Printable version

Drivers & software

HP BladeSystem c-Class Onboard Administrator Firmware

By downloading, you agree to the terms and conditions of the Hewlett Packard Enterprise Software License Agreement.
Note:  Some software requires a valid warranty, current Hewlett Packard Enterprise support contract, or a license fee.

Type: Firmware - Blade Infrastructure
Version: 4.40(31 Mar 2015)
Operating System(s): Asianux 3
CentOS 5
Citrix XenServer 4.x
Citrix XenServer 5.x
Debian GNU/Linux 4.0 (AMD64/EM64T)
Debian GNU/Linux 4.0 (x86)
Debian GNU/Linux 5.0 (AMD64/EM64T)
Debian GNU/Linux 5.0 (x86)
Debian GNU/Linux 6.0
HP-UX 11.31 (IA)
HP-UX 11.x
Microsoft Windows 2000
Microsoft Windows 8 (32-bit)
Microsoft Windows 8 (64-bit)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows Server 2003 for 64-bit Extended Systems
Microsoft Windows Server 2008 Essential Business
Microsoft Windows Server 2008 Foundation Edition
Microsoft Windows Server 2008 Itanium
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 R2 Foundation Edition
Microsoft Windows Server 2008 R2 for Itanium-Based Systems
Microsoft Windows Server 2008 Small Business
Microsoft Windows Server 2008 W32
Microsoft Windows Server 2008 x64
Microsoft Windows Server 2012
Microsoft Windows Server 2012 Essentials
Microsoft Windows Server 2012 R2
Microsoft Windows Storage Server 2003
Microsoft Windows Vista (32-bit)
Microsoft Windows Vista (64-bit)
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP Professional
Microsoft Windows XP Professional x64 Edition
Novell NetWare 6.5
OS Independent
OpenVMS v8.2-1
OpenVMS v8.3
OpenVMS v8.4
Oracle Linux 5 (AMD64/EM64T)
Oracle Linux 5 (x86)
Red Hat Enterprise Linux 3 (AMD64/EM64T)
Red Hat Enterprise Linux 3 (Itanium)
Red Hat Enterprise Linux 3 (x86)
Red Hat Enterprise Linux 4 (AMD64/EM64T)
Red Hat Enterprise Linux 4 (Itanium)
Red Hat Enterprise Linux 4 (x86)
Red Hat Enterprise Linux 5 Desktop (x86-64)
Red Hat Enterprise Linux 5 Server (Itanium)
Red Hat Enterprise Linux 5 Server (x86)
Red Hat Enterprise Linux 5 Server (x86-64)
Red Hat Enterprise Linux 6 Server (x86)
Red Hat Enterprise Linux 6 Server (x86-64)
Red Hat Enterprise Linux 7 Server
Red Hat Linux 6.2
SUSE Linux Enterprise Server 10 (AMD64/EM64T)
SUSE Linux Enterprise Server 10 (Itanium)
SUSE Linux Enterprise Server 10 (x86)
SUSE Linux Enterprise Server 11 (AMD64/EM64T)
SUSE Linux Enterprise Server 11 (Itanium)
SUSE Linux Enterprise Server 11 (x86)
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 9 (AMD64/EM64T)
SUSE Linux Enterprise Server 9 (Itanium)
SUSE Linux Enterprise Server 9 (x86)
Solaris 10 for x86 Systems
Solaris 11.1
Ubuntu 13.10
Ubuntu 9.10 (AMD64/EM64T)
Ubuntu 9.10 (x86)
VMware ESX Server 3.0
VMware ESX/ESXi 4.0
VMware ESX/ESXi 4.1
VMware ESX/ESXi Server 3.5
VMware ESXi 5.0
VMware vSphere 5.1
VMware vSphere 5.5
File name: hpoa440.bin (14 MB)
This file contains the firmware image for the HP BladeSystem c-Class Onboard Administrator. This firmware provides management capabilities for the HP BladeSystem c-Class Enclosure.

  • General
    • Cipher suites are now configured and displayed using their RFC 5246 standardized names. 

Prerequisites:
The Onboard Administrator Smart Component contains 32-bit executable binaries.  As a result, the client operating system upon which the OA Smart Component is installed and executed must either have native support for 32-bit executables or must have the 32-bit compatibility libraries installed.


To ensure the integrity of your download, HPE recommends verifying your results with this SHA-256 Checksum value:

8cc7f3c7ed7b7e8a15a8ed330e46d9dbafe684bce7b38181787b86a917396bb3 hpoa440.bin

Reboot Requirement:
Reboot is optional after installation. Updates will be effective after reboot. Hardware stability will be maintained without reboot.


Installation:
Place the firmware image file onto a system on the same network as the HP BladeSystem c-Class Onboard Administrator.

Log in to the Onboard Administrator’s web-based user interface as an administrator. Firmware Update is available under the Active Onboard Administrator category. You may select the firmware image by entering a path to the file in the "Local File" field or by clicking on the "Browse" button to locate the firmware image on the local machine, a mapped drive, or a network share.

Click "Upload" to begin the firmware update process.

The user guide for the Onboard Administrator is located here.
The user guide for the Onboard Administrator command line interface is located here.


End User License Agreements:
BladeSystem Onboard Administrator Software End User License Agreement


Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


Important:

Important Notes

  • EFM  
    • The OA only supports SPP ISO images that are less than 4 GB in size, whether hosted directly via the Enclosure DVD feature or an attached USB key, or mounted remotely via a specified URL. If an ISO image exceeds 4 GB,  the CLI SHOW FIRMWARE MANAGEMENT command displays ISO URL Status as “Invalid URL.”
      • If an SPP ISO image exceeds 4 GB, it is necessary to create a custom ISO image that excludes components unnecessary to the OA EFM blade firmware update process.  At a minimum, the custom ISO must contain the firmware components for HP ProLiant BL servers. (When using HP SUM to create the custom ISO image, select Firmware as the Component Type, and select HP ProLiant BL Series as the Server Type.)  For information about creating a custom ISO image compatible for OA EFM functionality, see the HP BladeSystem Onboard Administrator User Guide. More HP SUM information can be found via HP Smart Update Manager online help or at http://www.hp.com/go/hpsum/documentation.
  • IPv6
    • When the Enable DHCPv6 or Enable SLAAC enclosure IPv6 settings are disabled on the Onboard Administrator, the respective DHCPv6 or SLAAC addresses of the iLOs in the enclosure are retained until these addresses expire automatically based on their respective configurations.  A manual reset of the iLO releases these addresses immediately.
  • ​Security
    • ​ Support for several cipher suites has been removed due to the generally acknowledged weakness of the associated encryption algorithms. The OA now supports only the cipher suites listed in the following table. To successfully establish a secure connection to the OA via SSL, clients must support one or more of these cipher suites.
      • Note specifically that Windows 2003 Active Directory and Internet Explorer might not successfully connect to the OA due to the lack of default support for at least one of the supported cipher suites.  
      • You can add the necessary support by installing and enabling Advanced Encryption Standard (AES) based cipher suites in Windows 2003. Refer to Microsoft hotfix available at http://support.microsoft.com/kb/948963.
 
SSL/TLS cipher suites Standard names for SSL/TLS cipher suites
EDH-RSA-DES-CBC3-SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
DHE-RSA-AES128-SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA
DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA
AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA
AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA
ECDHE-RSA-DES-CBC3-SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ECDHE-RSA-AES128-SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDHE-RSA-AES256-SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
AES128-GCM-SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256
AES256-GCM-SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384
ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
AES128-SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256
AES256-SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256


Notes:

Deliverable Name:

HP BladeSystem c-Class Onboard Administrator Firmware

Release Version:

Version 4.40

Previous Version of Firmware:

Version 4.30

Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

 Important Notes

  • EFM
The OA only supports SPP ISO images that are less than 4 GB in size, whether hosted directly via the Enclosure DVD feature or an attached USB key, or mounted remotely via a specified URL. If an ISO image exceeds 4 GB,  the CLI SHOW FIRMWARE MANAGEMENT command displays ISO URL Status as “Invalid URL.”

If an SPP ISO image exceeds 4 GB, it is necessary to create a custom ISO image that excludes components unnecessary to the OA EFM blade firmware update process.  At a minimum, the custom ISO must contain the firmware components for HP ProLiant BL servers. (When using HP SUM to create the custom ISO image, select Firmware as the Component Type, and select HP ProLiant BL Series as the Server Type.)  For information about creating a custom ISO image compatible for OA EFM functionality, see the HP BladeSystem Onboard Administrator User Guide. More HP SUM information can be found via HP Smart Update Manager online help or at http://www.hp.com/go/hpsum/documentation
  • FIPS
OA 3.71 has received FIPS 140-2 Certification  (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2014.htm#2174)  
  • IPv6
When the Enable DHCPv6, Enable Router Advertisements, or Enable SLAAC enclosure IPv6 settings are disabled on the Onboard Administrator, the respective DHCPv6 or SLAAC addresses of the iLOs in the enclosure are retained until these addresses expire automatically based on their respective configurations.  A manual reset of the iLO releases these addresses immediately.
  • Security
Support for several cipher suites has been removed due to the generally acknowledged weakness of the associated encryption algorithms. The OA now supports only the cipher suites listed in the following table. To successfully establish a secure connection to the OA via SSL, clients must support one or more of these cipher suites.
Note specifically that Windows 2003 Active Directory and Internet Explorer might not successfully connect to the OA due to the lack of default support for at least one of the supported cipher suites listed. You can add the necessary support by installing and enabling Advanced Encryption Standard (AES) based cipher suites in Windows 2003. Refer to Microsoft hotfix available at http://support.microsoft.com/kb/948963.  
SSL/TLS cipher suites Standard names for SSL/TLS cipher suites
EDH-RSA-DES-CBC3-SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
DHE-RSA-AES128-SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA
DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA
AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA
AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA
ECDHE-RSA-DES-CBC3-SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ECDHE-RSA-AES128-SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDHE-RSA-AES256-SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
AES128-GCM-SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256
AES256-GCM-SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384
ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
AES128-SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256
AES256-SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256
 
 
Enhancements/New Features


Problems Fixed
  • General
  • Devices with MAC addresses ending with “81:00” (such as f8:66:f2:6d:81:00) were unable to communicate with the OA. Some examples of the observed symptoms were:
Attempts to ping the OA from the device fail The OA cannot use such a device as a gateway
The OA GUI and CLI cannot be used from this device   "CERTS: Failed to open flash"
This had no functional impact; the entry could be ignored. 
  • Documentation
    •  In the September 2014 (Edition 23) HP BladeSystem Onboard Administrator CLI User Guide for OA 4.30, within the description of the SET HTTP REQUESTREADTIMEOUT command, a command showing recommended values had the BODY MINRATE value as 50 instead of the correct value 500. The command with the correct recommended values is as follows:
SET HTTP REQUESTREADTIMEOUT HEADER 3-8 MINRATE 500 BODY 5-10 MINRATE 500

This error was corrected in the October 2014 (Edition 24) document. 
  • EFM
    • In rare cases, the Active OA module would reboot expectedly during the update of the OA firmware on redundant OA modules.  When this issue occurred, the Active OA module would reboot during the transfer of the OA firmware image to the Standby OA module.  The OA firmware update would fail to complete successfully; a segmentation fault (SEGV) error would be logged in the Active OA system log.  This issue did not cause any firmware or data corruption, and the OA firmware update could be successful if retried following the occurrence of this issue. Note that this issue could only be encountered when updating OA modules running OA 4.30 firmware.  
    • Attempts to update the firmware failed on an HP ProLiant Gen9 server blade configured in UEFI Boot Mode or UEFI Optimized Boot Mode. When this failure occurred, the firmware log for the blade server would indicate an error similar to the following for each update attempt, including the two automatic retries that occur on failure:
Jul 15 09:34:19 Unable to detect ISOLINUX booting.
A final status report similar to the following would also be issued:
Jul 15 10:30:33 Firmware Management is incomplete on blade <bay number>.  Unable to mount ISO or validate version information. The URL or ISO is invalid.
  •  CLI commands affected include those that depend on the URL specification via the SET FIRMWARE MANAGEMENT URL command (such as the UPDATE FIRMWARE SERVER command and the UPDATE IMAGE FW_ISO command). 
  •  The EFM firmware log would indicate "Firmware Management successfully completed on blade x" even if the iLO firmware update failed to complete successfully.  
  • IPv6
    • Configuration scripts could not be applied to another OA properly when attempting to configure new EBIPA DNS IPv4/IPv6 addresses or IPv6 routes. Attempts to change the configurations could only add new addresses to those of the previous configuration. It was not possible to replace the existing addresses with the new ones.
The following CLI commands now include the ALL keyword to allow clearing of all unwanted addresses or routes:
REMOVE EBIPA SERVER DNS ALL
REMOVE EBIPAV6 SERVER DNS ALL
REMOVE OA ROUTE IPV6 <ACTIVE|STANDBY> ALL

A configuration script can now use these commands to clear the previous (unwanted) EBIPA DNS IP addresses and IPv6 static routes, and then add the new ones. 
  • KVM
    • Pressing Enter four times consecutively on a keyboard attached to the c7000 Enclosure integrated KVM module would cause the highlighted blade server on the KVM screen to power off or on, depending on its current power state. This issue has been fixed by interchanging the Ok/Confirm and Cancel buttons on the Confirm: Change Server Power and Change Server Power screens so that the Cancel button is highlighted by default instead of the OK or Confirm button. The default focus is set on the Cancel button. (QXCR1001357592)
  •  Security
    • The following security vulnerabilities were fixed:
    • This release of the OA resolves this security vulnerability by compiling OpenSSl with OPENSSL_NO_SRTP (the OA does not use DTLS and SRTP).
      • CVE-2014-0139: A vulnerability affecting SSL/TLS transactions that might allow a man-in-the-middle attacker to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certificate Authority.
      • CVE-2014-0015: A vulnerability when more than one authentication method is enabled and NTLM connections are reused, which might allow context-dependent attackers to authenticate as other users via a request.
      • CVE-2014-0138: A vulnerability affecting certain LDAP connections that might allow context-dependent attackers to connect as other users via a request (similar to issue CVE-2014-0015).
      • CVE-2014-2522: A vulnerability when running on Windows and using an SChannel/Winssl TLS backend. When accessing a URL that uses a numerical IP address, curl does not verify that the server host name matches a domain name in the subject’s CN or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
    • In addition, OpenSSL has been updated to version 1.0.1h to address multiple CVE fixes.
  • SSH/SSL keys
    • With OA firmware later than 4.0x, attempts to add an SSH key using the OA CLI ADD SSH KEY command might fail. Intermittently, after issuing the command, the user received an error message ("The submitted file is not a valid SSH key."), in which case the command failed. 
  • SNMP
  • SNMP alerts (or traps) sent from the OA to an IPv6 SNMP alert destination are sent incorrectly to destination port 161 instead of port 162 (per RFC 1157) when no destination port is explicitly specified as part of an IPv6 SNMP alert destination configuration. 
 Known Issues
  • Browsers
    • SSO-to-iLO connection from the OA using an iLO host name fails with Microsoft® Internet Explorer 11 on Windows 8. On a Windows 8 system with Internet Explorer 10 or Internet Explorer 11, if the OA web GUI session is loaded using a host name instead of an IP address, an attempt to open an iLO window using SSO from the OA web GUI might result in the iLO page loading in the OA web GUI window instead of the intended new window.
This issue was determined to be a bug in Internet Explorer and is expected to be fixed in a future release or update for  Internet Explorer.  To work around this issue, either use an IP address to load the OA Web GUI, or turn off Protected Mode for the appropriate zone in Internet Explorer’s settings. This issue occurs only on Internet Explorer browsers.    
  • FIPS
  • Certificates smaller than 2048 bits in size are not compliant with FIPS requirements as enforced by the OA firmware starting with OA 4.20.  When the OA running OA firmware version 4.40 or greater is operating in FIPS Mode ON or DEBUG and is configured with a  1024-bit LDAP certificate that was installed when running a previous version of OA firmware, FIPS Mode ON/DEBUG is considered to be operating in a degraded state due to the presence of the non-compliant certificate.  While operating in this degraded FIPS Mode operational state, attempts to set FIPS Mode OFF from the OA GUI Network Access > FIPS tab will fail and show the error message “The selected FIPS mode is already enabled”.  When the non-compliant certificate is removed, the degraded FIPS operational status is cleared, FIPS Mode can then be successfully set to OFF from the GUI interface.  Note that the OA CLI command SET FIPS MODE OFF can be successfully used to set FIPS Mode OFF even with non-compliant 1024-bit LDAP certificates installed in the OA.


Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


General

  • Devices with MAC addresses ending with “81:00” (such as f8:66:f2:6d:81:00) were unable to communicate with the OA. Some examples of the observed symptoms were:
Attempts to ping the OA from the device fail The OA cannot use such a device as a gateway The OA GUI and CLI cannot be used from this device  This had no functional impact; the entry could be ignored. 
Documentation
  • In the September 2014 (Edition 23) HP BladeSystem Onboard Administrator CLI User Guide for OA 4.30, within the description of the SET HTTP REQUESTREADTIMEOUT command, a command showing recommended values had the BODY MINRATE value as 50 instead of the correct value 500. The command with the correct recommended values is as follows: SET HTTP REQUESTREADTIMEOUT HEADER 3-8 MINRATE 500 BODY 5-10 MINRATE 500
This error was corrected in the October 2014 (Edition 24) document.
  EFM
  • In rare cases, the Active OA module would reboot expectedly during the update of the OA firmware on redundant OA modules.  When this issue occurred, the Active OA module would reboot during the transfer of the OA firmware image to the Standby OA module.  The OA firmware update would fail to complete successfully; a segmentation fault (SEGV) error would be logged in the Active OA system log.  This issue did not cause any firmware or data corruption, and the OA firmware update could be successful if retried following the occurrence of this issue. Note that this issue could only be encountered when updating OA modules running OA 4.30 firmware.  o   Attempts to update the firmware failed on an HP ProLiant Gen9 server blade configured in UEFI Boot Mode or UEFI Optimized Boot Mode. When this failure occurred, the firmware log for the blade server would indicate an error similar to the following for each update attempt, including the two automatic retries that occur on failure: Jul 15 09:34:19 Unable to detect ISOLINUX booting. A final status report similar to the following would also be issued:
Jul 15 10:30:33 Firmware Management is incomplete on blade <bay number>.
  • When using an HP Firmware Management ISO image based on a URL that includes the HTTP port (for example, http://10.226.36.35:8080/bp-151ilo-2014-08-26-1.iso),  EFM failed to mount the image. The following error message would be displayed: Unable to mount ISO or validate version information. The URL or ISO is invalid.   CLI commands affected include those that depend on the URL specification via the SET FIRMWARE MANAGEMENT URL command (such as the UPDATE FIRMWARE SERVER command and the UPDATE IMAGE FW_ISO command).  o   The EFM firmware log would indicate "Firmware Management successfully completed on blade x" even if the iLO firmware update failed to complete successfully. 
 IPv6
  • Configuration scripts could not be applied to another OA properly when attempting to configure new EBIPA DNS IPv4/IPv6 addresses or IPv6 routes. Attempts to change the configurations could only add new addresses to those of the previous configuration. It was not possible to replace the existing addresses with the new ones. The following CLI commands now include the ALL keyword to allow clearing of all unwanted addresses or routes:
  • REMOVE EBIPA SERVER DNS ALL
  • REMOVE EBIPAV6 SERVER DNS ALL
  • REMOVE OA ROUTE IPV6 <ACTIVE|STANDBY> ALL
A configuration script can now use these commands to clear the previous (unwanted) EBIPA DNS IP addresses and IPv6 static routes, and then add the new ones.   
  KVM
  • Pressing Enter four times consecutively on a keyboard attached to the c7000 Enclosure integrated KVM module would cause the highlighted blade server on the KVM screen to power off or on, depending on its current power state. This issue has been fixed by interchanging the Ok/Confirm and Cancel buttons on the Confirm: Change Server Power and Change Server Power screens so that the Cancel button is highlighted by default instead of the OK or Confirm button. The default focus is set on the Cancel button.
  Security
  • The following security vulnerabilities were fixed:   
  • CVE-2014-3511: A vulnerability could be exploited by launching man-in-the-middle attacks to force the use of TSL 1.0 instead of the intended later version of TLS. This is documented in HP Security Bulletin HPSBMU03104 (https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04427546).
  • CVE-2007-2242: A vulnerability could be exploited by launching denial-of-service attacks via crafted IPv6 type 0 router headers between two routers, resulting in network congestion. This is documented in HP Security Bulletin HPSBMU03104 (https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04427546).
  • CVE-2014-3567: A vulnerability can be exploited to cause a DOS denial-of-service (memory consumption) attack via crafted session tickets that triggers an integrity check-failure.
  • CVE-2014-3513: A vulnerability can be exploited to cause a denial of service (memory consumption) via a crafted handshake message.
  • CVE-2014-3513: SRTP Memory Leak – a memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 (before 1.0.1j) allows remote attackers to cause denial of service (memory consumption) via a crafted handshake message.
  • This release of the OA resolves this security vulnerability by compiling OpenSSl with OPENSSL_NO_SRTP (the OA does not use DTLS and SRTP). 
  • CVE-2014-0139: A vulnerability affecting SSL/TLS transactions that might allow a man-in-the-middle attacker to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certificate Authority.
  • CVE-2014-0015: A vulnerability when more than one authentication method is enabled and NTLM connections are reused, which might allow context-dependent attackers to authenticate as other users via a request.
  • CVE-2014-0138: A vulnerability affecting certain LDAP connections that might allow context-dependent attackers to connect as other users via a request (similar to issue CVE-2014-0015).
  • CVE-2014-2522: A vulnerability when running on Windows and using an SChannel/Winssl TLS backend. When accessing a URL that uses a numerical IP address, curl does not verify that the server host name matches a domain name in the subject’s CN or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. 
  • In addition, OpenSSL has been updated to version 1.0.1h to address multiple CVE fixes.

 SSH/SSL keys
  • With OA firmware later than 4.0x, attempts to add an SSH key using the OA CLI ADD SSH KEY command might fail. Intermittently, after issuing the command, the user received an error message ("The submitted file is not a valid SSH key."), in which case the command failed. 

SNMP 
  • SNMP alerts (or traps) sent from the OA to an IPv6 SNMP alert destination are sent incorrectly to destination port 161 instead of port 162 (per RFC 1157) when no destination port is explicitly specified as part of an IPv6 SNMP alert destination configuration.
    •  The OA HTTP service would become unresponsive and communication to the OA would be lost after removing a local user account with OA administrator level privileges.  This issue in only occurred when the removed user account had previously been used to configure network services on the OA module.  

Important Notes

  • EFM  
    • The OA only supports SPP ISO images that are less than 4 GB in size, whether hosted directly via the Enclosure DVD feature or an attached USB key, or mounted remotely via a specified URL. If an ISO image exceeds 4 GB,  the CLI SHOW FIRMWARE MANAGEMENT command displays ISO URL Status as “Invalid URL.”
      • If an SPP ISO image exceeds 4 GB, it is necessary to create a custom ISO image that excludes components unnecessary to the OA EFM blade firmware update process.  At a minimum, the custom ISO must contain the firmware components for HP ProLiant BL servers. (When using HP SUM to create the custom ISO image, select Firmware as the Component Type, and select HP ProLiant BL Series as the Server Type.)  For information about creating a custom ISO image compatible for OA EFM functionality, see the HP BladeSystem Onboard Administrator User Guide. More HP SUM information can be found via HP Smart Update Manager online help or at http://www.hp.com/go/hpsum/documentation.
  • IPv6
    • When the Enable DHCPv6 or Enable SLAAC enclosure IPv6 settings are disabled on the Onboard Administrator, the respective DHCPv6 or SLAAC addresses of the iLOs in the enclosure are retained until these addresses expire automatically based on their respective configurations.  A manual reset of the iLO releases these addresses immediately.
  • ​Security
    • ​ Support for several cipher suites has been removed due to the generally acknowledged weakness of the associated encryption algorithms. The OA now supports only the cipher suites listed in the following table. To successfully establish a secure connection to the OA via SSL, clients must support one or more of these cipher suites.
      • Note specifically that Windows 2003 Active Directory and Internet Explorer might not successfully connect to the OA due to the lack of default support for at least one of the supported cipher suites.  
      • You can add the necessary support by installing and enabling Advanced Encryption Standard (AES) based cipher suites in Windows 2003. Refer to Microsoft hotfix available at http://support.microsoft.com/kb/948963.
 
SSL/TLS cipher suites Standard names for SSL/TLS cipher suites
EDH-RSA-DES-CBC3-SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
DHE-RSA-AES128-SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA
DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA
AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA
AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA
ECDHE-RSA-DES-CBC3-SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ECDHE-RSA-AES128-SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDHE-RSA-AES256-SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
AES128-GCM-SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256
AES256-GCM-SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384
ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
AES128-SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256
AES256-SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256

Version:4.90 (2 Apr 2019)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


General

  • Addressed an issue where Onboard Administrator is not reachable when the port speed changes from 100M to 1000M in auto-negotiation mode. This issue is described by Customer Advisory : https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=1844065&docLocale=en_US&docId=emr_na-c04866545
  • Addressed an issue where the DHCPv6 service does not start after an Onboard Administrator reboots causing it to reboot again after 15 minutes.
  • Addressed an issue related to ssl protocols enable or disable in the Onboard Administrator Command Line Interface (CLI) where proper error message is displayed. When the password entered is less than eight characters, the ambient temperature of the BL460c Gen10 blade is not displayed.
  •  Addressed issues in Onboard Administrator GUI pages related to:
    1. Power management
    2. Front view display of BL460c Gen10 blade

    3. Login feature into linked enclosure and Two-factor authentication

  • Addressed an issue where syslog messages were not added for dynamic dns setting and LDAP group access changes.
  • Addressed an issue where SNMP GET for Onboard Administrator system description OID displays a wrong value.
  • Addressed an issue where Blade Switch 6125G firmware version is not displayed after rebooting OA.
  • Addressed an issue where Onboard Administrator responds to internal private IP ping requests from management interface.
  • Addressed the issue of delay in the powering of the blades after an enclosure power cycle in a VCM managed enclosure.
  • Addressed an issue in the SNMP where power supply OK traps are not sent out after an enclosure power cycle.
  • Addressed the issues related to user certificate usage in the Onboard Administrator where the same certificate cannot be used for multiple users and checking the syntax of IPv6 address if used in the certificate.
  • Addressed the issues present in the previous versions of the Onboard Administrator online help.
  • Addressed an issue in FIPS ON mode where Onboard Administrator CLI will display information about the password requirements when an invalid password in entered by the user.
  • Fixed an issue related to ambient temperature display of Gen10 blades in Command Line Interface (CLI).
  • Fixed an issue in First Time Setup Wizard page in GUI where in FIPS ON mode, user will not able to set DEBUG to ON.
  • Addressed an issue where messages are not logged in syslog when Device and Interconnects bay access are updated for a LDAP group.
  • Fixed an issue related to Blade part number display in OA GUI and CLI.

Security

  The following security vulnerabilities are fixed:

  • CVE-2018-0732- Addressed the issue where the possibility of a malicious server sending a large prime value to the client from DH (E) based ciphersuite during the key agreement in a TLS handshake resulting in the client to take a long time to generate a key with the prime and exploited in a Denial Of Service attack.
  • CVE-2018-0737- Addressed the issue of vulnerability of the OpenSSL RSA Key generation algorithm to the cache timing side channel attack.

Issues and workarounds

Browsers

  • OA GUI is not accessible in Chrome versions 43.0.2357.10 to 44.0.2383.The issue was caused by a “regression” in Chrome (or WebKit). Customers should use an alternative browser like Firefox or Internet Explorer or try a different version of Chrome.
  • SSO-to-iLO connection from the OA using an iLO host name fails with Microsoft Internet Explorer11 on Windows 8. On a Windows 8 system with Internet Explorer 10 or Internet Explorer 11, if the OA web GUI session is loaded using a host name instead of an IP address, an attempt to open an iLO window using SSO from the OA web GUI might result in the iLO page loading in the OA web GUI window instead of the intended new window. This issue was determined to be a bug in Internet Explorer and is expected to be fixed in a future release or update for Internet Explorer. To work around this issue, either use an IP address to load the OA Web GUI, or turn off Protected Mode for the appropriate zone in Internet Explorer’s settings. This issue occurs only on Internet Explorer browsers.

FIPS

Certificates smaller than 2048 bits in size are not compliant with FIPS requirements as enforced by the OA firmware starting with OA 4.20. When the OA running OA firmware version 4.40 or greater is operating in FIPS Mode ON/DEBUG and is configured with a 1024-bit LDAP certificate that was installed when running a previous version of OA firmware, FIPS Mode ON/DEBUG is considered to be operating in a degraded state due to the presence of the non-compliant certificate. While operating in this FIPS-Degraded Mode operational state, attempts to set FIPS Mode OFF from the OA GUI Network Access>FIPS tab will fail and show the error message The selected FIPS mode is already enabled. When the non-compliant certificate is removed, the FIPS-Degraded operational status is cleared, FIPS Mode can then be successfully set to OFF from the GUI interface. Note that the OA CLI command SET FIPS MODE OFF can be successfully used to set FIPS Mode OFF even with non-compliant 1024-bit LDAP certificates installed in the OA.

IRC

Unable to open .net IRC console for Gen10 Blades, Gen9 Blades also have the same issue. The Java applet and Webstart however, loads but the virtual media mounting fails. The work around is to launch the IRC through IRC Application (HPE Lights-Out Stand Alone Remote Console) which is installed on terminal client.

EFM

To use EFM on Gen 10 Blades, please select options/filters “Make Bootable ISO file” and Enclosure Firmware Management” while creating custom SPP ISO on HPE SUM 8.0.0. Please refer to HPE SUM 8.0.0 User guide for further details.

CAC

  • In the CAC mode SSH, Telnet and XML Reply protocols will be disabled.
  • Linked enclosure login will not work if the linked enclosure in CAC mode.
  • If accurate Service account details are not provided, LDAP user login with certificate will fail.
  • It is highly recommended to establish a recovery plan before getting started with CAC.  If something goes wrong with the OA configuration, the OA may be recovered through the serial port or Insight Display panel and USB KEY. Both methods require physical access to the OA.  However, if an LCD PIN has been configured (and forgotten) and local accounts have been disabled or CAC has been incorrectly configured then, the only way to recover is through a serial port. The two most common situations where OA recovery is needed are when LDAP has been configured incorrectly with local accounts disabled or when CAC has been configured without certificate access.

Configurable SSH Port Number                                               

If a Standby OA is running firmware version less than 4.85 and it is updated to firmware version greater than or equal to 4.85 using synchronize firmware feature from Active OA, after the firmware update and reboot of the Standby OA, SSH port will not open in the configured port number. The work around is to reboot the Standby OA and SSH port will open in the configured port in next boot. This issue will not occur in the case where SSH port is configured to default port 22 in the Active OA.

Enhancements

Onboard Administrator 4.90 provides support for the following enhancements:

Hardware additions

  • None

Features: additions and changes

General

  • On SNMP user add/delete, Onboard Administrator has been enhanced to resync with the new configuration instead of restarting SNMP service.
  • The SCEXE package support has been removed in the Onboard Administrator firmware update and EFM. OA now uses only the RPM package.
  • The Single Sign-On (SSO) feature has been enhanced to support the Password Complexity feature in the iLO 5 firmware.
  • The AlertMail feature has been enhanced to include subsystems status in the AlertMail messages.
  • Onboard Administrator has been enhanced for better debugging of issues.

 Security

  • None

Version:4.85 (26 Jun 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


General

  • Addressed an issue where SNMP trap cpqRackEnclosureManagerLinkUp was not sent after an Onboard Administrator failover.
  • Addressed online help content issues seen in the previous version of Onboard Administrator.

Security

   The following security vulnerabilities were fixed:

  • CVE-2017-8105 - Addressed a memory corruption vulnerability caused by a buffer overflow.
  • CVE-2016-10244 – Addressed a vulnerability which might allow a remote attacker to cause denial-of-service via a crafted file.

Issues and workarounds

Browsers

  • OA GUI is not accessible in Chrome versions 43.0.2357.10 to 44.0.2383.The issue was caused by a “regression” in Chrome (or WebKit). Customers should use an alternative browser like Firefox or Internet Explorer or try a different version of Chrome.
  • SSO-to-iLO connection from the OA using an iLO host name fails with Microsoft Internet Explorer11 on Windows 8. On a Windows 8 system with Internet Explorer 10 or Internet Explorer 11, if the OA web GUI session is loaded using a host name instead of an IP address, an attempt to open an iLO window using SSO from the OA web GUI might result in the iLO page loading in the OA web GUI window instead of the intended new window. This issue was determined to be a bug in Internet Explorer and is expected to be fixed in a future release or update for Internet Explorer. To work around this issue, either use an IP address to load the OA Web GUI, or turn off Protected Mode for the appropriate zone in Internet Explorer’s settings. This issue occurs only on Internet Explorer browsers.

FIPS

Certificates smaller than 2048 bits in size are not compliant with FIPS requirements as enforced by the OA firmware starting with OA 4.20. When the OA running OA firmware version 4.40 or greater is operating in FIPS Mode ON/DEBUG and is configured with a 1024-bit LDAP certificate that was installed when running a previous version of OA firmware, FIPS Mode ON/DEBUG is considered to be operating in a degraded state due to the presence of the non-compliant certificate. While operating in this FIPS-Degraded Mode operational state, attempts to set FIPS Mode OFF from the OA GUI Network Access>FIPS tab will fail and show the error message The selected FIPS mode is already enabled. When the non-compliant certificate is removed, the FIPS-Degraded operational status is cleared, FIPS Mode can then be successfully set to OFF from the GUI interface. Note that the OA CLI command SET FIPS MODE OFF can be successfully used to set FIPS Mode OFF even with non-compliant 1024-bit LDAP certificates installed in the OA.

IRC

Unable to open .net IRC console for Gen10 Blades, Gen9 Blades also have the same issue. The Java applet and Webstart however, loads but the virtual media mounting fails. The work around is to launch the IRC through IRC Application (HP Lights-Out Stand Alone Remote Console) which is installed on terminal client.

EFM

To use EFM on Gen 10 Blades, please select options/filters “Make Bootable ISO file” and Enclosure Firmware Management” while creating custom SPP ISO on HPSUM 8.0.0. Please refer to HPSUM 8.0.0 User guide for further details.

CAC

  • In the CAC mode SSH, Telnet and XML Reply protocols will be disabled.
  • Linked enclosure login will not work if the linked enclosure in CAC mode.
  • If accurate Service account details are not provided, LDAP user login with certificate will fail.
  • It is highly recommended to establish a recovery plan before getting started with CAC.  If something goes wrong with the OA configuration, the OA may be recovered through the serial port or Insight Display panel and USB KEY. Both methods require physical access to the OA.  However, if an LCD PIN has been configured (and forgotten) and local accounts have been disabled or CAC has been incorrectly configured then, the only way to recover is through a serial port. The two most common situations where OA recovery is needed are when LDAP has been configured incorrectly with local accounts disabled or when CAC has been configured without certificate access.

Configurable SSH Port Number                                               

If a Standby OA is running firmware version less than 4.85 and it is updated to firmware version greater than or equal to 4.85 using synchronize firmware feature from Active OA, after the firmware update and reboot of the Standby OA, SSH port will not open in the configured port number. The work around is to reboot the Standby OA and SSH port will open in the configured port in next boot. This issue will not occur in the case where SSH port is configured to default port 22 in the Active OA.

Enhancements

Onboard Administrator 4.85 provides support for the following enhancements:

Hardware additions

  • HPE D2500sb Storage Blade

Features: additions and changes

General

  • Onboard Administrator has been enhanced to allow configuring an IPv6 address as SNMP EngineID.
  • Onboard Administrator has been enhanced to allow configuring a user defined SSH port number. This will allow users to configure a non-standard SSH port instead of the default SSH port 22.

 Security

General Data Protection Requirements (GDPR) support added in Onboard Administrator for HPE Embedded Remote Support solution. The HPE passport username will now be stored in an encrypted form.


