HP BladeSystem Onboard Administrator User Guide - HP Business ...

More documents

Recommendations

Info

5. Create a Second Directory Group named OA Operators to match the operator group created in Active Directory. Assign the group Operator privilege level instead of Administrator, and do not allow the group access to Server Bays but do allow access to Interconnect bays, and then click Add. If you downgrade Onboard Administrator firmware from 2.40 to 2.31, you will lose any groups in addition to the first five groups. Onboard Administrator version 2.40 supports 20 groups, while earlier versions only support five groups. Testing the directory login solution 1. Log out of the current Onboard Administrator session, and then close all browser windows. 2. Browse to the Onboard Administrator, and then log in using one of the following options: o Test Admin o TestAdmin@domain.com o DOMAIN\Test Admin o FQDN: cn=,cn=dc=,dc= 3. Enter the corresponding password used for the user account. If you cannot log in with full Administrative privileges, see the Troubleshooting (on page 245) section. Note that you cannot login using your user name. For example, if your Account name is John Brownie and your account is jbrownie, you cannot log in as jbrownie, because this format is not currently supported by LDAP. 4. Log off of Onboard Administrator, and then log in is as Test Operator, using one of the following options: Enabling LDAP Directory Services Authentication to Microsoft Active Directory 264
o Test Operator o TestOperator@Domain.com o DOMAIN\Test Operator 5. Enter the corresponding password used for this account. You have full access to interconnect bays but not to any server blades. Troubleshooting LDAP on Onboard Administrator To verify that SSL is working on the Domain Controllers in your domain, open a browser and then navigate to https://:636 (substitute your Domain Controller for ). You can substitute in place of which goes to DNS to verify which Domain Controller is currently answering requests for the domain. Test multiple Domain Controllers to verify that all of them have been issued a certificate. If SSL is operating properly on a Domain Controller (for example, a Certificate has been issued to it), you are prompted by the Security dialog that asks if you want to proceed with accessing the site or view the certificate. If you click Yes, a webpage does not appear. The test is to make the Security Dialog prompt appear. A server not accepting connections on port 636 displays the page cannot be displayed message. If this test fails, the Domain Controller is not accepting SSL connections possibly because a certificate has not been issued. This process is automatic, but might require a reboot. To avoid a reboot: 1. On the Domain Controller, load the Computer Account MMC snap-in, and then navigate to the Personal->Certificates folder. 2. Right-click the folder, and then choose Request New Certificate. The type default is Domain Controller. 3. Click Next, and then repeat until the Domain Controller issues the certificate. A second method for troubleshooting SSL is to go to the DC, and then run the following command: C:\netstat -an | find /i "636" If the server is listening for requests on port 636,the following response appears: TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 1. A third issue might be that the domain controllers have not auto-enrolled. The DCs can take up to 8 hours to auto-enroll and get their certificates issued because MS uses GPO to make the DC's aware of the newly installed CA. You can force this by running DSSTORE -pulse from the DCs (tool is in the w2k reskit). It is triggered by winlogon. Therefore, for auto-enrollment to function, you must log off and then log on again. The certificates appear automatically in the CAs Issued Certs list. Make sure the CA is not listing them in Pending Certs. If it is, change the CA to auto issue certificates when a request comes in. If the auto-enrollment feature still does not function, request the certificate using the following procedure: 2. On the Domain Controller, open MMC, and then add Certificate Snap-in (Computer Account). 