HP Ilo 2 User Guide
Have a look at the manual HP Ilo 2 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
4.Changeuserinformationasrequired. 5.Afterchangingthefields,returntotheUserAdministrationscreenbyclickingSaveUser Information.Torecovertheoriginaluserinformation,clickRestoreUserInformation.All changesmadetotheprofilearediscarded. Deletingauser NOTE:OnlyuserswiththeAdministerUserAccountsprivilegecanmanageotherusersoniLO 2. Todeleteexistinguserinformation: 1.LogintoiLO2usinganaccountthathastheAdministerUserAccountsprivilege. 2.ClickAdministration. 3.ClickUserAdministrationandselectfromthelistthenameoftheuserwhoseinformationyou wanttochange. 4.ClickDeleteUser. Apop-upwindowdisplays: Are you sure you want to delete the selected user? 5.ClickOK. Groupadministration TheiLO2firmwareenablesyoutoviewiLO2groupsandmodifysettingsforthosegroups.You musthavetheAdministerDirectoryGroupsprivilege.Toviewormodifyagroup: 1.ClickAdministration>UserAdministration>GroupAccounts. 2.Selectthegroup,andclickView/ModifyGroup.TheModifyGrouppageappears. ClickCanceltoreturntotheGroupAdministrationpage. Useradministration31
Thefollowingsettingsareavailable: •SecurityGroupDistinguishedNameisthedistinguishednameofagroupwithinthedirectory. Allmembersofthisgrouparegrantedtheprivilegessetforthegroup.Thegroupspecifiedin theSecurityGroupDistinguishedNamemustexistwithinthedirectory,anduserswhoneed accesstoiLO2mustbemembersofthisgroup.CompletethisfieldwithaDistinguishedName fromthedirectory(forexample,CN=Group1,OU=Managed Groups, DC=domain, DC=extension). •AdministerGroupAccountsenablesuserswhobelongtothisgrouptoalterprivilegesforany group. •RemoteConsoleAccessenablesyoutoremotelyaccessthehostsystemRemoteConsole, includingtheRemoteSerialConsole.Youmusthaveaccesstotheremotesystemtousethis capability. •VirtualPowerandResetenablesyoutopowercycleorresetthehostplatform.Theseactivities interrupttheavailabilityofthesystem.Ifselected,thisoptionalsoallowsyoutodiagnosethe systemusingthevirtualNMIbutton. •VirtualMediaenablesyoutousevirtualmediaonthehostplatform. •ConfigureiLO2SettingsenablesyoutoconfiguremostiLO2settings,includingsecurity settings.Ifselected,youcanremotelyupdateiLO2firmware.Thissettingdoesnotinclude groupaccountadministration.Thesesettingsrarelychange. AfteriLO2iscorrectlyconfigured,revokingthisprivilegefromallgroupsprevents reconfiguration.UserswiththeAdministerGroupAccountsprivilegecanenableordisable thisprivilege.TheiLO2firmwarecanalsobereconfiguredifiLO2RBSUisenabled. Tosaveupdatedinformation,clickSaveGroupInformation,ortodiscardchangesandreturnto theGroupAdministrationpage,clickCancel. ConfiguringiLO2access TheiLO2firmwareenablesyoutoconfigurewhichservicesareenabledoniLO2anduseraccess toiLO2.ToconfigureiLO2servicesoptions,clickAdministration>Access.TheServicespage(tab) appears.ToconfigureiLO2accessoptions),clickAdministration>Access>Options(tab).Youmust havetheConfigureiLO2SettingsprivilegetomodifyiLO2servicesandaccessoptions.Formore information,see“Accessoptions”(page38). 32ConfiguringiLO2
