbeinstalledontheserver
thathastheiLO2.
1.InstalltheiLO2ManagementInterfacedriver.
2.Installthepassthroughservice.Toinstalltheservice,launchthecomponentinstallerand
followthedirectionsintheinstallationwizard.
Iftheserviceisalreadyinstalled,thenyoumustmanuallyrestartorreboottheserverwhen
thedriverisinstalled.
3.ActivatetheTerminalServicesclient.
OnWindowsServer2003andWindowsServer2008,youcanactivateRemoteDesktop
sharingbyclickingtheRemotetabunderMyComputerandProperties.
IftheiLO2installationiscomplete,andifiLO2TerminalServicespassthroughoptionisset
toautomatic,thenTerminalServiceslauncheswhentheinstallationiscomplete.
•MicrosoftWindowsXP
OnWindowsXP,theRemoteDesktopConnectionisbuilt-inandhasnootherinstallation
requirements.
Errorsthatoccurduringinstallationandexecutionofthepassthroughserviceareloggedinthe
serverApplicationEventLog.YoucanremovethepassthroughserviceusingAddorRemove
ProgramsintheControlPanel.
EnablingtheTerminalServicesPassthroughoption
Bydefault,theTerminalServicesPassthroughfeatureisdisabledandcanbeenabledonthe
Administration>Access>Servicespage.TheTerminalServicesbuttonintheRemoteConsoleis
deactivateduntiltheTerminalServicespassthroughfeatureisenabled.
TouseoftheTerminalServicesPassthroughfeature,installthelatestLights-OutManagement
InterfaceDriverandtheninstallTerminalServicespassthroughserviceforMicrosoftWindowson
theserver.
WhentheTerminalServicesPassthroughoptionissettoEnabledorAutomaticonthe
Administration>Access>ServicespageandtheTerminalServicesClientisinstalledontheWindows
client(installsbydefaultonWindowsXP),theTerminalServicesbuttonisenabled.Whenyouclick
theTerminalServicesbutton,theapplettriestolaunchtheTerminalServices,eveniftheserveris
notrunningaWindowsoperatingsystem.
YoumustcomplywithMicrosoftlicenserequirementswhicharethesameasconnectingthrough
theserver'sNIC.Forinstance,whensetforadministrativeaccess,TerminalServicesdoesnotallow
morethantwoconnections,regardlessofwhethertheconnectionsarethroughtheserver'sNIC,
oriLO2,orboth.
TerminalServiceswarningmessage
TerminalsServicesusersoperatingonWindows2003Servermightnoticethefollowingwhen
usingtheTerminalServicespassthroughfeatureofiLO2.IfaTerminalServicessessionisestablished
throughiLO2andasecondTerminalServicessessionisestablishedbyaWindowsadministrator
(Consolemode),thefirstTerminalServicessessionisdisconnected.However,thefirstTerminal
Servicessessiondoesnotreceivethewarningmessageindicatingthedisconnectionuntil
approximatelyoneminutelater.Duringthisone-minuteperiod,thefirstTerminalServicessession
36ConfiguringiLO2 
						

							isavailableoractive.Thisisnormalbehavior,butitisdifferentthanthebehaviorobservedwhen
bothTerminalServicessessionsareestablishedbyWindowsadministrators.Inthatcase,the
warningmessageisreceivedbythefirstTerminalServicessessionimmediately.
TerminalServicesPassthroughoptiondisplay
TheiLO2firmwaremightnotaccuratelydisplaytheTerminalServicesPassthroughoption.The
TerminalServicesPassthroughoptionmightappearactiveeveniftheoperatingsystemisnot
TerminalServicesenabled(forexample,ifthehostoperatingsystemisLinux,whichdoesnot
supportTerminalServicesoperation).