3. Navigate to Personal, and then right-click the folder. 4. Click Request New Cert, and then click Next. 5. Enter a name for the certificate. If an RPC error occurs, verify that the CA is listed in DNS and that the CA is running. If the wizard does not start, force the server to see the CA and then allow the wizard to run: To speed up the GPO process and make the DCs acknowledge the CA, use one of the following commands: • Windows® 2003, Gpupdate /force • Windows® 2000, Secedit /refreshpolicy machine_policy /enforce Enabling LDAP Directory Services Authentication to Microsoft Active Directory 265
Page 1 and 2:
HP BladeSystem Onboard Administrato
Page 3 and 4:
Contents Introduction .............
Page 5 and 6:
Boot Options tab ..................
Page 7 and 8:
Europe time zone settings .........
Page 9 and 10:
server iLO, interconnect management
Page 11 and 12:
If a protocol is disabled, then the
Page 13 and 14:
the KVM USB for keyboard and mouse
Page 15 and 16:
Option ROM settings. For the interc
Page 17 and 18:
If extended data is disabled on an
Page 19 and 20:
Using online help To access online
Page 21 and 22:
The Insight Display LCD panel allow
Page 23 and 24:
OA 3.60 Encryption Normal OA3.60 En
Page 25 and 26:
2. Slide the Onboard Administrator
Page 27 and 28:
Enclosure KVM Features The Enclosur
Page 29 and 30:
• Server Console—Select a serve
Page 31 and 32:
First Time Setup Wizard Before you
Page 33 and 34:
To update the rack topology informa
Page 35 and 36:
Rack and Enclosure Settings screen
Page 37 and 38:
Administrator Account Setup screen
Page 39 and 40:
For possible values and description
Page 41 and 42:
Knowing your network configuration
Page 43 and 44:
Use the LDAP Group Configuration sc
Page 45 and 46:
Field Possible value Description Se
Page 47 and 48:
Power Management screen IMPORTANT:
Page 49 and 50:
Mode Insight Display name Descripti
Page 51 and 52:
Navigating Onboard Administrator Na
Page 53 and 54:
Clicking the link for an individual
Page 55 and 56:
The following image shows the graph
Page 57 and 58:
Rack View Rack View screen The Rack
Page 59 and 60:
If the active mode is set for a sin
Page 61 and 62:
Row Description Enclosure Ambient T
Page 63 and 64:
Column Description Bay Model Manufa
Page 65 and 66:
Configuring the HP BladeSystem c700
Page 67 and 68:
To view the enclosure Status screen
Page 69 and 70:
Information Configuring the HP Blad
Page 71 and 72:
To change the state of the enclosur
Page 73 and 74:
o Fan removed o Power supply status
Page 75 and 76:
Disabled—Disables powerdelay for
Page 77 and 78:
Column Description Delay Click Appl
Page 79 and 80:
Enclosure TCP/IP settings IPv4 Sett
Page 81 and 82:
IPv6 Settings tab This screen displ
Page 83 and 84:
• Auto-Negotiate—Automatically
Page 85 and 86:
Below the Trusted Addresses field i
Page 87 and 88:
EBIPA assigns IP addresses for the
Page 89 and 90:
Column Description EBIPA Address Su
Page 91 and 92:
Enclosure Virtual Buttons tab To ch
Page 93 and 94:
Active to Standby DVD drive When a
Page 95 and 96:
in the list. If multiple media disk
Page 97 and 98:
The revert delay on the VLAN Settin
Page 99 and 100:
Adding, editing, and removing VLANs
Page 101 and 102:
To change the membership of a devic
Page 103 and 104:
HP Insight Remote Support Use the R
Page 105 and 106:
Insight Remote Support Service Even
Page 107 and 108:
Row Description Collection Click Se
Page 109 and 110:
Enclosure Firmware Management setti
Page 111 and 112:
updating the firmware management lo
Page 113 and 114:
• In the list of enclosures, the
Page 115 and 116:
Row Description Firmware Version Ha
Page 117 and 118:
Certificate Administration Informat
Page 119 and 120:
Certificate Request tab The Certifi
Page 121 and 122:
Certificate-signing request attribu
Page 123 and 124:
Force Downgrade—You must use this
Page 125 and 126:
• Enclosure Event 0x11: Fan Inser
Page 127 and 128:
• Enclosure Event 0x1203: Flash P
Page 129 and 130:
TCP/IP Settings for Standby Onboard
Page 131 and 132:
Row Description Version MD5 Fingerp
