Printable version

Drivers & software

* RECOMMENDED * Online ROM Flash Component for Windows x64 - HPE Integrated Lights-Out 5

By downloading, you agree to the terms and conditions of the Hewlett Packard Enterprise Software License Agreement.
Note:  Some software requires a valid warranty, current Hewlett Packard Enterprise support contract, or a license fee.

Type: Firmware - Lights-Out Management
Version: 1.20(9 Feb 2018)
Operating System(s):
Microsoft Windows Server 2012 R2 | View all
Multi-part download
File name: cp032774.compsig (2.0 KB)
File name: cp032774.exe (16 MB)
This component provides and installs an updated version of firmware for the iLO 5 Management Processor allowing for continued management support of your Server.

This version adds support for the following features and enhancements:

  • HTML5 Remote Console
  • Shared Network Port IPv6 support
  • Shared Network Port iLO Federation support
  • Ability to associate an SNMP alert destination with an SNMPv1 or SNMPv3 user
  • Enhanced firmware and software update interface:
    • New Add to Queue pane
    • Remove All option for install sets, queued components, or components in the iLO Repository
    • Recovery Set update option during firmware update, iLO Repository upload, or install queue update
  • CAC Smartcard  authentication support for the Online Certificate Status Protocol (OCSP)
  • iLO RESTful API updates:
    • NVMe drive properties
    • Remote Support configuration
    • Device Inventory
  • Support for eight SNMP trap destinations
  • SNMPv3 Inform notification support
  • Support for RSA-PSS certificate signatures
  • RSA cipher support in CNSA mode
  • Ability to disable device discovery on Device Inventory page
  • New Service Account option to support user accounts that are used as service accounts for supported applications

Prerequisites:

Hewlett Packard Enterprise recommends the following versions of iLO utilities
for best performance:

  • RESTful Interface Tool (iLOREST) 2.2
  • HPQLOCFG v5.2
  • Lights-Out XML Scripting Sample bundle 5.1.0
  • HPONCFG Windows 5.2.0
  • HPONCFG Linux 5.2.0
  • LOCFG v5.1.0 
  • HPLOMIG 5.1.0 

NOTE: Updated utilities and system libraries are required to support the iLO 
HighSecurity, FIPS, and CNSA security states. The HPONCFG Windows utility 
does not currently support the CNSA security state.


To ensure the integrity of your download, HPE recommends verifying your results with the following SHA-256 Checksum values:

38cf65ee3bb7f26ed7ef02ce282c85a74c7bf24b320a6fe7d48484dc382c8285 cp032774.compsig
cd93860af909aad0e94363d6967c48072c3b51f51cad09c8e9258a138c30fb74 cp032774.exe

Reboot Requirement:
Reboot is not required after installation for updates to take effect and hardware stability to be maintained.


Installation:

Install the firmware using one of these options:

  • Run the Component on the host to be updated.
    The component will update the iLO 5 firmware and reset the iLO 5 processor.
  •  Extract the firmware from the component.  This will place the firmware image file, iLO5_yyy.bin (where yyy represents the firmware version) in the target directory.  You now have these options:
    • Login to iLO 5, navigate to the Update Firmware page, and update the firmware from there.
    • Use the HP Lights-Out Configuration Utility, CPQLOCFG, and RIBCL/XML scripts to update iLO 5 across the network.
    • Use the HP Online Lights-Out Configuration utility, HPONCFG, and RIBCL/XML scripts to update iLO 5 from the supported host OS.
    • Use the Directory Migration Utility, contained in the HP Directories support for Management Processors, available under Software and Drivers on the iLO 5 downloads page from hp.com.  The Windows utility supports  network discovery of lights-out processors, import/export, as well as bulk firmware update, and does not require directory migration.

End User License Agreements:
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important:

IPv6 network communications
     Supported Networking Features
                IPv6 Static Address Assignment
                IPv6 SLAAC Address Assignment
                IPv6 Static Route Assignment
                IPv6 Static Default Gateway Entry
                DHCPv6 Stateful Address Assignment
                DHCPv6 Stateless DNS, Domain Name, and NTP Configuration
                Integrated Remote Console
                OA Single Sign-On
                HP-SIM Single Sign-On
                Web Server
                SSH Server
                SNTP Client
                DDNS Client
                RIBCL over IPv6
                SNMP
                AlertMail
                Remote Syslog
                WinDBG Support
                CPQLOCFG/HPLOMIG over an IPv6 connection
                Scriptable Virtual Media
                CLI/RIBCL Key Import over IPv6
                Authentication using LDAP and Kerberos over IPv6
                iLO Federation
     Networking Features not supported by IPv6 in this release
                IPMI
                NETBIOS-WINS
                Enterprise Secure Key Manager (ESKM) Support
                Embedded Remote Support (ERS)


Notes:

 

iLO 5 User Guide and Lights-Out Scripting Guide can also be found by following the links at:

http://www.hpe.com/info/ilo

Select your lights-out product, then support & documents, then manuals.
 

