Home » HP Manuals » Desktops » HP Xw460c » Manual Viewer

HP Xw460c HP Integrated Lights-Out 2 User Guide for Firmware 1.75 and 1.77 - Page 209

Cookie order behavior, Displaying the current session cookie, File>New>Window, Ctrl+N, Refresh

Add to My Manuals
Save this manual to your list of manuals

Page 209 highlights

server based redirection, selecting File>New>Window or pressing the Ctrl+N keys, opens a duplicate instance of the original browser. Cookie order behavior During login, the login page builds a browser session cookie that links the window to the appropriate session in the firmware. The firmware tracks browser logins as separate sessions listed in the Active Sessions section of the iLO 2 Status page. For example, when User1 logs in, the Web server builds the initial frames view, with current user: User1 in the top pane, menu items in the left pane, and page data in the lower-right pane. As User1 clicks from link to link, only the menu items and page data are updated. While User1 is logged in, if another user, User2, opens another browser window on the same client and logs in, the second login overwrites the cookie generated in the original User1 session. Assuming that User2 is a different user account, a different current frame is built, and a new session is granted. The second session is displayed in the Active Sessions section of the iLO 2 Status page as current user: User2. The second login has effectively orphaned the first session (User1) by wiping out the cookie generated during User1's login. This behavior is the same as closing User1's browser without clicking the Log Out link. User1's orphaned session is reclaimed when the session timeout expires. Because the current user frame is not refreshed unless the browser is forced to refresh the entire page, User1 can continue navigating using his or her browser window. However, the browser is now operating using User2's session cookie settings, even though it is not readily apparent. If User1 continues to navigate in this mode (User1 and User2 sharing the same process because User2 logged in and reset the session cookie), the following can occur: • User1's session behaves consistently with the privileges assigned to User2. • User1's activity keeps User2's session alive, but User1's session can time out unexpectedly. • Logging out of either window causes both window sessions to terminate. The next activity in the other window can redirect the user to the login page as if a session timeout or premature timeout occurred. • Clicking Log Out from the second session (User2) results in a Logging out: unknown page to display before redirecting the user to the login page. • If User2 logs out then logs back in as User3, User1 assumes User3's session. • If User1 is at login, and User2 is logged in, User1 can alter the URL to redirect to the index page. It appears as if User1 has accessed iLO 2 without logging in. These behaviors continue as long as the duplicate windows are open. All activities are attributed to the same user, using the last session cookie set. Displaying the current session cookie After logging in, you can force the browser to display the current session cookie by entering javascript:alert(document.cookie) in the URL navigation bar. The first field visible is the session ID. If the session ID is the same among the different browser windows, then these windows are sharing the same iLO 2 session. You can force the browser to refresh and reveal your true identity by pressing the F5 key, selecting View>Refresh, or using the refresh button. Troubleshooting iLO 2 209