Page 133 and 134:
Field Possible values Description I
Page 135 and 136:
Button Description Momentary Press
Page 137 and 138:
Row Description Status Powered Powe
Page 139 and 140:
The Onboard Administrator provides
Page 141 and 142:
Row Description Bay Device Model Fi
Page 143 and 144:
Row Description Serial Number (Logi
Page 145 and 146:
Column Description iLO DVD Status D
Page 147 and 148:
IML Log tab The IML Log tab display
Page 149 and 150:
Diagnostic information is gathered
Page 151 and 152:
Status tab Status information Row D
Page 153 and 154:
Management Console Information prov
Page 155 and 156:
Interconnect bays Interconnect Bay
Page 157 and 158:
Click the Port Mapping Interconnect
Page 159 and 160:
Interconnect Bay Virtual Buttons In
Page 161 and 162:
Enclosure power management Power ma
Page 163 and 164:
IMPORTANT: To change the power redu
Page 165 and 166:
HP launched Power Capping technolog
Page 167 and 168:
The Line Voltage value is used to p
Page 169 and 170:
Row Description Present Power Enclo
Page 171 and 172:
The Power Subsystem screen provides
Page 173 and 174:
Fans and cooling management Fan zon
Page 175 and 176:
Fan status Column Description Fan M
Page 177 and 178:
Row Description Serial Number Diagn
Page 179 and 180:
c3000 Enclosure fan location rules
Page 181 and 182:
When a USB key is detected in the A
Page 183 and 184:
If a Windows® installation CD is i
Page 185 and 186:
You can eject media from the DVD dr
Page 187 and 188:
Unattended OS deployment The Onboar
Page 189 and 190:
You can initiate an unattended oper
Page 191 and 192:
From the DVD Connection Status scre
Page 193 and 194:
To view the progress of the unatten
Page 195 and 196:
Onboard Administrator bays. The pri
Page 197 and 198:
Field Possible value Description Pa
Page 199 and 200:
Account classification Capabilities
Page 201 and 202:
Field Possible value Description Se
Page 203 and 204:
A failed test reports that the IP a
Page 205 and 206:
Privilege level Field Possible valu
Page 207 and 208:
Checkbox Description Onboard Admini
Page 209 and 210:
Account classification Capabilities
Page 211 and 212:
HP SIM integration HP BladeSystem O
Page 213 and 214: Using Enclosure Firmware Management
Page 215 and 216: 2. Select the Manual Update tab. 3.
Page 217 and 218: Logging Enclosure Firmware Manageme
Page 219 and 220: Server firmware Select Device Bays
Page 221 and 222: When Two-Factor Authentication is e
Page 223 and 224: administrator. If any sessions have
Page 225 and 226: Port mapping Device bay port mappin
Page 227 and 228: HP ProLiant BL680c G7 Servers Devic
Page 229 and 230: HP ProLiant BL2x220c G7 Server The
Page 231 and 232: In this diagram, N equals the numbe
Page 233 and 234: Device bay port mapping table for c
Page 235 and 236: Connection Port Number Connects to
Page 237 and 238: 12. Complete the remainder of the s
Page 239 and 240: Since none of the configured device
Page 241 and 242: Current enclosure inventory To view
Page 243 and 244: The iLO entry in the tree view is o
Page 245 and 246: Troubleshooting Onboard Administrat
Page 247 and 248: 55 Getting the Onboard Administrato
Page 249 and 250: 137 The session could not be create
Page 251 and 252: 216 Firmware update in progress. Lo
Page 253 and 254: 285 Invalid remote server address 2
Page 255 and 256: 358 URB reporting using SMTP cannot
Page 257 and 258: Resetting the Onboard Administrator
Page 259 and 260: Enabling LDAP Directory Services Au
Page 261 and 262: 1. Click the Upload Certificate Tab
Page 263: CZImiZPyLGQBGRYDY29tMRIwEAYKCZImiZP
Page 267 and 268: Time zone settings Africa time zone
Page 269 and 270: Asia time zone settings IMPORTANT:
Page 271 and 272: Europe/Belfast Europe/Lisbon Europe
Page 273 and 274: Acronyms and abbreviations CA certi
Page 275 and 276: SUV serial, USB, video TFTP Trivial
Page 277 and 278: Index A AC redundant, lost 161 acce
Page 279 and 280: power management planning 161 power
show all

HP BladeSystem Onboard Administrator User Guide - HP Business ...

Create successful ePaper yourself

Delete template?

Save as template?