RemoteConsoleandTerminalServicesclients
UsingthemanagementnetworkconnectiontotheiLO2,aniLO2RemoteConsolesessioncan
beusedtodisplayaTerminalServicessessiontothehost.WhentheiLO2RemoteConsoleapplet
runs,itlaunchestheTerminalServicesclientbasedonuserpreference.TheSunJVMmustbe
installedtoobtainfullfunctionalityofthisfeature.IftheSunJVMisnotinstalled,thentheRemote
ConsolecannotautomaticallylaunchtheTerminalServicesclient.
IfTerminalServicespassthroughisenabled,andtheTerminalServicesserverisavailable,switching
betweeniLO2RemoteConsoleandtheTerminalServicesclientwillbeseamlessastheserver
progressesfrompre-operatingsystemenvironmenttooperatingsystem-runningenvironment,to
operatingsystem-notavailableenvironment.Theseamlessoperationisavailableaslongasthe
TerminalServicesclientisnotstartedbeforeRemoteConsoleisavailable.IfRemoteConsoleis
availableandtheTerminalServicesclientisavailable,RemoteConsolewillstarttheTerminal
Servicesclientwhenappropriate.
WhenusingtheTerminalServicespassthroughoptionwithWindowsServer2003andWindows
Server2008,a30-seconddelayoccursaftertheCTRL-ALT-DELdialogboxappearsbeforethe
TerminalServicesclientlaunches.The30-seconddelayrepresentshowlongittakesfortheservice
toconnecttotheRDPclientrunningontheserver.IftheserverisrebootedfromtheTerminalServices
client,theRemoteConsolescreenturnsgreyorblackforuptooneminutewhileiLO2determines
thattheTerminalServicesserverisnolongeravailable.
IfTerminalServicesmodeissettoEnabled,butyouwanttousetheRemoteConsole,thenlaunch
theTerminalServicesclientdirectlyfromtheTerminalServicesclientmenu.Launchingdirectlyfrom
theclientmenuenablessimultaneoususeoftheTerminalServicesclientandtheRemoteConsole.
TerminalServicescanbedisabledorenabledatanytime.ChangingtheTerminalServices
configurationcausestheiLO2firmwaretoreset.ResettingtheiLO2firmwareinterruptsanyopen
connectionstoiLO2.
WhentheTerminalServicesclientislaunchedbytheRemoteConsole,RemoteConsolegoesinto
asleepmodetoavoidconsumingCPUbandwidth.RemoteConsolestilllistenstotheRemote
Consoledefaultport23foranycommandsfromiLO2.
TheiLO2firmwarepassesthroughonlyoneTerminalServicesconnectionatatime.Terminal
Serviceshasalimitoftwoconcurrentsessions.
TheRemoteConsoleactivatesandbecomesavailableiftheRemoteConsoleisinsleepmodeand
theTerminalServicesclientisinterruptedbyanyofthefollowingevents:
•TheTerminalServicesclientisclosedbytheuser.
•TheWindowsoperatingsystemisshutdown.
•TheWindowsoperatingsystemlocksup.
TerminalServicestroubleshooting
ToresolveissueswithiLO2TerminalServicesPassthrough:
ConfiguringiLO2access37 
						

							1.VerifythatTerminalServicesisenabledonthehostbyselecting
MyComputer>Properties>Remote>RemoteDesktop.
2.VerifythattheiLO2passthroughconfigurationisenabledorautomaticintheiLO2Global
Settings.
3.VerifythatiLOAdvancedPackislicensed.
4.VerifythattheiLO2ManagementInterfaceDriverisinstalledonthehost.Toverifythedriver,
selectMyComputer>Properties>Hardware>DeviceManager>MultifunctionAdapters.
5.VerifythattheTerminalServicespassthroughserviceandiLO2Proxyareinstalledandrunning
onthehost.Toverifytheseservices,selectControlPanel>AdministrativeTools>Servicesand
attemptingtorestarttheservice.
6.VerifythattheApplicationEventLogisnotfull.
TheTerminalServicespassthroughservicemightexperiencestart-upissueswhentheoperating
systemApplicationEventLogisfull.Toviewtheeventlog,selectComputer
Management>SystemTools>EventViewer>Application.
7.VerifythattheTerminalServicesportassignmentiscorrect.