Servicesoptions TheServicestabenablesyoutoselectwhichservicesyouwanttoenableoniLO2,includingSSH, SSL,RemoteConsole,Telnet,andTerminalServices.TheServicestabalsoenablesyoutosetthe portsforeachselectedoption.SettingsontheServicespageapplytoalliLO2users.Youmust havetheConfigureiLO2Settingsprivilegetomodifysettingsonthispage. ToaccessServices,clickAdministration>Access>Services.ClickApplytosaveupdatedinformation. YoumustrestartiLO2beforeanychangestakeeffect.Ifanychangeshavebeenmadetoenable ordisableLights-Outfunctionality,clickingApplyterminatesyourbrowserconnectionandrestarts iLO2.Youmustwaitatleast30secondsbeforeattemptingtoreestablishaconnection. TheServicestabincludesthefollowingsettings: DescriptionDefaultvalueParameter ThissettingenablesyoutospecifywhethertheSSHfeatureon theiLO2isenabledordisabled. EnabledSecureShell(SSH)Access ThissettingenablesyoutoconfiguretheiLO2SSHporttobe usedforSSHcommunications. 22Secureshell(SSH)Port ThissettingenablesyoutoconnectaTelnetclienttotheRemote Console/Telnetport,providingaccesstotheiLO2CLP.The followingsettingsarevalid: DisabledTelnetAccess •Enabled–iLO2enablesTelnetclientstoconnecttothe RemoteConsole/Telnetport.Networkportscannerscan detectthatiLO2islisteningonthisport.Unencrypted communicationisallowedbetweentheiLO2CLPandTelnet clients. •Disabled–iLO2doesnotallowTelnetclientstoconnectto theRemoteConsole/Telnetport.Networkportscannerswill ConfiguringiLO2access33
DescriptionDefaultvalueParameter notnormallydetectifthisportisopenoniLO2.iLO2listens onthisportforafewsecondswhentheRemoteConsoleis opened,butTelnetconnectionsarenotaccepted. CommunicationbetweentheiLO2andRemoteConsoleis alwaysencrypted. ThissettingenablesyoutospecifywhichporttheiLO2Remote Consoleusesforremoteconsolecommunications. 23RemoteConsole/TelnetPort Thissettingenablesyoutospecifywhichporttheembedded webserveriniLO2usesforunencryptedcommunications. 80WebServerNon-SSLPort Thissettingenablesyoutospecifywhichporttheembedded webserveriniLO2usesforencryptedcommunications. 443WebServerSSLPort Thissettingenablesyoutocontroltheabilitytosupporta connectionthroughiLO2betweenaMicrosoftTerminalServices DisabledTerminalServicesPassthrough clientandTerminalServicesserverrunningonthehost.The followingsettingsarevalid: •Automatic–Whenremoteconsoleisstarted,theTerminal Servicesclientislaunched. •Enabled–Thepassthroughfeatureisenabledandcan connecttheTerminalServicesclientdirectlytotheiLO2 withoutlogging-intotheiLO2. •Disabled–Thepassthroughfeatureisoff. ThissettingenablesyoutospecifytheTerminalServicesPort thattheiLO2usesforencryptedcommunicationswithTerminal 3389TerminalServicesPort Servicespassthroughsoftwareontheserver.IftheTerminal Servicesportisconfiguredtoanythingotherthanthedefault, youmustmanuallychangetheportnumber. Thissettingenablesyoutospecifywhetherthevirtualmedia portontheiLO2isenabledordisabled.Thefollowingsettings arevalid: EnabledVirtualMedia •Enabled–iLO2enablestheVirtualmediaport. •Disabled–iLO2disablestheVirtualmediaport. Thissettingenablesyoutospecifytheportforvirtualmedia supportiniLO2communications. 17988VirtualMediaPort ThissettingenablesyoutospecifytheSharedRemoteConsole Port.TheSharedRemoteConsolePortisopenedontheclient 9300SharedRemoteConsolePort toallowadditionaluserstoconnecttoremoteconsoleina peer-to-peerfashion.ThisportisonlyopenwhenSharedRemote Consoleisinuse. ThissettingenablesyoutospecifytheConsoleReplayPort.The ConsoleReplayPortisopenedontheclienttoenablethe 17990ConsoleReplayPort transferofinternalcapturebufferstotheclientforreplay.This portisonlyopenwhenacapturebufferisbeingtransferredto theclient. ThissettingspecifiestheRawSerialDataportaddress.TheRaw SerialDataportisonlyopenwhiletheWiLODbg.exeutilityis beingusedtodebugthehostserverremotely. 