Version:4.80 (5 Feb 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


General

  • Addressed an issue where SNMP traps were not being sent after an OA reboot or Active to Standby role change occurred when the IPSWAP feature was enabled and the SNMP trap receivers are configured using their hostname.
  • Limited the “ADD SNMP TRAPRECEIVE” CLI command username length to 32 characters.
  • Addressed an issue which enables OA to disallow the configuration of SNMP Trap receiver names that start with a numeral.
  • Addressed an issue in OA CLI command “SHOW SERVER INFO” as well as in the GUI where it did not display new processor family for Integrity i6 blade.
  • Addressed an issue where OA used to send inappropriate power request denial code when there was an ekeying error, which in turn made iLO report inappropriate errorcode.
  • Addressed an issue where in after OA fail over, the SNMP failover trap was not getting generated if the OA configuration contains IPV6 only network and Enclosure IP mode enabled.
  • Addressed an ARP flux issue in Standby OA’s IP address, due to which Network switches connected to OA may observe potential duplicate IP address of standby OA.
  • Addressed an issue in the “RESET ILO” CLI command which prevented OA from resetting Integrity Blades.

Security

     The following security issues were fixed:

  • CVE-2016-2177 -Addressed a vulnerability against openSSL was incorrectly using pointer arithmetic for heap-buffer boundary checks which might allow remote attackers to cause a denial of service.
  • CVE-2016-6302 - Addressed a vulnerability against openSSL integer underflow flaw leading to a buffer over-read which allows remote attackers to cause a denial of service.
  • CVE-2016-6304 Addressed a vulnerability against openSSL which could lead to Denial Of Service attack through memory exhaustion which might allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
  • CVE-2016-6306- Addressed a vulnerability against openSSL where in  some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations.

Issues and workarounds

Browsers

  • OA GUI is not accessible in Chrome versions 43.0.2357.10 to 44.0.2383.The issue was caused by a “regression” in Chrome (or WebKit). Customers should use an alternative browser like Firefox or Internet Explorer or try a different version of Chrome.
  • SSO-to-iLO connection from the OA using an iLO host name fails with Microsoft Internet Explorer11 on Windows 8.On a Windows 8 system with Internet Explorer 10 or Internet Explorer 11, if the OA web GUI session is loaded using a host name instead of an IP address, an attempt to open an iLO window using SSO from the OA web GUI might result in the iLO page loading in the OA web GUI window instead of the intended new window. This issue was determined to be a bug in Internet Explorer and is expected to be fixed in a future release or update for Internet Explorer. To work around this issue, either use an IP address to load the OA Web GUI, or turn off Protected Mode for the appropriate zone in Internet Explorer’s settings. This issue occurs only on Internet Explorer browsers.

FIPS

Certificates smaller than 2048 bits in size are not compliant with FIPS requirements as enforced by the OA firmware starting with OA 4.20. When the OA running OA firmware version 4.40 or greater is operating in FIPS Mode ON/DEBUG and is configured with a 1024-bit LDAP certificate that was installed when running a previous version of OA firmware, FIPS Mode ON/DEBUG is considered to be operating in a degraded state due to the presence of the non-compliant certificate. While operating in this FIPS-Degraded Mode operational state, attempts to set FIPS Mode OFF from the OA GUI Network Access>FIPS tab will fail and show the error message The selected FIPS mode is already enabled. When the non-compliant certificate is removed, the FIPS-Degraded operational status is cleared, FIPS Mode can then be successfully set to OFF from the GUI interface. Note that the OA CLI command SET FIPS MODE OFF can be successfully used to set FIPS Mode OFF even with non-compliant 1024-bit LDAP certificates installed in the OA.

IRC

Unable to open .net IRC console for Gen10 Blades, Gen9 Blades also have the same issue. The Java applet and Webstart however, loads but the virtual media mounting fails. The work around is to launch the IRC through IRC Application (HP Lights-Out  Stand Alone Remote Console) which is installed on terminal client.

EFM

To use EFM on Gen 10 Blades, please select options/filters “Make Bootable ISO file” and Enclosure Firmware Management” while creating custom SPP ISO on HPSUM 8.0.0. Please refer to HPSUM 8.0.0 User guide for further details.

CAC

  • In the CAC mode SSH, Telnet and XML Reply protocols will be disabled.
  • Linked enclosure login will not work if the linked enclosure in CAC mode.
  • If accurate Service account details are not provided, LDAP user login with certificate will fail.
  • It is highly recommended to establish a recovery plan before getting started with CAC.  If something goes wrong with the OA configuration, the OA may be recovered through the serial port or Insight Display panel and USB KEY. Both methods require physical access to the OA.  However, if an LCD PIN has been configured (and forgotten) and local accounts have been disabled or CAC has been incorrectly configured then, the only way to recover is through a serial port. The two most common situations where OA recovery is needed are when LDAP has been configured incorrectly with local accounts disabled or when CAC has been configured without certificate access.
Enhancements

Onboard Administrator 4.80 provides support for the following enhancements:

​​Hardware additions

  • Nil.

Features: additions and changes

  • General

Added Offline Firmware discovery feature to display/update the Blade components firmware details without the need to perform an EFM discovery task. The feature can be enabled/disabled using the CLI command: SET FIRMWARE MANAGEMENT BLADE_BOOT_FW_DISCOVERY <Enable|Disable>

    • Added support for Gen10 blade Remote Console access via from OA using Java Web Start which will help users to use Remote Console in 64bit browsers where Java plugin support is deprecated.
    • Added two new SNMP traps for ICM Thermal events
      • cpqRackNetConnectorTempDegraded - Thermal event when temperature crossed Caution/Critical threshold.
      • cpqRackNetConnectorTempOk - Thermal event cleared i.e. temperature went back below Caution/critical threshold.
  • Security
  • Enhanced OA SSL Key and Certificate Generation mechanism to generate a new SSL key without removing the existing SSL key and certificates, which will continue to work until the new key is activated. The new key can be activated either by generating self-signed certificate or by uploading the CA signed CSR which was generated using this new key. Activating new key will remove other SSL keys and certificate. The earlier behavior was causing OA to immediately start using the new Key and Certificate causing the open (GUI) sessions to terminate. A new option ALTERNATE_KEY has been added to “GENERATE KEY” CLI command for this feature.
  • Added new extension "Extended Key Usage" in both CSR and Self signed certificate by default. Also Added "Extended key usage" extension with "TLS Web Server Authentication and TLS Web client Authentication" options.
  • Added a new Feature to validate service account credentials with LDAP server.
  • Enhanced OA to use SHA-2 certificates to establish more secure connections with Insight Remote Support server.

Version:4.71 (16 Jan 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Security

The following security issues were fixed:

  • Removed the support to generate keys with SHA1 in FIPS mode, as per the latest FIPS standards SHA1 is no longer allowed.
  • Removed the support for 1024 DH primes in FIPS mode, as per the latest FIPS standards.
Enhancements

Onboard Administrator 4.71 provides support for the following enhancements:

Security

       CAC Feature: The authentication mechanism in Onboard Administrator has been enhanced to support DoD
       Common Access Card Personal Identification Verification devices. This feature enhances security by
       supporting multi factor authentication and below are the core elements of the new Authorization mechanism
       listed below:

  • During Authentication (occurs during SSL session establishment): Verifying revocation status using Online
    Certificate Status Protocol (OCSP) or Offline Certificate Revocation List (CRL).
  • During Authentication (after SSL session establishment): The certificate's Subject Alternate Name (SAN)
    or the Subject is validated against the User Principal Name (UPN) of the corresponding principal in Active Directory.
  • It is important to note that the local user accounts in OA are disabled in CAC mode.

Version:4.70 (12 Jul 2017)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


General

  • Addressed an issue where OA "update iLO all" command fails in an enclosure with maximum Blades.
  • Addressed an issue where a Warning Alert  was wrongly sent when a fan is reseated in an enclosure
  • Addressed an issue where the port mapping information for 560M Izzy adapter Mezz controller was not displayed correctly.
  • Addressed an issue where Remote Syslog logging would fail when OA failover happened in an IPv6 only environment.
  • Enhanced OA to bring the server from a power throttled state back to normal power state upon an OA reboot to circumvent an unwarranted emergency brake.
  • Fixed an issue where the Active and Standby OAs can have the same IP address in some rare situations.
  • Resolved an issue where a Gen9 server’s host name gets cleared when the blade is rebooted.
  • Addressed an issue where server blade Power ON will be delayed in enclosures with OA Firmware Version 4.60 and managed by HPE OneView, when the OA module is reset until OneView refreshes the servers.

Security

The following security vulnerabilities were fixed:

  • CVE-2016-5387– Addressed a vulnerability which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request.
  • CVE-2016-2183- Addressed a vulnerability against TLS ciphers with 64bit block size in which makes it easier for remote attackers to obtain cleartext data via an attack against a long-duration encrypted session
  • CVE-2016-6515 - Addressed a vulnerability in OpenSSH which did not limit password lengths for password authentication, which allows remote attackers to cause a denial of service via a long string.
  • CVE-2015-8215 - Addressed a vulnerability IPv6 stack which does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service.
  • Addressed issue where in Onboard Administrator was vulnerable to Buffer overflow.
  • Added the HSTS[HTTP strict transport security] support  in OA.
  • Addressed a memory corruption vulnerability in the post-authentication sshd process.

Issues and workarounds

Browsers

  • OA GUI is not accessible in Chrome versions 43.0.2357.10 to 44.0.2383.The issue was caused by a “regression” in Chrome (or WebKit). Customers should use an alternative browser like Firefox or Internet Explorer or try a different version of Chrome.
  • SSO-to-iLO connection from the OA using an iLO host name fails with Microsoft Internet Explorer11 on Windows 8.On a Windows 8 system with Internet Explorer 10 or Internet Explorer 11, if the OA web GUI session is loaded using a host name instead of an IP address, an attempt to open an iLO window using SSO from the OA web GUI might result in the iLO page loading in the OA web GUI window instead of the intended new window. This issue was determined to be a bug in Internet Explorer and is expected to be fixed in a future release or update for Internet Explorer. To work around this issue, either use an IP address to load the OA Web GUI, or turn off Protected Mode for the appropriate zone in Internet Explorer’s settings. This issue occurs only on Internet Explorer browsers.

FIPS

Certificates smaller than 2048 bits in size are not compliant with FIPS requirements as enforced by the OA firmware starting with OA 4.20. When the OA running OA firmware version 4.40 or greater is operating in FIPS Mode ON/DEBUG and is configured with a 1024-bit LDAP certificate that was installed when running a previous version of OA firmware, FIPS Mode ON/DEBUG is considered to be operating in a degraded state due to the presence of the non-compliant certificate. While operating in this FIPS-Degraded Mode operational state, attempts to set FIPS Mode OFF from the OA GUI Network Access>FIPS tab will fail and show the error message The selected FIPS mode is already enabled. When the non-compliant certificate is removed, the FIPS-Degraded operational status is cleared, FIPS Mode can then be successfully set to OFF from the GUI interface. Note that the OA CLI command SET FIPS MODE OFF can be successfully used to set FIPS Mode OFF even with non-compliant 1024-bit LDAP certificates installed in the OA.

IRC

Unable to open .net IRC console for Gen10 Blades, Gen9 Blades also have the same issue. The Java applet and Webstart however, loads but the virtual media mounting fails. The work around is to launch the IRC through IRC Application (HP Lights-Out Stand Alone Remote Console) which is installed on terminal client.

EFM

To use EFM on Gen 10 Blades, please select options/filters “Make Bootable ISO file” and Enclosure Firmware Management” while creating custom SPP ISO on HPSUM 8.0.0. Please refer to HPSUM 8.0.0 User guide for further details.

Enhancements

Onboard Administrator 4.70 provides support for the following enhancements:

Hardware additions

  • BL460c Gen 10.
  • HPE 10GbE Pass-Thru Module.
  • Qualified support for HPE Integrity BL8x0c i6 Server Blade.

Features: additions and changes

General

  • Added support for Gen 10 Server and iLO5 features.
  • Added support for the enhanced KVM functionality in iLO5
  • Added support for HTTP boot option in the server boot options
  • Add support for HPE 10GbE Pass-Thru interconnect module.
  • Added support for HPE Integrity BL8x0c i6 Server Blade.
  • GUI, CLI, Smart components, help files, URLs, and product names rebranded to align with HPE branding guidelines.
  • Added a new SNMP trap to indicate that the power redundancy is restored in the enclosure.
  • Enhanced "SHOW ENCLOSURE TEMP" command output, to display the temperature readings like Current, Caution and Critical temperature threshold values for interconnect modules.
  • Added a provision to make sysName field to be set to DNS host name for the traps sent from Onboard Administrator.

 Security

  • Adding support for CNSA approved algorithms and a new security mode - TOP_SECRET.
  • Added the ability to Enable/Disable cipher/protocol in FIPS OFF mode.
  • Added support for secured communication between HPE Embedded Remote Support functionality and the HPE Support Datacenters with the use of SHA-2 certificates.

Version:4.60 (24 Oct 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


  • General
    • Addressed an issue where EFM was reporting success while firmware update of iLO 4 failed.
    • Fixed an issue where OA might lose its IP address after OA firmware upgrade when ENCLOSURE_IP_MODE was enabled .
    • Fixed an issue where all iLOs were reset after making EBIPA changes to an empty bay. Now only the specific iLOs are reset.
    • Resolved an issue where iLOs became inaccessible after OA failover occurs with iLOs configured in EBIPA for IPv6. This occurs when an external router in the management network is configured to send Router Advertisements.
    • Corrected the type mismatch of OID cpqRackCommonEnclosureManagerLocation which could cause failures in the SNMP clients. The definition is changed from STRING to INTEGER.
    • Resolved an issue where information on only the last server NIC port of a multiport adaptor was shown on GUI and CLI. Now details of all the server NIC ports are displayed.
    • Resolved an issue of time synchronization between active and standby OA when date and time settings were changed from “Manual” to “NTP”.
    • Resolved EFM discovery/update failure when the server power policy in the EFM configuration is set to “must be off”.
  • Security

The following security vulnerabilities were fixed:

  • CVE-2016-2108 – Addressed a vulnerability in ASN.1 implementation in OpenSSL that can cause Denial Of Service via  any field in crafted serialized data
  • CVE-2015-8605 - UDP payload length not properly checked. Addressed a vulnerability where a badly formed packet with an invalid IPv4 UDP length field can cause a DHCP server, client, or relay program to terminate abnormally.
  • CVE-2012-3954 - Fixed a memory leak issue in DHCPv6 daemon that could result in out of memory condition in OA.
  • CVE-2016-0797 and CVE-2016-0799 - Addressed a vulnerability in OpenSSL that could enable security attacks by passing large amount of untrusted data to certain functions in OpenSSL.
  • CVE-2015-8605 - Addressed a vulnerability in IPv4 stack that can be exploited to cause a Denial Of Service via an invalid length field in a UDP IPv4 packet.
  • CVE-2015-3196 - Addressed a vulnerability in OpenSSL that results in Denial Of Service by remote servers via a crafted ServerKeyExchange message.
  • CVE-2015-3195 - Addressed a vulnerability in OpenSSL that can be exploited to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
  • CVE-2015-6564 - Addressed a vulnerability in OpenSSH that might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
  • CVE-2015-6563 - Addressed a vulnerability in OpenSSH that allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid.
  • CVE-2015-5621 - Addressed a vulnerability in Net-SNMP that causes a Denial Of Service and possibly allows execution of arbitrary code via a crafted packet.
  • CVE-2015-5364 and CVE-2015-5366 - Addressed a vulnerability in UDP stack that can be exploited in UDP flood scenario to cause Denial Of Service in the OA.
Enhancements

Onboard Administrator 4.60 provides support for the following enhancements:

  • Hardware Additions
    • None.
  •  ​​Features Additions and Changes
    • General
      • GUI, CLI, Smart components, help files, URLs, Product Names rebranded to align with HPE branding guidelines.
      • Enhanced information reporting of Gen9 servers booted in UEFI mode.
      • Support the configuration of SNMP trap agent address when non-default VLAN is enabled on OA.
      • Enhanced syslog to show the flooding information when VLAN configured nodes flood the management network.
    • Remote Support
      • Modified to connect to the HPE remote support URL.
    • EFM
      • Enhanced error handling mechanism in EFM for servers in UEFI boot mode.
      • Enhanced EFM to display detailed name for smart array controllers .
      • EFM enhanced to identify more devices in the EFM report.
      • Enhanced the status reporting of EFM operations to align with HPSUM return codes.

Version:4.50 (1 Oct 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


  • General
  • Fixed an issue which was seen when connecting to the OA from HP SIM using a LDAP account with the user name containing an exclamation character (!) for the SSO.
  • Fixed an issue where LDAP search contexts are showing empty after firmware is upgraded in FIPS Mode.
  • Fixed an issue where a customer logging in to OA using AD/LDAP credentials as a member of both Domain Administrators and Domain Users groups, and where one enclosure is given Domain Administrators access to the full administrative rights of the enclosure, and the other is given Domain Users limited access
  • Corrected a display issue where iLO logs listed in OA shows the order of events sorted incorrectly when the events are more than a year old. The events are displayed sorted on the month and hence events that occurred in the same month in two different years are incorrectly displayed together. The sorting now considers the year also.
  • Fixed an issue where the Device Bay Information page does not show the Management Processor/iLO NIC details under the Server NIC Information table, when the server is powered down.
  • Fixed an issue where OA reports incorrect values for Caution and Critical temperature limits when a blade is in Telco Mode.
  • Addressed an issue where Connect Server Serial command used to fail when server
  • FIPS
    • Fixed an issue which prevented transition to FIPS mode OFF when the enclosure is in FIPS-Degraded state. The same failure was seen when the transition was performed on a linked enclosure which was in FIPS-Degraded state. The issue has been addressed and the FIPS mode transition is allowed.
  • EFM
    • Addressed issues that would result in EFM failure with the following error messages:
      • Failed to boot ISO
      • Unable to Monitor HPSUM
  • Security

       The following security vulnerabilities were fixed:

  • CVE-2015-0204 – A remote server can supply a weak RSA temporary key for a non-export RSA key exchange cipher suite to downgrade the session security.
  • CVE-2015-0286 - A vulnerability in ASN1_TYPE_cmp function can be exploited to launch a DoS (Denial of Service) attack by causing a crash during certificate validation operation.
  • CVE-2015-3144 – A vulnerability can be exploited to allow remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact.
  • CVE-2015-3153 – The default CURL configuration sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
  • CVE-2015-2922 – A vulnerability in the Linux kernel can be exploited by sending a crafted Router Advertisement message and setting a low IPV6 hop limit and in turn cause DoS (Denial of Service).
  • CVE-2015-1789 – A vulnerability in some OpenSSL versions allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data.
  • CVE-2015-1791 – A vulnerability in some OpenSSL versions allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

 

Enhancements

Onboard Administrator 4.50 provides support for the following enhancements:

  • Hardware Additions
    • Added support for HP 2650W PSU -US PLATINUM DC c7000 power supplies.

 ​​Features Additions and Changes

  • General
    • Introduced a standardized code signing and validation mechanism to enhance the firmware image authenticity.
    • Enhanced the OA CLI SET FACTORY command to set the Administrator password to the factory default "toe tag" password. This helps customers reset the module to the factory defaults including the password.

 New CLI command: SET FACTORY [RESTORE_FACTORY_PASSWORD]

  • Enhanced the OA firmware to notify users when the network connectivity of the Standby OA is lost. This helps users restore the Standby OA’s connectivity to maintain redundancy.
  •  
  • Added an option to allow selection of UEFI Target as a One Time Boot option for UEFI enabled blade servers. Now USB, UEFI_SHELL and UEFI_TARGET options have been added as One Time Boot options. The option has been added in both GUI and CLI.
  • The OA bay number is now indicated in the Enclosure TCP/IP Settings page so users can know which bay currently hosts the Active and Standby OA module. The bay number labels would be shifted based on the Active-Standby role transition
  • Added diagnostics for Enclosure management network flooding situations. Now, in the enclosure management network flooding situations, OA will report the top 5 IP addresses in the network that are contributing to the network flood. This will help the customers to identify the source of the flood and take appropriate action.

 

  • ​Remote Support
    • As an enhancement, SNMP traps for Insight Remote Support service event transmission failures have been added to enable users to monitor this specific trap to identify any service event transmission failures.
    • Added Insight Remote Support service event for indicating low OA RTC battery condition. The service event will give information on the OA module in which the battery is low or failed and the spare part for the replacement battery.
  • EFM
    • Added a feature to prevent the flashing of OA firmware while the EFM process is in progress, thereby preventing the devices from getting into an indeterminate state.
    • Enhancements in the EFM feature have been made to handle issues seen in servers that take a longer duration to boot up.
    • Added a syslog notification when the EFM ISO is changed as to indicate the change to users.

Version:4.23 (19 Jun 2015)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Addressed an issue where OA-iLO communication breaks when OA 4.22 is used with ILO-2 2.27, ILO-3 1.82 and ILO-4 2.10. The versions of iLO listed were updated to address a security vulnerability CVE-2014-3566

Enhancements

 New Hardware:  HP 2650W Universal Power Supply and HP High Voltage Power Module


Version:4.40 (31 Mar 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


General

  • Devices with MAC addresses ending with “81:00” (such as f8:66:f2:6d:81:00) were unable to communicate with the OA. Some examples of the observed symptoms were:
Attempts to ping the OA from the device fail The OA cannot use such a device as a gateway The OA GUI and CLI cannot be used from this device  This had no functional impact; the entry could be ignored. 
Documentation
  • In the September 2014 (Edition 23) HP BladeSystem Onboard Administrator CLI User Guide for OA 4.30, within the description of the SET HTTP REQUESTREADTIMEOUT command, a command showing recommended values had the BODY MINRATE value as 50 instead of the correct value 500. The command with the correct recommended values is as follows: SET HTTP REQUESTREADTIMEOUT HEADER 3-8 MINRATE 500 BODY 5-10 MINRATE 500
This error was corrected in the October 2014 (Edition 24) document.
  EFM
  • In rare cases, the Active OA module would reboot expectedly during the update of the OA firmware on redundant OA modules.  When this issue occurred, the Active OA module would reboot during the transfer of the OA firmware image to the Standby OA module.  The OA firmware update would fail to complete successfully; a segmentation fault (SEGV) error would be logged in the Active OA system log.  This issue did not cause any firmware or data corruption, and the OA firmware update could be successful if retried following the occurrence of this issue. Note that this issue could only be encountered when updating OA modules running OA 4.30 firmware.  o   Attempts to update the firmware failed on an HP ProLiant Gen9 server blade configured in UEFI Boot Mode or UEFI Optimized Boot Mode. When this failure occurred, the firmware log for the blade server would indicate an error similar to the following for each update attempt, including the two automatic retries that occur on failure: Jul 15 09:34:19 Unable to detect ISOLINUX booting. A final status report similar to the following would also be issued:
Jul 15 10:30:33 Firmware Management is incomplete on blade <bay number>.
  • When using an HP Firmware Management ISO image based on a URL that includes the HTTP port (for example, http://10.226.36.35:8080/bp-151ilo-2014-08-26-1.iso),  EFM failed to mount the image. The following error message would be displayed: Unable to mount ISO or validate version information. The URL or ISO is invalid.   CLI commands affected include those that depend on the URL specification via the SET FIRMWARE MANAGEMENT URL command (such as the UPDATE FIRMWARE SERVER command and the UPDATE IMAGE FW_ISO command).  o   The EFM firmware log would indicate "Firmware Management successfully completed on blade x" even if the iLO firmware update failed to complete successfully. 
 IPv6
  • Configuration scripts could not be applied to another OA properly when attempting to configure new EBIPA DNS IPv4/IPv6 addresses or IPv6 routes. Attempts to change the configurations could only add new addresses to those of the previous configuration. It was not possible to replace the existing addresses with the new ones. The following CLI commands now include the ALL keyword to allow clearing of all unwanted addresses or routes:
  • REMOVE EBIPA SERVER DNS ALL
  • REMOVE EBIPAV6 SERVER DNS ALL
  • REMOVE OA ROUTE IPV6 <ACTIVE|STANDBY> ALL
A configuration script can now use these commands to clear the previous (unwanted) EBIPA DNS IP addresses and IPv6 static routes, and then add the new ones.   
  KVM
  • Pressing Enter four times consecutively on a keyboard attached to the c7000 Enclosure integrated KVM module would cause the highlighted blade server on the KVM screen to power off or on, depending on its current power state. This issue has been fixed by interchanging the Ok/Confirm and Cancel buttons on the Confirm: Change Server Power and Change Server Power screens so that the Cancel button is highlighted by default instead of the OK or Confirm button. The default focus is set on the Cancel button.
  Security
  • The following security vulnerabilities were fixed:   
  • CVE-2014-3511: A vulnerability could be exploited by launching man-in-the-middle attacks to force the use of TSL 1.0 instead of the intended later version of TLS. This is documented in HP Security Bulletin HPSBMU03104 (https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04427546).
  • CVE-2007-2242: A vulnerability could be exploited by launching denial-of-service attacks via crafted IPv6 type 0 router headers between two routers, resulting in network congestion. This is documented in HP Security Bulletin HPSBMU03104 (https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04427546).
  • CVE-2014-3567: A vulnerability can be exploited to cause a DOS denial-of-service (memory consumption) attack via crafted session tickets that triggers an integrity check-failure.
  • CVE-2014-3513: A vulnerability can be exploited to cause a denial of service (memory consumption) via a crafted handshake message.
  • CVE-2014-3513: SRTP Memory Leak – a memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 (before 1.0.1j) allows remote attackers to cause denial of service (memory consumption) via a crafted handshake message.
  • This release of the OA resolves this security vulnerability by compiling OpenSSl with OPENSSL_NO_SRTP (the OA does not use DTLS and SRTP). 
  • CVE-2014-0139: A vulnerability affecting SSL/TLS transactions that might allow a man-in-the-middle attacker to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certificate Authority.
  • CVE-2014-0015: A vulnerability when more than one authentication method is enabled and NTLM connections are reused, which might allow context-dependent attackers to authenticate as other users via a request.
  • CVE-2014-0138: A vulnerability affecting certain LDAP connections that might allow context-dependent attackers to connect as other users via a request (similar to issue CVE-2014-0015).
  • CVE-2014-2522: A vulnerability when running on Windows and using an SChannel/Winssl TLS backend. When accessing a URL that uses a numerical IP address, curl does not verify that the server host name matches a domain name in the subject’s CN or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. 
  • In addition, OpenSSL has been updated to version 1.0.1h to address multiple CVE fixes.

 SSH/SSL keys
  • With OA firmware later than 4.0x, attempts to add an SSH key using the OA CLI ADD SSH KEY command might fail. Intermittently, after issuing the command, the user received an error message ("The submitted file is not a valid SSH key."), in which case the command failed. 

SNMP 
  • SNMP alerts (or traps) sent from the OA to an IPv6 SNMP alert destination are sent incorrectly to destination port 161 instead of port 162 (per RFC 1157) when no destination port is explicitly specified as part of an IPv6 SNMP alert destination configuration.
    •  The OA HTTP service would become unresponsive and communication to the OA would be lost after removing a local user account with OA administrator level privileges.  This issue in only occurred when the removed user account had previously been used to configure network services on the OA module.  
Enhancements

  • General
    • Cipher suites are now configured and displayed using their RFC 5246 standardized names. 

Version:4.30 (9 Sep 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

General
  • In rare cases, the OA may fail to successfully identify server blades that have been either physically inserted into the enclosure or have been reset by executing the OA CLI RESET SERVER command.  When this issue occurs, the affected server blades are misidentified as an unsupported blade type.
  • Restoring or configuring OA settings from a saved configuration script may fail to apply all network settings on the Standby OA module. The failing configuration script commands return the following error: “An error occurred while communicating with the other Onboard Administrator.” 
  • The RSA key for SSH is not properly exchanged with the Standby OA during an OA failover event when Enclosure IP Mode is enabled. After an OA failover event, when logging into the OA, SSH clients using the Enclosure IP address to access the Active OA may display an RSA key fingerprint warning message or “man-in-the-middle” security breach warning message.  This issue only occurs on OA 4.1x or OA 4.2x versions of OA firmware when the OA has been factory reset or new SSH keys were manually generated.  
  • The OA periodically reboots with the following entry logged in the OA system log:“OA: DHCP Monitor: DHCPD or RADVD is not running. Restarting OA.” 
  • In an IPv6-only management network environment with the VLAN feature enabled, the CONNECT SERVER OA CLI command fails to connect to the server blade serial console with an error displayed similar to the following: Connecting to bay 1 ... iLO failed to respond: Interrupted system call (4)
Browsers
  • After logging in to the OA GUI via the Google Chrome™ browser (Chrome-v34.0.1847.116 m or greater), the OA web application fails to load properly. The OA GUI login screen may display the warning: “Your browser does not have the required functionality to run the application.” 
  • When using Microsoft® Internet Explorer 11, the results of a configuration script fail to load properly after uploading and executing a configuration script using a local file from the OA web GUI. This issue was seen only when more than one script was uploaded without refreshing the page
EBIPA
  • Enclosure devices (including interconnect modules) fail to be configured with the Link Local address corresponding to the IPv6 gateway specified in the EBIPA for IPv6 configuration settings.  This issue only occurs when an IPv6 other than the Link Local address of the gateway is specified in the EBIPA for IPv6 configuration settings and will only occur for certain gateway server devices.
Serial Console
  • When logging in to connect to the OA via the serial port, if a user enters the @ key as part of the login user name or password, the entered line is erased. 
  • When the baud rate for the OA serial port is configured to a value greater than the default 9600, attempts to directly paste saved commands or text into an open OA serial console session results in truncation or corruption of the pasted data. 
SNMP
  • No response received to a UDP network request sent from a client to an enclosure device such as iLO or an interconnect module. This issue was specifically observed when an SNMP request was sent to an interconnect module.  
Enhancements

Enhancements/New Features:

  • Hardware Additions
    • HP ProLiant BL460c Gen9 Server
    • Smart Array 12Gb SAS Controller
    • HP FlexFabric 20Gb 2-port 650FLB Adapter
    • HP FlexFabric 20Gb 2-port 650M Adapter
    • HP FlexFabric 10Gb 2-port 536FLB Adapter
    • HP Adapters QDR/EN 10Gb & FDR/EN 40Gb 544+M
    • HP 2650W High Voltage Power Supply
    • HP High Voltage Power Module
  • Features Additions and Changes
    • General
      • Support for configuration of boot order settings for UEFI-capable blades operating in UEFI boot mode.
      • Enhanced the existing RESET ILO OA CLI command to remotely perform a hardware-based reset of iLO.  This hardware-based reset is only supported on Gen9 server blades and is equivalent to the iLO reset that can be manually performed using the UID button on a Gen9 server blade.  Note that this iLO reset can be performed without impact to the operating state of the associated server.
    • Enclosure Firmware Management (EFM)
      • Support for clearing all existing EFM log data stored in the OA, including both the OA EFM log and the server-specific Firmware and Session logs.
    • Security
      • Support for customizing secure connection protocols and ciphers to be used by the OA when it is operating with FIPS Mode enabled. This configuration is only accessible and used by the OA when the OA is configured in either FIPS Mode ON or FIPS Mode DEBUG.
      • Support for configuration of the client request timeout settings on the OA web server. These settings are configurable using the new OA CLI SET HTTP REQUESTREADTIMEOUT command. 
    • IPv6
      • Support for a new Enable Router Advertisements enclosure-level IPv6 setting. Router Advertisements from the external management network are allowed onto the internal enclosure management network when this setting is enabled and blocked when it is disabled. 
      • Support for manual configuration of up to three static IPv6 network routes associated with the OA network interface.
      • Support on the Standby OA GUI TCP/IP Settings>IPv6Settings tab for configuring and reporting certain IPv6 settings.
    • DNS
      • Improved DNS server redundancy reporting on the Active OA and Standby OA GUI TCP/IP Settings screens  and via the CLI SHOW OA NETWORK and SHOW NETWORK commands.  Depending on how many DNS servers are configured, the Onboard Administrator can employ up to six DNS servers for lookups: two IPv4 DNS servers (either static or DHCP assigned, but not both) and four IPv6 DNS servers (static or DHCP assigned, or both). For more information, see the OA user guides. 

 


Version:4.02 (12 Aug 2014)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed 

  • General
    • OA 4.02 includes fix for CVE 2014-0224. HPSBMU03058 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA). 
    • In the HP BladeSystem c3000 Enclosure with at least one Cisco Catalyst Blade Switch 3020 for HP c-Class BladeSystem installed, OA enclosure thermal management may not provide sufficient cooling to allow some blade configurations to operate at optimal performance under heavy workloads.
Enhancements

Enhancements/New Features:

  • Hardware
    • Added support for the “HP 2650W HE PSU” power supply for the HP BladeSystem c7000 Enclosure.

Version:4.13 (24 Jul 2014)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

Recommended - Users should update to OA 4.13 if their system is using OA 4.12.
 
Optional – Users should update to OA 4.13 if their system is using an OA version prior to OA 4.12 and is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

Onboard Administrator firmware version 4.13 resolved the following issue:
  • General
    • OA 4.10 is no longer available on the web and has been replaced with OA 4.13.  OA 4.13 includes fix for CVE 2014-0224 and also includes fix provided in OA 4.12 for CVE 2014-0160. HPSBMU03058 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA).  
The following issues were resolved in Onboard Administrator firmware version 4.12 and are included in version 4.13:   
 
  • General
    • Disabled support for OpenSSL TLS heartbeat extension. CVE-2014-0160 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160, HPSBMU02994 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information - Document ID: c04236062  (Currently Rev 1)
    • The OA CLI command RESET ILO fails to successfully reset the specified iLO with a response indicating “No iLO link detected” when executed on HP ProLiant BL2x220c G5, G6, and G7 Server Blades in bays 1-8.
    • Reset to factory defaults fails for redundant OA modules. See the Customer Advisory c04116279 for more information.
    • OA displays FCoE functionality associated with incorrect physical function (PF) for HP FlexFabric 10Gb 2-port 526FLB Adapter.
    • On initial insertion into the enclosure, the asset tag data for a server blade may not be populated or may be displayed as “[Unknown]” in the “Server Device Bay Information” tab of the web GUI or after executing the “SHOW SERVER INFO” command from the CLI.
    • After making network configuration-related changes to the OA, the following message may be logged to the configured remote syslog server from the standby, “OA: Remote Syslog: Unable to open enclosure configuration file. Exiting”.
    • OA v4.01 may hang when booting if the Alertmail Sender Name string includes space characters and is either 39 or 40 characters long.
    • OA 'Link loss failover' does not function properly after performing OA FW SYNC.
    • Installing HP SSO certificates from multiple OA clients simultaneously may result in the corruption of one or more of the SSO certificates. 
  • EFM
    • Inability to power on all blades within an enclosure due to insufficient enclosure power after running EFM update process on blades with the “Forced Power Off” EFM configuration option enabled.
  • GUI
    • The GUI cannot complete the loading process on linked enclosures for USER or OPERATOR accounts without OA bay access enabled. This behavior was only exhibited in OA 4.01 firmware.
  • Integrity Blade Servers
    • The OA fails to update the IP address of a HP Integrity BL860c or BL870c Server Blade after enabling an EBIPA address for the blade. OA commands such as CONNECT SERVER will fail until either the OA is restarted or the blade's iLO is reset.
  • IPv6
    • The CONNECT SERVER CLI command fails in IPv6-only network environment.
    • The HTTP service for IPv6 may become unresponsive configuring the OA with an IPv6 address and enabling IPv6 support through the GUI or CLI within a very short time. See the Customer Advisory c04012934 for more information.
  • OA Redundancy
    • When an OA forced failover is initiated from either the CLI or the GUI and the management network is under an extreme load, a kernel panic and reboot of the new standby module may be observed.
  • Power
    • Spurious enclosure power supply insertion and subsequent removal events logged for unpopulated power supply bays in a c3000 Enclosure.
Enhancements

Enhancements/New Features:

The following Enhancements/New Features were enabled in Onboard Administrator firmware version 4.12 and are also included in version 4.13. No additional enhancements were added in version 4.13.