8.VerifythattheTerminalServicesclient,mstsc.exeislocatedin\WINDOWS\SYSTEM32.
Ifnot,setthepassthroughconfigurationtoEnabled,andmanuallyactivatetheterminalservices
client.
Accessoptions
TheiLO2firmwareenablesyoutomodifyiLO2access,includingconnectionidletime,iLO2
functionality,iLO2RBSU,loginrequirements,CLIparameters,minimumpasswordlength,and
servername.SettingsontheAccessOptionspageapplytoalliLO2users.Youmusthavethe
ConfigureiLO2Settingsprivilegetomodifysettingsonthispage.
ToviewormodifyiLO2access,clickAdministration>Access>OptionsandclickApplytosaveany
updatedinformation.YoumustrestartiLO2beforeyourupdatestakeeffect.Ifanychangesenable
ordisableLights-Outfunctionality,clickApplytoterminateyourbrowserconnectionandrestart
iLO2.Youmustwaitatleast30secondsbeforeattemptingtoreestablishaconnection.
38ConfiguringiLO2 
						

							TheOptionstabincludesthefollowing.
DescriptionsDefaultvalueParameter
Thissettingspecifiestheintervalofuserinactivity,inminutes,before
thewebserverandRemoteConsolesessionautomaticallyterminate.
30minutesIdleConnectionTimeout
(minutes)
Thefollowingsettingsarevalid:15,30,60,120minutes,or0
(infinite).Theinfinitetimeoutvaluedoesnotlogoutinactiveusers.
ThissettingenablesconnectiontoiLO2.Ifdisabled,allconnections
toiLO2areprevented.
EnabledLights-OutFunctionality
TheiLO210/100networkandcommunicationswithoperatingsystem
driversareturnedoffifLights-Outfunctionalityisdisabled.TheiLO2
DiagnosticPortforanHPProLiantBLpClassserverisalsodisabled.
IfiLO2functionalityisdisabled(includingtheiLO2DiagnosticPort),
youmustusetheserverSecurityOverrideSwitchtoenableiLO2.See
yourserverdocumentationtolocatetheSecurityOverrideSwitchand
setittoOverride.PowertheserveronandusetheiLO2RBSUtoset
Lights-OutFunctionalitytoEnabled.
ThissettingenablesordisablestheiLO2ROM-BasedSetupUtility.
Normally,theiLO2OptionROMpromptsyoutopressF8toenter
EnablediLO2ROM-Based
SetupUtility
RBSU,butifiLO2isdisabledoriLO2RBSUisdisabled,theRBSU
promptisbypassed.
ThissettingenablesRBSUaccesswithorwithoutauser-credentials
challenge.IfthissettingisEnabledandyoupressF8duringPOSTto
enteriLO2RBSU,alogindialogboxappears.
DisabledRequireLoginforiLO2
RBSU
ThissettingenablesthedisplayoftheiLO2networkIPaddressduring
thehostserverPOSTprocess.
DisabledShowiLO2during
POST
ThissettingenablesyoutochangetheloginmodeloftheCLIfeature
throughtheserialport.Thefollowingsettingsarevalid:
Enabled-Authentication
Required
SerialCommandLine
InterfaceStatus
•Enabled–AuthenticationRequired
•Enabled–NoAuthentication
•Disabled
Thissettingenablesyoutousetheserialporttochangethespeedof
theserialportfortheCLIfeature.Thefollowingspeeds(inbits/s)are
9600SerialCommandLine
InterfaceSpeed
valid:9600,19200,38400,57600,and115200.Theserialport
configurationmustbesettoNoparity,8databits,and1stopbit
(N/8/1)forproperoperation.Theserialportspeedthatissetbythis
parametermustmatchthespeedoftheserialportsetintheSystem
ROMRBSUsetup.
Thissettingspecifiestheminimumnumberofcharactersallowedwhen
auserpasswordissetorchanged.Thecharacterlengthcanbesetat
avaluefrom0to39.