3002RawSerialDataPort TerminalServicesPassthroughoption TerminalServicesisprovidedbytheMicrosoftWindowsoperatingsystems.TheiLO2Terminal ServicesPassthroughoptionprovidesaconnectionbetweentheTerminalServicesserveronthe hostsystemandtheTerminalServicesclientontheclientsystem.WhentheTerminalServices Passthroughoptionisenabled,theiLO2firmwareenablesasocket,listeningbydefaultonport 34ConfiguringiLO2
3389.AlldatareceivedfromTerminalServicesonthisportisforwardedtotheserverandalldata TerminalServicesreceivesfromtheserverisforwardedbacktothesocket.TheiLO2firmware readsanythingreceivedonthisportasanRDPpacket.RDPpacketsareexchangedbetweenthe iLO2firmwareandtheserverTerminalServices(RDP)serverthroughthelocalhostaddresson theserver.TheserviceprovidedfacilitatescommunicationsbetweentheiLO2firmwareandthe RDPserver.TheRDPserverinterpretstheserviceasanestablishedexternalRDPconnection.For moreinformationonRDPservices,see“WindowsRDPPassthroughservice”(page35). ATerminalServicessessionprovidesaperformance-enhancedviewofthehostsystemconsole. Whentheoperatingsystemisunavailable(ortheTerminalServicesserverorclientisunavailable), thetraditionaliLO2RemoteConsoleprovidesaviewofthehostsystemconsole.Formore informationonRemoteConsoleandTerminalServices,see“RemoteConsoleandTerminalServices clients”(page37). ToconfiguretheTerminalServicesPassthroughoption,seethe“TerminalServicesclient requirements”(page35)and“TerminalServicesPassthroughinstallation”(page36). TerminalServicesclientrequirements TheTerminalServicesclientisavailableonMicrosoftWindowsclientmachinesrunning: •WindowsServer2003 OnWindowsServer2003servers,theTerminalServicesclientandRDPconnectionisbuilt-in. TheclientispartoftheoperatingsystemandisactivatedusingRemoteDesktopsharing.To activatedesktopsharing,selectMyComputer>Properties>Remote>RemoteDesktop.The TerminalServicesclientinWindowsServer2003providescommand-lineoptionsandseamless launchesfromtheRemoteConsoleapplet. •WindowsServer2008 OnWindowsServer2008servers,theTerminalServicesclientandRDPconnectionisbuilt-in. TheclientispartoftheoperatingsystemandisactivatedusingRemoteDesktopsharing.To activatedesktopsharing,selectMyComputer>Properties>Remote>RemoteDesktop.The TerminalServicesclientinWindowsServer2008providescommand-lineoptionsandseamless launchesfromtheRemoteConsoleapplet. •WindowsXP OnWindowsXPservers,theTerminalServicesclientandRDPconnectionisbuiltin.Theclient ispartoftheoperatingsystemandisactivatedusingRemoteDesktopsharing.Toactivate desktopsharing,selectStart>Programs>Accessories>Communications>RemoteDesktop.The TerminalServicesclientinWindowsXPprovidescommand-lineoptionsandlaunchesfrom theremoteconsoleapplet. WindowsRDPPassthroughservice TousetheiLO2TerminalServicesPassthroughfeature,youmustinstallapassthroughserviceon thehostsystem.ThisservicedisplaysthenameoftheiLO2Proxyinthehostlistofavailable services.TheserviceutilizesMicrosoft.NETframeworksecurityandreliability.Aftertheserviceis started,theservicepollsiLO2todetectifanRDPconnectionwiththeclientisestablished.Ifan RDPconnectionwiththeclientisestablished,theserviceestablishesaTCPconnectionwithlocal hostandbeginsexchangingpackets.Theportusedtocommunicatewiththelocalhostisread fromtheWindowsregistryat: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\ Wds dpwd\Tds cp\PortNumber Theportistypicallyport3389. ConfiguringiLO2access35