  • Check the online help for additional information about how to use features. 
    Online help can be accessed from within the browser web pages by clicking the question mark in the upper right-hand corner of each page.

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


The following issues are resolved in this version:

  • NVMe drive details are not displayed in the iLO web interface for HPE ProLiant XL190r Gen10 servers.
  • The system BIOS version is missing in AlertMail messages.
  • The IPMI Get Chassis Capabilities and Get Chassis Status commands do not reflect the Chassis Intrusion state.
  • Virtual Media devices are inaccessible when two virtual devices are mounted simultaneously.
  • Patched configuration file system.
  • The IPMI pre-watchdog-timeout interrupt does not occur when no watchdog action is selected.
  • Intermittent loss of network interface card (NIC) and drive detection (P408e-m controller) by BIOS on system boot up of HPE ProLiant BL460c servers.

IPv6 network communications
     Supported Networking Features
                IPv6 Static Address Assignment
                IPv6 SLAAC Address Assignment
                IPv6 Static Route Assignment
                IPv6 Static Default Gateway Entry
                DHCPv6 Stateful Address Assignment
                DHCPv6 Stateless DNS, Domain Name, and NTP Configuration
                Integrated Remote Console
                OA Single Sign-On
                HP-SIM Single Sign-On
                Web Server
                SSH Server
                SNTP Client
                DDNS Client
                RIBCL over IPv6
                SNMP
                AlertMail
                Remote Syslog
                WinDBG Support
                CPQLOCFG/HPLOMIG over an IPv6 connection
                Scriptable Virtual Media
                CLI/RIBCL Key Import over IPv6
                Authentication using LDAP and Kerberos over IPv6
                iLO Federation
     Networking Features not supported by IPv6 in this release
                IPMI
                NETBIOS-WINS
                Enterprise Secure Key Manager (ESKM) Support
                Embedded Remote Support (ERS)

Version:1.35 (16 Aug 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


The following issues are resolved in this version:

  • Fix for improper Smart Array error reported: Cache module board backup power failed.
  • Fixed where iLO may become unresponsive after ejecting virtual media.

SECURITY FIXES: 

For the latest security bulletins and vulnerabilities, please visit: 
https://support.hpe.com/hpesc/public/home  

  • Security Bulletin HPESBHF03866

Security best practices:

Please refer to the HPE Integrated Lights-Out 5 Security Technology Brief for the latest on security best practices at: 
http://www.hpe.com/support/ilo5-security-en

Enhancements

This version adds support for the following features and enhancements:

  • VGA Port Detect Override--Controls how devices connected to the system video port are detected. Dynamic detection protects the system from abnormal port voltages. This setting is enabled by default, and can be used for troubleshooting cases when there is no video output to displays, KVM concentrators, or active dongles.
  • DHCP Client ID override via iLO RESTful API.

Version:1.30 (4 Jun 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.

Install this update to take advantage of significant improvements to the write algorithm for the embedded 4 GB non-volatile flash memory (also known as the NAND). These improvements increase the NAND lifespan.


The following issues are resolved in this version:

  • Compute modules do not power on after restoring power to Frame.
  • When you use iLO Virtual Media to install an operating system, installation might fail when iLO is configured to use the Shared Network Port.
  • In rare cases, a server runs out of available SSH sessions because the sessions are not reclaimed when a client disconnects.
  • iLO 5 unexpectedly restored itself to the factory default settings when a user did not initiate the process.
  • When Auto Power-On is set to Always Power On or Restore Last Power State, the server might not power on after a cold reset.
  • iLO cannot display the HP Ethernet 1Gb 4-port 331i Adapter MAC address.
  • NVMe drive model numbers are incorrect or inconsistent.
  • Clearing the oemHPE_usercntxt## from the command line clears the value, even though error messages might be displayed.
  • Fixed Single Sign-On when in CNSA mode.
  • Added support for RSA-PSS certificate signatures.

