Print | Rate this content

Advisory: (Revision) HP Integrated Lights-Out 4 (iLO 4) Upgrading to iLO 4 Firmware From Version 2.20 From an Earlier Version Will Reset Some Settings to Default

SUPPORT COMMUNICATION - CUSTOMER ADVISORY

Document ID: c04760191

Version: 2

Advisory: (Revision) HPE Integrated Lights-Out 4 (iLO 4) Upgrading to iLO 4 Firmware Version 2.20 From an Earlier Version Will Reset Some Settings to Default
NOTICE: The information in this document, including products and software versions, is current as of the Release Date. This document is subject to change without notice.

Release Date: 2015-08-08

Last Updated: 2017-11-21


DESCRIPTION

Document Version
Release Date
Details
2
11/06/2017
Updated Resolution section with permanent fix, iLO 4 firmware 2.22 (or later).
1
10/01/2015
Original document release

When upgrading HPE Integrated Lights-Out 4 (iLO 4) firmware to version 2.20 from any earlier version, the following settings will be reset to their default values:

On the iLO Administration, Access Settings page,the following settings will revert to defaults:

  • The Minimum password length will be reset to the default of 8 characters. Existing passwords are preserved.
  • The Idle Connection Timeout (minutes) will be reset to the default of 30 minutes.
  • The Authentication Failure Logging will be reset to the default "Enabled-Every third Failure."
  • The Authentication Failures Before Delay is a new setting in firmware version 2.20; earlier versions of iLO 4 firmware used the "Every failure causes delay;" this setting will be reset to the version 2.20 default value of "1- Failure causes no delay."

On the iLO Administration, Security, Encryption page,

  • The FIPS Mode will be reset to the default of Disabled, and iLO will not be FIPS compliant. To achieve an FIPS compliant departure from FIPS mode, iLO must be reset to factory defaults. iLO 4 firmware version 2.20 is not FIPS certified.

On the iLO Administrator, Security, Directory page,

  • LDAP Directory Authentication will be reset to the default of Disabled. Other LDAP configuration settings are preserved.
  • Kerberos Authentication will be reset to the default of Disabled. Other Kerberos settings including the Kerberos keytab are preserved.
  • Local User Accounts will be reset to the default of Enabled. Local users, passwords, and privileges are preserved.


When this occurs, the message, "Firmware upgraded to version 2.20" appears in the iLO event log after the firmware update, but there is no error message to indicate the partial reset to defaults.

An additional SNMP trap and iLO event log entry "Security jumper override detected. Security disabled!" will appear a second time after upgrading the firmware if the System Maintenance Switch, and the iLO security override jumper, is set.

Due to the change to authentication settings, Authentication failures may occur, sessions may time out unexpectedly, or iLO may unexpectedly report errors setting passwords that are shorter than the default.

This occurs because iLO 4 firmware version 2.20 is not correctly importing the settings from the previous versions of iLO.

SCOPE

Any ProLiant Gen8 or Gen9 server upgrading the iL0 4 firmware to version 2.20.

RESOLUTION

iLO 4 firmware version 2.20 is NO LONGER AVAILABLE for download due to an issue when upgrading to version 2.20 that results in resetting some iLO security settings to default values. Replacement version 2.22 (or later) is available here:

Windows: https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_30e9eb3e11104548a326deafbe

For all other Operating Systems, navigate to the following URL and choose the appropriate OS from the Operating Environment on the left side of the screen, and then choose version 2.22 (or later):

https://support.hpe.com/hpesc/public/home/driverHome?sp4ts.oid=1009143853

As a workaround, use "hponcfg /w config.xml" to capture existing iLO settings before performing the firmware update, modify the file to remove unwanted changes, and reapply the settings using hponcfg /f config.xml after the update is complete.

Alternatively, the RIBCL commands for GET_GLOBAL_SETTINGS and GET_DIR_CONFIG can be used to capture the relevant settings.


RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively via e-mail through HPE Subscriber's Choice. Sign up for Subscriber's Choice at the following URL: Proactive Updates Subscription Form.

NAVIGATION TIP : For hints on navigating HPE.com to locate the latest drivers, patches, and other support software downloads for ProLiant servers and Options, refer to the Navigation Tips document .


Hardware Platforms Affected: HPE ProLiant BL460c Gen8 Server Blade, HPE ProLiant DL360p Gen8 Server, HPE ProLiant ML350p Gen8 Server, HPE ProLiant BL465c Gen8 Server Blade, HPE ProLiant DL160 Gen8 Server, HPE Integrated Lights-Out 4 (iLO 4), HPE ProLiant DL388p Gen8 Server, HPE ProLiant BL420c Gen8 Server Blade, HPE ProLiant DL320e Gen8 Server, HPE ProLiant DL360e Gen8 Server, HPE ProLiant DL385p Gen8 Server, HPE ProLiant BL660c Gen8 Server Blade, HPE ProLiant DL560 Gen8 Server, HPE ProLiant DL388e Gen8 Server, HPE ProLiant DL320e Gen8 v2 Server, HPE ProLiant ML310e Gen8 v2 Server, HPE ProLiant ML350e Gen8 v2 Server, HPE ProLiant DL580 Gen8 Server, HPE ProLiant DL160 Gen9 Server, HPE ProLiant DL180 Gen9 Server, HPE ProLiant DL360 Gen9 Server, HPE ProLiant BL460c Gen9 Server Blade, HPE ProLiant DL380 Gen9 Server, HPE ProLiant ML350 Gen9 Server, HPE ProLiant DL388 Gen9 Server, HPE ProLiant DL120 Gen9 Server, HPE ProLiant DL580 Gen9 Server, HPE ProLiant BL660c Gen9 Server Blade, HPE ProLiant DL560 Gen9 Server
Operating Systems Affected: Not Applicable
Software Affected: Not Applicable
Support Communication Cross Reference ID: IA04760191
©Copyright 2018 Hewlett Packard Enterprise Development LP
Hewlett Packard Enterprise Development shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HPE nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise Development and the names of Hewlett Packard Enterprise Development products referenced herein are trademarks of Hewlett Packard Enterprise Development in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

Legal Disclaimer: Products sold prior to the November 1, 2015 separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. may have older product names and model numbers that differ from current models.

Provide feedback

Please rate the information on this page to help us improve our content. Thank you!
Document title: Advisory: (Revision) HP Integrated Lights-Out 4 (iLO 4) Upgrading to iLO 4 Firmware From Version 2.20 From an Earlier Version Will Reset Some Settings to Default
Document ID: emr_na-c04760191-7
How helpful was this document?
How can we improve this document?
Note: Only English language comments can be accepted at this time.
Please wait while we process your request.