TerminalServicesPassthroughinstallation ThefollowingsectiondescribeshowtoinstallTerminalServicesPassthroughonWindowsServer 2008,WindowsServer2003,andMicrosoftWindowsXP. •WindowsServer2003andWindowsServer2008 WindowsserversrequireMicrosoft.NETFrameworktosupporttheuseofiLO2Terminal Services.TheTerminalServicesPassthroughserviceandtheiLO2ManagementInterface driverforWindowsServer2008andWindowsServer2003mustbeinstalledontheserver thathastheiLO2. 1.InstalltheiLO2ManagementInterfacedriver. 2.Installthepassthroughservice.Toinstalltheservice,launchthecomponentinstallerand followthedirectionsintheinstallationwizard. Iftheserviceisalreadyinstalled,thenyoumustmanuallyrestartorreboottheserverwhen thedriverisinstalled. 3.ActivatetheTerminalServicesclient. OnWindowsServer2003andWindowsServer2008,youcanactivateRemoteDesktop sharingbyclickingtheRemotetabunderMyComputerandProperties. IftheiLO2installationiscomplete,andifiLO2TerminalServicespassthroughoptionisset toautomatic,thenTerminalServiceslauncheswhentheinstallationiscomplete. •MicrosoftWindowsXP OnWindowsXP,theRemoteDesktopConnectionisbuilt-inandhasnootherinstallation requirements. Errorsthatoccurduringinstallationandexecutionofthepassthroughserviceareloggedinthe serverApplicationEventLog.YoucanremovethepassthroughserviceusingAddorRemove ProgramsintheControlPanel. EnablingtheTerminalServicesPassthroughoption Bydefault,theTerminalServicesPassthroughfeatureisdisabledandcanbeenabledonthe Administration>Access>Servicespage.TheTerminalServicesbuttonintheRemoteConsoleis deactivateduntiltheTerminalServicespassthroughfeatureisenabled. TouseoftheTerminalServicesPassthroughfeature,installthelatestLights-OutManagement InterfaceDriverandtheninstallTerminalServicespassthroughserviceforMicrosoftWindowson theserver. WhentheTerminalServicesPassthroughoptionissettoEnabledorAutomaticonthe Administration>Access>ServicespageandtheTerminalServicesClientisinstalledontheWindows client(installsbydefaultonWindowsXP),theTerminalServicesbuttonisenabled.Whenyouclick theTerminalServicesbutton,theapplettriestolaunchtheTerminalServices,eveniftheserveris notrunningaWindowsoperatingsystem. YoumustcomplywithMicrosoftlicenserequirementswhicharethesameasconnectingthrough theserver'sNIC.Forinstance,whensetforadministrativeaccess,TerminalServicesdoesnotallow morethantwoconnections,regardlessofwhethertheconnectionsarethroughtheserver'sNIC, oriLO2,orboth. TerminalServiceswarningmessage TerminalsServicesusersoperatingonWindows2003Servermightnoticethefollowingwhen usingtheTerminalServicespassthroughfeatureofiLO2.IfaTerminalServicessessionisestablished throughiLO2andasecondTerminalServicessessionisestablishedbyaWindowsadministrator (Consolemode),thefirstTerminalServicessessionisdisconnected.However,thefirstTerminal Servicessessiondoesnotreceivethewarningmessageindicatingthedisconnectionuntil approximatelyoneminutelater.Duringthisone-minuteperiod,thefirstTerminalServicessession 36ConfiguringiLO2