For the latest security bulletins and vulnerabilities, please visit: 
https://support.hpe.com/hpesc/public/home  

Please refer to the HPE Integrated Lights-Out 5 Security Technology Brief for the latest on security best practices at: 
http://www.hpe.com/support/ilo5-security-en

Enhancements

This version adds support for the following features and enhancements:

  • Added support for new platforms: 
    • HPE ProLiant DL20 Gen10 Server
    • HPE ProLiant ML10 Gen10 Server  
  • Improved HTML5 IRC performance, including:
    • Added virtual keys to improve the ability to send keyboard actions to the server.
    • Added the ability to configure the keyboard layout in the HTML5 IRC
    • Added Virtual Media support for local ISO and IMG files.
  • Firmware and software update enhancements:
    • iLO users can now view, create, and delete maintenance windows.
    • A new check box allows users to clear the installation queue when initiating an install set.
    • Updated the iLO RESTful API and iLO web interface to report when a reboot is required after an installation task completes.
  • Each time iLO starts, it backs up the iLO configuration to the nonvolatile flash memory (NAND). If the SRAM is erased, the configuration is automatically restored.
  • Added iLO web interface support for Density Optimized Drive Zoning features on supported HPE Apollo products.
  • AlertMail now supports SSL (TLS) for secure email.
  • AlertMail now supports external SMTP mail servers.
  • Added an SNMP trap for when all host NICs are down.
  • Updated to OpenSSL-1.0.2u-fips-2.0.16.
  • Added the list of open source licenses to the login page.
  • Added an SNMP trap for when iLO is reset by IPMI watchdog.
  • Added Intelligent System Tuning features to the iLO web interface. From the iLO web interface, you can view the configured settings, configure Jitter Smoothing, and launch Intelligent Provisioning to configure Workload Matching and Core Boosting.
  • Improved Active Health System logging efficiency to prolong the NAND lifespan.
  • Added iLO health status to the Overview page. If the status is Degraded, this value is also displayed on the Login page.
  • Re-signed the Java IRC to extend the certificate expiration date.
  • Re-signed the .NET IRC to extend the certificate expiration date.
    • With this enhancement, the .NET IRC requires version 4.5.1 or later of the .NET Framework.
  • Added the ability to remove an SSL certificate and regenerate the iLO self-signed certificate.
    • Hewlett Packard Enterprise recommends that you install a CA signed certificate.

Version:1.20 (9 Feb 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


The following issues are resolved in this version:

  • NVMe drive details are not displayed in the iLO web interface for HPE ProLiant XL190r Gen10 servers.
  • The system BIOS version is missing in AlertMail messages.
  • The IPMI Get Chassis Capabilities and Get Chassis Status commands do not reflect the Chassis Intrusion state.
  • Virtual Media devices are inaccessible when two virtual devices are mounted simultaneously.
  • Patched configuration file system.
  • The IPMI pre-watchdog-timeout interrupt does not occur when no watchdog action is selected.
  • Intermittent loss of network interface card (NIC) and drive detection (P408e-m controller) by BIOS on system boot up of HPE ProLiant BL460c servers.
Enhancements

This version adds support for the following features and enhancements:

  • HTML5 Remote Console
  • Shared Network Port IPv6 support
  • Shared Network Port iLO Federation support
  • Ability to associate an SNMP alert destination with an SNMPv1 or SNMPv3 user
  • Enhanced firmware and software update interface:
    • New Add to Queue pane
    • Remove All option for install sets, queued components, or components in the iLO Repository
    • Recovery Set update option during firmware update, iLO Repository upload, or install queue update
  • CAC Smartcard  authentication support for the Online Certificate Status Protocol (OCSP)
  • iLO RESTful API updates:
    • NVMe drive properties
    • Remote Support configuration
    • Device Inventory
  • Support for eight SNMP trap destinations
  • SNMPv3 Inform notification support
  • Support for RSA-PSS certificate signatures
  • RSA cipher support in CNSA mode
  • Ability to disable device discovery on Device Inventory page
  • New Service Account option to support user accounts that are used as service accounts for supported applications

Version:1.17 (12 Dec 2017)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


The following issues are resolved in this version:

  • SSH does not work correctly when iLO is configured to use the SuiteB security state.  
  • Importing a certificate does not work correctly after the generation of a SuiteB-compliant CSR.