Section	Page
HP Integrated Lights-Out 2 User Guide	1
Notice	2
Contents	3
Operational overview	9
Guide overview	9
New in this release of iLO 2	9
iLO 2 overview	10
Differences between iLO 2 and iLO	10
HP Insight Essentials Rapid Deployment Pack integration	11
Server management through IPMI version 2.0 compliant applications	11
WS-Management compatibility overview	12
iLO 2 browser interface overview	13
Supported browsers and client operating systems	13
Supported server operating system software	14
iLO 2 setup	16
Quick setup	16
Preparing to setup iLO 2	16
Connecting to the network	18
Configuring the IP address	18
Logging in to iLO 2 for the first time	19
Setting up user accounts	19
Setting up iLO 2 using iLO 2 RBSU	20
Setting up iLO 2 using the browser-based option	20
Activating iLO 2 licensed features using a browser	20
Installing iLO 2 device drivers	21
Microsoft device driver support	21
Linux device driver support	22
Novell NetWare device driver support	22
Configuring iLO 2	24
iLO 2 configuration overview	24
Upgrading iLO 2 firmware	24
Upgrading iLO 2 using a browser	25
Updating the firmware using the maintenance CD	26
Recovering from a failed iLO 2 firmware update	26
Downgrading the iLO 2 firmware	26
Licensing	26
User administration	28
Adding a new user	29
Viewing or modifying an existing user's settings	31
Deleting a user	31
Group administration	32
Configuring iLO 2 access	33
Services options	33
Terminal Services Passthrough option	35
Enabling the Terminal Services Passthrough option	37
Remote Console and Terminal Services clients	37
Terminal Services troubleshooting	38
Access options	39
iLO 2 Remote Console and Remote Serial Console access	41
Security	41
General security guidelines	42
Password guidelines	42
Securing RBSU	42
iLO 2 Security Override Switch administration	43
Trusted Platform Module support	43
User accounts and access	44
Privileges	44
Login security	44
SSH key administration	45
SSL certificate administration	45
Two-factor authentication	46
Setting up two-factor authentication for the first time	47
Setting up a user for two-factor authentication	49
Two-factor authentication login	49
Using two-factor authentication with directory authenticatio	50
Directory settings	51
Configuring directory settings	52
Directory tests	54
Encryption	54
Encryption settings	55
Connecting to the iLO 2 using AES/3DES encryption	55
HP SIM single sign-on (SSO)	56
Setting up iLO 2 for HP SIM SSO	56
Adding HP SIM trusted servers	57
Setting up HP SIM SSO	58
Remote Console Computer Lock	59
Network	60
Network Settings	61
iLO 2 subsystem name limitations	62
iLO 2 Shared Network Port	62
DHCP/DNS Settings	65
SNMP/Insight Manager settings	66
Enabling SNMP alerts	66
SNMP generated trap definitions	67
Configuring Insight Manager integration	68
ProLiant BL pClass configuration	69
ProLiant BL pClass user requirements	69
Static IP bay configuration	69
Configuring a ProLiant BL pClass blade enclosure	70
Configuring static IP bay settings	70
ProLiant BL pClass standard configuration parameters	71
ProLiant BL pClass advanced configuration parameters	71
Enabling iLO 2 IP address assignment	72
HP BladeSystem setup	72
iLO 2 configuration screen	73
Verify Server RAID Configuration screen	73
Connect Virtual Media screen	74
Install Software screen	74
iLO 2 diagnostic port configuration parameters	74
Using iLO 2	76
System status and status summary information	76
System Information Summary	78
Fans	78
Temperatures	79
Power	79
Processors	80
Memory	80
NIC	80
iLO 2 Log	80
IML	80
Diagnostics	81
Insight Agents	82
iLO 2 Remote Console	83
Remote Console overview and licensing options	84
Remote Console settings	84
Remote console hot keys	86
Supported hot keys	86
Hot keys and international keyboards	88
Hot keys and Virtual Serial Port	88
Integrated Remote Console Fullscreen	88
Integrated Remote Console option	88
Optimizing mouse performance for Remote Console or Integrated Remote Console	91
High Performance Mouse settings	91
Shared Remote Console	93
Using Console Capture	93
Using HP iLO Video Player	94
iLO Video Player user interface	94
iLO Video Player controls	95
Acquiring the Remote Console	96
Remote Console	96
Remote Console features and controls	97
Recommended client settings	98
Recommended server settings	98
Text-based remote console overview	98
Text-based console during POST	99
Text-based console after POST	99
Virtual serial port and remote serial console	102
Virtual media	107
Using iLO 2 Virtual Media devices	108
Virtual Media and Windows 7	108
iLO 2 Virtual Floppy/USBKey	108
iLO 2 Virtual CD/DVD-ROM	112
Creating iLO 2 disk image files	114
Virtual folder	115
Virtual folder operating system notes	115
Power management	116
Server power settings	117
Server power data	119
Processor states	120
Power efficiency	121
Graceful shutdown	122
ProLiant BL pClass Advanced management	122
Rack View	123
Blade configuration and information	124
Enclosure information	125
Power enclosure information	126
Network component information	126
iLO 2 control of ProLiant BL pClass server LEDs	127
Server POST tracking	127
Insufficient power notification	127
ProLiant BL pClass alert forwarding	127
ProLiant BladeSystem HP Onboard Administrator	127
iLO 2 BL c-Class tab	128
Enclosure bay IP addressing	128
Dynamic power capping for server blades	130
iLO 2 Virtual Fan	131
iLO option	131
Web Administration	132
BL pClass and BL c-Class features	132
Directory services	134
Overview of directory integration	134
Benefits of directory integration	134
Advantages and disadvantages of schema-free directories and HP schema directory	135
Schema-free directory integration	136
HP schema directory integration	136
Setup for Schema-free directory integration	138
Active Directory preparation	138
Introduction to certificate services	138
Installing certificate services	138
Verifying certificate services	139
Configuring Automatic Certificate Request	139
Schema-free browser-based setup	139
Schema-free scripted setup	140
Schema-free HPLOMIG-based setup	140
Schema-free setup options	140
Schema-free nested groups	141
Setting up HP schema directory integration	142
Features supported by HP schema directory integration	142
Setting up directory services	142
Schema documentation	143
Directory services support	143
Schema required software	144
Schema installer	144
Schema Preview	145
Setup	145
Results	146
Management snap-in installer	147
Directory services for Active Directory	147
Active Directory installation prerequisites	147
Installing Active Directory on Windows Server 2008	148
Directory services preparation for Active Directory	148
Snap-in installation and initialization for Active Directory	149
Example: Creating and configuring directory objects for use with iLO 2 in Active Directory	150