isavailableoractive.Thisisnormalbehavior,butitisdifferentthanthebehaviorobservedwhen bothTerminalServicessessionsareestablishedbyWindowsadministrators.Inthatcase,the warningmessageisreceivedbythefirstTerminalServicessessionimmediately. TerminalServicesPassthroughoptiondisplay TheiLO2firmwaremightnotaccuratelydisplaytheTerminalServicesPassthroughoption.The TerminalServicesPassthroughoptionmightappearactiveeveniftheoperatingsystemisnot TerminalServicesenabled(forexample,ifthehostoperatingsystemisLinux,whichdoesnot supportTerminalServicesoperation). RemoteConsoleandTerminalServicesclients UsingthemanagementnetworkconnectiontotheiLO2,aniLO2RemoteConsolesessioncan beusedtodisplayaTerminalServicessessiontothehost.WhentheiLO2RemoteConsoleapplet runs,itlaunchestheTerminalServicesclientbasedonuserpreference.TheSunJVMmustbe installedtoobtainfullfunctionalityofthisfeature.IftheSunJVMisnotinstalled,thentheRemote ConsolecannotautomaticallylaunchtheTerminalServicesclient. IfTerminalServicespassthroughisenabled,andtheTerminalServicesserverisavailable,switching betweeniLO2RemoteConsoleandtheTerminalServicesclientwillbeseamlessastheserver progressesfrompre-operatingsystemenvironmenttooperatingsystem-runningenvironment,to operatingsystem-notavailableenvironment.Theseamlessoperationisavailableaslongasthe TerminalServicesclientisnotstartedbeforeRemoteConsoleisavailable.IfRemoteConsoleis availableandtheTerminalServicesclientisavailable,RemoteConsolewillstarttheTerminal Servicesclientwhenappropriate. WhenusingtheTerminalServicespassthroughoptionwithWindowsServer2003andWindows Server2008,a30-seconddelayoccursaftertheCTRL-ALT-DELdialogboxappearsbeforethe TerminalServicesclientlaunches.The30-seconddelayrepresentshowlongittakesfortheservice toconnecttotheRDPclientrunningontheserver.IftheserverisrebootedfromtheTerminalServices client,theRemoteConsolescreenturnsgreyorblackforuptooneminutewhileiLO2determines thattheTerminalServicesserverisnolongeravailable. IfTerminalServicesmodeissettoEnabled,butyouwanttousetheRemoteConsole,thenlaunch theTerminalServicesclientdirectlyfromtheTerminalServicesclientmenu.Launchingdirectlyfrom theclientmenuenablessimultaneoususeoftheTerminalServicesclientandtheRemoteConsole. TerminalServicescanbedisabledorenabledatanytime.ChangingtheTerminalServices configurationcausestheiLO2firmwaretoreset.ResettingtheiLO2firmwareinterruptsanyopen connectionstoiLO2. WhentheTerminalServicesclientislaunchedbytheRemoteConsole,RemoteConsolegoesinto asleepmodetoavoidconsumingCPUbandwidth.RemoteConsolestilllistenstotheRemote Consoledefaultport23foranycommandsfromiLO2. TheiLO2firmwarepassesthroughonlyoneTerminalServicesconnectionatatime.Terminal Serviceshasalimitoftwoconcurrentsessions. TheRemoteConsoleactivatesandbecomesavailableiftheRemoteConsoleisinsleepmodeand theTerminalServicesclientisinterruptedbyanyofthefollowingevents: •TheTerminalServicesclientisclosedbytheuser. •TheWindowsoperatingsystemisshutdown. •TheWindowsoperatingsystemlocksup. TerminalServicestroubleshooting ToresolveissueswithiLO2TerminalServicesPassthrough: ConfiguringiLO2access37