Enhancements

This version adds support for the following features and enhancements:

  • iLO Amplifier Pack Server System Restore - Use the Send Recovery Event button on the Firmware Verification page to send a recovery event to iLO Amplifier Pack. If iLO Amplifier Pack is configured to listen for system recovery events, this event causes iLO Amplifier Pack to initiate the system recovery process.  The system recovery process includes the installation of the System Recovery Set followed by reimaging the server operating system.
  • RESTful API updates:
    • Added certificate authentication and validation for Virtual Media.
    • Added certificate authentication and validation for RESTful API events that support the iLO Amplifier Pack Server System Restore feature.

Version:1.11 (8 Dec 2017)
Enhancements

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


  • This firmware release is intended for FIPS 140-2 (level 1) validation and Common Criterial (EAL 2+) certification. For the status of both, go to http://csrc.nist.gov/groups/STM/cmvp/validation.html for FIPS and http://www.commoncriteriaportal.org/ for Common Criteria. Search for "iLO 5".
  • Updated cryptographic stack as required by FIPS inspection and validation process.

Version:1.15 (25 Sep 2017)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

  Users should update to this firmware version if their system is
  affected by one of the documented fixes or if there is a desire to utilize any
  of the enhanced functionality provided by this version.


  • No traps from the System Management Assistant are received when SNMP is disabled in the  iLO web interface.
  • The power profile cannot be changed through the iLO web interface.
  • Network transmission graph data is not populated in Active Health System logs.
  • The NVDIMM firmware version is not displayed on the iLO web interface Installed Firmware page.
  • The iLO web interface intermittently displays incorrect memory status after a system reset.
  • The iLO  RESTful API does not provide a method to get current cipher information.
  • The Server Power page stalls when loading the server power information.
  • Nothing happens when you click the Import button on the HPE SSO page.
  • Secure boot cannot be configured through the iLO RESTful API, even if the pending configuration is in UEFI mode.
  • The maximum available power is displayed incorrectly.
  • If the IML contains a maintenance note, the first attempt to clear the log fails.   
  • Certificate-based authentication returns a session URL with inconsistent case.
  • Onetimeboot and Continuousboot do not  take effect in iLOrest.
  • Virtual Media status is not displayed in the Java IRC.
  • The local client keyboard might get disabled when the Java IRC  is in use.
  • An iLO  Federation authentication error might occur when group names with unsupported characters are used in URLs without correct encoding.
  • An issue occurs when copying or restoring certificate mapping entries using fingerprints.
  • An iLO web interface error occurs after an installed certificate was deleted by using the iLO RESTful API.
  • An Internal Error occurs when HPONCFG for Linux is used with a server that uses the SuiteB security state.
  • SNMPv3 user details cannot be modified  through RIBCL.
  • A false positive “Insecure Cache Management Policy” issue is reported by some security scanners.
Enhancements

  • iLO backup and restore—This feature allows you to restore the iLO configuration on a system with the same hardware configuration as the system that was backed up. For example, you could use this feature if the system board is replaced, an accidental or incorrect configuration change occurred, or iLO was set to the factory default settings.  This feature is not meant to duplicate a configuration and apply it to a different iLO system.
  • AMD platform support
  • Support for diffie-hellman-group-exchange-sha256.
  • Support for multiple destination AlertMail email addresses. Enter the addresses separated by a semicolon.
  • iLO RESTful API features:
    • Aux Power Reset
    • Jitter Control features to get and set Jitter Control Mode and Frequency
  • New iLO RESTful API properties to bridge the gap between RIBCL and iLO RESTful API features:
    • High Efficiency Mode
    • Encryption-related properties and Cache Module Serial Number
    • Login Security Banner
    • Current Power on Time (provides the time since the system was last powered on).
    • Persistent Mouse/Keyboard Enabled
  • New iLO RESTful API  events for NVDIMM Init Error and Runtime Firmware Authentication Error.

Version:1.10 (12 Jul 2017)
Enhancements

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Initial iLO 5 release with the following features:

  • The iLO Service Port on the front of the server is new on Gen10 ProLiant servers and Synergy compute modules. Use this feature to connect a client directly to the server to access the iLO web interface, remote console, CLI, or scripts. You can also connect a USB key and download the Active Health System log to a supported USB flash drive.
  • Improved HPE Agentless Management support for out of the box SNMP-based server management that does not require OS-based agents. OS-based agents are not supported on Gen10 servers.
  • Improved secure firmware update and recovery.
  • Secure Start ensures firmware integrity for essential system firmware.
  • Runtime firmware verification scans essential system firmware for further system integrity.
  • Automatic secure recovery of essential system firmware.
  • Common Access Card (CAC)Smartcard authentication.
  • New user account privilege levels. Specific privileges for BIOS, Storage, and Network configuration.
  • Virtual Media performance is typically at least twice as fast as it was with iLO 4.
  • New iLO web interface design.
  • Expanded Redfish support.