  • Hardware Additions
    • HP LPe1605 16Gb FC HBA for BladeSystem c-Class.
    • HP Smart Array P230i Controller.
    • HP 2650W Universal Power Supply
    • HP High Voltage Power Module
  • Features Additions and Changes
    • Authentication
      • Enhanced nested LDAP group support to include sub-tree search of the configured search contexts.
      • Enhanced nested LDAP group support to perform sub-tree search at specified search contexts.
    • Enclosure iLO Federation
      • In versions of OA firmware prior to OA 4.11, ILOs within an enclosure were not able to communicate in a peer-to-peer fashion.  If you wish to enable iLO Federation between blades in an individual enclosure, the Enable Enclosure iLO Federation Support configuration option in the OA must first be enabled. In addition to enabling this support for the enclosure, you must also enable the necessary support individually for any desired blades through the iLO user interfaces.  The Enable Enclosure iLO Federation Support configuration option is enabled by default. Please ensure that this setting is disabled if there are any concerns with enabling peer-to-peer communication between iLOs within the enclosure.  The configuration option can be displayed or modified via the Enclosure Information->Enclosure Settings->Network Access page in the OA GUI web console, or it can be displayed via the OA CLI interface using SHOW NETWORK command and modified using the ENABLE/DISABLE ENCLOSURE_ILO_FEDERATION_SUPPORT CLI commands.
    • FIPS
      • Cryptographic Known Answer Tests (KATs) now run on each OA reboot and/or power cycle irrespective of the FIPS mode setting.
    • HP Insight Remote Support
      • Added support for the Insight Remote Support Direct Connect configuration.
      • Added CLI and GUI interfaces for importing a self-signed certificate from an Insight RS Hosting Device into the OA. This certificate is used to validate the signing authority of the Insight RS Hosting Device, which is required to allow communication with the Hosting Device when the OA is in FIPS mode.
    • IPv6
      • The OA supports DDNS for IPv6 addresses.
      • Added support for displaying IPv6 addresses for the associated enclosure devices for the SHOW INTERCONNECT, SHOW TOPOLOGY and SHOW SERVER commands.
    • Security
      • Added support for TLS 1.1 and TLS 1.2 as a secure communication protocol.
      • Enabled “diffie-hellman-group1-sha1” as a supported SSH key exchange option by default. Support for “diffie-hellman-group1-sha1” as a supported SSH key exchange option was disabled in OA 4.01 by default. This can be disabled via the “SET SECURESH SERVER KEX DHG1” CLI command if required. Note that updating to OA 4.11 will not change the current setting but resetting the OA factory default settings will result in“diffie-hellman-group1-sha1” key exchange being enabled. Any saved OA configuration scripts should be updated appropriately.
  • Browser Support
    • Updated web browser support as follows:
      • Microsoft® Internet Explorer 8, 9, 10, and 11.
      • Mozilla™ Firefox® ESR 17 and ESR 24.
      • Google Chrome™.

Version:4.22 (23 Jun 2014)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

Recommended - Users should update to OA 4.22 if their system is using OA 4.20 or 4.21.
Optional – Users should update to OA 4.22 if their system is using an OA version prior to OA 4.12 and is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Patched the support for SSL/TLS MITM Vulnerability CVE-2014-0224 http://www.openssl.org/news/secadv_20140605.txt

Enhancements

 New Hardware:  HP 2650W Universal Power Supply and HP High Voltage Power Module


Version:4.21 (18 Apr 2014)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

Recommended - Users should update to OA 4.21 if their system is using OA 4.20. Users should updated to either OA 4.12 or OA 4.21 if their system is using OA 4.11.
 
Optional – Users should update to OA 4.21 if their system is using an OA version prior to OA 4.11 and is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Enhancements

Enhancements/New Features:

  • Features Additions and Changes
    • General
    • IPv6
      • The OA fully supports operation in a mixed IPv4/IPv6 or IPv6-only management network including management of IPv6-capable enclosure infrastructure devices such as iLO and interconnect modules. To use IPv6 networking, you should review the  OA IPv6 settings and customize them as necessary for your specific IPv6 environment. Note that if routing between IPv6 management networks is required, the routing configuration of the OA and enclosure infrastructure devices may be performed either via external IPv6 router advertisements or, starting with OA 4.20, via static configuration of an IPv6 gateway. After completing the necessary IPv6 configuration of the OA, you may then access any IPv6-capable enclosure infrastructure devices via its supported user interfaces and perform management actions from the OA.
      • Modified factory default state of IPv6 enclosure level settings (IPv6, DHCPv6, and SLAAC) from "disabled" to "enabled" by default to better support default connectivity to the OA in IPv6-only management network environments. Note that updating to OA 4.20 will not change the configuration of these settings but any subsequent reset to factory defaults will result in these settings being enabled. Any previously saved OA configuration scripts should be updated appropriately.
      • Added support for configuration of a static IPv6 gateway as an addition to the previously existing static IPv6 network settings for the OA module.
      • Added support for configuration of an IPv6 gateway for blade server iLOs and interconnect modules via the Enclosure Bay IP Addressing for IPv6 feature.
    • Interconnects
      • Added two new CLI commands to support the "BLc SX1018HP" switch only:
        • SET INTERCONNECT ADMIN_PASSWORD FACTORY [ <bay number> ] - resets the Interconnect management password back to the factory setting.
        • SET INTERCONNECT FACTORY [ <bay number> ] - performs a factory reset on the Interconnect.
    • SNMP
      • In some instances, SNMP changes successfully configured from the OA user interface can fail to be processed properly most notably resulting in the OA failing to send SNMP traps to configured SNMP alert destinations.
         
  • Browser Support
    • Microsoft® Internet Explorer 8, 9, 10, and 11.
    • Mozilla™ Firefox® ESR 17 and ESR 24.
    • Google Chrome™.
       

Version:4.12 (16 Apr 2014)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

Users should update to OA 4.12 if their system is using OA 4.11. 

Optional – Users should update to OA 4.12 if their system is using an OA version prior to OA 4.11 and is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • Disabled support for OpenSSL TLS heartbeat extension. CVE-2014-0160 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160, HPSBMU02994 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information - Document ID: c04236062  (Currently Rev 1)
    • The OA CLI command RESET ILO fails to successfully reset the specified iLO with a response indicating “No iLO link detected” when executed on HP ProLiant BL2x220c G5, G6, and G7 Server Blades in bays 1-8.
    • Reset to factory defaults fails for redundant OA modules. See the Customer Advisory c04116279 for more information.
    • OA displays FCoE functionality associated with incorrect physical function (PF) for HP FlexFabric 10Gb 2-port 526FLB Adapter.
    • On initial insertion into the enclosure, the asset tag data for a server blade may not be populated or may be displayed as “[Unknown]” in the “Server Device Bay Information” tab of the web GUI or after executing the “SHOW SERVER INFO” command from the CLI.
    • After making network configuration-related changes to the OA, the following message may be logged to the configured remote syslog server from the standby, “OA: Remote Syslog: Unable to open enclosure configuration file. Exiting”.
    • OA v4.01 may hang when booting if the Alertmail Sender Name string includes space characters and is either 39 or 40 characters long.
    • OA 'Link loss failover' does not function properly after performing OA FW SYNC.
    • Installing HP SSO certificates from multiple OA clients simultaneously may result in the corruption of one or more of the SSO certificates. 
  • EFM
    • Inability to power on all blades within an enclosure due to insufficient enclosure power after running EFM update process on blades with the “Forced Power Off” EFM configuration option enabled.
  • GUI
    • The GUI cannot complete the loading process on linked enclosures for USER or OPERATOR accounts without OA bay access enabled. This behavior was only exhibited in OA 4.01 firmware.
  • Integrity Blade Servers
    • The OA fails to update the IP address of a HP Integrity BL860c or BL870c Server Blade after enabling an EBIPA address for the blade. OA commands such as CONNECT SERVER will fail until either the OA is restarted or the blade's iLO is reset.
  • IPv6
    • The CONNECT SERVER CLI command fails in IPv6-only network environment.
    • The HTTP service for IPv6 may become unresponsive configuring the OA with an IPv6 address and enabling IPv6 support through the GUI or CLI within a very short time. See the Customer Advisory c04012934 for more information.
  • OA Redundancy
    • When an OA forced failover is initiated from either the CLI or the GUI and the management network is under an extreme load, a kernel panic and reboot of the new standby module may be observed.
  • Power
    • Spurious enclosure power supply insertion and subsequent removal events logged for unpopulated power supply bays in a c3000 Enclosure.
Enhancements

Enhancements/New Features:

  • Hardware Additions
    • HP LPe1605 16Gb FC HBA for BladeSystem c-Class.
    • HP Smart Array P230i Controller.
  • Features Additions and Changes
    • Authentication
      • Enhanced nested LDAP group support to include sub-tree search of the configured search contexts.
      • Enhanced nested LDAP group support to perform sub-tree search at specified search contexts.
    • Enclosure iLO Federation
      • In versions of OA firmware prior to OA 4.11, ILOs within an enclosure were not able to communicate in a peer-to-peer fashion.  If you wish to enable iLO Federation between blades in an individual enclosure, the Enable Enclosure iLO Federation Support configuration option in the OA must first be enabled. In addition to enabling this support for the enclosure, you must also enable the necessary support individually for any desired blades through the iLO user interfaces.  The Enable Enclosure iLO Federation Support configuration option is enabled by default. Please ensure that this setting is disabled if there are any concerns with enabling peer-to-peer communication between iLOs within the enclosure.  The configuration option can be displayed or modified via the Enclosure Information->Enclosure Settings->Network Access page in the OA GUI web console, or it can be displayed via the OA CLI interface using SHOW NETWORK command and modified using the ENABLE/DISABLE ENCLOSURE_ILO_FEDERATION_SUPPORT CLI commands.
    • FIPS
      • Cryptographic Known Answer Tests (KATs) now run on each OA reboot and/or power cycle irrespective of the FIPS mode setting.
    • HP Insight Remote Support
      • Added support for the Insight Remote Support Direct Connect configuration.
      • Added CLI and GUI interfaces for importing a self-signed certificate from an Insight RS Hosting Device into the OA. This certificate is used to validate the signing authority of the Insight RS Hosting Device, which is required to allow communication with the Hosting Device when the OA is in FIPS mode.
    • IPv6
      • The OA supports DDNS for IPv6 addresses.
      • Added support for displaying IPv6 addresses for the associated enclosure devices for the SHOW INTERCONNECT, SHOW TOPOLOGY and SHOW SERVER commands.
    • Security
      • Added support for TLS 1.1 and TLS 1.2 as a secure communication protocol.
      • Enabled “diffie-hellman-group1-sha1” as a supported SSH key exchange option by default. Support for “diffie-hellman-group1-sha1” as a supported SSH key exchange option was disabled in OA 4.01 by default. This can be disabled via the “SET SECURESH SERVER KEX DHG1” CLI command if required. Note that updating to OA 4.11 will not change the current setting but resetting the OA factory default settings will result in“diffie-hellman-group1-sha1” key exchange being enabled. Any saved OA configuration scripts should be updated appropriately.
  • Browser Support
    • Updated web browser support as follows:
      • Microsoft® Internet Explorer 8, 9, 10, and 11.
      • Mozilla™ Firefox® ESR 17 and ESR 24.
      • Google Chrome™.

Version:4.01 (10 Sep 2013)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • Partnering alert on HP BladeSystem Insight Display LCD may not be cleared. See Customer Advisory c03801002 for more information.
    • When running OA firmware versions 3.6x or 3.7x with the OA deployed in a large, flat management network topology, the OA reboots after logging an OA system log similar to the following:
      • Nov 11 22:04:54 Kernel: Out of Memory: Kill process 10562 (iptables) score 822 and children.
    • KVM connections to iLO 2 server blades would fail if the default Remote Control Telnet port was changed in iLO.
    • HP Insight Management does not properly report partnered blades installed in lower slots when associated with a full height blade such as the HP ProLiant BL680c. This issues does not occur when the partner blade is associated with a half height blade such as the HP ProLiant BL460c.
    • Insight Display reports a config error when HP Integrity BL890c i2, HP Integrity BL870c i2, or  HP Integrity BL860c i2 Server Blades are paired with a tape storage blade.
    • Primary OA would stop responding to network requests with a “HTTP service is unresponsive” error message under certain management network configurations.
    • The OA firmware behavior related to downloading files via a URL specifying authenticated FTP as the protocol has changed.  This new behavior results in the home directory of the specified user being used as the relative root path in the URL.  A double “//” must now be specified at the beginning of the path specification within the URL in order to specify an absolute path that avoids the use of the specified user’s home directory in the path.  For example: “ftp://user:password@host//path/to/file” will specify an absolute path of /path/to/file while “ftp://user:password@host/path/to/file” will specify a path to /home/user/path/to/file.
  • Alertmail
    • False alertmail messages are sent indicating the enclosures status as degraded followed by another message indicating the status has changed to OK.
  • Authentication
    • When the OA is enabled for Two-Factor Authentication (TFA) and the certificate chain contains more than 2 CA certificates, previous versions of the OA would not establish an SSL Connection.  The OA now accepts a max depth of 7 CA Certificates.
    • OA reboots with a segmentation violation when uploading a user certificate with an invalid certificate authority (CA) path.
  • Enclosure Firmware Management (EFM)
    • The OA EFM configuration would be improperly configured after restoring a previously saved OA configuration script.
    • When observing the EFM update process from a server blade console, note that manual user interaction with any user dialog screens presented can cause the EFM process for that server blade to fail.
  • FIPS
    • When FIPS mode has been enabled for the OA module(s) within an enclosure and a redundant OA which does not have FIPS mode enabled is later introduced into the enclosure, the current FIPS mode configuration will not be successfully synchronized to this newly introduced OA module.  To work around this issue, it is recommended that the OA module be reset to factory defaults prior to being introduced into a redundant OA configuration where FIPS mode has been enabled.
    • When FIPS mode is enabled for a redundant OA configuration, the automatic synchronization of FIPS mode configuration from the active to the standby OA module will trigger a reset of the standby OA module to factory defaults.  This operation will be incorrectly recorded in the OA syslog as having been performed by the “Insight Display” user.
  • GUI
    • Script error displayed on flashing OA
      • Issue 1: An alert titled "Warning: Unresponsive script" may occur if connectivity to the OA is lost. This can be safely ignored, and the user can sign in after the connection is restored.
      • Issue 2: An alert titled "Internet Explorer Script Error" may occur on a remote GUI session when flashing the OA. This may be safely ignored.
  • Integrity Server Blades
    • Under rare circumstances, an HP Integrity BL8x0c i2 or BL8x0c i4 Server Blade configured with Virtual Connect (VC) may lose all VC LAN and SAN network connections during an OA failover, OA reset,  iLO reset, or a Virtual Connect reset.  See Customer Advisories c03613140 and c03943711 for more information.
  • Interconnects
    • In the HP BladeSystem c3000 Enclosure with at least one Cisco Catalyst Blade Switch 3020 for HP c-Class BladeSystem installed, OA enclosure thermal management may not provide sufficient cooling to allow some blade configurations to operate at optimal performance under heavy workloads. 
    • Some BladeSystem interconnect modules may fail to connect or may experience excessive errors in certain scenarios after an I/O module is inserted into an enclosure that is already operating with OA firmware 3.6x/3.7x. See Customer Advisory c03811228 for more information.
  • LDAP
    • Enhanced LDAP authorization to distinguish the same user name in different LDAP Groups.
  • OA Upgrade
    • The OA flash process completes successfully although 88% is the highest percentage reported.
  • Power
    • The OA would incorrectly display an 'AC Subsystem Overload' alert message due to a transient power condition related to the Dynamic Power Saving mode.
    • SHOW POWER CLI output does not immediately reflect power configuration changes made by SET POWER MODE
  • SNMP
    • The OA reboots with an out of memory condition due to many SNMP MIB Walk requests after being active for long periods of time.
    • SNMP not accessible from standby OA IP with OA 3.56 through OA 3.60.
  • VLAN
    • Slow OA and virtual media access with 3.60 and later when VLAN functionality is enabled.
    • OA firmware sync feature does not work when VLAN is enabled.
Enhancements

Enhancements/New Features:

  • Hardware Additions
    • HP 2650W HE PSU power supply for the HP BladeSystem c7000 Enclosure.
    • Brocade 16Gb/16 SAN Switch for HP BladeSystem c-Class
    • Brocade 16Gb/28 SAN Switch for HP BladeSystem c-Class
    • Brocade 16Gb/28 SAN Switch Pwr Pk+ for HP BladeSystem c-Class
    • HP 6125XLG Blade Switch
    • HP FlexFabric 10Gb 2-port 534FLB Adapter
    • HP FlexFabric 10Gb 2-port 534M Adapter
    • HP QMH2672 16Gb FC HBA for BladeSystem c-class
  • Features Additions and Changes
    • IPv6 support to EBIPA (Enclosure Bay IP Addressing) for interconnect modules and server blades
    • Language Pack Support to allow for Japanese and Chinese GUI interfaces
    • SNMP3 support
    • Enhanced the UPDATE ILO CLI commandto to support server blades with the Trusted Platform Module (TPM) enabled
    • The sender’s email address for alertmail notifications
    • Monitoring of status of battery on OA module(s) with low battery level indication reported as OA diagnostic status.  When a low battery level status indication is encountered, the spare battery kit (HP p/n 708907-001) should be used for replacement of the battery as soon as possible as enclosure configuration settings may be lost if the OA loses power.
    • Two-Factor Authentication user certificates no longer require the "sslclient" property to be set.
    • Removed support “diffie-hellman-group1-sha1” as supported SSH key exchange option by default.  This may impact the ability of older SSH clients which do not support more contemporary and secure SSH key exchange options to connect to OA modules running OA 4.01.  This can be re-enabled via the “SET SECURESH SERVER KEX DHG1” CLI command.
  • Browser Support
    • Updated web browser support as follows:
      • Microsoft® Internet Explorer 8, 9, and 10
      • Mozilla™ Firefox® ESR 17
      • Google Chrome™

Version:3.71 (19 Feb 2013)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • The power subsystem might be reported as degraded and the HP 1200W Common Slot-48VDC Hot Plug Power Supply DC power supplies (HP part number: 437573-B21) as failed due to a device mismatch when running OA firmware 3.6x or 3.70 in a c3000 enclosure. See Customer Advisory c03571787 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03571787.
    • Intermittent  issue where server name was reset to default after power cycle.
    • Intermittent issue that would incorrectly reflect the HP 6120XG Ethernet Blade Switch and the HP ProCurve 6120G/XG Blade Switch status after the switch was rebooted or after a switch firmware update was performed.
       
Enhancements

Enhancements/New Features:

  • None

Version:3.70 (26 Oct 2012)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • If using OA 3.6x, HP BladeSystem c3000 Enclosures containing both of the following power supply models show the power subsystem degraded, with one or more power supplies being marked as mismatched. See Customer Advisory c03509204 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03509204.
      • HP 1200W Common Slot Silver Hot Plug Power Supply Kit
        • Part number 437572-B21
        • Spare part number 441830-001
      • HP 1200W Common Slot Silver Hot Plug Power Supply Kit
        • Part number 500172-B21
        • Spare part number 498152-001
    • The OA erroneously displayed the final character of the server name twice when the configured server name was greater than 14 characters.
Enhancements

Enhancements/New Features:

  • Firmware Additions
    • FIPS
      • FIPS, or Federal Information Processing Standards, is a set of publications that document standards for implementing security. More information can be found on “National Institute of Standards and Technology” website http://csrc.nist.gov/publications/PubsFIPS.html. OA 3.70 provides a user selectable FIPS Mode of operation wherein:
        • only FIPS 140-2 approved algorithms such as AES, 3DES and SHA are permitted,
        • strong passwords are enforced,
        • integrity self-tests are performed whenever encryption services are used (Known Answer Tests - KATs),
        • and partition integrity checks on boot are performed.
      • Enabling FIPS mode on an OA module or redundant pair of OA modules automatically forces the OA module(s) to be reset to factory defaults due to FIPS requirements. Please configure the OA module(s) for FIPS mode operation prior to performing any other enclosure or OA configuration including configuration of Virtual Connect.
      • Some features are permanently disabled in FIPS mode for compliance reasons:
        • Telnet access
        • Enclosure IP mode
        • SNMP
        • OA Firmware downgrades
        • Set Factory Defaults
        • Upload support dumps
        • Disable strong passwords
        • Disable LCD PIN protection
      • The default security settings in OA 3.70 have been upgraded and are now equivalent to prior version’s “Enforce Strong Encryption” setting. The “Enforce Strong Encryption” setting has been removed from OA 3.70.
      • Upon changing FIPS modes, all security related data is cleared from the OA, including certificates, keys, and other critical security parameters. Please refer to the security section in the Onboard Administrator user guide for more information.
      • FIPS is not supported on the following OA Hardware Modules:
        • HP BladeSystem c3000 Onboard Administrator (PN# 448589-B21, 461514-B21)
        • HP BladeSystem c7000 Onboard Administrator (PN# 412142-B21)
    • GUI
      • Internet Explorer 10 (IE 10) is supported in compatibility mode only.  The IE 10 “Windows 8 – Style UI Mode” is not supported.
      • OA GUI Management Console now allows login to 6Gb SAS Interconnect module Interfaces if VLANs are defined for the Interconnect modules.
    • IPv6
      • OA 3.70 adds a group box in the Management Processor Information tab on the iLO - Device Bay page, where a radio button is displayed to allow selection of the current IPv4 address and all IPv6 addresses assigned to the iLO.
         

Version:3.60 (4 Sep 2012)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • Previous versions logged transient network link status changes for the OA, servers and interconnects.  For example:
      Apr 30 06:48:17 OA: Network link to server 6 is down
      Apr 30 06:49:02 OA: Network link to server 6 is up
  • Thermals
    • OA 3.5x firmware versions track cumulative fan communication errors during continuous OA uptime.  Once a default threshold of cumulative errors is exceeded, the fan is marked as failed.  Some Active Cool 200 fans experience intermittent fan communication failures that will trigger this failure typically within 3 months of continuous operation, although the fans are otherwise operating normally.  Version 3.60 implements a different algorithm that avoids marking false failures with this generation of fans.  See Customer Advisory c03395857 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03395857.
  • IPv6
    • Alertmail now works with IPv6.
    • The DHCPv6 lease was reset each time the OA network was restarted by an OA reboot or other network configuration changes. This resulted in the OA inadvertently failing to request its existing IPv6 address when attempting to renew its IPv6 address via DHCP and typically receiving a different IPv6 address each renewal.
    • Under some conditions, users were unable to add a second IPv6 static address or to remove static IPv6 addresses thru the WEB GUI.
    • When the user specified both the Standby IPv6 DNS Server 1 and IPv6 DNS Server 2 thru the OA WEB GUI, the information for IPv6 DNS Server 1 was inadvertently discarded.
Enhancements

Enhancements/New Features:

  • Hardware Support
    • HP ProLiant WS460c Gen8 Workstation Blade
    • HP ProLiant BL660c Gen8 Server Blade
    • HP Virtual Connect Flex-10/10D Module for c-Class BladeSystem
  • Firmware Additions
    • Enclosure Firmware Management (EFM) allows administrators to define a single firmware baseline (SPP version) for the G5, G6, G7 and Gen8 Server Blades in a c-Class enclosure.  The administrator can have the firmware updated to the baseline on server insertion, during a pre-defined maintenance window, or manually.  The Onboard Administrator maintains logs of the EFM firmware updates, and reports on compliance with the established baseline.
      • EFM supports HP Service Pack for ProLiant (HP SPP) 2011.09 or newer.  Please review the HP Service Pack for ProLiant (HP SPP) documentation and release notes for issues and information about supported firmware components, http://www.hp.com/go/spp.
      • Enclosure Firmware Management (EFM) is not supported on the following OA Hardware Modules:
        • HP BladeSystem c3000 Onboard Administrator (PN# 448589-B21, 461514-B21)
        • HP BladeSystem c7000 Onboard Administrator (PN# 412142-B21)
    • Administrators can now define a custom Login Banner.  This can be used, for example, to display your specific Terms of Service (TOS) when logging in to the OA.
    • The OA IPv6 setting on the Enclosure TCP/IP Settings Page->IPv6 Settings tab now enables IPv6 traffic for all the devices in the enclosure (IPv6, RA, DHCPv6).
      • The OA will display IPv6 addresses assigned to the iLO
      • You must have IPv4 infrastructure to retain complete manageability through the OA; e.g. virtual media, single sign on, Enclosure Firmware Management.
    • Insight Remote Support enables health and inventory data for the enclosure to be collected by HP to expedite resolution of your issues.  Examples of data that is collected include:
      • Enclosure name
      • Enclosure product name
      • Enclosure part number
      • Enclosure serial number
      • Enclosure manufacturer name
      • Onboard Administrator firmware version
      • Onboard Administrator IP and MAC addresses
    • New CLI command SET SERIAL BAUD "<Baud Rate>" configures the baud rate settings for the OA serial console port. Valid Baud Rate values are:  9600, 19200, 38400, 57600, and 115200.
    • New SHOW HEALTH CLI command provides a summary of the health/status of all components in the enclosure.
    • Beginning with iLO 3 (G7 server blades) firmware version 1.50 and iLO 4 (Gen8 server blades) firmware version 1.05 a change in the server status reported by the Onboard Administrator will be observed in cases where a server attempts to power on but power on is delayed or denied.  In addition to the diagnostic status information indicating the cause of the power delay or denial, an additional diagnostic status indication will now be reported by the Onboard Administrator indicating that the server blade is reporting an internal degraded status.  This is an intentional behavior change.
    • Enhanced the HPONCFG CLI command to allow variable substitution. HPONCFG sends a RIBCL script to the specified HP ProLiant server blades with the access level and privilege of the current user. Command syntax is as follows:
              HPONCFG [NOAUTOLOGIN] [SUBSTITUTE [TEST] {<variable>=”value” [,<variable>=”value”[,…]]}] {ALL | <bay number> [{ , | - } <bay number>]} {<< <end marker> | <from_url> [<to_url>]}
      To use variable substitution, specify the token SUBSTITUTE followed by a list of variable assignments. Variable name and its value can include spaces, numbers, or any printable characters. Up to 25 variables are supported. The maximum length of variable name is 48 characters.  Specify TEST to review the RIBCL script that will be sent to the iLO without executing the script.  e.g.  The following command line would replace the string “%NAME%” in the RIBCL script that gets executed with “MY_NAME”:
              HPONCFG SUBSTITUTE NAME=”MY_NAME”
    • Updated OA SNMP to support the CPQRACK-MIB version 1.16.  Please see the HP Systems Insight Manager MIB Kit v9.20 for more details on the CPQRACK-MIB, http://h18013.www1.hp.com/products/servers/management/hpsim/mibkit.html.
    • A new warning message, “Mixing different power supply models is not supported. The power supply in bay #X must be replaced with the proper part number.”, is issued and the Power sub-system is degraded when different types of power supplies are mixed in c3000 enclosures.
    • With previous versions of the OA, packet flooding conditions on the management network could cause the OA to stop processing incoming packets.  Once triggered, this condition would persist until the OA was restarted.  The current version of the OA is more resilient to this condition, and will resume normal packet processing once the packet flooding conditions have cleared.  HP continues to strongly recommend that OA network ports be separate from your production network.
       

Version:3.56 (7 Jun 2012)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Updating to OA 3.56 is optional, though if you are experiencing security issues outlined in the release notes or thermal issues with a HP BL460c Gen8 server blade then you should consider updating to OA 3.56.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • HP ProLiant BL460c Gen8 server blades not properly cooled after a BIOS firmware upgrade. See Customer Advisory c03365221 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03365221.
    • Security enhancements. See Security Bulletin c03315912 for more information: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03315912.
    • Beginning with version 3.50, the OA could optionally generate 2048-bit keys for use with SSH and SSL. However, on upgrade the OA would retain existing 1024 bit keys to avoid disrupting ongoing communication. To switch from 1024-bit to 2048-bit keys you needed to first reset the OA configuration to factory defaults which would cause the generation of new keys. Beginning with version 3.56, a new CLI command “GENERATE KEY” can be used to force new keys to be generated at any time, i.e. without first resetting to factory defaults. For more information, refer to the section on new features.
Enhancements

Enhancements/New Features:

  • Hardware Support
    • None
  • Firmware Additions
    • Added new CLI command “GENERATE KEY” to allow the creation of new private keys.
      • GENERATE KEY { ALL | SECURESH | SSL } [ 1024 | 2048 ]: Generates new private keys associated with the Onboard Administrator SecureSH service and/or SSL web services with optionally specified key size.  If the key size is not specified, 2048 is used by default. Any self-signed or uploaded web service certificates generated using existing keys will be reset. Administrator account privileges are required.
    • The OA now supports up to twelve Two-Factor Authentication CA certificates.  Previous versions only allowed up to three (3) certificates, but no more than one from a single issuer.  In addition, chaining of Certificate Authority (CA) certificates is now supported.
       

Version:3.55 (27 Mar 2012)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • Security enhancements. See Customer Advisory c02997184 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02997184.
    • OA 3.50 does not support SSO (single sign on) to iLO 2 (ProLiant G6, G5 or G1 server blades) when LDAP authentication is used with the syntax of <domain>\<user>. The syntax works correctly with OA 3.55.  See Customer Advisory c03234658for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03234658.
    • When LDAP-based authentication is used to access the OA, if the user name syntax contains a “,” (comma), Single Sign-On (SSO) to any iLOs will fail after several attempts. An example of such syntax is:
        CN=smith,CN=users,DC=domain,DC=com
      Once this issue is encountered, all other users (local users, LDAP users with syntaxes without a comma, or users accessing the OA via HP-SIM) are also impacted (those users will not be able to SSO to any iLO’s). The syntax works correctly with OA 3.55.
    • OA 3.50 (or prior) EBIPA page does not refresh the Management IP address for CBS 3020 Interconnect Modules (Cisco Catalyst Blade Switch) if the Switch firmware is upgraded from version 12.2(55)SE4 (or earlier) to version 12.2(58)SE1 (or later) without resetting the OA or the switch. OA 3.55 refreshes the correct IP address automatically. See Advisory c03255218 for more information, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03255218.
Enhancements

Enhancements/New Features:

  • Hardware Support
    • None
  • Firmware Additions
    • None

Version:3.50 (26 Mar 2012)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

  • OA 3.50 is required for HP Gen8 server blades. Please update your enclosures with OA 3.50 before inserting a Gen8 server blade into the enclosure.
  • Users with configurations or which are experiencing issues outlined in the release notes should update to this version at their earliest convenience, otherwise this update is optional.

Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • Security enhancements. See Advisory c03263573 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03263573.
    • The OA could lose its "Enclosure IP mode" during rapid back to back failovers. This scenario is not usually encountered during normal operations, but could be observed during scripted, repetitive failover testing.  Other failure modes included corrupted VC/OA configurations.  HP best practices for scripted failover operation are documented in the “HP BladeSystem c-Class Onboard Administrator Failover” white paper, http://h10032.www1.hp.com/ctg/Manual/c02994572.pdf
    • When redundant OA modules are present and powered up simultaneously, both modules have been observed intermittently to boot into active mode resulting in network loop flooding.  To clear this condition, one OA module needed to be temporarily removed from the network, or re-booted.
    • The CLI command UPDATE DEVICE TRAY would not execute the update.
    • The Onboard Administrator occasionally displayed incorrect DIMM memory total for the HP Integrity BL890c i2, BL870c, BL870c i2, BL860c and BL860c i2 Server Blades.
    • Some third party PCIe option cards could prevent the PCI Expansion blade from powering up properly. The OA would improperly report the interconnect module health status. The PCI Expansion blade firmware must be upgraded to version 2.26 which is contained within OA 3.50.
  • CLI/GUI
    • OA CLI Show Enclosure Temp command does not always display temperatures for G7 server blades. See Customer Advisory c03037876 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03037876
    • The power meter graphical view could cause browser timeout or script issues.
    • When executing the SHOW ALL command on a fully populated enclosure the OA GUI could timeout with a page load error.
    • OA 3.50 sets the KVM default minimum video resolution to 800 x 600 pixels which is supported by the majority of monitors.  The BIOS in G7 Blades uses a 720x400 video resolution which was not properly supported by previous versions of the OA on some KVMs.  On the affected KVMs, the remote console session was not viewable.
    • The HP Onboard Administrator KVM (keyboard/video/mouse) feature that allows access to the server blade console did not function with HP Integrated Lights-Out 2 (iLO 2) Firmware Version 2.06 (or later). See Customer Advisory c03037876 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03037876.
  • Network
  • VLAN
    • During an OA failover, communication with iLO would be lost under the following conditions: VLAN is enabled, the blade’s iLO is assigned a non-default VLAN ID different than that of the OA’s VLAN ID.
  • LDAP
    • LDAP Test page and TEST LDAP CLI command did not properly handle a directory server at an IPv6 address.
    • The OA’s LDAP server IP address was incorrectly set during a configuration download operation.
    • LDAP certificate validation did not handle the Subject Alternative Name field.
    • LDAP certificate validation did not enforce Valid Before/After date limits on the server certificate.
    • LDAP certificate validation did not enforce CN matches when FIPS mode is enabled.
    • LDAP Certificate validation did not handle Ext3 flags.
  • Thermals
  • VC
    • The OA failed to display the Flex NICs properly after a VC failover, Active VC IP address change or a VC domain name change.  The incorrect information is informational only – the correct operation of the affected NICs is not impacted.
Enhancements

Enhancements/New Features

  • Hardware Support
    • HP ProLiant BL420c Gen8 Server
    • HP ProLiant BL460c Gen8 Server
    • HP ProLiant BL465c Gen8 Server
  • Firmware Additions
    • Browser Support
      • Microsoft® Internet Explorer 6, 7, and 8.
      • Mozilla™ Firefox® 2.0, 3.0, and 3.5.
    • The Gen8 Active Health System provides a log of historical information including the most recent states and events for Gen8 servers.  This log is obtained from Gen8 Server Blades via iLO4.  When enabled via the OA GUI or CLI, the OA adds status information about enclosure fans, power supplies, and enclosure configuration to the health log for each of the servers in the enclosure.
    • HP ProLiant BladeSystem c-Class server blades now provides identification information such as server name, UUID number, and IP address to the Intelligent PDU and to HP Insight Control power management software. To utilize this feature, the new “HP BLc 1PH Intelligent Power Module” and Insight Control Version 7.0 or later are required. This Intelligent Power Discovery feature which is unique ProLiant BladeSystem c-Class reduces the amount of time needed to configure the power distribution software and hardware, and eliminates manual configuration errors.
    • iLO and VC each display information about server NIC configurations.  However, the naming scheme used varies based on the tool used to view the configuration.  The OA NIC display has been enhanced to correlate NIC labels between the OA, iLO and VC.
    • OA 3.50 or later increases the default SSL private key size used for encryption of network communication from 1024 bits to 2048 bits.
    • Updated OA to use the June 27, 2011 time zone data files. The list of newly supported time zones includes:
      • America\Argentina\Salta
      • America\Bahia_Banderas
      • America\Kralendijk
      • America\Lower_Princes
      • America\Matamoros
      • America\Metlakatla
      • America\North_Dakota\Beulah
      • America\Ojinaga
      • America\Santa_Isabel
      • America\Sitka
      • Antarctica\Macquarie
      • Asia\Kathmandu
      • Asia\Novokuznetsk
      • Pacific\Chuuk
      • Pacific\Pohnpei

Version:3.32 (3 Oct 2011)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

HP SIM Support

  • If you are running HP SIM v6.1 or 6.2, please do not update to OA 3.30 until you’ve applied all patches available for your HP SIM version, or upgrade your HP SIM to v6.3 prior to upgrading your OA environment.  If running versions of HP SIM prior to v6.1, you must upgrade to a HP SIM v6.3 prior to upgrading to OA 3.30.

Enclosure Power Subsystem

  • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

  • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
  • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

  • If the Enclosure VLAN feature is enabled:
    1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
    2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
    3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General

Version:3.31 (1 Jun 2011)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

Users with configurations or which are experiencing issues outlined in the release notes should update to this version at their earliest convenience, otherwise this update is optional.


Important Notes:

HP SIM Support

  • If you are running HP SIM v6.1 or 6.2, please do not update to OA 3.30 until you’ve applied all patches available for your HP SIM version, or upgrade your HP SIM to v6.3 prior to upgrading your OA environment.  If running versions of HP SIM prior to v6.1, you must upgrade to a HP SIM v6.3 prior to upgrading to OA 3.30.