1.VerifythatTerminalServicesisenabledonthehostbyselecting MyComputer>Properties>Remote>RemoteDesktop. 2.VerifythattheiLO2passthroughconfigurationisenabledorautomaticintheiLO2Global Settings. 3.VerifythatiLOAdvancedPackislicensed. 4.VerifythattheiLO2ManagementInterfaceDriverisinstalledonthehost.Toverifythedriver, selectMyComputer>Properties>Hardware>DeviceManager>MultifunctionAdapters. 5.VerifythattheTerminalServicespassthroughserviceandiLO2Proxyareinstalledandrunning onthehost.Toverifytheseservices,selectControlPanel>AdministrativeTools>Servicesand attemptingtorestarttheservice. 6.VerifythattheApplicationEventLogisnotfull. TheTerminalServicespassthroughservicemightexperiencestart-upissueswhentheoperating systemApplicationEventLogisfull.Toviewtheeventlog,selectComputer Management>SystemTools>EventViewer>Application. 7.VerifythattheTerminalServicesportassignmentiscorrect. 8.VerifythattheTerminalServicesclient,mstsc.exeislocatedin\WINDOWS\SYSTEM32. Ifnot,setthepassthroughconfigurationtoEnabled,andmanuallyactivatetheterminalservices client. Accessoptions TheiLO2firmwareenablesyoutomodifyiLO2access,includingconnectionidletime,iLO2 functionality,iLO2RBSU,loginrequirements,CLIparameters,minimumpasswordlength,and servername.SettingsontheAccessOptionspageapplytoalliLO2users.Youmusthavethe ConfigureiLO2Settingsprivilegetomodifysettingsonthispage. ToviewormodifyiLO2access,clickAdministration>Access>OptionsandclickApplytosaveany updatedinformation.YoumustrestartiLO2beforeyourupdatestakeeffect.Ifanychangesenable ordisableLights-Outfunctionality,clickApplytoterminateyourbrowserconnectionandrestart iLO2.Youmustwaitatleast30secondsbeforeattemptingtoreestablishaconnection. 38ConfiguringiLO2
TheOptionstabincludesthefollowing. DescriptionsDefaultvalueParameter Thissettingspecifiestheintervalofuserinactivity,inminutes,before thewebserverandRemoteConsolesessionautomaticallyterminate. 30minutesIdleConnectionTimeout (minutes) Thefollowingsettingsarevalid:15,30,60,120minutes,or0 (infinite).Theinfinitetimeoutvaluedoesnotlogoutinactiveusers. ThissettingenablesconnectiontoiLO2.Ifdisabled,allconnections toiLO2areprevented. EnabledLights-OutFunctionality TheiLO210/100networkandcommunicationswithoperatingsystem driversareturnedoffifLights-Outfunctionalityisdisabled.TheiLO2 DiagnosticPortforanHPProLiantBLpClassserverisalsodisabled. IfiLO2functionalityisdisabled(includingtheiLO2DiagnosticPort), youmustusetheserverSecurityOverrideSwitchtoenableiLO2.See yourserverdocumentationtolocatetheSecurityOverrideSwitchand setittoOverride.PowertheserveronandusetheiLO2RBSUtoset Lights-OutFunctionalitytoEnabled. ThissettingenablesordisablestheiLO2ROM-BasedSetupUtility. Normally,theiLO2OptionROMpromptsyoutopressF8toenter EnablediLO2ROM-Based SetupUtility RBSU,butifiLO2isdisabledoriLO2RBSUisdisabled,theRBSU promptisbypassed. ThissettingenablesRBSUaccesswithorwithoutauser-credentials challenge.IfthissettingisEnabledandyoupressF8duringPOSTto enteriLO2RBSU,alogindialogboxappears. DisabledRequireLoginforiLO2 RBSU ThissettingenablesthedisplayoftheiLO2networkIPaddressduring thehostserverPOSTprocess. DisabledShowiLO2during POST ThissettingenablesyoutochangetheloginmodeloftheCLIfeature throughtheserialport.Thefollowingsettingsarevalid: Enabled-Authentication Required SerialCommandLine InterfaceStatus •Enabled–AuthenticationRequired •Enabled–NoAuthentication •Disabled Thissettingenablesyoutousetheserialporttochangethespeedof theserialportfortheCLIfeature.Thefollowingspeeds(inbits/s)are 9600SerialCommandLine InterfaceSpeed valid:9600,19200,38400,57600,and115200.Theserialport configurationmustbesettoNoparity,8databits,and1stopbit (N/8/1)forproperoperation.Theserialportspeedthatissetbythis parametermustmatchthespeedoftheserialportsetintheSystem ROMRBSUsetup. Thissettingspecifiestheminimumnumberofcharactersallowedwhen auserpasswordissetorchanged.Thecharacterlengthcanbesetat avaluefrom0to39. 