8MinimumPassword
Length
Thissettingenablesyoutospecifythehostservername.Thisvalueis
assignedwhenusingHPProLiantManagementAgents.Ifyoudonot
ServerName
usetheagentsandthehost unnamedmessageappears,youcan
changeithere.Iftheagentsarerunning,thevalueyouassigncanbe
overwritten.
Toforcethebrowsertorefresh,savethissetting,andpressF5.
Thissettingenablesyoutoconfigureloggingcriteriaforfailed
authentications.Alllogintypesaresupportedandeverylogintype
worksindependently.Thefollowingarevalidsettings:
Enabled-Every3rd
Failure
AuthenticationFailure
Logging
•Enabled-EveryFailure–Afailedloginlogentryisrecordedafter
everyfailedloginattempt.
•Enabled-Every2ndFailure–Afailedloginlogentryisrecorded
aftereverysecondfailedloginattempt.
ConfiguringiLO2access39 
						

							DescriptionsDefaultvalueParameter
•Enabled-Every3rdFailure–Afailedloginlogentryisrecorded
aftereverythirdfailedloginattempt.
•Enabled-Every5thFailure–Afailedloginlogentryisrecordedafter
everyfifthfailedloginattempt.
•Disabled–Nofailedloginlogentryisrecorded.
WhenloggingintoiLO2withTelnetorSSHclients,thenumberofloginnameandpassword
promptsofferedbyiLO2matchesthevalueoftheAuthenticationFailureLoggingparameter(or
3whenitisdisabled.)However,thenumberofpromptsmightalsobeaffectedbyyourTelnetand
SSHclientconfigurations.TelnetandSSHloginsalsoimplementdelaysafterloginfailure.During
thedelay,loginisdisabledsonologinfailureoccurs.Asanexample,togenerateanSSH
authenticationfailurelogwithadefaultvalue(forinstance,Enabled-Every3rdFailure),three
consecutiveloginfailuresoccurasfollows(assumingtheSSHclientisconfiguredwiththenumber
ofpasswordprompts>=3):
1.RuntheSSHclientandloginwithanincorrectloginnameandpassword.Youwillreceive
threepasswordprompts.Afterthethirdincorrectpassword,theconnectionterminates,and
thefirstloginfailureisrecorded.TheSSHloginfailurecounterissetto1.
2.RuntheSSHclientuntilreceivingtheloginprompt.Loginwithanincorrectloginnameand
password.Youwillreceivethreepasswordprompts.Afterthethirdincorrectpassword,the
connectionterminates,andthesecondloginfailureisrecorded.TheSSHloginfailurecounter
issetto2.
3.RuntheSSHclientuntilreceivingtheloginprompt.Loginwithanincorrectloginnameand
password.Youwillreceivethreepasswordprompts.Afterthethirdincorrectpassword,the
connectionterminatesandthethirdloginfailureisrecorded.TheSSHloginfailurecounteris
setto3.
Atthispoint,iLO2firmwarerecordsanSSHloginfailurelogentryandsetstheSSHloginfailure
counterto0.
iLO2RemoteConsoleandRemoteSerialConsoleaccess
ForiLO2RemoteConsolerecommendedclientsettings,serversettings,optimizingmousesupport,
andRemoteSerialConsolesettings,see“iLO2RemoteConsole”(page80).
Security
TheiLO2firmwareenablesyoutocustomizeiLO2securitysettings.ToaccessiLO2security
settings,selectAdministration>Security.iLO2securityoptionsinclude:
•“SSHkeyadministration”(page44)
•“SSLcertificateadministration”(page44)
•“Two-factorauthentication”(page45)
•“Directorysettings”(page50)
•“Encryption”(page53)
•“HPSIMsinglesign-on(SSO)”(page55)
•“RemoteConsoleComputerLock”(page58)
iLO2securityoptionsenablesiLO2toprovidethefollowingsecurityfeatures:
•User-definedTCP/IPports
•UseractionsloggedintheiLO2EventLog
•Progressivedelaysforfailedloginattempts
40ConfiguringiLO2