Directory services objects	152
Active Directory Lights-Out management	156
Directory services for eDirectory	157
eDirectory installation prerequisites	157
Snap-in installation and initialization for eDirectory	157
Example: Creating and configuring directory objects for use with LOM devices in eDirectory	157
Directory Services objects for eDirectory	161
eDirectory Role Restrictions	162
eDirectory Lights-Out Management	164
User login using directory services	165
Directory-enabled remote management	166
Introduction to directory-enabled remote management	166
Creating roles to follow organizational structure	166
Using existing groups	166
Using multiple roles	167
How directory login restrictions are enforced	168
Restricting roles	168
Role time restrictions	168
Role address restrictions	169
User restrictions	169
User address restrictions	169
How user time restrictions are enforced	170
Creating multiple restrictions and roles	170
Using bulk import tools	171
HPQLOMIG directory migration utility	173
Introduction to HPQLOMIG utility	173
Compatibility	173
HP Lights-Out directory package	173
Using HPQLOMIG	174
Finding management processors	174
Upgrading firmware on management processors	176
Selecting a directory access method	177
Naming management processors	178
Configuring directories when HP Extended schema is selected	179
Configuring directories when schema-free integration is selected	180
Setting up management processors for directories	181
HP Systems Insight Manager integration	183
Integrating iLO 2 with HP SIM	183
HP SIM functional overview	183
Establishing SSO with HP SIM	184
HP SIM identification and association	184
HP SIM status	184
HP SIM links	185
HP SIM systems lists	185
Receiving SNMP alerts in HP SIM	186
HP SIM port matching	186
Reviewing Advanced Pack license information in HP SIM	187
Troubleshooting iLO 2	188
iLO 2 POST LED indicators	188
Event log entries	189
Hardware and software link-related issues	192
JVM support	193
Login issues	193
Login name and password not accepted	193
Directory user premature logout	194
iLO 2 Management Port not accessible by name	194
iLO 2 RBSU unavailable after iLO 2 and server reset	194
Inability to access the login page	195
Inability to access iLO 2 using telnet	195
Inability to access virtual media or graphical remote console	195
Inability to connect to iLO 2 after changing network settings	195
Inability to connect to the iLO 2 Diagnostic Port	195
Inability to connect to the iLO 2 processor through the NIC	196
Inability to log in to iLO 2 after installing the iLO 2 certificate	196
Firewall issues	196
Proxy server issues	196
Two-factor authentication error	197
Troubleshooting alert and trap problems	197
Inability to receive HP SIM alarms (SNMP traps) from iLO 2	198
iLO 2 Security Override switch	198
Authentication code error message	198
Troubleshooting directory problems	198
Domain/name format login issues	199
ActiveX controls are enabled and I see a prompt but the domain/name login format does not work	199
User contexts do not appear to work	199
Directory user does not logout after the directory timeout has expires	199
Troubleshooting Remote Console problems	199
Remote Console applet has a red X when running Linux client browser	200
Inability to navigate the single cursor of the Remote Consol to corners of the Remote Console window	200
Remote Console no longer opens on the existing browser session	200
Remote console text window not updating properly	200
Remote Console turns gray or black	201
Remote Serial Console troubleshooting	201
Troubleshooting Integrated Remote Console problems	201
Internet Explorer 7 and a flickering remote console screen	201
Configuring Apache to accept exported capture buffers	202
No console replay while server is powered down	203
Skipping information during boot and fault buffer playback	203
Out of Memory error starting Integrated Remote Console	203
Session leader does not receive connection request when IRC is in replay mode	203
Keyboard LED does not display correctly	203
Inactive IRC	204
IRC Failed to connect to server error message	204
IRC toolbar icons do not update	204
GNOME interface does not lock	205
Repeating keys on the Remote Console	205
Remote Console playback does not work when the host server is powered down	205
Troubleshooting SSH and Telnet problems	205
Initial PuTTY input slow	205
PuTTY client unresponsive with Shared Network Port	205
SSH text support from a Remote Console session	206
Troubleshooting terminal services problems	206
Terminal Services button is not working	206
Terminal Services proxy stops responding	206
Troubleshooting video and monitor problems	206
General guidelines	206
Telnet displays incorrectly in DOS®	206
Video applications not displaying in the Remote Console	207
User interface is not displaying correctly	207
Troubleshooting Virtual Media problems	207
Virtual Media applet has a red X and will not display	207
Virtual Floppy media applet is unresponsive	207
Troubleshooting iLO Video Player problems	207
Video capture file does not play	207
Video capture file plays erratically	208
Troubleshooting Remote Text Console problems	208
Viewing the Linux installer in the text console	208
Passing data through an SSH terminal	208
Troubleshooting miscellaneous problems	208
Cookie sharing between browser instances and iLO 2	208
Shared instances	208
Cookie order behavior	209
Displaying the current session cookie	209
Preventing cookie-related user issues	210
Inability to access ActiveX downloads	210
Inability to get SNMP information from HP SIM	210
Incorrect time or date of the entries in the event log	210
Inability to upgrade iLO 2 firmware	210
Diagnostic steps	211
iLO 2 does not respond to SSL requests	211
Testing SSL	211
Resetting iLO 2	212
Server name still present after ERASE utility is executed	212
Troubleshooting a remote host	212
Directory services schema	213
HP Management Core LDAP OID classes and attributes	213
Core classes	213
Core attributes	213
Core class definitions	213
hpqTarget	213
hpqRole	214
hpqPolicy	214
Core attribute definitions	214
hpqPolicyDN	214
hpqRoleMembership	215
hpqTargetMembership	215
hpqRoleIPRestrictionDefault	215
hpqRoleIPRestrictions	215
hpqRoleTimeRestriction	216
Lights-Out Management specific LDAP OID classes and attributes	217
Lights-Out Management classes	217
Lights-Out Management attributes	217
Lights-Out Management class definitions	217
hpqLOMv100	217
Lights-Out Management attribute definitions	218
hpqLOMRightLogin	218
hpqLOMRightRemoteConsole	218
hpqLOMRightVirtualMedia	218
hpqLOMRightServerReset	219
hpqLOMRightLocalUserAdmin	219
hpqLOMRightConfigureSettings	219
Technical support	220
Support information	220
HP contact information	221
Before you contact HP	221
Acronyms and abbreviations	222