Type: Firmware - Lights-Out Management
Version: 1.20(9 Feb 2018)
Operating System(s):
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016

Description

This component provides and installs an updated version of firmware for the iLO 5 Management Processor allowing for continued management support of your Server.

Enhancements

This version adds support for the following features and enhancements:

  • HTML5 Remote Console
  • Shared Network Port IPv6 support
  • Shared Network Port iLO Federation support
  • Ability to associate an SNMP alert destination with an SNMPv1 or SNMPv3 user
  • Enhanced firmware and software update interface:
    • New Add to Queue pane
    • Remove All option for install sets, queued components, or components in the iLO Repository
    • Recovery Set update option during firmware update, iLO Repository upload, or install queue update
  • CAC Smartcard  authentication support for the Online Certificate Status Protocol (OCSP)
  • iLO RESTful API updates:
    • NVMe drive properties
    • Remote Support configuration
    • Device Inventory
  • Support for eight SNMP trap destinations
  • SNMPv3 Inform notification support
  • Support for RSA-PSS certificate signatures
  • RSA cipher support in CNSA mode
  • Ability to disable device discovery on Device Inventory page
  • New Service Account option to support user accounts that are used as service accounts for supported applications

Installation Instructions

Prerequisites:

Hewlett Packard Enterprise recommends the following versions of iLO utilities
for best performance:

  • RESTful Interface Tool (iLOREST) 2.2
  • HPQLOCFG v5.2
  • Lights-Out XML Scripting Sample bundle 5.1.0
  • HPONCFG Windows 5.2.0
  • HPONCFG Linux 5.2.0
  • LOCFG v5.1.0 
  • HPLOMIG 5.1.0 

NOTE: Updated utilities and system libraries are required to support the iLO 
HighSecurity, FIPS, and CNSA security states. The HPONCFG Windows utility 
does not currently support the CNSA security state.


To ensure the integrity of your download, HPE recommends verifying your results with the following SHA-256 Checksum values:

38cf65ee3bb7f26ed7ef02ce282c85a74c7bf24b320a6fe7d48484dc382c8285 cp032774.compsig
cd93860af909aad0e94363d6967c48072c3b51f51cad09c8e9258a138c30fb74 cp032774.exe

Reboot Requirement:
Reboot is not required after installation for updates to take effect and hardware stability to be maintained.


Installation:

Install the firmware using one of these options:

  • Run the Component on the host to be updated.
    The component will update the iLO 5 firmware and reset the iLO 5 processor.
  •  Extract the firmware from the component.  This will place the firmware image file, iLO5_yyy.bin (where yyy represents the firmware version) in the target directory.  You now have these options:
    • Login to iLO 5, navigate to the Update Firmware page, and update the firmware from there.
    • Use the HP Lights-Out Configuration Utility, CPQLOCFG, and RIBCL/XML scripts to update iLO 5 across the network.
    • Use the HP Online Lights-Out Configuration utility, HPONCFG, and RIBCL/XML scripts to update iLO 5 from the supported host OS.
    • Use the Directory Migration Utility, contained in the HP Directories support for Management Processors, available under Software and Drivers on the iLO 5 downloads page from hp.com.  The Windows utility supports  network discovery of lights-out processors, import/export, as well as bulk firmware update, and does not require directory migration.

Release Notes

End User License Agreements:
HPE Software License Agreement v1
Hewlett-Packard End User License Agreement


Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important:

IPv6 network communications
     Supported Networking Features
                IPv6 Static Address Assignment
                IPv6 SLAAC Address Assignment
                IPv6 Static Route Assignment
                IPv6 Static Default Gateway Entry
                DHCPv6 Stateful Address Assignment
                DHCPv6 Stateless DNS, Domain Name, and NTP Configuration
                Integrated Remote Console
                OA Single Sign-On
                HP-SIM Single Sign-On
                Web Server
                SSH Server
                SNTP Client
                DDNS Client
                RIBCL over IPv6
                SNMP
                AlertMail
                Remote Syslog
                WinDBG Support
                CPQLOCFG/HPLOMIG over an IPv6 connection
                Scriptable Virtual Media
                CLI/RIBCL Key Import over IPv6
                Authentication using LDAP and Kerberos over IPv6
                iLO Federation
     Networking Features not supported by IPv6 in this release
                IPMI
                NETBIOS-WINS
                Enterprise Secure Key Manager (ESKM) Support
                Embedded Remote Support (ERS)


Notes:

 

iLO 5 User Guide and Lights-Out Scripting Guide can also be found by following the links at:

http://www.hpe.com/info/ilo

Select your lights-out product, then support & documents, then manuals.
 