8MinimumPassword Length Thissettingenablesyoutospecifythehostservername.Thisvalueis assignedwhenusingHPProLiantManagementAgents.Ifyoudonot ServerName usetheagentsandthehost unnamedmessageappears,youcan changeithere.Iftheagentsarerunning,thevalueyouassigncanbe overwritten. Toforcethebrowsertorefresh,savethissetting,andpressF5. Thissettingenablesyoutoconfigureloggingcriteriaforfailed authentications.Alllogintypesaresupportedandeverylogintype worksindependently.Thefollowingarevalidsettings: Enabled-Every3rd Failure AuthenticationFailure Logging •Enabled-EveryFailure–Afailedloginlogentryisrecordedafter everyfailedloginattempt. •Enabled-Every2ndFailure–Afailedloginlogentryisrecorded aftereverysecondfailedloginattempt. ConfiguringiLO2access39
DescriptionsDefaultvalueParameter •Enabled-Every3rdFailure–Afailedloginlogentryisrecorded aftereverythirdfailedloginattempt. •Enabled-Every5thFailure–Afailedloginlogentryisrecordedafter everyfifthfailedloginattempt. •Disabled–Nofailedloginlogentryisrecorded. WhenloggingintoiLO2withTelnetorSSHclients,thenumberofloginnameandpassword promptsofferedbyiLO2matchesthevalueoftheAuthenticationFailureLoggingparameter(or 3whenitisdisabled.)However,thenumberofpromptsmightalsobeaffectedbyyourTelnetand SSHclientconfigurations.TelnetandSSHloginsalsoimplementdelaysafterloginfailure.During thedelay,loginisdisabledsonologinfailureoccurs.Asanexample,togenerateanSSH authenticationfailurelogwithadefaultvalue(forinstance,Enabled-Every3rdFailure),three consecutiveloginfailuresoccurasfollows(assumingtheSSHclientisconfiguredwiththenumber ofpasswordprompts>=3): 1.RuntheSSHclientandloginwithanincorrectloginnameandpassword.Youwillreceive threepasswordprompts.Afterthethirdincorrectpassword,theconnectionterminates,and thefirstloginfailureisrecorded.TheSSHloginfailurecounterissetto1. 2.RuntheSSHclientuntilreceivingtheloginprompt.Loginwithanincorrectloginnameand password.Youwillreceivethreepasswordprompts.Afterthethirdincorrectpassword,the connectionterminates,andthesecondloginfailureisrecorded.TheSSHloginfailurecounter issetto2. 3.RuntheSSHclientuntilreceivingtheloginprompt.Loginwithanincorrectloginnameand password.Youwillreceivethreepasswordprompts.Afterthethirdincorrectpassword,the connectionterminatesandthethirdloginfailureisrecorded.TheSSHloginfailurecounteris setto3. Atthispoint,iLO2firmwarerecordsanSSHloginfailurelogentryandsetstheSSHloginfailure counterto0. iLO2RemoteConsoleandRemoteSerialConsoleaccess ForiLO2RemoteConsolerecommendedclientsettings,serversettings,optimizingmousesupport, andRemoteSerialConsolesettings,see“iLO2RemoteConsole”(page80). Security TheiLO2firmwareenablesyoutocustomizeiLO2securitysettings.ToaccessiLO2security settings,selectAdministration>Security.iLO2securityoptionsinclude: •“SSHkeyadministration”(page44) •“SSLcertificateadministration”(page44) •“Two-factorauthentication”(page45) •“Directorysettings”(page50) •“Encryption”(page53) •“HPSIMsinglesign-on(SSO)”(page55) •“RemoteConsoleComputerLock”(page58) iLO2securityoptionsenablesiLO2toprovidethefollowingsecurityfeatures: •User-definedTCP/IPports •UseractionsloggedintheiLO2EventLog •Progressivedelaysforfailedloginattempts 40ConfiguringiLO2