Match case Limit results 1 per page

Troubleshooting iLO 2 209

server based redirection, selecting

File>New>Window

or pressing the

Ctrl+N

keys, opens a duplicate

instance of the original browser.

Cookie order behavior

During login, the login page builds a browser session cookie that links the window to the appropriate

session in the firmware. The firmware tracks browser logins as separate sessions listed in the Active

Sessions section of the iLO 2 Status page.

For example, when User1 logs in, the Web server builds the initial frames view, with current user: User1

in the top pane, menu items in the left pane, and page data in the lower-right pane. As User1 clicks from

link to link, only the menu items and page data are updated.

While User1 is logged in, if another user, User2, opens another browser window on the same client and

logs in, the second login overwrites the cookie generated in the original User1 session. Assuming that

User2 is a different user account, a different current frame is built, and a new session is granted. The

second session is displayed in the Active Sessions section of the iLO 2 Status page as current user: User2.

The second login has effectively orphaned the first session (User1) by wiping out the cookie generated

during User1's login. This behavior is the same as closing User1's browser without clicking the Log Out

link. User1’s orphaned session is reclaimed when the session timeout expires.

Because the current user frame is not refreshed unless the browser is forced to refresh the entire page,

User1 can continue navigating using his or her browser window. However, the browser is now operating

using User2's session cookie settings, even though it is not readily apparent.

If User1 continues to navigate in this mode (User1 and User2 sharing the same process because User2

logged in and reset the session cookie), the following can occur:

•

User1's session behaves consistently with the privileges assigned to User2.

•

User1's activity keeps User2's session alive, but User1's session can time out unexpectedly.

•

Logging out of either window causes both window sessions to terminate. The next activity in the

other window can redirect the user to the login page as if a session timeout or premature timeout

occurred.

•

Clicking Log Out from the second session (User2) results in a

Logging out:

unknown page

to display before redirecting the user to the login page.

•

If User2 logs out then logs back in as User3, User1 assumes User3's session.

•

If User1 is at login, and User2 is logged in, User1 can alter the URL to redirect to the index page. It

appears as if User1 has accessed iLO 2 without logging in.

These behaviors continue as long as the duplicate windows are open. All activities are attributed to the

same user, using the last session cookie set.

Displaying the current session cookie

After logging in, you can force the browser to display the current session cookie by entering

javascript:alert(document.cookie)

in the URL navigation bar. The first field visible is the

session ID. If the session ID is the same among the different browser windows, then these windows are

sharing the same iLO 2 session.

You can force the browser to refresh and reveal your true identity by pressing the

key, selecting

View

Refresh,

or using the refresh button.