  • Check the online help for additional information about how to use features. 
    Online help can be accessed from within the browser web pages by clicking the question mark in the upper right-hand corner of each page.

Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


The following issues are resolved in this version:

  • NVMe drive details are not displayed in the iLO web interface for HPE ProLiant XL190r Gen10 servers.
  • The system BIOS version is missing in AlertMail messages.
  • The IPMI Get Chassis Capabilities and Get Chassis Status commands do not reflect the Chassis Intrusion state.
  • Virtual Media devices are inaccessible when two virtual devices are mounted simultaneously.
  • Patched configuration file system.
  • The IPMI pre-watchdog-timeout interrupt does not occur when no watchdog action is selected.
  • Intermittent loss of network interface card (NIC) and drive detection (P408e-m controller) by BIOS on system boot up of HPE ProLiant BL460c servers.

Important

IPv6 network communications
     Supported Networking Features
                IPv6 Static Address Assignment
                IPv6 SLAAC Address Assignment
                IPv6 Static Route Assignment
                IPv6 Static Default Gateway Entry
                DHCPv6 Stateful Address Assignment
                DHCPv6 Stateless DNS, Domain Name, and NTP Configuration
                Integrated Remote Console
                OA Single Sign-On
                HP-SIM Single Sign-On
                Web Server
                SSH Server
                SNTP Client
                DDNS Client
                RIBCL over IPv6
                SNMP
                AlertMail
                Remote Syslog
                WinDBG Support
                CPQLOCFG/HPLOMIG over an IPv6 connection
                Scriptable Virtual Media
                CLI/RIBCL Key Import over IPv6
                Authentication using LDAP and Kerberos over IPv6
                iLO Federation
     Networking Features not supported by IPv6 in this release
                IPMI
                NETBIOS-WINS
                Enterprise Secure Key Manager (ESKM) Support
                Embedded Remote Support (ERS)

Revision History

Version:1.35 (16 Aug 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


The following issues are resolved in this version:

  • Fix for improper Smart Array error reported: Cache module board backup power failed.
  • Fixed where iLO may become unresponsive after ejecting virtual media.

SECURITY FIXES: 

For the latest security bulletins and vulnerabilities, please visit: 
https://support.hpe.com/hpesc/public/home  

  • Security Bulletin HPESBHF03866

Security best practices:

Please refer to the HPE Integrated Lights-Out 5 Security Technology Brief for the latest on security best practices at: 
http://www.hpe.com/support/ilo5-security-en

Enhancements

This version adds support for the following features and enhancements:

  • VGA Port Detect Override--Controls how devices connected to the system video port are detected. Dynamic detection protects the system from abnormal port voltages. This setting is enabled by default, and can be used for troubleshooting cases when there is no video output to displays, KVM concentrators, or active dongles.
  • DHCP Client ID override via iLO RESTful API.

Version:1.30 (4 Jun 2018)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.

Install this update to take advantage of significant improvements to the write algorithm for the embedded 4 GB non-volatile flash memory (also known as the NAND). These improvements increase the NAND lifespan.


The following issues are resolved in this version:

  • Compute modules do not power on after restoring power to Frame.
  • When you use iLO Virtual Media to install an operating system, installation might fail when iLO is configured to use the Shared Network Port.
  • In rare cases, a server runs out of available SSH sessions because the sessions are not reclaimed when a client disconnects.
  • iLO 5 unexpectedly restored itself to the factory default settings when a user did not initiate the process.
  • When Auto Power-On is set to Always Power On or Restore Last Power State, the server might not power on after a cold reset.
  • iLO cannot display the HP Ethernet 1Gb 4-port 331i Adapter MAC address.
  • NVMe drive model numbers are incorrect or inconsistent.
  • Clearing the oemHPE_usercntxt## from the command line clears the value, even though error messages might be displayed.
  • Fixed Single Sign-On when in CNSA mode.
  • Added support for RSA-PSS certificate signatures.