Enclosure Power Subsystem

  • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
  1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
  2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
  3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General
  • Fixed an issue where false Link status may be indicated when the certain NIC adapters are mapped to an HP 1 Gb Ethernet Pass-Thru Module even when no cable is attached (as described in the Customer Advisory c02473928). OA 3.31 contains the corrected 1Gb Ethernet Pass-Thru PIC Firmware version 3.0.3. PIC Firmware upgrade procedure is shown below.

Detailed Description: HP NC550m, NC551m, NC552m, or NC553i 10GbE Server Adapters may indicate a false link status when mapped to an HP 1 Gb Ethernet Pass-thru module even if there is no cable attached from the Pass-thru module to the switch. Even if a cable is either not connected or becomes inadvertently unplugged, and therefore no network connectivity is present, the server blade front panel NIC LED status will be illuminated green, indicating link. In addition, the operating system will display a message similar to, "Local area connection is now connected." This can also cause Network teaming and configuration issues because the NIC will always report that there is link.

In addition, the HP System Management Homepage (SMH) NIC status is displayed incorrectly when a NIC cable is unplugged under any Linux operating system.

This only occurs with the 1 Gb Pass-thru module. 10 Gb Pass-thru and 1/10Gb switches do not exhibit this issue.

Resolution: for the applicable configurations described above, upgrade the OA Firmware to 3.31, and follow the procedure below for all 1 Gb Pass-thru modules in the enclosure:

  1. Log into the OA CLI interface as an Administrator
  2. OA> show update
    This will show current and available firmware versions for programmable devices. OA 3.31 will indicate the newly available Pass-Thru PIC Firmware 3.0.3.
  3. OA> update device icbay <bay number | all>
    This will update the specified interconnect bay, note that bay1 is 1A, etc., as shown in the previous command
  4. OA> show update
    Run this again to confirm that the versions now match
      • Fixed an issue where upgrading from Onboard Administrator (OA) 3.11 to OA 3.20, 3.21 or 3.30, under defined circumstances, may cause Virtual Connect (VC) to disconnect its Fibre Channel (FC) connections.  This is limited to systems using a HP ProLiant or Integrity Blade with a FlexFabric Adapter (Mezzanine or LOM) and either a
        • Fibre Channel over Ethernet (FCoE) connection to a VC FlexFabric module or a
        • FC connection from a FC Mezzanine to a VC FC module

Detailed Description: OA firmware revisions 3.20, 3.21, and 3.30 identify the capabilities of the embedded G7 FlexFabric Adapter LOM or FlexFabric Adapter Mezzanine differently than OA firmware 3.11.  If a VC profile had previously been created and assigned to a blade using OA firmware  3.11, then the newer OA firmware will detect a VC profile mismatch. This mismatch may cause Virtual Connect to disconnect the blade FC or FCoE SAN connections after a VC firmware upgrade or when a user issues a VC Manager (VCM) reset command.

All the following must be true to be exposed to this condition on a VC firmware upgrade or VCM reset:

  • A VC profile with a SAN fabric must have been assigned to that blade with OA firmware version 3.11
  • A blade must have at least one HP FlexFabric Adapter (including LOM or Mezzanine)
  • The current version of OA firmware is OA 3.20, 3.21, or 3.30
  • The blade has not been removed/reinserted, nor the OA CLI Reset Server command run, nor had its profile reassigned, since the OA firmware was upgraded to OA 3.20 or later.

Note that VC profiles assigned to a blade using OA version 3.20 or later are not impacted.
Note that OA firmware version 3.11 is the first OA version to support FlexFabric Adapters.


Version:3.30 (28 Apr 2011)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

HP SIM Support

      • New hardware support was introduced with OA 3.30 which requires changes to HP System Insight Manager (HP SIM) in order to support OA 3.30.  This support was added in the HP SIM v6.3 release that is available at http://www.hp.com/go/hpsim or http://www.hp.com/go/insightsoftware.  If you are planning on upgrading to OA 3.30, it is recommended that you also upgrade to HP SIM v6.3.  If you are running version HP SIM v6.1 or 6.2, please do not update to OA 3.30 until there is a patch available for your particular HP SIM version, or upgrade your HP SIM to v6.3 prior to upgrading your OA environment.  If running versions of HP SIM prior to v6.1, you will be required to upgrade to a supported version.

Enclosure Power Subsystem

  • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
  1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
  2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
  3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General
  • Fixed an issue where Utility Ready Blade feature would be inactive after restarting the OA if URB ENABLED command is set to anything other than HTTP.
  • Fixed an issue where the Onboard Administrator could reboot if an invalid character was logged to a remote syslog.
  • Fixed an issue where Onboard Administrator terminated following many back-to-back blade power on/off cycles.
  • Fixed an issue where the Onboard Administrator would report spurious blade "power release" messages when a blade e-fuse was reset.
  • Fixed an issue where the OA incorrectly reported SAS Storage Mezzanine ports connected to Ethernet devices as port mismatches. This condition is not an error as the SAS Mezzanine ports are dynamically enabled / disabled.
  • Fixed an issue where Onboard Administrator occasionally did not clear all state information after a blade was removed.
  • Fixed an issue where a false 'NVRAM unformatted/corrupted' error message was displayed when downgrading from an OA 3.xx version to an OA 2.xx version.
  • Fixed an issue where the OA was not initializing interconnect power states at initial OA startup.
  • Fixed an issue where the OA improperly initialized identification strings for ServerNet type switches to OA CLI.
  • Fixed an issue where interconnect modules and server blades may not receive an EBIPA IP address but may receive an IP from an external DHCP server after an OA restart when OA VLAN is enabled.
  • Fixed an issue where the OA would reboot when executing a “SHOW SERVER BOOT” CLI command on server blade that has more than 8 IPL Boot Order devices.
  • Upgraded from OpenSSH 5.1p1 to OpenSSH-5.6p1.

Integrity Blades

  • Fixed an issue where the OA would display the CPU max core frequency instead of the core base frequency for HP Integrity i2 server blades.
  • Fixed an issue where rebooting the OA in an enclosure with only one power rail powered-up could cause HP Integrity i2 server blades to go into a low power performance state.
  • Fixed issue where HP Integrity i2 server blades would remain in low power mode after AC redundant power loss and OA restart.
  • Fixed issue which causes LOM connectivity drops when iLO is reset affecting the following Integrity Server Blades BL860c i2, BL870c i2, and BL890c i2.

CLI

  • Fixed an issue where the OA CLI “CONNECT SERVER SERIAL” command would fail when connecting to a HP ProLiant G7 server blade.

KVM

  • Fixed an issue where the OA-KVM feature appears to hang with the message "Header Received" when connecting to a G7/ILO3 blade.

IPv6

  • Fixed an issue where a “cannot create tmp-.conf” error message would be displayed if an operator attempted to change IPv6 settings.
  • Fixed an issue where an IPv4 connection would be lost after modifying IPv6 settings.

LCD

  • Fixed an issue where someone logged in with "Operator" privileges could set LCD Pin Protection Number through the Onboard Administrator browser.
  • Fixed an issue where the LCD Health Summary continues to report “missing server” on a full-height blade with an adjacent storage blade installed in an incorrect bay - after the storage blade has been removed.

Virtual Connect

  • Fixed an issue where the Onboard Administrator would improperly report a Virtual Connect Interconnect module’s status if the modules E-fuse were tripped.
  • Fixed an issue where Virtual Connect 24-Port FC Interconnect Firmware Version information sometimes didn't appear in Onboard Administrator GUI or CLI output.
Enhancements

Firmware Additions

  • None

Version:3.21 (19 Nov 2010)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

Onboard Administrator FW Version 3.21 replaces Onboard Administrator FW Version 3.20

Onboard Administrator (OA) with firmware version 3.20 may become unresponsive when certain Integrity server blades, StorageWorks server blades, and/or Workstation partner server blades are in a c-Class BladeSystem enclosure. The OA and its interfaces (web GUI, CLI, LCD, etc.) may become sluggish or unresponsive. This occurs because the OA Firmware Version 3.20 does not properly handle Intelligent Platform Management Interface (IPMI) network traffic with the affected server blades. The intensity of the issue, lack of responsiveness in Onboard Administrator, is proportional to the number of affected blades in the enclosure. 

The following actions are recommended:

If a c-Class BladeSystem enclosure has been upgraded to OA Firmware Version 3.20 and the enclosure contains any of the following server blades, the enclosure OA firmware should be immediately upgraded to OA Firmware Version 3.21.

  • HP Integrity BL860c Server
  • HP Integrity BL870c Server
  • HP Integrity BL890c i2 Server Blade
  • HP Integrity BL870c i2 Server Blade
  • HP Integrity BL860c i2 Server Blade
  • HP ProLiant WS460c G6 Workstation series
  • HP ProLiant xw460c Blade Workstation
  • HP StorageWorks SB40c Storage Blade
  • HP StorageWorks Ultrium Tape Blades

If OA Firmware Version 3.20 is present in an enclosure and the enclosure doesn't contain any of the above server blades, then updating to OA Firmware Version 3.21 is not necessary.  Although HP strongly recommends that you upgrade to OA Firmware Version 3.21 at your earliest convinence.

Enclosure Power Subsystem

      • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
        1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
        2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
        3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

    • Onboard Administrator (OA) firmware version 3.20 may become unresponsive if Integrity BL860c,
      BL870c, or partner blades are in the enclosure.
    • Fixed an issue where modifying the Scalable Blade Link configuration of an Integrity i2 (BL890c i2, BL870c i2, or BL860c i2) server could cause Virtual Connect to become unstable.
Enhancements

Firmware Additions

  • None

Version:3.20(A) (15 Nov 2010)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

Onboard Administrator FW version 3.20 is no longer available for download

An issues was discovered in Onboard Administrator (OA) firmware version 3.20 where the OA may become unresponsive if an HP Integrity BL870c Server Blade, HP Integrity BL860c Server Blade, or any Integrity or ProLiant Server Blade with a direct attach storage, PCI expansion, or graphics expansion blade is installed in the enclosure.

OA 3.20 was pulled from the HP download site and will be replaced with OA 3.21 in the near future to address this issue.  The permanent fix will be to upgrade the OA firmware to version 3.21.

For customers that have installed OA 3.20 in an enclosure, HP recommends the user take one of the following actions to avoid this issue.

          • Customers using OA 3.11 or earlier should NOT upgrade to OA 3.20.
          • Customers who have upgraded an enclosure to OA 3.20 which contains an HP Integrity BL870c Server Blade, HP Integrity BL860c Server Blade or any Integrity or ProLiant Server Blade with a direct attach storage, PCI expansion, or Graphics expansion blade should downgrade to OA 3.11 immediately.
          • Customers who have OA 3.20 installed in an enclosure and do not meet either of the above two conditions can continue using OA 3.20.

Enclosure Power Subsystem

      • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
  1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
  2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
  3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General

      • Fixed an issue where the enclosure configuration changes are not saved if the following error messages are in the OA Syslog after a settings change:
           CONFIG: dhclient.leases has wrong file permissions
           CONFIG: Wrong file permissions detected.  Please reset to factory defaults.
        The workaround is: Save the OA configuration using GUI or CLI before updating the firmware, then restore the configuration after updating the firmware to ensure that the configuration changes are not lost.
      • Fixed a memory leak issue which caused Onboard Administrator to restart every several days when there was a HP StorageWorks 3Gb SAS BL Switch installed with Firmware Version 2.2.x.x or later.
      • Fixed an issue where the Onboard Administrator continuously logged I/O module temperature alerts when a Cisco Catalyst Blade Switch 3020 for HP was installed in a BladeSystem c3000 Enclosure.
      • Fixed an issue where a blade's "enclosure health" status as displayed by iLO could be incorrectly reported as FAILED.
      • Fixed an issue where extra ports were incorrectly reported for CNA Mezz in slot 1 of any full-height server blade.
      • Fixed an issue where fans are shown as degraded and then OK after insertion.
      • Fixed an issue where a change alert was not properly sent to a blade on standby to active transition.
      • Fixed an issue where the Onboard Administrator would not obtain the original DHCP IP address after an Onboard Administrator reboot.

CLI

  • Fixed an issue where the CLI would sometimes abruptly exit when changing Onboard Administrator network settings.
  • Fixed an issue where a SSH or Telnet session to the Onboard Administrator could be lost when changing the Onboard Administrator name on a VLAN enabled network.
  • Fixed an issue where an Onboard Administrator CLI to iLO connection was dropped when the Onboard Administrator received a string from iLO containing "Connection closed", though the user did not intend to exit the iLO connection.

Integrity Blades

  • Fixed an issue where the UUID and serial number was not always updated properly for conjoined HP Integrity SBL server blades.
  • Fixed an issue where the CPU core count was not always displayed properly for conjoined HP Integrity server SBL blades.
  • Fixed an issue where the iLO IP address link for HP Integrity SBL blades on the Device Summary page would produce an HTTP 404 error when clicked. The Web Administration link on the iLO page works correctly and can be used as a workaround for this issue.

EBIPA

  • Fixed an issue where the IP address of certain blades and interconnects would follow the device rather than the bay.

KVM

  • Fixed an Onboard Administrator KVM issue where it would intermittently lose connection to a G7 server blade.
  • Fixed an Onboard Administrator KVM issue where it would display invalid characters when connected to a G7 server blade in suspended video mode.

Virtual Connect

  • Fixed an issue where Virtual Connect may not detect server changes after changing the SBL on Integrity multi-blade servers.
  • Fixed an issue where the Onboard Administrator would not provide VC with the appropriate credentials if the Onboard Administrator was not in the default VLAN.
  • Fixed an issue where powering VC Switch On and Off from Onboard Administrator GUI could result in "Failed" Switch health status.

VLAN

  • Eliminated erroneous error message, "ifconfig: eth0.3: error fetching interface information: Device not found", displayed on the serial console during an OA restart. This message can be ignored on previous Onboard Administrator versions.
Enhancements

Enhancements/New Features

New Hardware Support

  • HP ProLiant BL680c G7 Server
  • HP ProLiant BL620c G7 Server
  • HP StorageWorks D2200sb Storage Blade

Firmware Additions

  • Added support for automatically restoring the Enclosure’s Serial Number on a mid-plane replacement.  This feature requires that all the OA modules and fans be plugged back into the enclosure before power is applied.  Changing power supplies during the midplane service event will not impact this feature.
  • Added additional support for Utility Ready Blades (URB):
    • Added URB SMTP support.  Metered information can now be communicated either through https, SMTP or both.
    • Added an additional URB metering proxy – present power.
    • Added URB Integrity Blade support for Integrity iLO3 server blades.
  • Added Enclosure Serial Number to the Insight Display (LCD) Enclosure Info screen.

Version:3.11 (25 Aug 2010)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.

  • For OA 3.10 installations, HP requires users to update to OA 3.11 at their earliest convenience.
  • For OA 3.00 installations, the user can simply enable the IPv6 feature in the OA and then at some later date upgrade to OA 3.11 as needed.  Note that IPv6 is disabled in the OA by default.
  • For all other OA installations, the user may want to consider updating to OA 3.11 if they are experiencing issues that were addressed in OA 3.00, OA 3.10 or OA 3.11.

Important Notes:

OA Web Services Issue with OA 3.10

      • Onboard Administrator (OA) v3.11 was released to address an issue found in OA 3.10, which could potentially create a condition where the OA’s web services could become inaccessible and cause loss of communications with Virtual Connect Manager.
      • This issue can also be seen in OA 3.00 but doesn’t manifest itself in the same manner due to additional changes in OA 3.10.  In OA 3.00, simply enabling IPv6 support will provide a workaround and OA 3.00 will function properly.  Note that IPv6 is disabled in the OA by default.
      • See customer advisory c02499458 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02499458.

Enclosure Power Subsystem

      • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
  1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
  2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
  3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General

  • Fixed an issue where a half-height blade in the adjacent lower right bay to a full-height blade could not be powered on after applying a VC profile to the full-height blade, resulting in an “Not configured for Virtual Connect” error message on the OA. See customer advisory c02476149 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02476149.
  • Fixed an issue that caused a slow memory leak when the Network Time Protocol (NTP) was enabled and the poll frequency was set to less than 6 minutes in the OA.
  • Fixed an issue where under rare occasions, VC can write a server blade profile before the OA is ready to receive it, which would result in the VC profile being ignored.
  • Fixed an issue where the OA would not properly display a blade’s FlexNIC MAC addresses after removing a VC profile.
  • Fixed an issue where under rare circumstances the Onboard Administrator would run out of resources and fault in a densely populated enclosure of BL2x220 server blades.

GUI

Enhancements

Enhancements/New Features

Hardware Support

  • HP ProLiant BL2x220c G7 Server Blade
  • HP ProLiant BL460c G7 Server Blade
  • HP ProLiant BL465c G7 Server Blade
  • HP ProLiant BL490c G7 Server Blade
  • HP ProLiant BL685c G7 Server Blade

Version:3.10 (21 Jun 2010)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

OA Web Services Issue with OA 3.10

  • ALL OA 3.10 USERS SHOULD UPGRADE TO OA 3.11 OR LATER.
  • Onboard Administrator (OA) v3.11 was released to address an issue found in OA 3.10, which could potentially create a condition where the OA’s web services could become inaccessible and cause loss of communications with Virtual Connect Manager.
  • This issue can also be seen in OA 3.00 but doesn’t manifest itself in the same manner due to additional changes in OA 3.10.  In OA 3.00, simply enabling IPv6 support will provide a workaround and OA 3.00 will function properly.  Note that IPv6 is disabled in the OA by default.
  • See customer advisory c02499458 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02499458.

Enclosure Power Subsystem

      • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
  1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
  2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
  3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General

  • Fixed security issues indicated in advisory CVE-2010-0740 by updating to openssl-0.9.8n. For more information on the advisory can be found at http://www.openssl.org/news/secadv_20100324.txt.
  • Fixed an issue where the Dynamic DNS setting would be incorrectly displayed on the OA TCP/IP settings page. Instead of reflecting the current state, it would always display "Enabled".
  • Fixed an issue introduced in OA version 3.00 where on cold power-up of the enclosure the OA would intermittently hang at step 11/16.
  • Fixed an issue where an SNMP keying failed trap would have a blank server name and blank spare part number.
  • Fixed an issue where the OA did not report system health status correctly for multi-blade servers.
  • Fixed an issue where the syslog may be filled with unnecessary entries that read "getLCDImage: Unable to acquire Insight Display screenshot".
  • Fixed an issue where the A side of blades in bays 1-8 in a c7000 enclosure or bays 1-4 of a c3000 enclosure would not get an IP assigned by an external DHCP server if EBIPA was disabled for those blades but enabled for the corresponding interconnect bay.

GUI

  • Fixed several issues where the enclosure front views for c3000 and c7000 enclosures would sometimes display a phantom gray cell instead of a blade, too many blades were drawn, or blade server images were incorrectly sized.
  • Fixed an issue where Multi-blade servers would not automatically populate in the left-hand navigation tree of the OA GUI.
  • Fixed an issue where there was a mismatch in the AC/DC power type indicator in both the GUI and the CLI for a DC enclosure.

CLI

  • Fixed an issue which prevented the clearing the LDAP server field when LDAP is enabled.

LCD

  • Fixed an issue where the LCD incorrectly reports the port number on a BL2x220c keying mismatch.

KVM

  • Fixed an issue where the server name on the OA KVM menu would display [Unknown] instead of the default server name.
Enhancements

Enhancements/New Features

Hardware Support

  • HP ProLiant BL465c G7 Server Blade
  • HP ProLiant BL685c G7 Server Blade

Firmware Additions

  • In OA v3.00 the VLAN feature required the Interconnect/Server and the OA to be on the same VLAN ID when VLAN was enabled for the CLI CONNECT command to function.  This limitation has been removed in OA v3.10.
  • Updated the status legend in the OA GUI to include descriptions of each severity level.
  • Improved robustness of certificate recovery.

Version:3.00 (30 Mar 2010)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

    • Onboard Administrator v3.00 EBIPA changes to support configuring device bays or interconnect bays in different IP subnets (particularly to support the new Enclosure VLAN feature) require a new CLI command to save the EBIPA settings. Enclosure configuration files saved on previous Onboard Administrator versions will not have the new SAVE EBIPA command, so it is highly recommended that the Enclosure configuration file be saved after the Onboard Administrator is updated to version 3.00; even if the new EBIPA features are not used, to ensure that the Enclosure configuration file has the proper EBIPA command sequence to restore the EBIPA settings.
    • Internet Explorer 6 does not natively support IPv6. Please review Microsoft Technical Note, http://technet.microsoft.com/en-us/library/cc784580.aspx, for details on using Internet Explorer 6 with the Onboard Administrator v3.00 configured for IPv6.
    • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

    • Security Fix for Apache vulnerability CVE-2007-6203. Details of this vulnerability can be found at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6203.
    • Fixed the issue indicated in HP Customer Advisory c01641287 – HP Onboard Administrator – Enclosure Bay IP Addressing (EBIPA) May Not Function Properly if Multiple Subnets Are Used in the Address Range Configuration, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01641287.
    • Fixed the issue indicated in HP Customer Advisor c02046176 - HP Onboard Administrator (OA) - OA Firmware 2.60 May Falsely Report the Status of Some Cisco MDS 9124e Switches, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02046176.
    • Fixed the issue indicated in HP Customer Advisor c01904203 - ProLiant BL460c/xw460c G6 Server Blade - HP Onboard Administrator Does Not Display HP Part Number Information for ProLiant BL460c G6 Server Blades Running Certain Versions of the System ROM, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01904203.
    • Fixed the issue indicated in HP Customer Advisory c02075088 – HP TFT7600 Rackmount Keyboard and Monitor (TFT7600 RKM) - Monitor May Display Video Distortion When Connected to an HP BladeSystem c3000/c7000 Enclosure Onboard Administrator, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02075088.
    • Fixed an issue where uploading a configuration script would intermittently display "500 An internal error has occurred within Apache". The script would successfully execute but no script feedback would be displayed.
    • Fixed an issue where SET FACTORY was not properly clearing all sittings and certificates, and syslog.
    • Fixed an issue an Onboard Administrator operator would be able to force a manual failover. Now only an administrator can perform this task as documented.
    • Fixed an issue where a user would not be properly logged out of a linked enclosure when enabling Two Factor Authentication on the linked enclosure.
    • Fixed an issue where adding a new LDAP group in the Onboard Administrator would default administrator access instead of user access.
    • Fixed an issue where a standby Onboard Administrator’s network settings would be reset during firmware mismatch. This correction for this issue will only take effect when both Onboard Administrators are at v3.00.
    • Fixed an issue where the SET LDAP PORT command would set erroneous information if the command was specified without arguments.
    • Fixed an issue where SSH access to the OA could become disabled when deleting the active user with administrative access.
    • Enhanced user certificate administration. Now if Two Factor Authentication is enabled a warning message will be displayed if attempting to delete a user certificate.
    • Fixed an issue where the DVD Connect Status LCD screen would be unavailable for users with operator privilege.
    • Fixed an issue where XML reply displayed the wrong LCD firmware version.
    • Fixed an issue where the CONNECT SERVER command would terminate the CLI session if the max number of iLO users was reached.
    • Fixed an issue where a weak password would not show the proper error message.
    • Fixed an issue where a degraded blade would generate multiple redundant syslogs.
    • Fixed an issue where a tape storage blade using 50W of power or less would report an error of "too little power".
    • Fixed an issue introduced in version 2.50 where the Insight Display (LCD) DVD connect screen and KVM menu screen would display "Unknown" for blade names.
    • Fixed an issue where Enclosure KVM to individual blades would not handle CAPS LOCK and NUM LOCK keys correctly.
    • Fixed an issue which logged false power supply status changes from OK to UNKNOWN.
    • The ability to sort the iLO Event Log and the blade IML log has been removed from the OA GUI due and will now be displayed in the order received from iLO.
    • Fixed an issue where a PCI partner blade would remain powered on when the partner's server blade was removed. The PCI partner blade will now power off if the server blade is removed.
    • Fixed an issue where the OA would incorrectly report a failed status on some Cisco MDS 9124e switches.
    • Fixed an issue in OA v2.60 where PowerDelay did not work in properly.
    • Fixed an issue where an LDAP search context could not be entered when it contained 127 characters.
    • Fixed an issue where a server blades Power Management Controller version was not be properly cleared when a blade was removed or moved to a different slot.
    • Fixed an issue where the "Virtual Connect Manager ..." link would sometimes open a blank page.
    • Fixed an issue where LDAP search contexts 4-6 were not being set properly when using the First Time Setup Wizard.
    • Fixed an issue where the CONNECT SERVER and CONNECT SERVER SERIAL commands would fail if keys on the keyboard where pressed before the connection was made.
    • Fixed an issue where the "power capacity" values in "enclosure power summary" and "show power" may not match.
    • Fixed an issue where the SHOW VCMODE CLI command would display the message "Operation failed" even though it did not actually fail.
    • Fixed an issue where an Operator-level user was not able to configure opt-out bays for Enclosure Dynamic Power Capping.
    • Fixed an issue where assigning user permissions to interconnect bays in the First Time Setup Wizard would exclude interconnect bay 8 in a c7000 enclosure even if it was checked.
    • Fixed an issue where the "enclosure dynamic power capping" status would be present on some blades but not others.
    • Fixed an issue where unassigning a Virtual Connect profile from a blade would not always update the blade's status.
    • Fixed an issue where a Switch Module's Health LED wasn't always set properly.
    • Added syslog messages to track users who login and logout using Two-Factor authentication.
    • Fixed an issue where setting the enclosure name occasionally failed when using the First Time Setup Wizard.
    • Added the display of BL2x220c blades to the Fan Zones summary page.
    • Added a field on the OA TCP/IP settings page to indicate whether or not the OA was in DHCP mode or Static mode.
    • Fixed an issue where negative Power available values could be displayed for the c7000 enclosure.
    • Fixed an issue were enclosure DVD actions were not recorded in the OA syslog.
    • Modified the maximum URL length used to upload OA configuration scripts from 64 to 127 characters.
    • Fixed an issue where the OA configuration script produced by the Insight display interface did not contain all the information produced through the GUI or CLI interfaces.
    • Fixed an issue where KVM menu screen on the Insight Display would be displayed before initialization was complete. 
Enhancements

Enhancements/New Features

New Hardware Support

  • HP BLc7000 2400W Platinum Power Supply
  • HP Integrity BL890c i2 Server Blade
  • HP Integrity BL870c i2 Server Blade
  • HP Integrity BL860c i2 Server Blade

Firmware Additions

  • Added support for IPv6.
  • Added support for Virtual LAN (VLAN) networking within the c-Class enclosure.
  • Added support for Federal Information Processing Standards (FIPS) 140-2 Level 1.
  • Added support for Internet Explorer 8 in compatibility mode only.
  • Added support for Mozilla Firefox 3.5.
  • Added support for logging blade correctable and uncorrectable memory errors on G6 server blades only.
  • Enhanced Enclosure Dynamic Power Capping:
    • Provides for a maximum allowable cap range based on the hardware and firmware available in the enclosure and installed server blades
    • Can now be enabled in a non redundant power environment
    • Can now be enabled in a DC-powered enclosure
  • Added a new CLI command that retrieves and displays a server blade’s iLO 2 Event Log.
  • Modified the SHOW ALL to also include the iLO 2 Event Log for all installed server blades.
  • Enhanced the handling of previously cached browser pages when upgrading the Onboard Administrator.
  • Self-signed certificates generated with Onboard Administrator v3.00 now use a SHA1 signature instead of the less secure MD5 signature.
  • Enhanced Enclosure Bay IP Addressing (EBIPA) to support individual network settings for each bay instead of global network settings which encompass all bays.
  • The method used to determine duplicate EBIPA IP addresses within OA 2.60 and earlier has been found to be unreliable and at times indicates duplicate IP addresses that were in fact not duplicate, thus duplicate IP address checking has been removed from the OA 3.00.

Version:2.60 (4 Sep 2009)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Update Requirements

Optional – Users should update to this firmware revision if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Important Notes

Onboard Administrator v2.60 now detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed

    • Fixed an issue where a server blade with Power Management Controller version 0.7 was incorrectly flagged as "Major degraded" when it should have been flagged as “Informational”.
    • Fixed an issue with the “CONNECT INTERCONNECT” command that could intermittently hang the CLI session when using the send break command. This issue would only occur if the remote port settings were incorrect in the CONNECT console, or if the interconnect was not responsive.
    • Fixed an issue where a server blade’s signature information would be inadvertently retained after deleting its Virtual Configuration Domain. This addresses the issue reported in Customer Advisory c01869684.
    • Fixed an issue where the OA could not automatically log into an iLO if there were no local users configured on the ilO.
    • Fixed an issue where the devices name was not displayed on the system status page for degraded devices.
    • Fixed an issue where the OA GUI would improperly display the enclosures graphical front and rear views when on a factory reset was issued if VC was enabled.
    • Fixed an issue in the “HELP ADD LDAP GROUP” command where it incorrectly stated that the number of allowable directory groups was 6.  The help now correctly states that the correct number of 30.
    • Fixed an issue when executing the "GENERATE CERTIFICATE REQUEST" commands where the user was unable to enter the required Country field to proceed with the command.
    • Fixed an issue where a configured user account could not access the Insight Display from the enclosure’s front view even thought the user had the appropriate permissions.
    • Fixed an issue where the OA would display “invalid command” when executing the CLI Help commands “HELP ENABLE SYSLOG REMOTE” or “HELP DISABLE SYSLOG REMOTE”.
    • Fixed an issue where an OA user was allowed to remove the remote syslog server address while remote logging was enabled.  A user must now disable remote logging before clearing the syslog server address.
    • Fixed an issue where partner blades would not power on due to the partner blade being allowed to be incorrectly power on first.
    • Fixed an issue where power cycling the enclosure would cause a server and its partner blade to falsely report "Inappropriate device in adjacent bay".
    • Fixed an issue where the “CONNECT SERVER” command would terminate the CLI session if the maximum number of iLO users had already been created.
    • Fixed an issue where the LCD firmware sync option would still be available when there was mismatched OA hardware.  The OA will now disable the sync button when this condition exists.
    • Fixed an issue where the OA does not show all temperature information for Integrity Servers with unpopulated CPU sockets.
    • Fixed an issue where the “REBOOT SERVER FORCE” command would sometimes result in blades being powered off.
    • Added a syslog message when the allocated power value of a server blade is being updated and iLO is unresponsive.
    • Fixed an issue where an Enclosure Dynamic Power Capping error on a blade would result in the OA's enclosure power summary not to display Enclosure Dynamic Power Capping related information for all blades.
    • Fixed an issue where the KVM connections to a server blade would fail approximately 29 days after the last iLO reset.  When this issue occurs iLO is functioning normally but the OA fails to connect with a syslog message, “OA: KVM Bay X - Connection to blade failed.”
    • Fixed an issue where the enclosure DVD status was inconsistent across GUI, CLI and LCD for all the blades.
    • Modified the OA to no longer log the “OA:tbmuser_logged out of the OA” event.
    • Fixed an issue where the c7000 KVM display menu for bay 16A would report "absent" when a double dense server blade such as the BLx220c was installed in bay 16.
    • Fixed an issue on c3000 Onboard Administrator where the CONNECT INTERCONNECT command would sometimes drop characters if the command was over 16 bytes.
    • Modified the Insight Display representation of double dense server blades to display a distinguishable separation so that it is not confused with the display of a single density server blade.
    • Fixed an issue on the Directory Settings Test page where it would improperly identify failed LDAP test when the ping test failed.
    • Fixed an issue where VC configuration parameters were not correctly applied after recovering from Profile Pending state.
    • Fixed an issue where Enclosure KVM to individual server blades would not handle CAPS LOCK and NUM LOCK keys correctly.
Enhancements

Enhancements/New Features

New HW support:

  • HP ProLiant BL2x220c G6 Server
  • HP ProLiant WS460c G6 Workstation Blade
  • HP ProCurve 6120XG Blade Switch
  • HP ProCurve 6120G/XG Blade Switch
  • HP Virtual Connect 8Gb 20-Port Fibre Channel Module for BladeSystem c-Class
  • HP 10GbE Pass-Thru Module

Functional Enhancements:

  • Modified to increase the number of LDAP search contexts from 3 to 6.
  • Added to the “CONNECT INTERCONNECT” command the ability to send a file to an interconnect module using the XMODEM transfer protocol.

Version:2.52 (31 Jul 2009)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue where a server blade would not properly power on.  The blade appears to power on and approximately 30 seconds later the blade shows powered off at the OA interface.  A second press of the server blade’s power button was required to properly power on the blade.  This issue occurs after an OA reset when the server blade was powered on.
  • Fixed an issue introduced in OA 2.50 which reports an invalid power value condition and lowers the severity of the blade health status from Failed (Red X) to Major Degraded (Orange Triangle) when the OA loses communication with the iLO.

Version:2.51 (29 May 2009)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue introduced in HP BladeSystem Onboard Administrator version 2.50 where the Insight Display (LCD) DVD connect screen, KVM menu screen, SNMP and Alertmail interfaces would display "Unknown" for all server blade names.

Version:2.50 (22 May 2009)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue where the Redundant Onboard Administrator would be improperly initialized when inserted if it’s time zone was different than that of the Primary Onboard Administrator.
  • Fixed an issue where the Onboard Administrator would improperly display the power subsystem redundancy status as FAILED followed immediately by REPARIED.
  • Fixed an issue where the Onboard Administrator would not properly clear a server blades name when a Virtual Connect Profile was unassigned.  To properly address this issue an iLO 2 change was required as well, thus iLO 2 v1.77 is required to correctly address this issue.
  • Fixed an issue where the Onboard Administrator would incorrectly use the previously assigned Virtual Connect Managed MAC address for a Flex-10 device after it was reconfigured.  This issue is only seen after updating to Virtual Connect v2.10.
  • Fixed an issue where a server blade may lose its Virtual Connect profile after an Onboard Administrator failover.
  • Fixed an issue where Virtual Connect assigned serial numbers and UUIDs were not cleared after removing a Virtual Connect domain.
  • Fixed an issue where the performance of the Onboard Administrator may become sluggish after removing and reinserting all Onboard Administrator modules in the c7000 Onboard Administrator tray.
  • Fixed an issue where under rare conditions the Onboard Administrator’s internal switch may stop transmitting packets in a HP BladeSystem c3000 Enclosure.  If this happens, ALL servers in the enclosure would be flagged with a “Red X”.
  • Fixed an issue where the "SHOW ENCLOSURE STATUS" command would sometimes display the power capacity value incorrectly.
  • Fixed an issue where the ports of an HP Smart Array P700m Controller are not correctly enabled when the controller is installed in a HP BL2x220c G5 Server Blade in either HP BladeSystem c3000 or c7000 Enclosure or installed in any HP full height server blade in the HP BladeSystem c3000 Enclosure.
  • Fixed an issue with a HP ProLiant BL2x220c G5 Server Blade where the OA would incorrectly power on the blade server when used with the HP 3G SAS BL Switch before the switch had completed power on tests.
  • Fixed an issue where the Onboard Administrator would erroneously flag some devices with a duplicate IP address message.  Please see customer advisory c01701052 for additional information, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01701052.
  • Fixed an issue where a HP ProLiant BL465c G5 or G1 Server Blade would halt during POST with an erroneous high temperature message.  Please see customer advisory c00880424 for additional information, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00880424.
  • Fixed and issue in the Onboard Administrator where the HP Network Configuration Utility would report 4 ports present on a 2 port mezzanine card when the card was inserted into mezzanine slots 2 or 3.
    Modified the Onboard Administrator to mark as “major degraded” power supplies per Customer Advisory c01519680,  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680.
  • Fixed an issue introduced in Onboard Administrator version 2.41 where it would sometimes decline an offered DHCP address request due to receiving an unrelated gratuitous ARP reply.  Symptoms include receiving no DHCP address or receiving a different DHCP address every few reboots.
  • Fixed an issue introduced in Onboard Administrator version 2.41 where the Redundant Onboard Administrator would be improperly initialized due to a deadlock condition when initializing the Redundant Onboard Administrator.
Enhancements

  • Power Allocation – The Onboard Administrator will now mark as degraded ProLiant Server Blades which erroneously request high amounts of power.  Please see customer advisory c01668472 for additional information, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01668472.
  • Rack Firmware – The Onboard Administrator now displays the ProLiant Server Blade’s Power Management Controller firmware version on the Rack Firmware page.  This is only available with iLO 2 version 1.77 or later.
  • Enclosure Power Summary – The Onboard Administrator now provides an Enclosure Power Summary page which displays a summary of all device power allocations within the HP BladeSystem Enclosure, present power readings for supported ProLiant Server Blades and the enclosure fan subsystem.
  • OA SSL Encryption – the OA now only supports SSL v3 encryption algorithms. Removed SSL v2 encryption support, improving OA security.
  • Factory Defaults – Modified the behavior of restoring the Onboard Administrator to its factory defaults by first requiring the user to manually disable the Virtual Connect mode setting before allowing the Onboard Administrator to be restored to its factory defaults.  A new button was added to the Onboard Administrator’s Factory Defaults web page for easy access to clearing the Virtual Connect mode setting. Clearing the Virtual Connect mode setting is also available in the CLI using the CLEAR VCMODE command.