For the latest security bulletins and vulnerabilities, please visit: 
https://support.hpe.com/hpesc/public/home  

Please refer to the HPE Integrated Lights-Out 5 Security Technology Brief for the latest on security best practices at: 
http://www.hpe.com/support/ilo5-security-en

Enhancements

This version adds support for the following features and enhancements:

  • Added support for new platforms: 
    • HPE ProLiant DL20 Gen10 Server
    • HPE ProLiant ML10 Gen10 Server  
  • Improved HTML5 IRC performance, including:
    • Added virtual keys to improve the ability to send keyboard actions to the server.
    • Added the ability to configure the keyboard layout in the HTML5 IRC
    • Added Virtual Media support for local ISO and IMG files.
  • Firmware and software update enhancements:
    • iLO users can now view, create, and delete maintenance windows.
    • A new check box allows users to clear the installation queue when initiating an install set.
    • Updated the iLO RESTful API and iLO web interface to report when a reboot is required after an installation task completes.
  • Each time iLO starts, it backs up the iLO configuration to the nonvolatile flash memory (NAND). If the SRAM is erased, the configuration is automatically restored.
  • Added iLO web interface support for Density Optimized Drive Zoning features on supported HPE Apollo products.
  • AlertMail now supports SSL (TLS) for secure email.
  • AlertMail now supports external SMTP mail servers.
  • Added an SNMP trap for when all host NICs are down.
  • Updated to OpenSSL-1.0.2u-fips-2.0.16.
  • Added the list of open source licenses to the login page.
  • Added an SNMP trap for when iLO is reset by IPMI watchdog.
  • Added Intelligent System Tuning features to the iLO web interface. From the iLO web interface, you can view the configured settings, configure Jitter Smoothing, and launch Intelligent Provisioning to configure Workload Matching and Core Boosting.
  • Improved Active Health System logging efficiency to prolong the NAND lifespan.
  • Added iLO health status to the Overview page. If the status is Degraded, this value is also displayed on the Login page.
  • Re-signed the Java IRC to extend the certificate expiration date.
  • Re-signed the .NET IRC to extend the certificate expiration date.
    • With this enhancement, the .NET IRC requires version 4.5.1 or later of the .NET Framework.
  • Added the ability to remove an SSL certificate and regenerate the iLO self-signed certificate.
    • Hewlett Packard Enterprise recommends that you install a CA signed certificate.

Version:1.20 (9 Feb 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


The following issues are resolved in this version:

  • NVMe drive details are not displayed in the iLO web interface for HPE ProLiant XL190r Gen10 servers.
  • The system BIOS version is missing in AlertMail messages.
  • The IPMI Get Chassis Capabilities and Get Chassis Status commands do not reflect the Chassis Intrusion state.
  • Virtual Media devices are inaccessible when two virtual devices are mounted simultaneously.
  • Patched configuration file system.
  • The IPMI pre-watchdog-timeout interrupt does not occur when no watchdog action is selected.
  • Intermittent loss of network interface card (NIC) and drive detection (P408e-m controller) by BIOS on system boot up of HPE ProLiant BL460c servers.
Enhancements

This version adds support for the following features and enhancements:

  • HTML5 Remote Console
  • Shared Network Port IPv6 support
  • Shared Network Port iLO Federation support
  • Ability to associate an SNMP alert destination with an SNMPv1 or SNMPv3 user
  • Enhanced firmware and software update interface:
    • New Add to Queue pane
    • Remove All option for install sets, queued components, or components in the iLO Repository
    • Recovery Set update option during firmware update, iLO Repository upload, or install queue update
  • CAC Smartcard  authentication support for the Online Certificate Status Protocol (OCSP)
  • iLO RESTful API updates:
    • NVMe drive properties
    • Remote Support configuration
    • Device Inventory
  • Support for eight SNMP trap destinations
  • SNMPv3 Inform notification support
  • Support for RSA-PSS certificate signatures
  • RSA cipher support in CNSA mode
  • Ability to disable device discovery on Device Inventory page
  • New Service Account option to support user accounts that are used as service accounts for supported applications

Version:1.17 (12 Dec 2017)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


The following issues are resolved in this version:

  • SSH does not work correctly when iLO is configured to use the SuiteB security state.  
  • Importing a certificate does not work correctly after the generation of a SuiteB-compliant CSR.

Enhancements

This version adds support for the following features and enhancements:

  • iLO Amplifier Pack Server System Restore - Use the Send Recovery Event button on the Firmware Verification page to send a recovery event to iLO Amplifier Pack. If iLO Amplifier Pack is configured to listen for system recovery events, this event causes iLO Amplifier Pack to initiate the system recovery process.  The system recovery process includes the installation of the System Recovery Set followed by reimaging the server operating system.
  • RESTful API updates:
    • Added certificate authentication and validation for Virtual Media.
    • Added certificate authentication and validation for RESTful API events that support the iLO Amplifier Pack Server System Restore feature.