Version:2.41 (26 Feb 2009)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed issue where a blade would fail to acquire a static IP Address from EBIPA and would instead incorrectly obtain an IP address from an external DHCP server.
  • Fixed issue where EBIPA would not properly assign an IP Address to HP ProLiant BL2x220c servers
  • Fixed several issues where the OA would incorrectly update a device’s configuration information when it was discovered by the OA.
  • Fixed a security issue to no longer display the Virtual Connect Manager account information.
  • Fixed an HP ProLiant BL2x220c server blade IO port mapping issue which could cause the HP ProLiant BL2x220c to not power on.
  • Added a warning for when a user configures an EBIPA IP Addresses that is on a different subnet from the OA’s subnet.
  • Detect and notify users of a customer advisory on HP c7000 power supplies. See customer advisory c01519680 for more information.
  • Fixed an issue where a server blade’s hostname would be incorrectly displayed if the length of the hostname was divisible by 8.
  • Fixed an issue where the Active and Standby OA modules would automatically reboot after being operational for 99 days if no GUI or CLI sessions were initiated during that time.
  • Fixed issue where Administrator account would lose all privileges after executing lost password recovery.
Enhancements

Enhancements/New Features

New HW support:

  • HP ProLiant BL685c G6 Server
  • HP ProLiant BL495c G6 Server
  • HP ProLiant BL490c G6 Server
  • HP ProLiant BL465c G6 Server
  • HP ProLiant BL460c G6 Server
  • HP ProLiant BL280c G6 Server
  • HP c7000 Onboard Administrator Module with KVM
  • HP BLc 4X QDR InfiniBand Interconnect Module
  • HP 4X QDR InfiniBand Dual-Port Mezzanine HCA
Functional Enhancements:
  • Directory Services Integration – Increased the number of LDAP groups to a maximum of 30.
  • OA EBIPA IP addressing – a user will be warned when assigning IP addresses which are already in use.
  • OA Syslog – Added user names to syslog messages. Provide auditing and tracking of OA user initiated actions.
  • iLO Event Log – Added the OA username to iLO auto logon access through the OA. Provides auditing and tracking of iLO access from OA user accounts.
  • Serviceability and Inventory tracking – Added the Power Supply, Fan, and Server Blades Mezzanine model names on the OA Device Summary page.
  • CLI command – Add new CLI command SHOW SERVER NAMES to display server names and serial numbers of server blades. Provides auditing and identification of devices.
  • Virtual Connect Manager firmware version – Added Virtual Connect Manager firmware version number to the OA GUI Firmware Summary Page and CLI “SHOW INTERCONNECT INFO” command.
  • Standby OA Login Page – Added the OA version number.
  • OA Power Reporting – Add current power values to the OA power subsystem redundancy syslog messages. Provides tracking and diagnosis of current power usage.


Version:2.32 (12 Dec 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Resolved a device identification memory (FRU) corruption issue with the HP NC364m Quad Port 1GbE BL-c Adapter which could possibly occur when the OA identifies the adapter.   An indication that the error has occurred is that the adapter would disappear from the OA’s Display even though the device is installed.  Additionally in OA versions 2.25 or later, a message will be logged to the syslog indicating the FRU corruption.
  • Fixed an issue where EBIPA configuration was lost during OA failover to redundant OA.
  • Fixed issue where an OA would unexpectedly reboot after too many open client sessions were reached.
  • Fixed a deadlock issue caused when quickly removing and reinserting the redundant OA module from an enclosure.
  • Fixed an issue where the Enclosure IP configuration may be lost when replacing a redundant OA module or the enclosure mid-plane.
  • Fixed an issue with Enclosure IP mode and OA Failover that caused no communication with Virtual Connect Manager.
  • Fixed an issue where the OA is inaccessible after  NIC speed configuration change
  • Fixed an issue to check for available power before powering on an interconnect module
  • Updated the time zone table to use ‘zoneinfo’ version 2008g.  This corrected an issue with Daylight Savings Time in Australia as well as several other countries.
  • Fixed an issue where the browser would display a “Not Acceptable” error message when attempting to login from some non-English or non-Japanese environments.
Enhancements

New support:

  • Support for new c-Class hardware devices including:
    • HP ProLiant BL460c G5
    • HP ProLiant BL465c G5
    • HP ProLiant BL495c G5
    • HP ProLiant BL680c G5
    • HP ProLiant BL685c G5
    • HP ProLiant xw2x220c Blade Workstation
    • HP ProLiant xw460c Blade Workstation
    • HP StorageWorks SB 1760c Tape Blade
    • HP Virtual Connect Flex-10 10Gb Ethernet Module
    • HP Virtual Connect 4Gb Fibre Channel Module
    • HP NC532m Dual Port 10GbE Multifunction BL-c Adapter
    • HP Smart Array P700m Controller
    • HP 2400W High Efficiency Power Supply for the c7000 enclosure
  • Support HP Insight Power Manager v2.00
Functional Enhancements:
  • To support the Enclosure Dynamic Power Capping feature, OA v2.32 has the following requirements:
    • Requires iLO v1.70 and iLO Select License.
    • On ProLiant blade servers, requires System ROM dated November 2008 or later. On the BL680c, requires 2008.09.23 or later.
    • To function properly across linked enclosures, all linked enclosures are required to be updated to OA v2.30 or later.
  • Added USB Key Support to all HP c-Class BladeSystem Enclosures
    • New OA CLI commands to support showing *.BIN, *.CFG and *.ISO files on USB key and connecting to servers
    • *.BIN file on USB key for OA firmware update
    • *.CFG file on USB key for OA configuration save/restore
    • New Insight Display USB Menu screen providing OA firmware update or OA configuration save/restore
    • *.ISO files on USB key for CD/DVD image files to be connected to servers
    • Blade OS installations can be run directly from an ISO file on a USB key which eliminates the need to burn physical CD/DVD media and allows each blade to access different ISO files.
    • HP BladeSystem Firmware Deployment Tool maintenance CD can be used directly from the .ISO file on a USB Key without burning a physical CD.
    • Enhanced OA GUI Enclosure DVD support including connecting *.ISO files on USB key to servers
  • Support LDAP and Active Directory nested groups.  This feature has been tested up to a depth of 30 nested groups but there is no limit in the depth.
  • Added remote user IP address to syslog entry for successful login to OA
  • Changed OA GUI privilege to all users to access Insight Display screenshots
  • Increase supported length of the x.509 certificate.
  • Added user configurable timeout values for telnet, SSH and GUI sessions.
  • Security fix to allow OA administrator to enable/disable OA GUI login display of Extended Data.
  • Support for both English and Japanese OA GUI versions with same firmware image.
  • Added setting to allow user-specific English or Japanese language selection or use default browser language settings.

Version:2.31 (14 Nov 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue where EBIPA configuration was lost during OA failover to redundant OA.
  • Fixed issue where an OA would unexpectedly reboot after too many open client sessions were reached.
  • Fixed a deadlock issue caused when quickly removing and reinserting the redundant OA module from an enclosure.
  • Fixed an issue where the Enclosure IP configuration may be lost when replacing a redundant OA module or the enclosure mid-plane.
  • Fixed an issue with Enclosure IP mode and OA Failover that caused no communication with Virtual Connect Manager.
  • Fixed an issue where the OA is inaccessible after  NIC speed configuration change
  • Fixed an issue to check for available power before powering on an interconnect module
  • Updated the time zone table to use ‘zoneinfo’ version 2008g.  This corrected an issue with Daylight Savings Time in Australia as well as several other countries.
Enhancements

New support:

  • Support for new c-Class hardware devices including:
    • HP ProLiant BL460c G5
    • HP ProLiant BL465c G5
    • HP ProLiant BL495c G5
    • HP ProLiant BL680c G5
    • HP ProLiant BL685c G5
    • HP ProLiant xw2x220c Blade Workstation
    • HP ProLiant xw460c Blade Workstation
    • HP StorageWorks SB 1760c Tape Blade
    • HP Virtual Connect Flex-10 10Gb Ethernet Module
    • HP Virtual Connect 4Gb Fibre Channel Module
    • HP NC532m Dual Port 10GbE Multifunction BL-c Adapter
    • HP Smart Array P700m Controller
    • HP 2400W High Efficiency Power Supply for the c7000 enclosure
  • Support HP Insight Power Manager v2.00
Functional Enhancements:
  • Enclosure Dynamic Power Capping – Dynamically manages an enclosure’s power allocation to a data center’s provisioned power envelope. See the OA User Guide v2.30 for more in-depth information.
    • Requires iLO v1.70 and iLO Advanced or iLO Select License.
    • Requires System ROM 11/1/08 or later.
    • To function properly across linked enclosures, all linked enclosures are required to be updated to OA v2.31.
  • Added USB Key Support to all HP c-Class BladeSystem Enclosures
    • New OA CLI commands to support showing *.BIN, *.CFG and *.ISO files on USB key and connecting to servers
    • *.BIN file on USB key for OA firmware update
    • *.CFG file on USB key for OA configuration save/restore
    • New Insight Display USB Menu screen providing OA firmware update or OA configuration save/restore
    • *.ISO files on USB key for CD/DVD image files to be connected to servers
    • Blade OS installations can be run directly from an ISO file on a USB key which eliminates the need to burn physical CD/DVD media and allows each blade to access different ISO files.
    • HP BladeSystem Firmware Deployment Tool maintenance CD can be used directly from the .ISO file on a USB Key without burning a physical CD.
    • Enhanced OA GUI Enclosure DVD support including connecting *.ISO files on USB key to servers
  • Support LDAP and Active Directory nested groups.  This feature has been tested up to a depth of 30 nested groups but there is no limit in the depth.
  • Added remote user IP address to syslog entry for successful login to OA
  • Changed OA GUI privilege to all users to access Insight Display screenshots
  • Increase supported length of the x.509 certificate.
  • Added user configurable timeout values for telnet, SSH and GUI sessions.
  • Security fix to allow OA administrator to enable/disable OA GUI login display of Extended Data.
  • Support for both English and Japanese OA GUI versions with same firmware image.
  • Added setting to allow user-specific English or Japanese language selection or use default browser language settings.


Version:2.26 (29 Aug 2008)
Enhancements

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Added OA Japanese localization based on browser language preference settings


Version:2.25 (1 Aug 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Corrected an issue with CLI commands “UPDATE DEVICE TRAY” and “UPDATE DEVICE ALL” where c-Class Power Supplies become unusable (refer to the advisory c01491657 - Onboard Administrator CLI Commands "UPDATE DEVICE TRAY" and "UPDATE DEVICE ALL" May Cause Enclosure Power Supplies to Become Temporarily Unusable in HP BladeSystem c3000 or c7000 Enclosures).
  • Fixed an issue where the blade representation on the GUI can be incorrect (missing or wrong size).
  • Fixed an issue where Virtual Connect credentials can be lost after an Onboard Administrator failover when the Enclosure IP feature is enabled.
  • Fixed an issue where blades may not power on after an c3000 Onboard Administrator Tray module is removed and reinserted (refer to the advisory c01162866 - Removing and Reinserting the HP BladeSystem c-Class Onboard Administrator Module on an HP BladeSystem c-Class c3000 Enclosure During Power-On Self-Test (POST) May Lead to Erroneous "High Temperature Condition" Message).
  • Fixed an issue of spurious and false power supply alerts for the c3000 enclosure.
  • Fixed an issue where virtual connect IP addresses were incorrectly assigned in c3000 enclosures.
  • Fixed an issue where OA reboots due to "Management process unresponsive".
  • Fixed an issue where OA would exhaust all memory resources.
  • Modified the OA firmware for the following partner blades which corrects a problem with erroneous partner power requests when the server blade is power cycled:
    • HP StorageWorks SB40c Storage Blade
    • HP StorageWorks SB1760c Tape Blade, HP StorageWorks SB1760c Tape Blade, HP StorageWorks Ultrium 448c Tape Blade
    • PCI Expansion blade
    • HP Graphics Expansion Blade (for the HP ProLiant xw460c Workstation Blade)
Enhancements

New features:

  • Added GUI LDAP Test Page feature
  • Added a CLI command “SHOW SERVER BOOT ORDER”.
  • Enhanced the EBIPA feature to allow a leading numeric value for DNS name settings.
  • Improved C7000 Dynamic Power Saving functionality. This improvement requires an update to the Onboard Administrator Tray microcode from version 1.2 to version 1.3. Upon upgrading to the Onboard Administrator firmware V2.25, the Onboard Administrator Tray microcode will be automatically updated.
  • Improved the downgrade firmware option so the Onboard Administrator configuration is not lost when downgrading the Onboard Administrator to version 2.21.

Version:2.21 (13 Jun 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed a network loop issue that can result when a forced Onboard Administrator failover is initiated from the Standby Onboard Administrator while the Active Onboard Administrator is in its boot-up sequence or non-responsive.
  • Fixed an issue where Virtual Connect modules may lose inter-module communication upon an Onboard Administrator failover.
  • Fixed an issue with the CLI EBIPA INTERCONNECT commands where EBIPA IP settings are not configured for Interconnect modules after the command execution. This issue existed only with the Onboard Administrator firmware V2.20. The GUI functionality was not affected. The CLI commands affected are:
    • SET EBIPA INTERCONNECT
    • ENABLE EBIPA INTERCONNECT
    • DISABLE EBIPA INTERCONNECT
  • Fixed an issue where the CLI SET USER PASSWORD command intermittently resulted in an error response when the command was issued via Telnet or SSH.

Version:2.20 (17 Apr 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Eliminated false Power Supply alerts for c7000 enclosures
  • EBIPA address setting changes do not reset Interconnect Modules
Enhancements

New hardware support:

  • HP ProLiant BL260c G5 Server Blade
  • Cisco Catalyst Blade Switch 3120X for HP
  • Cisco Catalyst Blade Switch 3120G for HP
New features:
  • Enclosure IP address option
  • Onboard Administrator failover upon link loss
  • Power-on delay option
  • Onboard Administrator network port – forced setting option
  • Onboard Administrator remote syslog logging option
  • Onboard Administrator strict password option
  • Onboard Administrator Name setting via Insight Display

Version:2.13 (15 Feb 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Fixed an issue where the Onboard Administrator could clear the Virtual Connect parameters from one or more servers following the sequence of events described below. This issue caused a "Profile Pending" condition, detected and reported by Virtual Connect Manager, that required affected servers to be powered off to clear the problem.

The Onboard Administrator is rebooted, power-cycled, or failed over followed by any of these events:

  • The Virtual Connect Manager (executing on a Virtual Connect Ethernet module in I/O bay 1 or 2) failed over
  • The Virtual Connect Manager changed IP addresses (due to a change in network connection, DHCP server, or Enclosure Bay IP Addressing setting)
  • The Virtual Connect Manager was used to change the Virtual Connect Domain Name value.


Version:2.12 (17 Jan 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue where the Onboard Administrator displayed wrong Serial Numbers or Part Numbers for HP ProLiant Blade Servers. Blade servers must complete POST (Power On Self Test) at least one time before the Onboard Administrator can display the correct information.
  • Fixed an issue where the Onboard Administrator Port Mapping page showed all zeros for some HP ProLiant Blade Servers’ embedded NIC MAC addresses.
  • Fixed an identification error for some Cisco MDS 9124e Fabric Switches.

Version:2.11 (20 Dec 2007)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Fixed security vulnerability with file uploads


Version:2.10 (28 Nov 2007)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Updated Daylight Saving Mode for New Zealand
  • Disabled web server trace/track capability to improve for security
  • Corrected Enclosure Part Number information for c3000
  • Corrected possible erroneous Onboard Administrator failover at enclosure cold power-up. This problem sometimes occurred with a full c7000 enclosure with multiple mezzanine cards installed on Integrity blades (at enclosure cold power-up).
  • Corrected possible erroneous health status display of Interconnect Modules (at enclosure cold power-up).
  • Fixed an issue where a fan in the wrong slot is marked as degraded (instead of location error information).
  • Fixed an issue where the Insight Display may stop responding.
  • Fixed an issue where a PCI Expansion blade is erroneously marked as critical when its partner blade is removed.
  • Fixed an issue where SNMP alert destinations may get reset after an Onboard Administrator reboots.
  • Fixed an issue where a SB40c Storage Blade won’t power on if it replaces a server blade that was configured for Virtual Connect.
  • Fixed an issue where the Onboard Administrator may display wrong MAC addresses for NICs 3 and 4 on a BL860c blade.
  • Fixed an issue where the Onboard Administrator may report a blade server is powered on while consuming 0 watts. The server blade status is actually off when this issue occurs.
  • Fixed an issue where the Onboard Administrator may encounter an unintended re-boot when Virtual Connect is installed.
  • Included an updated version (2.10.3) of the HP 4Gb Fibre Channel Pass-Thru Module Firmware. This Firmware should be loaded onto the Fibre Channel Pass-Thru Module if its HBA Ports exhibit low SAN bandwidth or become unresponsive under certain conditions.
Enhancements

New Hardware Support:

  • NC360m Dual-port  1GbE BL-c Adapter
  • NC364m Quad-port 1GbE BL-c Adapter
  • 1/10Gb-F Virtual Connect Ethernet Fiber Module
  • StorageWorks SB920c Tape Blade
  • Tower Version of c3000 Enclosure
  • KVM Module for c3000 Enclosure
  • DC Power Supply for c7000 Enclosure
New Firmware Features:
  • Two-factor Authentication option for Onboard Administrator log-in
  • SNMP Test Trap Generator
  • Alertmail Test Mail Generator
  • Integrity Blade System Health information is available in the OA GUI and CLI. as a diagnostic field
  • In SNMP, added AC Input Power consumption information for each power supply
  • Improved GUI loading performance for multiple enclosure display
  • Added Onboard Administrator syslog entries for single sign-on events from HP System Insight Manager.

Version:2.04 (19 Sep 2007)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Corrected an issue where fan speed was limited if a server blade was in bay 16 of the HP BladeSystem c7000
  • Corrected  the HP BladeSystem c3000 port-mapping information for the HP Network Configuration Utility
  • Eliminated false “power supply failed” messages under Dynamic Power Saving mode
  • Corrected an issue where the CLI UPDATE IMAGE TFTP command did not supporting paths
  • Corrected an issue where the Enclosure Part Number display did not match the actual Enclosure SKU Part Number.


Version:2.02(a) (31 Jul 2007)
Version:2.01 (29 Jun 2007)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue where a user couldn't login to a ProLiant Essentials Integrated Lights-Out 2 with a Select License
  • Fixed an identification error with the Cisco MDS 9124e
  • Eliminated false “fan degraded” alerts.
  • Eliminated false “power supply failed” alerts.
  • Corrected the issue of missing server names on the GUI tree view.
  • Corrected the issue of fan speed remaining high when blades are not allowed to complete POST.
  • Corrected the LDAP issue “LDAP users that employ a search context to authenticate to the Onboard Administrator have no permissions”.
  • Corrected the LDAP issue “LDAP users cannot authenticate to the Onboard Administrator when it is configured for Novell eDirectory or NDS servers."
  • Allowed DDNS change to take effect without rebooting the Onboard Administrator.
  • Corrected the issue of false Enclosure Link alerts.
  • V2.00 firmware detects certain serial numbers of HP ProLiant BL465c server blades and informs the customer to have the system board replaced (refer to the Customer Advisory c01064842).
  • V2.00 firmware includes the updated firmware for the following devices. Use the CLI Update command to update these devices as required.
    • HP StorageWorks SB40c Storage Blade
      • Corrected the issue where the SB40c may go offline and disconnect from the partner Blade server.
    • HP StorageWorks Ultrium 448c Tape Blade
      • Corrected the issue where the tape blade may go offline and disconnect from the partner Blade server.
    • Ethernet Pass-through module
      • Corrected the issue of activity LED being ON when there is no link.
      • Corrected the issue of long link up-time on the copper port.
  • Fixed an issue where MAC addresses were not shown properly in the server info page when a server blade had a Virtual Connect profile
Enhancements

New Hardware Support:

  • USB DVD drive support for iLO virtual media scripting for HP ProLiant server blades in c-7000 enclosures. HP Integrity blade support will be available in conjunction with an appropriate Integrity iLO firmware release in the future.
  • PCI Expansion Blade
  • GbE2c Layer 2/3 Ethernet Blade Switch
  • 1:10Gb Ethernet BL-c Switch
Features and Enhancements:
  • Increased the maximum Onboard Administrator password length to 40 characters (from 8).
  • Increased the maximum Onboard Administrator user name length to 40 characters (from 13).
  • Enhanced the GUI Port Mapping page to display Mezz card product name and MAC addresses.
  • Added automatic refreshing of selected Power Management and Thermal Management pages.
  • Enhanced the GUI Power Summary page to display the current power output for each individual power supply.
  • Enhanced the GUI Current Enclosure Inventory scripts and the CLI “Show All” command to include additional inventory and status data.
  • Enhanced the GUI Rack View page to display iLO2 and BIOS firmware versions.
  • Added a GUI display of active Onboard Administrator sessions. Added an option to terminate Onboard Administrator sessions.
  • Enhanced the GUI Bay Summary Virtual Button drop-down menu to include all available iLO options (Momentary Press, Press & Hold and Reset).
  • Added a Print button on various GUI device status pages.
  • Allowed blades to power on when the fan sub-system is degraded by one failed fan.
  • Allowed “root” as a user name (previously it was reserved).
  • Allowed “*” in SNMP community strings.
  • Increased the maximum NTP polling period to 24 hours.
  • Added Onboard Administrator Syslog entries that indicate its external network speed (10 or 100 Mbps) and duplex mode (full or half).
  • Added a CLI command (HPONCFG) to send RIBCL scripts to selected iLOs.
  • Added a CLI command (Update) to update selected microcontroller firmware for enclosure infrastructure components.


Version:1.30 (15 Feb 2007)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


  • Fixed an issue where an Interconnect Module would erroneously be marked as having a non-recoverable error
  • Corrected a FRU display issue with Ethernet Pass-through modules
  • Corrected an issue where an HP ProLiant BL465c would not power up and would display an error message in the iLO remote console that said “high temperature condition detected by processor”
Enhancements

  • Added support for the HP Integrity BL860c
  • Added support for the Cisco MDS 9124 and Cisco MDS 9124e
  • Enhanced thermal logic
  • Enhanced EBIPA to allow specific IP address assignment per bay
  • Added a CLI command to simulate a removal and insertion of a device
  • Added iLO CLI access from the command line for both HP ProLiant and HP Integrity servers.
  • Added iLO virtual serial console access from the command line for HP ProLiant servers
  • Added support for Internet Explorer 7.0 and Firefox 2.0
  • Improved the time it takes for the OA to power on a full enclosure of devices
  • Added support for the daylight savings time changes in 2007 and 2008
  • Added iSCSI MAC address display on the GUI Port Mapping page
  • Added CLI commands to program the enclosure serial number, enclosure part number and AC input module type
  • GUI Navigation Tree now shows the Blade Server Name if it's set by the customer in the server blade's RBSU

Version:1.20 (5 Dec 2006)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


  • Minor bug fixes
Enhancements

  • Low Voltage Power support for HP BladeSystem c7000 single-phase enclosures
  • Support for a 24 hour power meter for the entire enclosure
  • Enhanced Thermal Logic features
  • GUI enhancements


Version:1.12 (8 Nov 2006)
Fixes
  • Fixed a bug where the user may get the error "The soap response packet was unparseable" when entering text into the web interface.
  • Fixed a bug where a password that was eight characters long could be matched to a password of greater than eight characters if the first eight characters were equivalent.
  • Fixed a bug where commands being run remotely from an SSH client may not complete successfully

Version:1.11 (11 Oct 2006)
Enhancements
Updated to prevent a kernel panic when an IEEE802.2 link-level test frame is sent to the OA MAC address. The link-level test frame is used to test network connectivity at the link-layer (layer 2). This release removes Logical Link Layer type 2, connection oriented support from the kernel.

Version:1.1 (3 Oct 2006)
Enhancements
Added support for the following:
  • HP 1/10Gb Virtual Connect Ethernet Module
  • HP Infiniband for HP BladeSystem c-Class
  • HP StorageWorks SB-40c


Version:1.01 (24 Aug 2006)
Fixes
Resolved an issue where not all blades would power on upon insertion into the enclosure.

Version:1.00 (23 Aug 2006)
Enhancements

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Initial release.


Type: Firmware - Blade Infrastructure
Version: 4.40(31 Mar 2015)
Operating System(s):
Asianux 3
CentOS 5
Citrix XenServer 4.x
Citrix XenServer 5.x
Debian GNU/Linux 4.0 (AMD64/EM64T)
Debian GNU/Linux 4.0 (x86)
Debian GNU/Linux 5.0 (AMD64/EM64T)
Debian GNU/Linux 5.0 (x86)
Debian GNU/Linux 6.0
HP-UX 11.31 (IA)
HP-UX 11.x
Microsoft Windows 2000
Microsoft Windows 8 (32-bit)
Microsoft Windows 8 (64-bit)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows Server 2003 for 64-bit Extended Systems
Microsoft Windows Server 2008 Essential Business
Microsoft Windows Server 2008 Foundation Edition
Microsoft Windows Server 2008 Itanium
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 R2 Foundation Edition
Microsoft Windows Server 2008 R2 for Itanium-Based Systems
Microsoft Windows Server 2008 Small Business
Microsoft Windows Server 2008 W32
Microsoft Windows Server 2008 x64
Microsoft Windows Server 2012
Microsoft Windows Server 2012 Essentials
Microsoft Windows Server 2012 R2
Microsoft Windows Storage Server 2003
Microsoft Windows Vista (32-bit)
Microsoft Windows Vista (64-bit)
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP Professional
Microsoft Windows XP Professional x64 Edition
Novell NetWare 6.5
OS Independent
OpenVMS v8.2-1
OpenVMS v8.3
OpenVMS v8.4
Oracle Linux 5 (AMD64/EM64T)
Oracle Linux 5 (x86)
Red Hat Enterprise Linux 3 (AMD64/EM64T)
Red Hat Enterprise Linux 3 (Itanium)
Red Hat Enterprise Linux 3 (x86)
Red Hat Enterprise Linux 4 (AMD64/EM64T)
Red Hat Enterprise Linux 4 (Itanium)
Red Hat Enterprise Linux 4 (x86)
Red Hat Enterprise Linux 5 Desktop (x86-64)
Red Hat Enterprise Linux 5 Server (Itanium)
Red Hat Enterprise Linux 5 Server (x86)
Red Hat Enterprise Linux 5 Server (x86-64)
Red Hat Enterprise Linux 6 Server (x86)
Red Hat Enterprise Linux 6 Server (x86-64)
Red Hat Enterprise Linux 7 Server
Red Hat Linux 6.2
SUSE Linux Enterprise Server 10 (AMD64/EM64T)
SUSE Linux Enterprise Server 10 (Itanium)
SUSE Linux Enterprise Server 10 (x86)
SUSE Linux Enterprise Server 11 (AMD64/EM64T)
SUSE Linux Enterprise Server 11 (Itanium)
SUSE Linux Enterprise Server 11 (x86)
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 9 (AMD64/EM64T)
SUSE Linux Enterprise Server 9 (Itanium)
SUSE Linux Enterprise Server 9 (x86)
Solaris 10 for x86 Systems
Solaris 11.1
Ubuntu 13.10
Ubuntu 9.10 (AMD64/EM64T)
Ubuntu 9.10 (x86)
VMware ESX Server 3.0
VMware ESX/ESXi 4.0
VMware ESX/ESXi 4.1
VMware ESX/ESXi Server 3.5
VMware ESXi 5.0
VMware vSphere 5.1
VMware vSphere 5.5

Description

This file contains the firmware image for the HP BladeSystem c-Class Onboard Administrator. This firmware provides management capabilities for the HP BladeSystem c-Class Enclosure.

Enhancements

  • General
    • Cipher suites are now configured and displayed using their RFC 5246 standardized names. 

Installation Instructions

Prerequisites:
The Onboard Administrator Smart Component contains 32-bit executable binaries.  As a result, the client operating system upon which the OA Smart Component is installed and executed must either have native support for 32-bit executables or must have the 32-bit compatibility libraries installed.


To ensure the integrity of your download, HPE recommends verifying your results with this SHA-256 Checksum value:

8cc7f3c7ed7b7e8a15a8ed330e46d9dbafe684bce7b38181787b86a917396bb3 hpoa440.bin

Reboot Requirement:
Reboot is optional after installation. Updates will be effective after reboot. Hardware stability will be maintained without reboot.


Installation:
Place the firmware image file onto a system on the same network as the HP BladeSystem c-Class Onboard Administrator.

Log in to the Onboard Administrator’s web-based user interface as an administrator. Firmware Update is available under the Active Onboard Administrator category. You may select the firmware image by entering a path to the file in the "Local File" field or by clicking on the "Browse" button to locate the firmware image on the local machine, a mapped drive, or a network share.

Click "Upload" to begin the firmware update process.

The user guide for the Onboard Administrator is located here.
The user guide for the Onboard Administrator command line interface is located here.


Release Notes

End User License Agreements:
BladeSystem Onboard Administrator Software End User License Agreement


Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


Important:

Important Notes

  • EFM  
    • The OA only supports SPP ISO images that are less than 4 GB in size, whether hosted directly via the Enclosure DVD feature or an attached USB key, or mounted remotely via a specified URL. If an ISO image exceeds 4 GB,  the CLI SHOW FIRMWARE MANAGEMENT command displays ISO URL Status as “Invalid URL.”
      • If an SPP ISO image exceeds 4 GB, it is necessary to create a custom ISO image that excludes components unnecessary to the OA EFM blade firmware update process.  At a minimum, the custom ISO must contain the firmware components for HP ProLiant BL servers. (When using HP SUM to create the custom ISO image, select Firmware as the Component Type, and select HP ProLiant BL Series as the Server Type.)  For information about creating a custom ISO image compatible for OA EFM functionality, see the HP BladeSystem Onboard Administrator User Guide. More HP SUM information can be found via HP Smart Update Manager online help or at http://www.hp.com/go/hpsum/documentation.
  • IPv6
    • When the Enable DHCPv6 or Enable SLAAC enclosure IPv6 settings are disabled on the Onboard Administrator, the respective DHCPv6 or SLAAC addresses of the iLOs in the enclosure are retained until these addresses expire automatically based on their respective configurations.  A manual reset of the iLO releases these addresses immediately.
  • ​Security
    • ​ Support for several cipher suites has been removed due to the generally acknowledged weakness of the associated encryption algorithms. The OA now supports only the cipher suites listed in the following table. To successfully establish a secure connection to the OA via SSL, clients must support one or more of these cipher suites.
      • Note specifically that Windows 2003 Active Directory and Internet Explorer might not successfully connect to the OA due to the lack of default support for at least one of the supported cipher suites.  
      • You can add the necessary support by installing and enabling Advanced Encryption Standard (AES) based cipher suites in Windows 2003. Refer to Microsoft hotfix available at http://support.microsoft.com/kb/948963.
 
SSL/TLS cipher suites Standard names for SSL/TLS cipher suites
EDH-RSA-DES-CBC3-SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
DHE-RSA-AES128-SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA
DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA
AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA
AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA
ECDHE-RSA-DES-CBC3-SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ECDHE-RSA-AES128-SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDHE-RSA-AES256-SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
AES128-GCM-SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256
AES256-GCM-SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384
ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
AES128-SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256
AES256-SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256


Notes:

Deliverable Name:

HP BladeSystem c-Class Onboard Administrator Firmware

Release Version:

Version 4.40

Previous Version of Firmware:

Version 4.30

Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

 Important Notes

  • EFM
The OA only supports SPP ISO images that are less than 4 GB in size, whether hosted directly via the Enclosure DVD feature or an attached USB key, or mounted remotely via a specified URL. If an ISO image exceeds 4 GB,  the CLI SHOW FIRMWARE MANAGEMENT command displays ISO URL Status as “Invalid URL.”

If an SPP ISO image exceeds 4 GB, it is necessary to create a custom ISO image that excludes components unnecessary to the OA EFM blade firmware update process.  At a minimum, the custom ISO must contain the firmware components for HP ProLiant BL servers. (When using HP SUM to create the custom ISO image, select Firmware as the Component Type, and select HP ProLiant BL Series as the Server Type.)  For information about creating a custom ISO image compatible for OA EFM functionality, see the HP BladeSystem Onboard Administrator User Guide. More HP SUM information can be found via HP Smart Update Manager online help or at http://www.hp.com/go/hpsum/documentation
  • FIPS
OA 3.71 has received FIPS 140-2 Certification  (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2014.htm#2174)  
  • IPv6
When the Enable DHCPv6, Enable Router Advertisements, or Enable SLAAC enclosure IPv6 settings are disabled on the Onboard Administrator, the respective DHCPv6 or SLAAC addresses of the iLOs in the enclosure are retained until these addresses expire automatically based on their respective configurations.  A manual reset of the iLO releases these addresses immediately.
  • Security
Support for several cipher suites has been removed due to the generally acknowledged weakness of the associated encryption algorithms. The OA now supports only the cipher suites listed in the following table. To successfully establish a secure connection to the OA via SSL, clients must support one or more of these cipher suites.
Note specifically that Windows 2003 Active Directory and Internet Explorer might not successfully connect to the OA due to the lack of default support for at least one of the supported cipher suites listed. You can add the necessary support by installing and enabling Advanced Encryption Standard (AES) based cipher suites in Windows 2003. Refer to Microsoft hotfix available at http://support.microsoft.com/kb/948963.  
SSL/TLS cipher suites Standard names for SSL/TLS cipher suites
EDH-RSA-DES-CBC3-SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
DHE-RSA-AES128-SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA
DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA
AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA
AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA
ECDHE-RSA-DES-CBC3-SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ECDHE-RSA-AES128-SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDHE-RSA-AES256-SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
AES128-GCM-SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256
AES256-GCM-SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384
ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
AES128-SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256
AES256-SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256
 
 
Enhancements/New Features


Problems Fixed
  • General
  • Devices with MAC addresses ending with “81:00” (such as f8:66:f2:6d:81:00) were unable to communicate with the OA. Some examples of the observed symptoms were:
Attempts to ping the OA from the device fail The OA cannot use such a device as a gateway
The OA GUI and CLI cannot be used from this device   "CERTS: Failed to open flash"
This had no functional impact; the entry could be ignored. 
  • Documentation
    •  In the September 2014 (Edition 23) HP BladeSystem Onboard Administrator CLI User Guide for OA 4.30, within the description of the SET HTTP REQUESTREADTIMEOUT command, a command showing recommended values had the BODY MINRATE value as 50 instead of the correct value 500. The command with the correct recommended values is as follows:
SET HTTP REQUESTREADTIMEOUT HEADER 3-8 MINRATE 500 BODY 5-10 MINRATE 500

This error was corrected in the October 2014 (Edition 24) document. 
  • EFM
    • In rare cases, the Active OA module would reboot expectedly during the update of the OA firmware on redundant OA modules.  When this issue occurred, the Active OA module would reboot during the transfer of the OA firmware image to the Standby OA module.  The OA firmware update would fail to complete successfully; a segmentation fault (SEGV) error would be logged in the Active OA system log.  This issue did not cause any firmware or data corruption, and the OA firmware update could be successful if retried following the occurrence of this issue. Note that this issue could only be encountered when updating OA modules running OA 4.30 firmware.  
    • Attempts to update the firmware failed on an HP ProLiant Gen9 server blade configured in UEFI Boot Mode or UEFI Optimized Boot Mode. When this failure occurred, the firmware log for the blade server would indicate an error similar to the following for each update attempt, including the two automatic retries that occur on failure:
Jul 15 09:34:19 Unable to detect ISOLINUX booting.
A final status report similar to the following would also be issued:
Jul 15 10:30:33 Firmware Management is incomplete on blade <bay number>.  Unable to mount ISO or validate version information. The URL or ISO is invalid.
  •  CLI commands affected include those that depend on the URL specification via the SET FIRMWARE MANAGEMENT URL command (such as the UPDATE FIRMWARE SERVER command and the UPDATE IMAGE FW_ISO command). 
  •  The EFM firmware log would indicate "Firmware Management successfully completed on blade x" even if the iLO firmware update failed to complete successfully.  
  • IPv6
    • Configuration scripts could not be applied to another OA properly when attempting to configure new EBIPA DNS IPv4/IPv6 addresses or IPv6 routes. Attempts to change the configurations could only add new addresses to those of the previous configuration. It was not possible to replace the existing addresses with the new ones.
The following CLI commands now include the ALL keyword to allow clearing of all unwanted addresses or routes:
REMOVE EBIPA SERVER DNS ALL
REMOVE EBIPAV6 SERVER DNS ALL
REMOVE OA ROUTE IPV6 <ACTIVE|STANDBY> ALL

A configuration script can now use these commands to clear the previous (unwanted) EBIPA DNS IP addresses and IPv6 static routes, and then add the new ones. 
  • KVM
    • Pressing Enter four times consecutively on a keyboard attached to the c7000 Enclosure integrated KVM module would cause the highlighted blade server on the KVM screen to power off or on, depending on its current power state. This issue has been fixed by interchanging the Ok/Confirm and Cancel buttons on the Confirm: Change Server Power and Change Server Power screens so that the Cancel button is highlighted by default instead of the OK or Confirm button. The default focus is set on the Cancel button. (QXCR1001357592)
  •  Security
    • The following security vulnerabilities were fixed:
    • This release of the OA resolves this security vulnerability by compiling OpenSSl with OPENSSL_NO_SRTP (the OA does not use DTLS and SRTP).
      • CVE-2014-0139: A vulnerability affecting SSL/TLS transactions that might allow a man-in-the-middle attacker to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certificate Authority.
      • CVE-2014-0015: A vulnerability when more than one authentication method is enabled and NTLM connections are reused, which might allow context-dependent attackers to authenticate as other users via a request.
      • CVE-2014-0138: A vulnerability affecting certain LDAP connections that might allow context-dependent attackers to connect as other users via a request (similar to issue CVE-2014-0015).
      • CVE-2014-2522: A vulnerability when running on Windows and using an SChannel/Winssl TLS backend. When accessing a URL that uses a numerical IP address, curl does not verify that the server host name matches a domain name in the subject’s CN or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
    • In addition, OpenSSL has been updated to version 1.0.1h to address multiple CVE fixes.
  • SSH/SSL keys
    • With OA firmware later than 4.0x, attempts to add an SSH key using the OA CLI ADD SSH KEY command might fail. Intermittently, after issuing the command, the user received an error message ("The submitted file is not a valid SSH key."), in which case the command failed. 
  • SNMP
  • SNMP alerts (or traps) sent from the OA to an IPv6 SNMP alert destination are sent incorrectly to destination port 161 instead of port 162 (per RFC 1157) when no destination port is explicitly specified as part of an IPv6 SNMP alert destination configuration. 
 Known Issues
  • Browsers
    • SSO-to-iLO connection from the OA using an iLO host name fails with Microsoft® Internet Explorer 11 on Windows 8. On a Windows 8 system with Internet Explorer 10 or Internet Explorer 11, if the OA web GUI session is loaded using a host name instead of an IP address, an attempt to open an iLO window using SSO from the OA web GUI might result in the iLO page loading in the OA web GUI window instead of the intended new window.
This issue was determined to be a bug in Internet Explorer and is expected to be fixed in a future release or update for  Internet Explorer.  To work around this issue, either use an IP address to load the OA Web GUI, or turn off Protected Mode for the appropriate zone in Internet Explorer’s settings. This issue occurs only on Internet Explorer browsers.    
  • FIPS
  • Certificates smaller than 2048 bits in size are not compliant with FIPS requirements as enforced by the OA firmware starting with OA 4.20.  When the OA running OA firmware version 4.40 or greater is operating in FIPS Mode ON or DEBUG and is configured with a  1024-bit LDAP certificate that was installed when running a previous version of OA firmware, FIPS Mode ON/DEBUG is considered to be operating in a degraded state due to the presence of the non-compliant certificate.  While operating in this degraded FIPS Mode operational state, attempts to set FIPS Mode OFF from the OA GUI Network Access > FIPS tab will fail and show the error message “The selected FIPS mode is already enabled”.  When the non-compliant certificate is removed, the degraded FIPS operational status is cleared, FIPS Mode can then be successfully set to OFF from the GUI interface.  Note that the OA CLI command SET FIPS MODE OFF can be successfully used to set FIPS Mode OFF even with non-compliant 1024-bit LDAP certificates installed in the OA.


Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


General

  • Devices with MAC addresses ending with “81:00” (such as f8:66:f2:6d:81:00) were unable to communicate with the OA. Some examples of the observed symptoms were:
Attempts to ping the OA from the device fail The OA cannot use such a device as a gateway The OA GUI and CLI cannot be used from this device  This had no functional impact; the entry could be ignored. 
Documentation
  • In the September 2014 (Edition 23) HP BladeSystem Onboard Administrator CLI User Guide for OA 4.30, within the description of the SET HTTP REQUESTREADTIMEOUT command, a command showing recommended values had the BODY MINRATE value as 50 instead of the correct value 500. The command with the correct recommended values is as follows: SET HTTP REQUESTREADTIMEOUT HEADER 3-8 MINRATE 500 BODY 5-10 MINRATE 500
This error was corrected in the October 2014 (Edition 24) document.
  EFM
  • In rare cases, the Active OA module would reboot expectedly during the update of the OA firmware on redundant OA modules.  When this issue occurred, the Active OA module would reboot during the transfer of the OA firmware image to the Standby OA module.  The OA firmware update would fail to complete successfully; a segmentation fault (SEGV) error would be logged in the Active OA system log.  This issue did not cause any firmware or data corruption, and the OA firmware update could be successful if retried following the occurrence of this issue. Note that this issue could only be encountered when updating OA modules running OA 4.30 firmware.  o   Attempts to update the firmware failed on an HP ProLiant Gen9 server blade configured in UEFI Boot Mode or UEFI Optimized Boot Mode. When this failure occurred, the firmware log for the blade server would indicate an error similar to the following for each update attempt, including the two automatic retries that occur on failure: Jul 15 09:34:19 Unable to detect ISOLINUX booting. A final status report similar to the following would also be issued:
Jul 15 10:30:33 Firmware Management is incomplete on blade <bay number>.
  • When using an HP Firmware Management ISO image based on a URL that includes the HTTP port (for example, http://10.226.36.35:8080/bp-151ilo-2014-08-26-1.iso),  EFM failed to mount the image. The following error message would be displayed: Unable to mount ISO or validate version information. The URL or ISO is invalid.   CLI commands affected include those that depend on the URL specification via the SET FIRMWARE MANAGEMENT URL command (such as the UPDATE FIRMWARE SERVER command and the UPDATE IMAGE FW_ISO command).  o   The EFM firmware log would indicate "Firmware Management successfully completed on blade x" even if the iLO firmware update failed to complete successfully. 
 IPv6
  • Configuration scripts could not be applied to another OA properly when attempting to configure new EBIPA DNS IPv4/IPv6 addresses or IPv6 routes. Attempts to change the configurations could only add new addresses to those of the previous configuration. It was not possible to replace the existing addresses with the new ones. The following CLI commands now include the ALL keyword to allow clearing of all unwanted addresses or routes:
  • REMOVE EBIPA SERVER DNS ALL
  • REMOVE EBIPAV6 SERVER DNS ALL
  • REMOVE OA ROUTE IPV6 <ACTIVE|STANDBY> ALL
A configuration script can now use these commands to clear the previous (unwanted) EBIPA DNS IP addresses and IPv6 static routes, and then add the new ones.   
  KVM
  • Pressing Enter four times consecutively on a keyboard attached to the c7000 Enclosure integrated KVM module would cause the highlighted blade server on the KVM screen to power off or on, depending on its current power state. This issue has been fixed by interchanging the Ok/Confirm and Cancel buttons on the Confirm: Change Server Power and Change Server Power screens so that the Cancel button is highlighted by default instead of the OK or Confirm button. The default focus is set on the Cancel button.
  Security
  • The following security vulnerabilities were fixed:   
  • CVE-2014-3511: A vulnerability could be exploited by launching man-in-the-middle attacks to force the use of TSL 1.0 instead of the intended later version of TLS. This is documented in HP Security Bulletin HPSBMU03104 (https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04427546).
  • CVE-2007-2242: A vulnerability could be exploited by launching denial-of-service attacks via crafted IPv6 type 0 router headers between two routers, resulting in network congestion. This is documented in HP Security Bulletin HPSBMU03104 (https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04427546).
  • CVE-2014-3567: A vulnerability can be exploited to cause a DOS denial-of-service (memory consumption) attack via crafted session tickets that triggers an integrity check-failure.
  • CVE-2014-3513: A vulnerability can be exploited to cause a denial of service (memory consumption) via a crafted handshake message.
  • CVE-2014-3513: SRTP Memory Leak – a memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 (before 1.0.1j) allows remote attackers to cause denial of service (memory consumption) via a crafted handshake message.
  • This release of the OA resolves this security vulnerability by compiling OpenSSl with OPENSSL_NO_SRTP (the OA does not use DTLS and SRTP). 
  • CVE-2014-0139: A vulnerability affecting SSL/TLS transactions that might allow a man-in-the-middle attacker to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certificate Authority.
  • CVE-2014-0015: A vulnerability when more than one authentication method is enabled and NTLM connections are reused, which might allow context-dependent attackers to authenticate as other users via a request.
  • CVE-2014-0138: A vulnerability affecting certain LDAP connections that might allow context-dependent attackers to connect as other users via a request (similar to issue CVE-2014-0015).
  • CVE-2014-2522: A vulnerability when running on Windows and using an SChannel/Winssl TLS backend. When accessing a URL that uses a numerical IP address, curl does not verify that the server host name matches a domain name in the subject’s CN or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. 
  • In addition, OpenSSL has been updated to version 1.0.1h to address multiple CVE fixes.

 SSH/SSL keys
  • With OA firmware later than 4.0x, attempts to add an SSH key using the OA CLI ADD SSH KEY command might fail. Intermittently, after issuing the command, the user received an error message ("The submitted file is not a valid SSH key."), in which case the command failed. 

SNMP 
  • SNMP alerts (or traps) sent from the OA to an IPv6 SNMP alert destination are sent incorrectly to destination port 161 instead of port 162 (per RFC 1157) when no destination port is explicitly specified as part of an IPv6 SNMP alert destination configuration.
    •  The OA HTTP service would become unresponsive and communication to the OA would be lost after removing a local user account with OA administrator level privileges.  This issue in only occurred when the removed user account had previously been used to configure network services on the OA module.  

Important

Important Notes

  • EFM  
    • The OA only supports SPP ISO images that are less than 4 GB in size, whether hosted directly via the Enclosure DVD feature or an attached USB key, or mounted remotely via a specified URL. If an ISO image exceeds 4 GB,  the CLI SHOW FIRMWARE MANAGEMENT command displays ISO URL Status as “Invalid URL.”
      • If an SPP ISO image exceeds 4 GB, it is necessary to create a custom ISO image that excludes components unnecessary to the OA EFM blade firmware update process.  At a minimum, the custom ISO must contain the firmware components for HP ProLiant BL servers. (When using HP SUM to create the custom ISO image, select Firmware as the Component Type, and select HP ProLiant BL Series as the Server Type.)  For information about creating a custom ISO image compatible for OA EFM functionality, see the HP BladeSystem Onboard Administrator User Guide. More HP SUM information can be found via HP Smart Update Manager online help or at http://www.hp.com/go/hpsum/documentation.
  • IPv6
    • When the Enable DHCPv6 or Enable SLAAC enclosure IPv6 settings are disabled on the Onboard Administrator, the respective DHCPv6 or SLAAC addresses of the iLOs in the enclosure are retained until these addresses expire automatically based on their respective configurations.  A manual reset of the iLO releases these addresses immediately.
  • ​Security
    • ​ Support for several cipher suites has been removed due to the generally acknowledged weakness of the associated encryption algorithms. The OA now supports only the cipher suites listed in the following table. To successfully establish a secure connection to the OA via SSL, clients must support one or more of these cipher suites.
      • Note specifically that Windows 2003 Active Directory and Internet Explorer might not successfully connect to the OA due to the lack of default support for at least one of the supported cipher suites.  
      • You can add the necessary support by installing and enabling Advanced Encryption Standard (AES) based cipher suites in Windows 2003. Refer to Microsoft hotfix available at http://support.microsoft.com/kb/948963.
 
SSL/TLS cipher suites Standard names for SSL/TLS cipher suites
EDH-RSA-DES-CBC3-SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
DHE-RSA-AES128-SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA
DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA
AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA
AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA
ECDHE-RSA-DES-CBC3-SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
ECDHE-RSA-AES128-SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDHE-RSA-AES256-SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
AES128-GCM-SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256
AES256-GCM-SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384
ECDHE-RSA-AES128-SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
AES128-SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256
AES256-SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256

Revision History

Version:4.90 (2 Apr 2019)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


General

  • Addressed an issue where Onboard Administrator is not reachable when the port speed changes from 100M to 1000M in auto-negotiation mode. This issue is described by Customer Advisory : https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=1844065&docLocale=en_US&docId=emr_na-c04866545
  • Addressed an issue where the DHCPv6 service does not start after an Onboard Administrator reboots causing it to reboot again after 15 minutes.
  • Addressed an issue related to ssl protocols enable or disable in the Onboard Administrator Command Line Interface (CLI) where proper error message is displayed. When the password entered is less than eight characters, the ambient temperature of the BL460c Gen10 blade is not displayed.
  •  Addressed issues in Onboard Administrator GUI pages related to:
    1. Power management
    2. Front view display of BL460c Gen10 blade

    3. Login feature into linked enclosure and Two-factor authentication

  • Addressed an issue where syslog messages were not added for dynamic dns setting and LDAP group access changes.
  • Addressed an issue where SNMP GET for Onboard Administrator system description OID displays a wrong value.
  • Addressed an issue where Blade Switch 6125G firmware version is not displayed after rebooting OA.
  • Addressed an issue where Onboard Administrator responds to internal private IP ping requests from management interface.
  • Addressed the issue of delay in the powering of the blades after an enclosure power cycle in a VCM managed enclosure.
  • Addressed an issue in the SNMP where power supply OK traps are not sent out after an enclosure power cycle.
  • Addressed the issues related to user certificate usage in the Onboard Administrator where the same certificate cannot be used for multiple users and checking the syntax of IPv6 address if used in the certificate.
  • Addressed the issues present in the previous versions of the Onboard Administrator online help.
  • Addressed an issue in FIPS ON mode where Onboard Administrator CLI will display information about the password requirements when an invalid password in entered by the user.
  • Fixed an issue related to ambient temperature display of Gen10 blades in Command Line Interface (CLI).
  • Fixed an issue in First Time Setup Wizard page in GUI where in FIPS ON mode, user will not able to set DEBUG to ON.
  • Addressed an issue where messages are not logged in syslog when Device and Interconnects bay access are updated for a LDAP group.
  • Fixed an issue related to Blade part number display in OA GUI and CLI.

Security

  The following security vulnerabilities are fixed:

  • CVE-2018-0732- Addressed the issue where the possibility of a malicious server sending a large prime value to the client from DH (E) based ciphersuite during the key agreement in a TLS handshake resulting in the client to take a long time to generate a key with the prime and exploited in a Denial Of Service attack.
  • CVE-2018-0737- Addressed the issue of vulnerability of the OpenSSL RSA Key generation algorithm to the cache timing side channel attack.

Issues and workarounds

Browsers

  • OA GUI is not accessible in Chrome versions 43.0.2357.10 to 44.0.2383.The issue was caused by a “regression” in Chrome (or WebKit). Customers should use an alternative browser like Firefox or Internet Explorer or try a different version of Chrome.
  • SSO-to-iLO connection from the OA using an iLO host name fails with Microsoft Internet Explorer11 on Windows 8. On a Windows 8 system with Internet Explorer 10 or Internet Explorer 11, if the OA web GUI session is loaded using a host name instead of an IP address, an attempt to open an iLO window using SSO from the OA web GUI might result in the iLO page loading in the OA web GUI window instead of the intended new window. This issue was determined to be a bug in Internet Explorer and is expected to be fixed in a future release or update for Internet Explorer. To work around this issue, either use an IP address to load the OA Web GUI, or turn off Protected Mode for the appropriate zone in Internet Explorer’s settings. This issue occurs only on Internet Explorer browsers.

FIPS

Certificates smaller than 2048 bits in size are not compliant with FIPS requirements as enforced by the OA firmware starting with OA 4.20. When the OA running OA firmware version 4.40 or greater is operating in FIPS Mode ON/DEBUG and is configured with a 1024-bit LDAP certificate that was installed when running a previous version of OA firmware, FIPS Mode ON/DEBUG is considered to be operating in a degraded state due to the presence of the non-compliant certificate. While operating in this FIPS-Degraded Mode operational state, attempts to set FIPS Mode OFF from the OA GUI Network Access>FIPS tab will fail and show the error message The selected FIPS mode is already enabled. When the non-compliant certificate is removed, the FIPS-Degraded operational status is cleared, FIPS Mode can then be successfully set to OFF from the GUI interface. Note that the OA CLI command SET FIPS MODE OFF can be successfully used to set FIPS Mode OFF even with non-compliant 1024-bit LDAP certificates installed in the OA.

IRC

Unable to open .net IRC console for Gen10 Blades, Gen9 Blades also have the same issue. The Java applet and Webstart however, loads but the virtual media mounting fails. The work around is to launch the IRC through IRC Application (HPE Lights-Out Stand Alone Remote Console) which is installed on terminal client.

EFM

To use EFM on Gen 10 Blades, please select options/filters “Make Bootable ISO file” and Enclosure Firmware Management” while creating custom SPP ISO on HPE SUM 8.0.0. Please refer to HPE SUM 8.0.0 User guide for further details.

CAC

  • In the CAC mode SSH, Telnet and XML Reply protocols will be disabled.
  • Linked enclosure login will not work if the linked enclosure in CAC mode.
  • If accurate Service account details are not provided, LDAP user login with certificate will fail.
  • It is highly recommended to establish a recovery plan before getting started with CAC.  If something goes wrong with the OA configuration, the OA may be recovered through the serial port or Insight Display panel and USB KEY. Both methods require physical access to the OA.  However, if an LCD PIN has been configured (and forgotten) and local accounts have been disabled or CAC has been incorrectly configured then, the only way to recover is through a serial port. The two most common situations where OA recovery is needed are when LDAP has been configured incorrectly with local accounts disabled or when CAC has been configured without certificate access.

Configurable SSH Port Number                                               

If a Standby OA is running firmware version less than 4.85 and it is updated to firmware version greater than or equal to 4.85 using synchronize firmware feature from Active OA, after the firmware update and reboot of the Standby OA, SSH port will not open in the configured port number. The work around is to reboot the Standby OA and SSH port will open in the configured port in next boot. This issue will not occur in the case where SSH port is configured to default port 22 in the Active OA.

Enhancements

Onboard Administrator 4.90 provides support for the following enhancements:

Hardware additions

  • None

Features: additions and changes

General

  • On SNMP user add/delete, Onboard Administrator has been enhanced to resync with the new configuration instead of restarting SNMP service.
  • The SCEXE package support has been removed in the Onboard Administrator firmware update and EFM. OA now uses only the RPM package.
  • The Single Sign-On (SSO) feature has been enhanced to support the Password Complexity feature in the iLO 5 firmware.
  • The AlertMail feature has been enhanced to include subsystems status in the AlertMail messages.
  • Onboard Administrator has been enhanced for better debugging of issues.

 Security

  • None

Version:4.85 (26 Jun 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


General

  • Addressed an issue where SNMP trap cpqRackEnclosureManagerLinkUp was not sent after an Onboard Administrator failover.
  • Addressed online help content issues seen in the previous version of Onboard Administrator.

Security

   The following security vulnerabilities were fixed:

  • CVE-2017-8105 - Addressed a memory corruption vulnerability caused by a buffer overflow.
  • CVE-2016-10244 – Addressed a vulnerability which might allow a remote attacker to cause denial-of-service via a crafted file.

Issues and workarounds

Browsers

  • OA GUI is not accessible in Chrome versions 43.0.2357.10 to 44.0.2383.The issue was caused by a “regression” in Chrome (or WebKit). Customers should use an alternative browser like Firefox or Internet Explorer or try a different version of Chrome.
  • SSO-to-iLO connection from the OA using an iLO host name fails with Microsoft Internet Explorer11 on Windows 8. On a Windows 8 system with Internet Explorer 10 or Internet Explorer 11, if the OA web GUI session is loaded using a host name instead of an IP address, an attempt to open an iLO window using SSO from the OA web GUI might result in the iLO page loading in the OA web GUI window instead of the intended new window. This issue was determined to be a bug in Internet Explorer and is expected to be fixed in a future release or update for Internet Explorer. To work around this issue, either use an IP address to load the OA Web GUI, or turn off Protected Mode for the appropriate zone in Internet Explorer’s settings. This issue occurs only on Internet Explorer browsers.

FIPS

Certificates smaller than 2048 bits in size are not compliant with FIPS requirements as enforced by the OA firmware starting with OA 4.20. When the OA running OA firmware version 4.40 or greater is operating in FIPS Mode ON/DEBUG and is configured with a 1024-bit LDAP certificate that was installed when running a previous version of OA firmware, FIPS Mode ON/DEBUG is considered to be operating in a degraded state due to the presence of the non-compliant certificate. While operating in this FIPS-Degraded Mode operational state, attempts to set FIPS Mode OFF from the OA GUI Network Access>FIPS tab will fail and show the error message The selected FIPS mode is already enabled. When the non-compliant certificate is removed, the FIPS-Degraded operational status is cleared, FIPS Mode can then be successfully set to OFF from the GUI interface. Note that the OA CLI command SET FIPS MODE OFF can be successfully used to set FIPS Mode OFF even with non-compliant 1024-bit LDAP certificates installed in the OA.

IRC

Unable to open .net IRC console for Gen10 Blades, Gen9 Blades also have the same issue. The Java applet and Webstart however, loads but the virtual media mounting fails. The work around is to launch the IRC through IRC Application (HP Lights-Out Stand Alone Remote Console) which is installed on terminal client.

EFM

To use EFM on Gen 10 Blades, please select options/filters “Make Bootable ISO file” and Enclosure Firmware Management” while creating custom SPP ISO on HPSUM 8.0.0. Please refer to HPSUM 8.0.0 User guide for further details.

CAC

  • In the CAC mode SSH, Telnet and XML Reply protocols will be disabled.
  • Linked enclosure login will not work if the linked enclosure in CAC mode.
  • If accurate Service account details are not provided, LDAP user login with certificate will fail.
  • It is highly recommended to establish a recovery plan before getting started with CAC.  If something goes wrong with the OA configuration, the OA may be recovered through the serial port or Insight Display panel and USB KEY. Both methods require physical access to the OA.  However, if an LCD PIN has been configured (and forgotten) and local accounts have been disabled or CAC has been incorrectly configured then, the only way to recover is through a serial port. The two most common situations where OA recovery is needed are when LDAP has been configured incorrectly with local accounts disabled or when CAC has been configured without certificate access.

Configurable SSH Port Number                                               

If a Standby OA is running firmware version less than 4.85 and it is updated to firmware version greater than or equal to 4.85 using synchronize firmware feature from Active OA, after the firmware update and reboot of the Standby OA, SSH port will not open in the configured port number. The work around is to reboot the Standby OA and SSH port will open in the configured port in next boot. This issue will not occur in the case where SSH port is configured to default port 22 in the Active OA.

Enhancements

Onboard Administrator 4.85 provides support for the following enhancements:

Hardware additions

  • HPE D2500sb Storage Blade

Features: additions and changes

General

  • Onboard Administrator has been enhanced to allow configuring an IPv6 address as SNMP EngineID.
  • Onboard Administrator has been enhanced to allow configuring a user defined SSH port number. This will allow users to configure a non-standard SSH port instead of the default SSH port 22.

 Security

General Data Protection Requirements (GDPR) support added in Onboard Administrator for HPE Embedded Remote Support solution. The HPE passport username will now be stored in an encrypted form.


Version:4.80 (5 Feb 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


General

  • Addressed an issue where SNMP traps were not being sent after an OA reboot or Active to Standby role change occurred when the IPSWAP feature was enabled and the SNMP trap receivers are configured using their hostname.
  • Limited the “ADD SNMP TRAPRECEIVE” CLI command username length to 32 characters.
  • Addressed an issue which enables OA to disallow the configuration of SNMP Trap receiver names that start with a numeral.
  • Addressed an issue in OA CLI command “SHOW SERVER INFO” as well as in the GUI where it did not display new processor family for Integrity i6 blade.
  • Addressed an issue where OA used to send inappropriate power request denial code when there was an ekeying error, which in turn made iLO report inappropriate errorcode.
  • Addressed an issue where in after OA fail over, the SNMP failover trap was not getting generated if the OA configuration contains IPV6 only network and Enclosure IP mode enabled.
  • Addressed an ARP flux issue in Standby OA’s IP address, due to which Network switches connected to OA may observe potential duplicate IP address of standby OA.
  • Addressed an issue in the “RESET ILO” CLI command which prevented OA from resetting Integrity Blades.

Security

     The following security issues were fixed:

  • CVE-2016-2177 -Addressed a vulnerability against openSSL was incorrectly using pointer arithmetic for heap-buffer boundary checks which might allow remote attackers to cause a denial of service.
  • CVE-2016-6302 - Addressed a vulnerability against openSSL integer underflow flaw leading to a buffer over-read which allows remote attackers to cause a denial of service.
  • CVE-2016-6304 Addressed a vulnerability against openSSL which could lead to Denial Of Service attack through memory exhaustion which might allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
  • CVE-2016-6306- Addressed a vulnerability against openSSL where in  some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations.

Issues and workarounds

Browsers

  • OA GUI is not accessible in Chrome versions 43.0.2357.10 to 44.0.2383.The issue was caused by a “regression” in Chrome (or WebKit). Customers should use an alternative browser like Firefox or Internet Explorer or try a different version of Chrome.
  • SSO-to-iLO connection from the OA using an iLO host name fails with Microsoft Internet Explorer11 on Windows 8.On a Windows 8 system with Internet Explorer 10 or Internet Explorer 11, if the OA web GUI session is loaded using a host name instead of an IP address, an attempt to open an iLO window using SSO from the OA web GUI might result in the iLO page loading in the OA web GUI window instead of the intended new window. This issue was determined to be a bug in Internet Explorer and is expected to be fixed in a future release or update for Internet Explorer. To work around this issue, either use an IP address to load the OA Web GUI, or turn off Protected Mode for the appropriate zone in Internet Explorer’s settings. This issue occurs only on Internet Explorer browsers.

FIPS

Certificates smaller than 2048 bits in size are not compliant with FIPS requirements as enforced by the OA firmware starting with OA 4.20. When the OA running OA firmware version 4.40 or greater is operating in FIPS Mode ON/DEBUG and is configured with a 1024-bit LDAP certificate that was installed when running a previous version of OA firmware, FIPS Mode ON/DEBUG is considered to be operating in a degraded state due to the presence of the non-compliant certificate. While operating in this FIPS-Degraded Mode operational state, attempts to set FIPS Mode OFF from the OA GUI Network Access>FIPS tab will fail and show the error message The selected FIPS mode is already enabled. When the non-compliant certificate is removed, the FIPS-Degraded operational status is cleared, FIPS Mode can then be successfully set to OFF from the GUI interface. Note that the OA CLI command SET FIPS MODE OFF can be successfully used to set FIPS Mode OFF even with non-compliant 1024-bit LDAP certificates installed in the OA.

IRC

Unable to open .net IRC console for Gen10 Blades, Gen9 Blades also have the same issue. The Java applet and Webstart however, loads but the virtual media mounting fails. The work around is to launch the IRC through IRC Application (HP Lights-Out  Stand Alone Remote Console) which is installed on terminal client.

EFM

To use EFM on Gen 10 Blades, please select options/filters “Make Bootable ISO file” and Enclosure Firmware Management” while creating custom SPP ISO on HPSUM 8.0.0. Please refer to HPSUM 8.0.0 User guide for further details.

CAC

  • In the CAC mode SSH, Telnet and XML Reply protocols will be disabled.
  • Linked enclosure login will not work if the linked enclosure in CAC mode.
  • If accurate Service account details are not provided, LDAP user login with certificate will fail.
  • It is highly recommended to establish a recovery plan before getting started with CAC.  If something goes wrong with the OA configuration, the OA may be recovered through the serial port or Insight Display panel and USB KEY. Both methods require physical access to the OA.  However, if an LCD PIN has been configured (and forgotten) and local accounts have been disabled or CAC has been incorrectly configured then, the only way to recover is through a serial port. The two most common situations where OA recovery is needed are when LDAP has been configured incorrectly with local accounts disabled or when CAC has been configured without certificate access.
Enhancements

Onboard Administrator 4.80 provides support for the following enhancements:

​​Hardware additions

  • Nil.

Features: additions and changes

  • General

Added Offline Firmware discovery feature to display/update the Blade components firmware details without the need to perform an EFM discovery task. The feature can be enabled/disabled using the CLI command: SET FIRMWARE MANAGEMENT BLADE_BOOT_FW_DISCOVERY <Enable|Disable>

    • Added support for Gen10 blade Remote Console access via from OA using Java Web Start which will help users to use Remote Console in 64bit browsers where Java plugin support is deprecated.
    • Added two new SNMP traps for ICM Thermal events
      • cpqRackNetConnectorTempDegraded - Thermal event when temperature crossed Caution/Critical threshold.
      • cpqRackNetConnectorTempOk - Thermal event cleared i.e. temperature went back below Caution/critical threshold.
  • Security
  • Enhanced OA SSL Key and Certificate Generation mechanism to generate a new SSL key without removing the existing SSL key and certificates, which will continue to work until the new key is activated. The new key can be activated either by generating self-signed certificate or by uploading the CA signed CSR which was generated using this new key. Activating new key will remove other SSL keys and certificate. The earlier behavior was causing OA to immediately start using the new Key and Certificate causing the open (GUI) sessions to terminate. A new option ALTERNATE_KEY has been added to “GENERATE KEY” CLI command for this feature.
  • Added new extension "Extended Key Usage" in both CSR and Self signed certificate by default. Also Added "Extended key usage" extension with "TLS Web Server Authentication and TLS Web client Authentication" options.
  • Added a new Feature to validate service account credentials with LDAP server.
  • Enhanced OA to use SHA-2 certificates to establish more secure connections with Insight Remote Support server.

Version:4.71 (16 Jan 2018)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Security

The following security issues were fixed:

  • Removed the support to generate keys with SHA1 in FIPS mode, as per the latest FIPS standards SHA1 is no longer allowed.
  • Removed the support for 1024 DH primes in FIPS mode, as per the latest FIPS standards.
Enhancements

Onboard Administrator 4.71 provides support for the following enhancements:

Security

       CAC Feature: The authentication mechanism in Onboard Administrator has been enhanced to support DoD
       Common Access Card Personal Identification Verification devices. This feature enhances security by
       supporting multi factor authentication and below are the core elements of the new Authorization mechanism
       listed below:

  • During Authentication (occurs during SSL session establishment): Verifying revocation status using Online
    Certificate Status Protocol (OCSP) or Offline Certificate Revocation List (CRL).
  • During Authentication (after SSL session establishment): The certificate's Subject Alternate Name (SAN)
    or the Subject is validated against the User Principal Name (UPN) of the corresponding principal in Active Directory.
  • It is important to note that the local user accounts in OA are disabled in CAC mode.

Version:4.70 (12 Jul 2017)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


General

  • Addressed an issue where OA "update iLO all" command fails in an enclosure with maximum Blades.
  • Addressed an issue where a Warning Alert  was wrongly sent when a fan is reseated in an enclosure
  • Addressed an issue where the port mapping information for 560M Izzy adapter Mezz controller was not displayed correctly.
  • Addressed an issue where Remote Syslog logging would fail when OA failover happened in an IPv6 only environment.
  • Enhanced OA to bring the server from a power throttled state back to normal power state upon an OA reboot to circumvent an unwarranted emergency brake.
  • Fixed an issue where the Active and Standby OAs can have the same IP address in some rare situations.
  • Resolved an issue where a Gen9 server’s host name gets cleared when the blade is rebooted.
  • Addressed an issue where server blade Power ON will be delayed in enclosures with OA Firmware Version 4.60 and managed by HPE OneView, when the OA module is reset until OneView refreshes the servers.

Security

The following security vulnerabilities were fixed:

  • CVE-2016-5387– Addressed a vulnerability which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request.
  • CVE-2016-2183- Addressed a vulnerability against TLS ciphers with 64bit block size in which makes it easier for remote attackers to obtain cleartext data via an attack against a long-duration encrypted session
  • CVE-2016-6515 - Addressed a vulnerability in OpenSSH which did not limit password lengths for password authentication, which allows remote attackers to cause a denial of service via a long string.
  • CVE-2015-8215 - Addressed a vulnerability IPv6 stack which does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service.
  • Addressed issue where in Onboard Administrator was vulnerable to Buffer overflow.
  • Added the HSTS[HTTP strict transport security] support  in OA.
  • Addressed a memory corruption vulnerability in the post-authentication sshd process.

Issues and workarounds

Browsers

  • OA GUI is not accessible in Chrome versions 43.0.2357.10 to 44.0.2383.The issue was caused by a “regression” in Chrome (or WebKit). Customers should use an alternative browser like Firefox or Internet Explorer or try a different version of Chrome.
  • SSO-to-iLO connection from the OA using an iLO host name fails with Microsoft Internet Explorer11 on Windows 8.On a Windows 8 system with Internet Explorer 10 or Internet Explorer 11, if the OA web GUI session is loaded using a host name instead of an IP address, an attempt to open an iLO window using SSO from the OA web GUI might result in the iLO page loading in the OA web GUI window instead of the intended new window. This issue was determined to be a bug in Internet Explorer and is expected to be fixed in a future release or update for Internet Explorer. To work around this issue, either use an IP address to load the OA Web GUI, or turn off Protected Mode for the appropriate zone in Internet Explorer’s settings. This issue occurs only on Internet Explorer browsers.

FIPS

Certificates smaller than 2048 bits in size are not compliant with FIPS requirements as enforced by the OA firmware starting with OA 4.20. When the OA running OA firmware version 4.40 or greater is operating in FIPS Mode ON/DEBUG and is configured with a 1024-bit LDAP certificate that was installed when running a previous version of OA firmware, FIPS Mode ON/DEBUG is considered to be operating in a degraded state due to the presence of the non-compliant certificate. While operating in this FIPS-Degraded Mode operational state, attempts to set FIPS Mode OFF from the OA GUI Network Access>FIPS tab will fail and show the error message The selected FIPS mode is already enabled. When the non-compliant certificate is removed, the FIPS-Degraded operational status is cleared, FIPS Mode can then be successfully set to OFF from the GUI interface. Note that the OA CLI command SET FIPS MODE OFF can be successfully used to set FIPS Mode OFF even with non-compliant 1024-bit LDAP certificates installed in the OA.

IRC

Unable to open .net IRC console for Gen10 Blades, Gen9 Blades also have the same issue. The Java applet and Webstart however, loads but the virtual media mounting fails. The work around is to launch the IRC through IRC Application (HP Lights-Out Stand Alone Remote Console) which is installed on terminal client.