Version:1.11 (8 Dec 2017)
Enhancements

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


  • This firmware release is intended for FIPS 140-2 (level 1) validation and Common Criterial (EAL 2+) certification. For the status of both, go to http://csrc.nist.gov/groups/STM/cmvp/validation.html for FIPS and http://www.commoncriteriaportal.org/ for Common Criteria. Search for "iLO 5".
  • Updated cryptographic stack as required by FIPS inspection and validation process.

Version:1.15 (25 Sep 2017)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

  Users should update to this firmware version if their system is
  affected by one of the documented fixes or if there is a desire to utilize any
  of the enhanced functionality provided by this version.


  • No traps from the System Management Assistant are received when SNMP is disabled in the  iLO web interface.
  • The power profile cannot be changed through the iLO web interface.
  • Network transmission graph data is not populated in Active Health System logs.
  • The NVDIMM firmware version is not displayed on the iLO web interface Installed Firmware page.
  • The iLO web interface intermittently displays incorrect memory status after a system reset.
  • The iLO  RESTful API does not provide a method to get current cipher information.
  • The Server Power page stalls when loading the server power information.
  • Nothing happens when you click the Import button on the HPE SSO page.
  • Secure boot cannot be configured through the iLO RESTful API, even if the pending configuration is in UEFI mode.
  • The maximum available power is displayed incorrectly.
  • If the IML contains a maintenance note, the first attempt to clear the log fails.   
  • Certificate-based authentication returns a session URL with inconsistent case.
  • Onetimeboot and Continuousboot do not  take effect in iLOrest.
  • Virtual Media status is not displayed in the Java IRC.
  • The local client keyboard might get disabled when the Java IRC  is in use.
  • An iLO  Federation authentication error might occur when group names with unsupported characters are used in URLs without correct encoding.
  • An issue occurs when copying or restoring certificate mapping entries using fingerprints.
  • An iLO web interface error occurs after an installed certificate was deleted by using the iLO RESTful API.
  • An Internal Error occurs when HPONCFG for Linux is used with a server that uses the SuiteB security state.
  • SNMPv3 user details cannot be modified  through RIBCL.
  • A false positive “Insecure Cache Management Policy” issue is reported by some security scanners.
Enhancements

  • iLO backup and restore—This feature allows you to restore the iLO configuration on a system with the same hardware configuration as the system that was backed up. For example, you could use this feature if the system board is replaced, an accidental or incorrect configuration change occurred, or iLO was set to the factory default settings.  This feature is not meant to duplicate a configuration and apply it to a different iLO system.
  • AMD platform support
  • Support for diffie-hellman-group-exchange-sha256.
  • Support for multiple destination AlertMail email addresses. Enter the addresses separated by a semicolon.
  • iLO RESTful API features:
    • Aux Power Reset
    • Jitter Control features to get and set Jitter Control Mode and Frequency
  • New iLO RESTful API properties to bridge the gap between RIBCL and iLO RESTful API features:
    • High Efficiency Mode
    • Encryption-related properties and Cache Module Serial Number
    • Login Security Banner
    • Current Power on Time (provides the time since the system was last powered on).
    • Persistent Mouse/Keyboard Enabled
  • New iLO RESTful API  events for NVDIMM Init Error and Runtime Firmware Authentication Error.

Version:1.10 (12 Jul 2017)
Enhancements

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Initial iLO 5 release with the following features:

  • The iLO Service Port on the front of the server is new on Gen10 ProLiant servers and Synergy compute modules. Use this feature to connect a client directly to the server to access the iLO web interface, remote console, CLI, or scripts. You can also connect a USB key and download the Active Health System log to a supported USB flash drive.
  • Improved HPE Agentless Management support for out of the box SNMP-based server management that does not require OS-based agents. OS-based agents are not supported on Gen10 servers.
  • Improved secure firmware update and recovery.
  • Secure Start ensures firmware integrity for essential system firmware.
  • Runtime firmware verification scans essential system firmware for further system integrity.
  • Automatic secure recovery of essential system firmware.
  • Common Access Card (CAC)Smartcard authentication.
  • New user account privilege levels. Specific privileges for BIOS, Storage, and Network configuration.
  • Virtual Media performance is typically at least twice as fast as it was with iLO 4.
  • New iLO web interface design.
  • Expanded Redfish support.