EFM

To use EFM on Gen 10 Blades, please select options/filters “Make Bootable ISO file” and Enclosure Firmware Management” while creating custom SPP ISO on HPSUM 8.0.0. Please refer to HPSUM 8.0.0 User guide for further details.

Enhancements

Onboard Administrator 4.70 provides support for the following enhancements:

Hardware additions

  • BL460c Gen 10.
  • HPE 10GbE Pass-Thru Module.
  • Qualified support for HPE Integrity BL8x0c i6 Server Blade.

Features: additions and changes

General

  • Added support for Gen 10 Server and iLO5 features.
  • Added support for the enhanced KVM functionality in iLO5
  • Added support for HTTP boot option in the server boot options
  • Add support for HPE 10GbE Pass-Thru interconnect module.
  • Added support for HPE Integrity BL8x0c i6 Server Blade.
  • GUI, CLI, Smart components, help files, URLs, and product names rebranded to align with HPE branding guidelines.
  • Added a new SNMP trap to indicate that the power redundancy is restored in the enclosure.
  • Enhanced "SHOW ENCLOSURE TEMP" command output, to display the temperature readings like Current, Caution and Critical temperature threshold values for interconnect modules.
  • Added a provision to make sysName field to be set to DNS host name for the traps sent from Onboard Administrator.

 Security

  • Adding support for CNSA approved algorithms and a new security mode - TOP_SECRET.
  • Added the ability to Enable/Disable cipher/protocol in FIPS OFF mode.
  • Added support for secured communication between HPE Embedded Remote Support functionality and the HPE Support Datacenters with the use of SHA-2 certificates.

Version:4.60 (24 Oct 2016)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


  • General
    • Addressed an issue where EFM was reporting success while firmware update of iLO 4 failed.
    • Fixed an issue where OA might lose its IP address after OA firmware upgrade when ENCLOSURE_IP_MODE was enabled .
    • Fixed an issue where all iLOs were reset after making EBIPA changes to an empty bay. Now only the specific iLOs are reset.
    • Resolved an issue where iLOs became inaccessible after OA failover occurs with iLOs configured in EBIPA for IPv6. This occurs when an external router in the management network is configured to send Router Advertisements.
    • Corrected the type mismatch of OID cpqRackCommonEnclosureManagerLocation which could cause failures in the SNMP clients. The definition is changed from STRING to INTEGER.
    • Resolved an issue where information on only the last server NIC port of a multiport adaptor was shown on GUI and CLI. Now details of all the server NIC ports are displayed.
    • Resolved an issue of time synchronization between active and standby OA when date and time settings were changed from “Manual” to “NTP”.
    • Resolved EFM discovery/update failure when the server power policy in the EFM configuration is set to “must be off”.
  • Security

The following security vulnerabilities were fixed:

  • CVE-2016-2108 – Addressed a vulnerability in ASN.1 implementation in OpenSSL that can cause Denial Of Service via  any field in crafted serialized data
  • CVE-2015-8605 - UDP payload length not properly checked. Addressed a vulnerability where a badly formed packet with an invalid IPv4 UDP length field can cause a DHCP server, client, or relay program to terminate abnormally.
  • CVE-2012-3954 - Fixed a memory leak issue in DHCPv6 daemon that could result in out of memory condition in OA.
  • CVE-2016-0797 and CVE-2016-0799 - Addressed a vulnerability in OpenSSL that could enable security attacks by passing large amount of untrusted data to certain functions in OpenSSL.
  • CVE-2015-8605 - Addressed a vulnerability in IPv4 stack that can be exploited to cause a Denial Of Service via an invalid length field in a UDP IPv4 packet.
  • CVE-2015-3196 - Addressed a vulnerability in OpenSSL that results in Denial Of Service by remote servers via a crafted ServerKeyExchange message.
  • CVE-2015-3195 - Addressed a vulnerability in OpenSSL that can be exploited to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
  • CVE-2015-6564 - Addressed a vulnerability in OpenSSH that might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
  • CVE-2015-6563 - Addressed a vulnerability in OpenSSH that allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid.
  • CVE-2015-5621 - Addressed a vulnerability in Net-SNMP that causes a Denial Of Service and possibly allows execution of arbitrary code via a crafted packet.
  • CVE-2015-5364 and CVE-2015-5366 - Addressed a vulnerability in UDP stack that can be exploited in UDP flood scenario to cause Denial Of Service in the OA.
Enhancements

Onboard Administrator 4.60 provides support for the following enhancements:

  • Hardware Additions
    • None.
  •  ​​Features Additions and Changes
    • General
      • GUI, CLI, Smart components, help files, URLs, Product Names rebranded to align with HPE branding guidelines.
      • Enhanced information reporting of Gen9 servers booted in UEFI mode.
      • Support the configuration of SNMP trap agent address when non-default VLAN is enabled on OA.
      • Enhanced syslog to show the flooding information when VLAN configured nodes flood the management network.
    • Remote Support
      • Modified to connect to the HPE remote support URL.
    • EFM
      • Enhanced error handling mechanism in EFM for servers in UEFI boot mode.
      • Enhanced EFM to display detailed name for smart array controllers .
      • EFM enhanced to identify more devices in the EFM report.
      • Enhanced the status reporting of EFM operations to align with HPSUM return codes.

Version:4.50 (1 Oct 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


  • General
  • Fixed an issue which was seen when connecting to the OA from HP SIM using a LDAP account with the user name containing an exclamation character (!) for the SSO.
  • Fixed an issue where LDAP search contexts are showing empty after firmware is upgraded in FIPS Mode.
  • Fixed an issue where a customer logging in to OA using AD/LDAP credentials as a member of both Domain Administrators and Domain Users groups, and where one enclosure is given Domain Administrators access to the full administrative rights of the enclosure, and the other is given Domain Users limited access
  • Corrected a display issue where iLO logs listed in OA shows the order of events sorted incorrectly when the events are more than a year old. The events are displayed sorted on the month and hence events that occurred in the same month in two different years are incorrectly displayed together. The sorting now considers the year also.
  • Fixed an issue where the Device Bay Information page does not show the Management Processor/iLO NIC details under the Server NIC Information table, when the server is powered down.
  • Fixed an issue where OA reports incorrect values for Caution and Critical temperature limits when a blade is in Telco Mode.
  • Addressed an issue where Connect Server Serial command used to fail when server
  • FIPS
    • Fixed an issue which prevented transition to FIPS mode OFF when the enclosure is in FIPS-Degraded state. The same failure was seen when the transition was performed on a linked enclosure which was in FIPS-Degraded state. The issue has been addressed and the FIPS mode transition is allowed.
  • EFM
    • Addressed issues that would result in EFM failure with the following error messages:
      • Failed to boot ISO
      • Unable to Monitor HPSUM
  • Security

       The following security vulnerabilities were fixed:

  • CVE-2015-0204 – A remote server can supply a weak RSA temporary key for a non-export RSA key exchange cipher suite to downgrade the session security.
  • CVE-2015-0286 - A vulnerability in ASN1_TYPE_cmp function can be exploited to launch a DoS (Denial of Service) attack by causing a crash during certificate validation operation.
  • CVE-2015-3144 – A vulnerability can be exploited to allow remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact.
  • CVE-2015-3153 – The default CURL configuration sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
  • CVE-2015-2922 – A vulnerability in the Linux kernel can be exploited by sending a crafted Router Advertisement message and setting a low IPV6 hop limit and in turn cause DoS (Denial of Service).
  • CVE-2015-1789 – A vulnerability in some OpenSSL versions allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data.
  • CVE-2015-1791 – A vulnerability in some OpenSSL versions allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

 

Enhancements

Onboard Administrator 4.50 provides support for the following enhancements:

  • Hardware Additions
    • Added support for HP 2650W PSU -US PLATINUM DC c7000 power supplies.

 ​​Features Additions and Changes

  • General
    • Introduced a standardized code signing and validation mechanism to enhance the firmware image authenticity.
    • Enhanced the OA CLI SET FACTORY command to set the Administrator password to the factory default "toe tag" password. This helps customers reset the module to the factory defaults including the password.

 New CLI command: SET FACTORY [RESTORE_FACTORY_PASSWORD]

  • Enhanced the OA firmware to notify users when the network connectivity of the Standby OA is lost. This helps users restore the Standby OA’s connectivity to maintain redundancy.
  •  
  • Added an option to allow selection of UEFI Target as a One Time Boot option for UEFI enabled blade servers. Now USB, UEFI_SHELL and UEFI_TARGET options have been added as One Time Boot options. The option has been added in both GUI and CLI.
  • The OA bay number is now indicated in the Enclosure TCP/IP Settings page so users can know which bay currently hosts the Active and Standby OA module. The bay number labels would be shifted based on the Active-Standby role transition
  • Added diagnostics for Enclosure management network flooding situations. Now, in the enclosure management network flooding situations, OA will report the top 5 IP addresses in the network that are contributing to the network flood. This will help the customers to identify the source of the flood and take appropriate action.

 

  • ​Remote Support
    • As an enhancement, SNMP traps for Insight Remote Support service event transmission failures have been added to enable users to monitor this specific trap to identify any service event transmission failures.
    • Added Insight Remote Support service event for indicating low OA RTC battery condition. The service event will give information on the OA module in which the battery is low or failed and the spare part for the replacement battery.
  • EFM
    • Added a feature to prevent the flashing of OA firmware while the EFM process is in progress, thereby preventing the devices from getting into an indeterminate state.
    • Enhancements in the EFM feature have been made to handle issues seen in servers that take a longer duration to boot up.
    • Added a syslog notification when the EFM ISO is changed as to indicate the change to users.

Version:4.23 (19 Jun 2015)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Addressed an issue where OA-iLO communication breaks when OA 4.22 is used with ILO-2 2.27, ILO-3 1.82 and ILO-4 2.10. The versions of iLO listed were updated to address a security vulnerability CVE-2014-3566

Enhancements

 New Hardware:  HP 2650W Universal Power Supply and HP High Voltage Power Module


Version:4.40 (31 Mar 2015)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Update to this firmware version if any documented fixes or enhanced functionality provided by this version would be useful to your system.


General

  • Devices with MAC addresses ending with “81:00” (such as f8:66:f2:6d:81:00) were unable to communicate with the OA. Some examples of the observed symptoms were:
Attempts to ping the OA from the device fail The OA cannot use such a device as a gateway The OA GUI and CLI cannot be used from this device  This had no functional impact; the entry could be ignored. 
Documentation
  • In the September 2014 (Edition 23) HP BladeSystem Onboard Administrator CLI User Guide for OA 4.30, within the description of the SET HTTP REQUESTREADTIMEOUT command, a command showing recommended values had the BODY MINRATE value as 50 instead of the correct value 500. The command with the correct recommended values is as follows: SET HTTP REQUESTREADTIMEOUT HEADER 3-8 MINRATE 500 BODY 5-10 MINRATE 500
This error was corrected in the October 2014 (Edition 24) document.
  EFM
  • In rare cases, the Active OA module would reboot expectedly during the update of the OA firmware on redundant OA modules.  When this issue occurred, the Active OA module would reboot during the transfer of the OA firmware image to the Standby OA module.  The OA firmware update would fail to complete successfully; a segmentation fault (SEGV) error would be logged in the Active OA system log.  This issue did not cause any firmware or data corruption, and the OA firmware update could be successful if retried following the occurrence of this issue. Note that this issue could only be encountered when updating OA modules running OA 4.30 firmware.  o   Attempts to update the firmware failed on an HP ProLiant Gen9 server blade configured in UEFI Boot Mode or UEFI Optimized Boot Mode. When this failure occurred, the firmware log for the blade server would indicate an error similar to the following for each update attempt, including the two automatic retries that occur on failure: Jul 15 09:34:19 Unable to detect ISOLINUX booting. A final status report similar to the following would also be issued:
Jul 15 10:30:33 Firmware Management is incomplete on blade <bay number>.
  • When using an HP Firmware Management ISO image based on a URL that includes the HTTP port (for example, http://10.226.36.35:8080/bp-151ilo-2014-08-26-1.iso),  EFM failed to mount the image. The following error message would be displayed: Unable to mount ISO or validate version information. The URL or ISO is invalid.   CLI commands affected include those that depend on the URL specification via the SET FIRMWARE MANAGEMENT URL command (such as the UPDATE FIRMWARE SERVER command and the UPDATE IMAGE FW_ISO command).  o   The EFM firmware log would indicate "Firmware Management successfully completed on blade x" even if the iLO firmware update failed to complete successfully. 
 IPv6
  • Configuration scripts could not be applied to another OA properly when attempting to configure new EBIPA DNS IPv4/IPv6 addresses or IPv6 routes. Attempts to change the configurations could only add new addresses to those of the previous configuration. It was not possible to replace the existing addresses with the new ones. The following CLI commands now include the ALL keyword to allow clearing of all unwanted addresses or routes:
  • REMOVE EBIPA SERVER DNS ALL
  • REMOVE EBIPAV6 SERVER DNS ALL
  • REMOVE OA ROUTE IPV6 <ACTIVE|STANDBY> ALL
A configuration script can now use these commands to clear the previous (unwanted) EBIPA DNS IP addresses and IPv6 static routes, and then add the new ones.   
  KVM
  • Pressing Enter four times consecutively on a keyboard attached to the c7000 Enclosure integrated KVM module would cause the highlighted blade server on the KVM screen to power off or on, depending on its current power state. This issue has been fixed by interchanging the Ok/Confirm and Cancel buttons on the Confirm: Change Server Power and Change Server Power screens so that the Cancel button is highlighted by default instead of the OK or Confirm button. The default focus is set on the Cancel button.
  Security
  • The following security vulnerabilities were fixed:   
  • CVE-2014-3511: A vulnerability could be exploited by launching man-in-the-middle attacks to force the use of TSL 1.0 instead of the intended later version of TLS. This is documented in HP Security Bulletin HPSBMU03104 (https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04427546).
  • CVE-2007-2242: A vulnerability could be exploited by launching denial-of-service attacks via crafted IPv6 type 0 router headers between two routers, resulting in network congestion. This is documented in HP Security Bulletin HPSBMU03104 (https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04427546).
  • CVE-2014-3567: A vulnerability can be exploited to cause a DOS denial-of-service (memory consumption) attack via crafted session tickets that triggers an integrity check-failure.
  • CVE-2014-3513: A vulnerability can be exploited to cause a denial of service (memory consumption) via a crafted handshake message.
  • CVE-2014-3513: SRTP Memory Leak – a memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 (before 1.0.1j) allows remote attackers to cause denial of service (memory consumption) via a crafted handshake message.
  • This release of the OA resolves this security vulnerability by compiling OpenSSl with OPENSSL_NO_SRTP (the OA does not use DTLS and SRTP). 
  • CVE-2014-0139: A vulnerability affecting SSL/TLS transactions that might allow a man-in-the-middle attacker to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certificate Authority.
  • CVE-2014-0015: A vulnerability when more than one authentication method is enabled and NTLM connections are reused, which might allow context-dependent attackers to authenticate as other users via a request.
  • CVE-2014-0138: A vulnerability affecting certain LDAP connections that might allow context-dependent attackers to connect as other users via a request (similar to issue CVE-2014-0015).
  • CVE-2014-2522: A vulnerability when running on Windows and using an SChannel/Winssl TLS backend. When accessing a URL that uses a numerical IP address, curl does not verify that the server host name matches a domain name in the subject’s CN or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. 
  • In addition, OpenSSL has been updated to version 1.0.1h to address multiple CVE fixes.

 SSH/SSL keys
  • With OA firmware later than 4.0x, attempts to add an SSH key using the OA CLI ADD SSH KEY command might fail. Intermittently, after issuing the command, the user received an error message ("The submitted file is not a valid SSH key."), in which case the command failed. 

SNMP 
  • SNMP alerts (or traps) sent from the OA to an IPv6 SNMP alert destination are sent incorrectly to destination port 161 instead of port 162 (per RFC 1157) when no destination port is explicitly specified as part of an IPv6 SNMP alert destination configuration.
    •  The OA HTTP service would become unresponsive and communication to the OA would be lost after removing a local user account with OA administrator level privileges.  This issue in only occurred when the removed user account had previously been used to configure network services on the OA module.  
Enhancements

  • General
    • Cipher suites are now configured and displayed using their RFC 5246 standardized names. 

Version:4.30 (9 Sep 2014)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

General
  • In rare cases, the OA may fail to successfully identify server blades that have been either physically inserted into the enclosure or have been reset by executing the OA CLI RESET SERVER command.  When this issue occurs, the affected server blades are misidentified as an unsupported blade type.
  • Restoring or configuring OA settings from a saved configuration script may fail to apply all network settings on the Standby OA module. The failing configuration script commands return the following error: “An error occurred while communicating with the other Onboard Administrator.” 
  • The RSA key for SSH is not properly exchanged with the Standby OA during an OA failover event when Enclosure IP Mode is enabled. After an OA failover event, when logging into the OA, SSH clients using the Enclosure IP address to access the Active OA may display an RSA key fingerprint warning message or “man-in-the-middle” security breach warning message.  This issue only occurs on OA 4.1x or OA 4.2x versions of OA firmware when the OA has been factory reset or new SSH keys were manually generated.  
  • The OA periodically reboots with the following entry logged in the OA system log:“OA: DHCP Monitor: DHCPD or RADVD is not running. Restarting OA.” 
  • In an IPv6-only management network environment with the VLAN feature enabled, the CONNECT SERVER OA CLI command fails to connect to the server blade serial console with an error displayed similar to the following: Connecting to bay 1 ... iLO failed to respond: Interrupted system call (4)
Browsers
  • After logging in to the OA GUI via the Google Chrome™ browser (Chrome-v34.0.1847.116 m or greater), the OA web application fails to load properly. The OA GUI login screen may display the warning: “Your browser does not have the required functionality to run the application.” 
  • When using Microsoft® Internet Explorer 11, the results of a configuration script fail to load properly after uploading and executing a configuration script using a local file from the OA web GUI. This issue was seen only when more than one script was uploaded without refreshing the page
EBIPA
  • Enclosure devices (including interconnect modules) fail to be configured with the Link Local address corresponding to the IPv6 gateway specified in the EBIPA for IPv6 configuration settings.  This issue only occurs when an IPv6 other than the Link Local address of the gateway is specified in the EBIPA for IPv6 configuration settings and will only occur for certain gateway server devices.
Serial Console
  • When logging in to connect to the OA via the serial port, if a user enters the @ key as part of the login user name or password, the entered line is erased. 
  • When the baud rate for the OA serial port is configured to a value greater than the default 9600, attempts to directly paste saved commands or text into an open OA serial console session results in truncation or corruption of the pasted data. 
SNMP
  • No response received to a UDP network request sent from a client to an enclosure device such as iLO or an interconnect module. This issue was specifically observed when an SNMP request was sent to an interconnect module.  
Enhancements

Enhancements/New Features:

  • Hardware Additions
    • HP ProLiant BL460c Gen9 Server
    • Smart Array 12Gb SAS Controller
    • HP FlexFabric 20Gb 2-port 650FLB Adapter
    • HP FlexFabric 20Gb 2-port 650M Adapter
    • HP FlexFabric 10Gb 2-port 536FLB Adapter
    • HP Adapters QDR/EN 10Gb & FDR/EN 40Gb 544+M
    • HP 2650W High Voltage Power Supply
    • HP High Voltage Power Module
  • Features Additions and Changes
    • General
      • Support for configuration of boot order settings for UEFI-capable blades operating in UEFI boot mode.
      • Enhanced the existing RESET ILO OA CLI command to remotely perform a hardware-based reset of iLO.  This hardware-based reset is only supported on Gen9 server blades and is equivalent to the iLO reset that can be manually performed using the UID button on a Gen9 server blade.  Note that this iLO reset can be performed without impact to the operating state of the associated server.
    • Enclosure Firmware Management (EFM)
      • Support for clearing all existing EFM log data stored in the OA, including both the OA EFM log and the server-specific Firmware and Session logs.
    • Security
      • Support for customizing secure connection protocols and ciphers to be used by the OA when it is operating with FIPS Mode enabled. This configuration is only accessible and used by the OA when the OA is configured in either FIPS Mode ON or FIPS Mode DEBUG.
      • Support for configuration of the client request timeout settings on the OA web server. These settings are configurable using the new OA CLI SET HTTP REQUESTREADTIMEOUT command. 
    • IPv6
      • Support for a new Enable Router Advertisements enclosure-level IPv6 setting. Router Advertisements from the external management network are allowed onto the internal enclosure management network when this setting is enabled and blocked when it is disabled. 
      • Support for manual configuration of up to three static IPv6 network routes associated with the OA network interface.
      • Support on the Standby OA GUI TCP/IP Settings>IPv6Settings tab for configuring and reporting certain IPv6 settings.
    • DNS
      • Improved DNS server redundancy reporting on the Active OA and Standby OA GUI TCP/IP Settings screens  and via the CLI SHOW OA NETWORK and SHOW NETWORK commands.  Depending on how many DNS servers are configured, the Onboard Administrator can employ up to six DNS servers for lookups: two IPv4 DNS servers (either static or DHCP assigned, but not both) and four IPv6 DNS servers (static or DHCP assigned, or both). For more information, see the OA user guides. 

 


Version:4.02 (12 Aug 2014)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed 

  • General
    • OA 4.02 includes fix for CVE 2014-0224. HPSBMU03058 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA). 
    • In the HP BladeSystem c3000 Enclosure with at least one Cisco Catalyst Blade Switch 3020 for HP c-Class BladeSystem installed, OA enclosure thermal management may not provide sufficient cooling to allow some blade configurations to operate at optimal performance under heavy workloads.
Enhancements

Enhancements/New Features:

  • Hardware
    • Added support for the “HP 2650W HE PSU” power supply for the HP BladeSystem c7000 Enclosure.

Version:4.13 (24 Jul 2014)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

Recommended - Users should update to OA 4.13 if their system is using OA 4.12.
 
Optional – Users should update to OA 4.13 if their system is using an OA version prior to OA 4.12 and is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

Onboard Administrator firmware version 4.13 resolved the following issue:
  • General
    • OA 4.10 is no longer available on the web and has been replaced with OA 4.13.  OA 4.13 includes fix for CVE 2014-0224 and also includes fix provided in OA 4.12 for CVE 2014-0160. HPSBMU03058 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA).  
The following issues were resolved in Onboard Administrator firmware version 4.12 and are included in version 4.13:   
 
  • General
    • Disabled support for OpenSSL TLS heartbeat extension. CVE-2014-0160 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160, HPSBMU02994 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information - Document ID: c04236062  (Currently Rev 1)
    • The OA CLI command RESET ILO fails to successfully reset the specified iLO with a response indicating “No iLO link detected” when executed on HP ProLiant BL2x220c G5, G6, and G7 Server Blades in bays 1-8.
    • Reset to factory defaults fails for redundant OA modules. See the Customer Advisory c04116279 for more information.
    • OA displays FCoE functionality associated with incorrect physical function (PF) for HP FlexFabric 10Gb 2-port 526FLB Adapter.
    • On initial insertion into the enclosure, the asset tag data for a server blade may not be populated or may be displayed as “[Unknown]” in the “Server Device Bay Information” tab of the web GUI or after executing the “SHOW SERVER INFO” command from the CLI.
    • After making network configuration-related changes to the OA, the following message may be logged to the configured remote syslog server from the standby, “OA: Remote Syslog: Unable to open enclosure configuration file. Exiting”.
    • OA v4.01 may hang when booting if the Alertmail Sender Name string includes space characters and is either 39 or 40 characters long.
    • OA 'Link loss failover' does not function properly after performing OA FW SYNC.
    • Installing HP SSO certificates from multiple OA clients simultaneously may result in the corruption of one or more of the SSO certificates. 
  • EFM
    • Inability to power on all blades within an enclosure due to insufficient enclosure power after running EFM update process on blades with the “Forced Power Off” EFM configuration option enabled.
  • GUI
    • The GUI cannot complete the loading process on linked enclosures for USER or OPERATOR accounts without OA bay access enabled. This behavior was only exhibited in OA 4.01 firmware.
  • Integrity Blade Servers
    • The OA fails to update the IP address of a HP Integrity BL860c or BL870c Server Blade after enabling an EBIPA address for the blade. OA commands such as CONNECT SERVER will fail until either the OA is restarted or the blade's iLO is reset.
  • IPv6
    • The CONNECT SERVER CLI command fails in IPv6-only network environment.
    • The HTTP service for IPv6 may become unresponsive configuring the OA with an IPv6 address and enabling IPv6 support through the GUI or CLI within a very short time. See the Customer Advisory c04012934 for more information.
  • OA Redundancy
    • When an OA forced failover is initiated from either the CLI or the GUI and the management network is under an extreme load, a kernel panic and reboot of the new standby module may be observed.
  • Power
    • Spurious enclosure power supply insertion and subsequent removal events logged for unpopulated power supply bays in a c3000 Enclosure.
Enhancements

Enhancements/New Features:

The following Enhancements/New Features were enabled in Onboard Administrator firmware version 4.12 and are also included in version 4.13. No additional enhancements were added in version 4.13.

  • Hardware Additions
    • HP LPe1605 16Gb FC HBA for BladeSystem c-Class.
    • HP Smart Array P230i Controller.
    • HP 2650W Universal Power Supply
    • HP High Voltage Power Module
  • Features Additions and Changes
    • Authentication
      • Enhanced nested LDAP group support to include sub-tree search of the configured search contexts.
      • Enhanced nested LDAP group support to perform sub-tree search at specified search contexts.
    • Enclosure iLO Federation
      • In versions of OA firmware prior to OA 4.11, ILOs within an enclosure were not able to communicate in a peer-to-peer fashion.  If you wish to enable iLO Federation between blades in an individual enclosure, the Enable Enclosure iLO Federation Support configuration option in the OA must first be enabled. In addition to enabling this support for the enclosure, you must also enable the necessary support individually for any desired blades through the iLO user interfaces.  The Enable Enclosure iLO Federation Support configuration option is enabled by default. Please ensure that this setting is disabled if there are any concerns with enabling peer-to-peer communication between iLOs within the enclosure.  The configuration option can be displayed or modified via the Enclosure Information->Enclosure Settings->Network Access page in the OA GUI web console, or it can be displayed via the OA CLI interface using SHOW NETWORK command and modified using the ENABLE/DISABLE ENCLOSURE_ILO_FEDERATION_SUPPORT CLI commands.
    • FIPS
      • Cryptographic Known Answer Tests (KATs) now run on each OA reboot and/or power cycle irrespective of the FIPS mode setting.
    • HP Insight Remote Support
      • Added support for the Insight Remote Support Direct Connect configuration.
      • Added CLI and GUI interfaces for importing a self-signed certificate from an Insight RS Hosting Device into the OA. This certificate is used to validate the signing authority of the Insight RS Hosting Device, which is required to allow communication with the Hosting Device when the OA is in FIPS mode.
    • IPv6
      • The OA supports DDNS for IPv6 addresses.
      • Added support for displaying IPv6 addresses for the associated enclosure devices for the SHOW INTERCONNECT, SHOW TOPOLOGY and SHOW SERVER commands.
    • Security
      • Added support for TLS 1.1 and TLS 1.2 as a secure communication protocol.
      • Enabled “diffie-hellman-group1-sha1” as a supported SSH key exchange option by default. Support for “diffie-hellman-group1-sha1” as a supported SSH key exchange option was disabled in OA 4.01 by default. This can be disabled via the “SET SECURESH SERVER KEX DHG1” CLI command if required. Note that updating to OA 4.11 will not change the current setting but resetting the OA factory default settings will result in“diffie-hellman-group1-sha1” key exchange being enabled. Any saved OA configuration scripts should be updated appropriately.
  • Browser Support
    • Updated web browser support as follows:
      • Microsoft® Internet Explorer 8, 9, 10, and 11.
      • Mozilla™ Firefox® ESR 17 and ESR 24.
      • Google Chrome™.

Version:4.22 (23 Jun 2014)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

Recommended - Users should update to OA 4.22 if their system is using OA 4.20 or 4.21.
Optional – Users should update to OA 4.22 if their system is using an OA version prior to OA 4.12 and is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Patched the support for SSL/TLS MITM Vulnerability CVE-2014-0224 http://www.openssl.org/news/secadv_20140605.txt

Enhancements

 New Hardware:  HP 2650W Universal Power Supply and HP High Voltage Power Module


Version:4.21 (18 Apr 2014)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

Recommended - Users should update to OA 4.21 if their system is using OA 4.20. Users should updated to either OA 4.12 or OA 4.21 if their system is using OA 4.11.
 
Optional – Users should update to OA 4.21 if their system is using an OA version prior to OA 4.11 and is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Enhancements

Enhancements/New Features:

  • Features Additions and Changes
    • General
    • IPv6
      • The OA fully supports operation in a mixed IPv4/IPv6 or IPv6-only management network including management of IPv6-capable enclosure infrastructure devices such as iLO and interconnect modules. To use IPv6 networking, you should review the  OA IPv6 settings and customize them as necessary for your specific IPv6 environment. Note that if routing between IPv6 management networks is required, the routing configuration of the OA and enclosure infrastructure devices may be performed either via external IPv6 router advertisements or, starting with OA 4.20, via static configuration of an IPv6 gateway. After completing the necessary IPv6 configuration of the OA, you may then access any IPv6-capable enclosure infrastructure devices via its supported user interfaces and perform management actions from the OA.
      • Modified factory default state of IPv6 enclosure level settings (IPv6, DHCPv6, and SLAAC) from "disabled" to "enabled" by default to better support default connectivity to the OA in IPv6-only management network environments. Note that updating to OA 4.20 will not change the configuration of these settings but any subsequent reset to factory defaults will result in these settings being enabled. Any previously saved OA configuration scripts should be updated appropriately.
      • Added support for configuration of a static IPv6 gateway as an addition to the previously existing static IPv6 network settings for the OA module.
      • Added support for configuration of an IPv6 gateway for blade server iLOs and interconnect modules via the Enclosure Bay IP Addressing for IPv6 feature.
    • Interconnects
      • Added two new CLI commands to support the "BLc SX1018HP" switch only:
        • SET INTERCONNECT ADMIN_PASSWORD FACTORY [ <bay number> ] - resets the Interconnect management password back to the factory setting.
        • SET INTERCONNECT FACTORY [ <bay number> ] - performs a factory reset on the Interconnect.
    • SNMP
      • In some instances, SNMP changes successfully configured from the OA user interface can fail to be processed properly most notably resulting in the OA failing to send SNMP traps to configured SNMP alert destinations.
         
  • Browser Support
    • Microsoft® Internet Explorer 8, 9, 10, and 11.
    • Mozilla™ Firefox® ESR 17 and ESR 24.
    • Google Chrome™.
       

Version:4.12 (16 Apr 2014)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

Users should update to OA 4.12 if their system is using OA 4.11. 

Optional – Users should update to OA 4.12 if their system is using an OA version prior to OA 4.11 and is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • Disabled support for OpenSSL TLS heartbeat extension. CVE-2014-0160 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160, HPSBMU02994 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information - Document ID: c04236062  (Currently Rev 1)
    • The OA CLI command RESET ILO fails to successfully reset the specified iLO with a response indicating “No iLO link detected” when executed on HP ProLiant BL2x220c G5, G6, and G7 Server Blades in bays 1-8.
    • Reset to factory defaults fails for redundant OA modules. See the Customer Advisory c04116279 for more information.
    • OA displays FCoE functionality associated with incorrect physical function (PF) for HP FlexFabric 10Gb 2-port 526FLB Adapter.
    • On initial insertion into the enclosure, the asset tag data for a server blade may not be populated or may be displayed as “[Unknown]” in the “Server Device Bay Information” tab of the web GUI or after executing the “SHOW SERVER INFO” command from the CLI.
    • After making network configuration-related changes to the OA, the following message may be logged to the configured remote syslog server from the standby, “OA: Remote Syslog: Unable to open enclosure configuration file. Exiting”.
    • OA v4.01 may hang when booting if the Alertmail Sender Name string includes space characters and is either 39 or 40 characters long.
    • OA 'Link loss failover' does not function properly after performing OA FW SYNC.
    • Installing HP SSO certificates from multiple OA clients simultaneously may result in the corruption of one or more of the SSO certificates. 
  • EFM
    • Inability to power on all blades within an enclosure due to insufficient enclosure power after running EFM update process on blades with the “Forced Power Off” EFM configuration option enabled.
  • GUI
    • The GUI cannot complete the loading process on linked enclosures for USER or OPERATOR accounts without OA bay access enabled. This behavior was only exhibited in OA 4.01 firmware.
  • Integrity Blade Servers
    • The OA fails to update the IP address of a HP Integrity BL860c or BL870c Server Blade after enabling an EBIPA address for the blade. OA commands such as CONNECT SERVER will fail until either the OA is restarted or the blade's iLO is reset.
  • IPv6
    • The CONNECT SERVER CLI command fails in IPv6-only network environment.
    • The HTTP service for IPv6 may become unresponsive configuring the OA with an IPv6 address and enabling IPv6 support through the GUI or CLI within a very short time. See the Customer Advisory c04012934 for more information.
  • OA Redundancy
    • When an OA forced failover is initiated from either the CLI or the GUI and the management network is under an extreme load, a kernel panic and reboot of the new standby module may be observed.
  • Power
    • Spurious enclosure power supply insertion and subsequent removal events logged for unpopulated power supply bays in a c3000 Enclosure.
Enhancements

Enhancements/New Features:

  • Hardware Additions
    • HP LPe1605 16Gb FC HBA for BladeSystem c-Class.
    • HP Smart Array P230i Controller.
  • Features Additions and Changes
    • Authentication
      • Enhanced nested LDAP group support to include sub-tree search of the configured search contexts.
      • Enhanced nested LDAP group support to perform sub-tree search at specified search contexts.
    • Enclosure iLO Federation
      • In versions of OA firmware prior to OA 4.11, ILOs within an enclosure were not able to communicate in a peer-to-peer fashion.  If you wish to enable iLO Federation between blades in an individual enclosure, the Enable Enclosure iLO Federation Support configuration option in the OA must first be enabled. In addition to enabling this support for the enclosure, you must also enable the necessary support individually for any desired blades through the iLO user interfaces.  The Enable Enclosure iLO Federation Support configuration option is enabled by default. Please ensure that this setting is disabled if there are any concerns with enabling peer-to-peer communication between iLOs within the enclosure.  The configuration option can be displayed or modified via the Enclosure Information->Enclosure Settings->Network Access page in the OA GUI web console, or it can be displayed via the OA CLI interface using SHOW NETWORK command and modified using the ENABLE/DISABLE ENCLOSURE_ILO_FEDERATION_SUPPORT CLI commands.
    • FIPS
      • Cryptographic Known Answer Tests (KATs) now run on each OA reboot and/or power cycle irrespective of the FIPS mode setting.
    • HP Insight Remote Support
      • Added support for the Insight Remote Support Direct Connect configuration.
      • Added CLI and GUI interfaces for importing a self-signed certificate from an Insight RS Hosting Device into the OA. This certificate is used to validate the signing authority of the Insight RS Hosting Device, which is required to allow communication with the Hosting Device when the OA is in FIPS mode.
    • IPv6
      • The OA supports DDNS for IPv6 addresses.
      • Added support for displaying IPv6 addresses for the associated enclosure devices for the SHOW INTERCONNECT, SHOW TOPOLOGY and SHOW SERVER commands.
    • Security
      • Added support for TLS 1.1 and TLS 1.2 as a secure communication protocol.
      • Enabled “diffie-hellman-group1-sha1” as a supported SSH key exchange option by default. Support for “diffie-hellman-group1-sha1” as a supported SSH key exchange option was disabled in OA 4.01 by default. This can be disabled via the “SET SECURESH SERVER KEX DHG1” CLI command if required. Note that updating to OA 4.11 will not change the current setting but resetting the OA factory default settings will result in“diffie-hellman-group1-sha1” key exchange being enabled. Any saved OA configuration scripts should be updated appropriately.
  • Browser Support
    • Updated web browser support as follows:
      • Microsoft® Internet Explorer 8, 9, 10, and 11.
      • Mozilla™ Firefox® ESR 17 and ESR 24.
      • Google Chrome™.

Version:4.01 (10 Sep 2013)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • Partnering alert on HP BladeSystem Insight Display LCD may not be cleared. See Customer Advisory c03801002 for more information.
    • When running OA firmware versions 3.6x or 3.7x with the OA deployed in a large, flat management network topology, the OA reboots after logging an OA system log similar to the following:
      • Nov 11 22:04:54 Kernel: Out of Memory: Kill process 10562 (iptables) score 822 and children.
    • KVM connections to iLO 2 server blades would fail if the default Remote Control Telnet port was changed in iLO.
    • HP Insight Management does not properly report partnered blades installed in lower slots when associated with a full height blade such as the HP ProLiant BL680c. This issues does not occur when the partner blade is associated with a half height blade such as the HP ProLiant BL460c.
    • Insight Display reports a config error when HP Integrity BL890c i2, HP Integrity BL870c i2, or  HP Integrity BL860c i2 Server Blades are paired with a tape storage blade.
    • Primary OA would stop responding to network requests with a “HTTP service is unresponsive” error message under certain management network configurations.
    • The OA firmware behavior related to downloading files via a URL specifying authenticated FTP as the protocol has changed.  This new behavior results in the home directory of the specified user being used as the relative root path in the URL.  A double “//” must now be specified at the beginning of the path specification within the URL in order to specify an absolute path that avoids the use of the specified user’s home directory in the path.  For example: “ftp://user:password@host//path/to/file” will specify an absolute path of /path/to/file while “ftp://user:password@host/path/to/file” will specify a path to /home/user/path/to/file.
  • Alertmail
    • False alertmail messages are sent indicating the enclosures status as degraded followed by another message indicating the status has changed to OK.
  • Authentication
    • When the OA is enabled for Two-Factor Authentication (TFA) and the certificate chain contains more than 2 CA certificates, previous versions of the OA would not establish an SSL Connection.  The OA now accepts a max depth of 7 CA Certificates.
    • OA reboots with a segmentation violation when uploading a user certificate with an invalid certificate authority (CA) path.
  • Enclosure Firmware Management (EFM)
    • The OA EFM configuration would be improperly configured after restoring a previously saved OA configuration script.
    • When observing the EFM update process from a server blade console, note that manual user interaction with any user dialog screens presented can cause the EFM process for that server blade to fail.
  • FIPS
    • When FIPS mode has been enabled for the OA module(s) within an enclosure and a redundant OA which does not have FIPS mode enabled is later introduced into the enclosure, the current FIPS mode configuration will not be successfully synchronized to this newly introduced OA module.  To work around this issue, it is recommended that the OA module be reset to factory defaults prior to being introduced into a redundant OA configuration where FIPS mode has been enabled.
    • When FIPS mode is enabled for a redundant OA configuration, the automatic synchronization of FIPS mode configuration from the active to the standby OA module will trigger a reset of the standby OA module to factory defaults.  This operation will be incorrectly recorded in the OA syslog as having been performed by the “Insight Display” user.
  • GUI
    • Script error displayed on flashing OA
      • Issue 1: An alert titled "Warning: Unresponsive script" may occur if connectivity to the OA is lost. This can be safely ignored, and the user can sign in after the connection is restored.
      • Issue 2: An alert titled "Internet Explorer Script Error" may occur on a remote GUI session when flashing the OA. This may be safely ignored.
  • Integrity Server Blades
    • Under rare circumstances, an HP Integrity BL8x0c i2 or BL8x0c i4 Server Blade configured with Virtual Connect (VC) may lose all VC LAN and SAN network connections during an OA failover, OA reset,  iLO reset, or a Virtual Connect reset.  See Customer Advisories c03613140 and c03943711 for more information.
  • Interconnects
    • In the HP BladeSystem c3000 Enclosure with at least one Cisco Catalyst Blade Switch 3020 for HP c-Class BladeSystem installed, OA enclosure thermal management may not provide sufficient cooling to allow some blade configurations to operate at optimal performance under heavy workloads. 
    • Some BladeSystem interconnect modules may fail to connect or may experience excessive errors in certain scenarios after an I/O module is inserted into an enclosure that is already operating with OA firmware 3.6x/3.7x. See Customer Advisory c03811228 for more information.
  • LDAP
    • Enhanced LDAP authorization to distinguish the same user name in different LDAP Groups.
  • OA Upgrade
    • The OA flash process completes successfully although 88% is the highest percentage reported.
  • Power
    • The OA would incorrectly display an 'AC Subsystem Overload' alert message due to a transient power condition related to the Dynamic Power Saving mode.
    • SHOW POWER CLI output does not immediately reflect power configuration changes made by SET POWER MODE
  • SNMP
    • The OA reboots with an out of memory condition due to many SNMP MIB Walk requests after being active for long periods of time.
    • SNMP not accessible from standby OA IP with OA 3.56 through OA 3.60.
  • VLAN
    • Slow OA and virtual media access with 3.60 and later when VLAN functionality is enabled.
    • OA firmware sync feature does not work when VLAN is enabled.
Enhancements

Enhancements/New Features:

  • Hardware Additions
    • HP 2650W HE PSU power supply for the HP BladeSystem c7000 Enclosure.
    • Brocade 16Gb/16 SAN Switch for HP BladeSystem c-Class
    • Brocade 16Gb/28 SAN Switch for HP BladeSystem c-Class
    • Brocade 16Gb/28 SAN Switch Pwr Pk+ for HP BladeSystem c-Class
    • HP 6125XLG Blade Switch
    • HP FlexFabric 10Gb 2-port 534FLB Adapter
    • HP FlexFabric 10Gb 2-port 534M Adapter
    • HP QMH2672 16Gb FC HBA for BladeSystem c-class
  • Features Additions and Changes
    • IPv6 support to EBIPA (Enclosure Bay IP Addressing) for interconnect modules and server blades
    • Language Pack Support to allow for Japanese and Chinese GUI interfaces
    • SNMP3 support
    • Enhanced the UPDATE ILO CLI commandto to support server blades with the Trusted Platform Module (TPM) enabled
    • The sender’s email address for alertmail notifications
    • Monitoring of status of battery on OA module(s) with low battery level indication reported as OA diagnostic status.  When a low battery level status indication is encountered, the spare battery kit (HP p/n 708907-001) should be used for replacement of the battery as soon as possible as enclosure configuration settings may be lost if the OA loses power.
    • Two-Factor Authentication user certificates no longer require the "sslclient" property to be set.
    • Removed support “diffie-hellman-group1-sha1” as supported SSH key exchange option by default.  This may impact the ability of older SSH clients which do not support more contemporary and secure SSH key exchange options to connect to OA modules running OA 4.01.  This can be re-enabled via the “SET SECURESH SERVER KEX DHG1” CLI command.
  • Browser Support
    • Updated web browser support as follows:
      • Microsoft® Internet Explorer 8, 9, and 10
      • Mozilla™ Firefox® ESR 17
      • Google Chrome™

Version:3.71 (19 Feb 2013)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • The power subsystem might be reported as degraded and the HP 1200W Common Slot-48VDC Hot Plug Power Supply DC power supplies (HP part number: 437573-B21) as failed due to a device mismatch when running OA firmware 3.6x or 3.70 in a c3000 enclosure. See Customer Advisory c03571787 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03571787.
    • Intermittent  issue where server name was reset to default after power cycle.
    • Intermittent issue that would incorrectly reflect the HP 6120XG Ethernet Blade Switch and the HP ProCurve 6120G/XG Blade Switch status after the switch was rebooted or after a switch firmware update was performed.
       
Enhancements

Enhancements/New Features:

  • None

Version:3.70 (26 Oct 2012)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • If using OA 3.6x, HP BladeSystem c3000 Enclosures containing both of the following power supply models show the power subsystem degraded, with one or more power supplies being marked as mismatched. See Customer Advisory c03509204 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03509204.
      • HP 1200W Common Slot Silver Hot Plug Power Supply Kit
        • Part number 437572-B21
        • Spare part number 441830-001
      • HP 1200W Common Slot Silver Hot Plug Power Supply Kit
        • Part number 500172-B21
        • Spare part number 498152-001
    • The OA erroneously displayed the final character of the server name twice when the configured server name was greater than 14 characters.
Enhancements

Enhancements/New Features:

  • Firmware Additions
    • FIPS
      • FIPS, or Federal Information Processing Standards, is a set of publications that document standards for implementing security. More information can be found on “National Institute of Standards and Technology” website http://csrc.nist.gov/publications/PubsFIPS.html. OA 3.70 provides a user selectable FIPS Mode of operation wherein:
        • only FIPS 140-2 approved algorithms such as AES, 3DES and SHA are permitted,
        • strong passwords are enforced,
        • integrity self-tests are performed whenever encryption services are used (Known Answer Tests - KATs),
        • and partition integrity checks on boot are performed.
      • Enabling FIPS mode on an OA module or redundant pair of OA modules automatically forces the OA module(s) to be reset to factory defaults due to FIPS requirements. Please configure the OA module(s) for FIPS mode operation prior to performing any other enclosure or OA configuration including configuration of Virtual Connect.
      • Some features are permanently disabled in FIPS mode for compliance reasons:
        • Telnet access
        • Enclosure IP mode
        • SNMP
        • OA Firmware downgrades
        • Set Factory Defaults
        • Upload support dumps
        • Disable strong passwords
        • Disable LCD PIN protection
      • The default security settings in OA 3.70 have been upgraded and are now equivalent to prior version’s “Enforce Strong Encryption” setting. The “Enforce Strong Encryption” setting has been removed from OA 3.70.
      • Upon changing FIPS modes, all security related data is cleared from the OA, including certificates, keys, and other critical security parameters. Please refer to the security section in the Onboard Administrator user guide for more information.
      • FIPS is not supported on the following OA Hardware Modules:
        • HP BladeSystem c3000 Onboard Administrator (PN# 448589-B21, 461514-B21)
        • HP BladeSystem c7000 Onboard Administrator (PN# 412142-B21)
    • GUI
      • Internet Explorer 10 (IE 10) is supported in compatibility mode only.  The IE 10 “Windows 8 – Style UI Mode” is not supported.
      • OA GUI Management Console now allows login to 6Gb SAS Interconnect module Interfaces if VLANs are defined for the Interconnect modules.
    • IPv6
      • OA 3.70 adds a group box in the Management Processor Information tab on the iLO - Device Bay page, where a radio button is displayed to allow selection of the current IPv4 address and all IPv6 addresses assigned to the iLO.
         

Version:3.60 (4 Sep 2012)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • Previous versions logged transient network link status changes for the OA, servers and interconnects.  For example:
      Apr 30 06:48:17 OA: Network link to server 6 is down
      Apr 30 06:49:02 OA: Network link to server 6 is up
  • Thermals
    • OA 3.5x firmware versions track cumulative fan communication errors during continuous OA uptime.  Once a default threshold of cumulative errors is exceeded, the fan is marked as failed.  Some Active Cool 200 fans experience intermittent fan communication failures that will trigger this failure typically within 3 months of continuous operation, although the fans are otherwise operating normally.  Version 3.60 implements a different algorithm that avoids marking false failures with this generation of fans.  See Customer Advisory c03395857 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03395857.
  • IPv6
    • Alertmail now works with IPv6.
    • The DHCPv6 lease was reset each time the OA network was restarted by an OA reboot or other network configuration changes. This resulted in the OA inadvertently failing to request its existing IPv6 address when attempting to renew its IPv6 address via DHCP and typically receiving a different IPv6 address each renewal.
    • Under some conditions, users were unable to add a second IPv6 static address or to remove static IPv6 addresses thru the WEB GUI.
    • When the user specified both the Standby IPv6 DNS Server 1 and IPv6 DNS Server 2 thru the OA WEB GUI, the information for IPv6 DNS Server 1 was inadvertently discarded.
Enhancements

Enhancements/New Features:

  • Hardware Support
    • HP ProLiant WS460c Gen8 Workstation Blade
    • HP ProLiant BL660c Gen8 Server Blade
    • HP Virtual Connect Flex-10/10D Module for c-Class BladeSystem
  • Firmware Additions
    • Enclosure Firmware Management (EFM) allows administrators to define a single firmware baseline (SPP version) for the G5, G6, G7 and Gen8 Server Blades in a c-Class enclosure.  The administrator can have the firmware updated to the baseline on server insertion, during a pre-defined maintenance window, or manually.  The Onboard Administrator maintains logs of the EFM firmware updates, and reports on compliance with the established baseline.
      • EFM supports HP Service Pack for ProLiant (HP SPP) 2011.09 or newer.  Please review the HP Service Pack for ProLiant (HP SPP) documentation and release notes for issues and information about supported firmware components, http://www.hp.com/go/spp.
      • Enclosure Firmware Management (EFM) is not supported on the following OA Hardware Modules:
        • HP BladeSystem c3000 Onboard Administrator (PN# 448589-B21, 461514-B21)
        • HP BladeSystem c7000 Onboard Administrator (PN# 412142-B21)
    • Administrators can now define a custom Login Banner.  This can be used, for example, to display your specific Terms of Service (TOS) when logging in to the OA.
    • The OA IPv6 setting on the Enclosure TCP/IP Settings Page->IPv6 Settings tab now enables IPv6 traffic for all the devices in the enclosure (IPv6, RA, DHCPv6).
      • The OA will display IPv6 addresses assigned to the iLO
      • You must have IPv4 infrastructure to retain complete manageability through the OA; e.g. virtual media, single sign on, Enclosure Firmware Management.
    • Insight Remote Support enables health and inventory data for the enclosure to be collected by HP to expedite resolution of your issues.  Examples of data that is collected include:
      • Enclosure name
      • Enclosure product name
      • Enclosure part number
      • Enclosure serial number
      • Enclosure manufacturer name
      • Onboard Administrator firmware version
      • Onboard Administrator IP and MAC addresses
    • New CLI command SET SERIAL BAUD "<Baud Rate>" configures the baud rate settings for the OA serial console port. Valid Baud Rate values are:  9600, 19200, 38400, 57600, and 115200.
    • New SHOW HEALTH CLI command provides a summary of the health/status of all components in the enclosure.
    • Beginning with iLO 3 (G7 server blades) firmware version 1.50 and iLO 4 (Gen8 server blades) firmware version 1.05 a change in the server status reported by the Onboard Administrator will be observed in cases where a server attempts to power on but power on is delayed or denied.  In addition to the diagnostic status information indicating the cause of the power delay or denial, an additional diagnostic status indication will now be reported by the Onboard Administrator indicating that the server blade is reporting an internal degraded status.  This is an intentional behavior change.
    • Enhanced the HPONCFG CLI command to allow variable substitution. HPONCFG sends a RIBCL script to the specified HP ProLiant server blades with the access level and privilege of the current user. Command syntax is as follows:
              HPONCFG [NOAUTOLOGIN] [SUBSTITUTE [TEST] {<variable>=”value” [,<variable>=”value”[,…]]}] {ALL | <bay number> [{ , | - } <bay number>]} {<< <end marker> | <from_url> [<to_url>]}
      To use variable substitution, specify the token SUBSTITUTE followed by a list of variable assignments. Variable name and its value can include spaces, numbers, or any printable characters. Up to 25 variables are supported. The maximum length of variable name is 48 characters.  Specify TEST to review the RIBCL script that will be sent to the iLO without executing the script.  e.g.  The following command line would replace the string “%NAME%” in the RIBCL script that gets executed with “MY_NAME”:
              HPONCFG SUBSTITUTE NAME=”MY_NAME”
    • Updated OA SNMP to support the CPQRACK-MIB version 1.16.  Please see the HP Systems Insight Manager MIB Kit v9.20 for more details on the CPQRACK-MIB, http://h18013.www1.hp.com/products/servers/management/hpsim/mibkit.html.
    • A new warning message, “Mixing different power supply models is not supported. The power supply in bay #X must be replaced with the proper part number.”, is issued and the Power sub-system is degraded when different types of power supplies are mixed in c3000 enclosures.
    • With previous versions of the OA, packet flooding conditions on the management network could cause the OA to stop processing incoming packets.  Once triggered, this condition would persist until the OA was restarted.  The current version of the OA is more resilient to this condition, and will resume normal packet processing once the packet flooding conditions have cleared.  HP continues to strongly recommend that OA network ports be separate from your production network.
       

Version:3.56 (7 Jun 2012)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Updating to OA 3.56 is optional, though if you are experiencing security issues outlined in the release notes or thermal issues with a HP BL460c Gen8 server blade then you should consider updating to OA 3.56.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • HP ProLiant BL460c Gen8 server blades not properly cooled after a BIOS firmware upgrade. See Customer Advisory c03365221 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03365221.
    • Security enhancements. See Security Bulletin c03315912 for more information: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03315912.
    • Beginning with version 3.50, the OA could optionally generate 2048-bit keys for use with SSH and SSL. However, on upgrade the OA would retain existing 1024 bit keys to avoid disrupting ongoing communication. To switch from 1024-bit to 2048-bit keys you needed to first reset the OA configuration to factory defaults which would cause the generation of new keys. Beginning with version 3.56, a new CLI command “GENERATE KEY” can be used to force new keys to be generated at any time, i.e. without first resetting to factory defaults. For more information, refer to the section on new features.
Enhancements

Enhancements/New Features:

  • Hardware Support
    • None
  • Firmware Additions
    • Added new CLI command “GENERATE KEY” to allow the creation of new private keys.
      • GENERATE KEY { ALL | SECURESH | SSL } [ 1024 | 2048 ]: Generates new private keys associated with the Onboard Administrator SecureSH service and/or SSL web services with optionally specified key size.  If the key size is not specified, 2048 is used by default. Any self-signed or uploaded web service certificates generated using existing keys will be reset. Administrator account privileges are required.
    • The OA now supports up to twelve Two-Factor Authentication CA certificates.  Previous versions only allowed up to three (3) certificates, but no more than one from a single issuer.  In addition, chaining of Certificate Authority (CA) certificates is now supported.
       

Version:3.55 (27 Mar 2012)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • Security enhancements. See Customer Advisory c02997184 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02997184.
    • OA 3.50 does not support SSO (single sign on) to iLO 2 (ProLiant G6, G5 or G1 server blades) when LDAP authentication is used with the syntax of <domain>\<user>. The syntax works correctly with OA 3.55.  See Customer Advisory c03234658for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03234658.
    • When LDAP-based authentication is used to access the OA, if the user name syntax contains a “,” (comma), Single Sign-On (SSO) to any iLOs will fail after several attempts. An example of such syntax is:
        CN=smith,CN=users,DC=domain,DC=com
      Once this issue is encountered, all other users (local users, LDAP users with syntaxes without a comma, or users accessing the OA via HP-SIM) are also impacted (those users will not be able to SSO to any iLO’s). The syntax works correctly with OA 3.55.
    • OA 3.50 (or prior) EBIPA page does not refresh the Management IP address for CBS 3020 Interconnect Modules (Cisco Catalyst Blade Switch) if the Switch firmware is upgraded from version 12.2(55)SE4 (or earlier) to version 12.2(58)SE1 (or later) without resetting the OA or the switch. OA 3.55 refreshes the correct IP address automatically. See Advisory c03255218 for more information, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03255218.
Enhancements

Enhancements/New Features:

  • Hardware Support
    • None
  • Firmware Additions
    • None

Version:3.50 (26 Mar 2012)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

  • OA 3.50 is required for HP Gen8 server blades. Please update your enclosures with OA 3.50 before inserting a Gen8 server blade into the enclosure.
  • Users with configurations or which are experiencing issues outlined in the release notes should update to this version at their earliest convenience, otherwise this update is optional.

Firmware Dependency

For firmware compatibility information please see HP Service Pack for ProLiant Information Library, http://www.hp.com/go/spp/documentation.

Problems Fixed

  • General
    • Security enhancements. See Advisory c03263573 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03263573.
    • The OA could lose its "Enclosure IP mode" during rapid back to back failovers. This scenario is not usually encountered during normal operations, but could be observed during scripted, repetitive failover testing.  Other failure modes included corrupted VC/OA configurations.  HP best practices for scripted failover operation are documented in the “HP BladeSystem c-Class Onboard Administrator Failover” white paper, http://h10032.www1.hp.com/ctg/Manual/c02994572.pdf
    • When redundant OA modules are present and powered up simultaneously, both modules have been observed intermittently to boot into active mode resulting in network loop flooding.  To clear this condition, one OA module needed to be temporarily removed from the network, or re-booted.
    • The CLI command UPDATE DEVICE TRAY would not execute the update.
    • The Onboard Administrator occasionally displayed incorrect DIMM memory total for the HP Integrity BL890c i2, BL870c, BL870c i2, BL860c and BL860c i2 Server Blades.
    • Some third party PCIe option cards could prevent the PCI Expansion blade from powering up properly. The OA would improperly report the interconnect module health status. The PCI Expansion blade firmware must be upgraded to version 2.26 which is contained within OA 3.50.
  • CLI/GUI
    • OA CLI Show Enclosure Temp command does not always display temperatures for G7 server blades. See Customer Advisory c03037876 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03037876
    • The power meter graphical view could cause browser timeout or script issues.
    • When executing the SHOW ALL command on a fully populated enclosure the OA GUI could timeout with a page load error.
    • OA 3.50 sets the KVM default minimum video resolution to 800 x 600 pixels which is supported by the majority of monitors.  The BIOS in G7 Blades uses a 720x400 video resolution which was not properly supported by previous versions of the OA on some KVMs.  On the affected KVMs, the remote console session was not viewable.
    • The HP Onboard Administrator KVM (keyboard/video/mouse) feature that allows access to the server blade console did not function with HP Integrated Lights-Out 2 (iLO 2) Firmware Version 2.06 (or later). See Customer Advisory c03037876 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03037876.
  • Network
  • VLAN
    • During an OA failover, communication with iLO would be lost under the following conditions: VLAN is enabled, the blade’s iLO is assigned a non-default VLAN ID different than that of the OA’s VLAN ID.
  • LDAP
    • LDAP Test page and TEST LDAP CLI command did not properly handle a directory server at an IPv6 address.
    • The OA’s LDAP server IP address was incorrectly set during a configuration download operation.
    • LDAP certificate validation did not handle the Subject Alternative Name field.
    • LDAP certificate validation did not enforce Valid Before/After date limits on the server certificate.
    • LDAP certificate validation did not enforce CN matches when FIPS mode is enabled.
    • LDAP Certificate validation did not handle Ext3 flags.
  • Thermals
  • VC
    • The OA failed to display the Flex NICs properly after a VC failover, Active VC IP address change or a VC domain name change.  The incorrect information is informational only – the correct operation of the affected NICs is not impacted.
Enhancements

Enhancements/New Features

  • Hardware Support
    • HP ProLiant BL420c Gen8 Server
    • HP ProLiant BL460c Gen8 Server
    • HP ProLiant BL465c Gen8 Server
  • Firmware Additions
    • Browser Support
      • Microsoft® Internet Explorer 6, 7, and 8.
      • Mozilla™ Firefox® 2.0, 3.0, and 3.5.
    • The Gen8 Active Health System provides a log of historical information including the most recent states and events for Gen8 servers.  This log is obtained from Gen8 Server Blades via iLO4.  When enabled via the OA GUI or CLI, the OA adds status information about enclosure fans, power supplies, and enclosure configuration to the health log for each of the servers in the enclosure.
    • HP ProLiant BladeSystem c-Class server blades now provides identification information such as server name, UUID number, and IP address to the Intelligent PDU and to HP Insight Control power management software. To utilize this feature, the new “HP BLc 1PH Intelligent Power Module” and Insight Control Version 7.0 or later are required. This Intelligent Power Discovery feature which is unique ProLiant BladeSystem c-Class reduces the amount of time needed to configure the power distribution software and hardware, and eliminates manual configuration errors.
    • iLO and VC each display information about server NIC configurations.  However, the naming scheme used varies based on the tool used to view the configuration.  The OA NIC display has been enhanced to correlate NIC labels between the OA, iLO and VC.
    • OA 3.50 or later increases the default SSL private key size used for encryption of network communication from 1024 bits to 2048 bits.
    • Updated OA to use the June 27, 2011 time zone data files. The list of newly supported time zones includes:
      • America\Argentina\Salta
      • America\Bahia_Banderas
      • America\Kralendijk
      • America\Lower_Princes
      • America\Matamoros
      • America\Metlakatla
      • America\North_Dakota\Beulah
      • America\Ojinaga
      • America\Santa_Isabel
      • America\Sitka
      • Antarctica\Macquarie
      • Asia\Kathmandu
      • Asia\Novokuznetsk
      • Pacific\Chuuk
      • Pacific\Pohnpei

Version:3.32 (3 Oct 2011)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Important Notes:

HP SIM Support

  • If you are running HP SIM v6.1 or 6.2, please do not update to OA 3.30 until you’ve applied all patches available for your HP SIM version, or upgrade your HP SIM to v6.3 prior to upgrading your OA environment.  If running versions of HP SIM prior to v6.1, you must upgrade to a HP SIM v6.3 prior to upgrading to OA 3.30.

Enclosure Power Subsystem

  • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

  • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
  • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

  • If the Enclosure VLAN feature is enabled:
    1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
    2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
    3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General

Version:3.31 (1 Jun 2011)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.

Users with configurations or which are experiencing issues outlined in the release notes should update to this version at their earliest convenience, otherwise this update is optional.


Important Notes:

HP SIM Support

  • If you are running HP SIM v6.1 or 6.2, please do not update to OA 3.30 until you’ve applied all patches available for your HP SIM version, or upgrade your HP SIM to v6.3 prior to upgrading your OA environment.  If running versions of HP SIM prior to v6.1, you must upgrade to a HP SIM v6.3 prior to upgrading to OA 3.30.

Enclosure Power Subsystem

  • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
  1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
  2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
  3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General
  • Fixed an issue where false Link status may be indicated when the certain NIC adapters are mapped to an HP 1 Gb Ethernet Pass-Thru Module even when no cable is attached (as described in the Customer Advisory c02473928). OA 3.31 contains the corrected 1Gb Ethernet Pass-Thru PIC Firmware version 3.0.3. PIC Firmware upgrade procedure is shown below.

Detailed Description: HP NC550m, NC551m, NC552m, or NC553i 10GbE Server Adapters may indicate a false link status when mapped to an HP 1 Gb Ethernet Pass-thru module even if there is no cable attached from the Pass-thru module to the switch. Even if a cable is either not connected or becomes inadvertently unplugged, and therefore no network connectivity is present, the server blade front panel NIC LED status will be illuminated green, indicating link. In addition, the operating system will display a message similar to, "Local area connection is now connected." This can also cause Network teaming and configuration issues because the NIC will always report that there is link.

In addition, the HP System Management Homepage (SMH) NIC status is displayed incorrectly when a NIC cable is unplugged under any Linux operating system.

This only occurs with the 1 Gb Pass-thru module. 10 Gb Pass-thru and 1/10Gb switches do not exhibit this issue.

Resolution: for the applicable configurations described above, upgrade the OA Firmware to 3.31, and follow the procedure below for all 1 Gb Pass-thru modules in the enclosure:

  1. Log into the OA CLI interface as an Administrator
  2. OA> show update
    This will show current and available firmware versions for programmable devices. OA 3.31 will indicate the newly available Pass-Thru PIC Firmware 3.0.3.
  3. OA> update device icbay <bay number | all>
    This will update the specified interconnect bay, note that bay1 is 1A, etc., as shown in the previous command
  4. OA> show update
    Run this again to confirm that the versions now match
      • Fixed an issue where upgrading from Onboard Administrator (OA) 3.11 to OA 3.20, 3.21 or 3.30, under defined circumstances, may cause Virtual Connect (VC) to disconnect its Fibre Channel (FC) connections.  This is limited to systems using a HP ProLiant or Integrity Blade with a FlexFabric Adapter (Mezzanine or LOM) and either a
        • Fibre Channel over Ethernet (FCoE) connection to a VC FlexFabric module or a
        • FC connection from a FC Mezzanine to a VC FC module

Detailed Description: OA firmware revisions 3.20, 3.21, and 3.30 identify the capabilities of the embedded G7 FlexFabric Adapter LOM or FlexFabric Adapter Mezzanine differently than OA firmware 3.11.  If a VC profile had previously been created and assigned to a blade using OA firmware  3.11, then the newer OA firmware will detect a VC profile mismatch. This mismatch may cause Virtual Connect to disconnect the blade FC or FCoE SAN connections after a VC firmware upgrade or when a user issues a VC Manager (VCM) reset command.

All the following must be true to be exposed to this condition on a VC firmware upgrade or VCM reset:

  • A VC profile with a SAN fabric must have been assigned to that blade with OA firmware version 3.11
  • A blade must have at least one HP FlexFabric Adapter (including LOM or Mezzanine)
  • The current version of OA firmware is OA 3.20, 3.21, or 3.30
  • The blade has not been removed/reinserted, nor the OA CLI Reset Server command run, nor had its profile reassigned, since the OA firmware was upgraded to OA 3.20 or later.

Note that VC profiles assigned to a blade using OA version 3.20 or later are not impacted.
Note that OA firmware version 3.11 is the first OA version to support FlexFabric Adapters.


Version:3.30 (28 Apr 2011)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

HP SIM Support

      • New hardware support was introduced with OA 3.30 which requires changes to HP System Insight Manager (HP SIM) in order to support OA 3.30.  This support was added in the HP SIM v6.3 release that is available at http://www.hp.com/go/hpsim or http://www.hp.com/go/insightsoftware.  If you are planning on upgrading to OA 3.30, it is recommended that you also upgrade to HP SIM v6.3.  If you are running version HP SIM v6.1 or 6.2, please do not update to OA 3.30 until there is a patch available for your particular HP SIM version, or upgrade your HP SIM to v6.3 prior to upgrading your OA environment.  If running versions of HP SIM prior to v6.1, you will be required to upgrade to a supported version.

Enclosure Power Subsystem

  • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
  1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
  2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
  3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General
  • Fixed an issue where Utility Ready Blade feature would be inactive after restarting the OA if URB ENABLED command is set to anything other than HTTP.
  • Fixed an issue where the Onboard Administrator could reboot if an invalid character was logged to a remote syslog.
  • Fixed an issue where Onboard Administrator terminated following many back-to-back blade power on/off cycles.
  • Fixed an issue where the Onboard Administrator would report spurious blade "power release" messages when a blade e-fuse was reset.
  • Fixed an issue where the OA incorrectly reported SAS Storage Mezzanine ports connected to Ethernet devices as port mismatches. This condition is not an error as the SAS Mezzanine ports are dynamically enabled / disabled.
  • Fixed an issue where Onboard Administrator occasionally did not clear all state information after a blade was removed.
  • Fixed an issue where a false 'NVRAM unformatted/corrupted' error message was displayed when downgrading from an OA 3.xx version to an OA 2.xx version.
  • Fixed an issue where the OA was not initializing interconnect power states at initial OA startup.
  • Fixed an issue where the OA improperly initialized identification strings for ServerNet type switches to OA CLI.
  • Fixed an issue where interconnect modules and server blades may not receive an EBIPA IP address but may receive an IP from an external DHCP server after an OA restart when OA VLAN is enabled.
  • Fixed an issue where the OA would reboot when executing a “SHOW SERVER BOOT” CLI command on server blade that has more than 8 IPL Boot Order devices.
  • Upgraded from OpenSSH 5.1p1 to OpenSSH-5.6p1.

Integrity Blades

  • Fixed an issue where the OA would display the CPU max core frequency instead of the core base frequency for HP Integrity i2 server blades.
  • Fixed an issue where rebooting the OA in an enclosure with only one power rail powered-up could cause HP Integrity i2 server blades to go into a low power performance state.
  • Fixed issue where HP Integrity i2 server blades would remain in low power mode after AC redundant power loss and OA restart.
  • Fixed issue which causes LOM connectivity drops when iLO is reset affecting the following Integrity Server Blades BL860c i2, BL870c i2, and BL890c i2.

CLI

  • Fixed an issue where the OA CLI “CONNECT SERVER SERIAL” command would fail when connecting to a HP ProLiant G7 server blade.

KVM

  • Fixed an issue where the OA-KVM feature appears to hang with the message "Header Received" when connecting to a G7/ILO3 blade.

IPv6

  • Fixed an issue where a “cannot create tmp-.conf” error message would be displayed if an operator attempted to change IPv6 settings.
  • Fixed an issue where an IPv4 connection would be lost after modifying IPv6 settings.

LCD

  • Fixed an issue where someone logged in with "Operator" privileges could set LCD Pin Protection Number through the Onboard Administrator browser.
  • Fixed an issue where the LCD Health Summary continues to report “missing server” on a full-height blade with an adjacent storage blade installed in an incorrect bay - after the storage blade has been removed.

Virtual Connect

  • Fixed an issue where the Onboard Administrator would improperly report a Virtual Connect Interconnect module’s status if the modules E-fuse were tripped.
  • Fixed an issue where Virtual Connect 24-Port FC Interconnect Firmware Version information sometimes didn't appear in Onboard Administrator GUI or CLI output.
Enhancements

Firmware Additions

  • None

Version:3.21 (19 Nov 2010)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

Onboard Administrator FW Version 3.21 replaces Onboard Administrator FW Version 3.20

Onboard Administrator (OA) with firmware version 3.20 may become unresponsive when certain Integrity server blades, StorageWorks server blades, and/or Workstation partner server blades are in a c-Class BladeSystem enclosure. The OA and its interfaces (web GUI, CLI, LCD, etc.) may become sluggish or unresponsive. This occurs because the OA Firmware Version 3.20 does not properly handle Intelligent Platform Management Interface (IPMI) network traffic with the affected server blades. The intensity of the issue, lack of responsiveness in Onboard Administrator, is proportional to the number of affected blades in the enclosure. 

The following actions are recommended:

If a c-Class BladeSystem enclosure has been upgraded to OA Firmware Version 3.20 and the enclosure contains any of the following server blades, the enclosure OA firmware should be immediately upgraded to OA Firmware Version 3.21.

  • HP Integrity BL860c Server
  • HP Integrity BL870c Server
  • HP Integrity BL890c i2 Server Blade
  • HP Integrity BL870c i2 Server Blade
  • HP Integrity BL860c i2 Server Blade
  • HP ProLiant WS460c G6 Workstation series
  • HP ProLiant xw460c Blade Workstation
  • HP StorageWorks SB40c Storage Blade
  • HP StorageWorks Ultrium Tape Blades

If OA Firmware Version 3.20 is present in an enclosure and the enclosure doesn't contain any of the above server blades, then updating to OA Firmware Version 3.21 is not necessary.  Although HP strongly recommends that you upgrade to OA Firmware Version 3.21 at your earliest convinence.

Enclosure Power Subsystem

      • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
        1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
        2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
        3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

    • Onboard Administrator (OA) firmware version 3.20 may become unresponsive if Integrity BL860c,
      BL870c, or partner blades are in the enclosure.
    • Fixed an issue where modifying the Scalable Blade Link configuration of an Integrity i2 (BL890c i2, BL870c i2, or BL860c i2) server could cause Virtual Connect to become unstable.
Enhancements

Firmware Additions

  • None

Version:3.20(A) (15 Nov 2010)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

Onboard Administrator FW version 3.20 is no longer available for download

An issues was discovered in Onboard Administrator (OA) firmware version 3.20 where the OA may become unresponsive if an HP Integrity BL870c Server Blade, HP Integrity BL860c Server Blade, or any Integrity or ProLiant Server Blade with a direct attach storage, PCI expansion, or graphics expansion blade is installed in the enclosure.

OA 3.20 was pulled from the HP download site and will be replaced with OA 3.21 in the near future to address this issue.  The permanent fix will be to upgrade the OA firmware to version 3.21.

For customers that have installed OA 3.20 in an enclosure, HP recommends the user take one of the following actions to avoid this issue.

          • Customers using OA 3.11 or earlier should NOT upgrade to OA 3.20.
          • Customers who have upgraded an enclosure to OA 3.20 which contains an HP Integrity BL870c Server Blade, HP Integrity BL860c Server Blade or any Integrity or ProLiant Server Blade with a direct attach storage, PCI expansion, or Graphics expansion blade should downgrade to OA 3.11 immediately.
          • Customers who have OA 3.20 installed in an enclosure and do not meet either of the above two conditions can continue using OA 3.20.

Enclosure Power Subsystem

      • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
  1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
  2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
  3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General

      • Fixed an issue where the enclosure configuration changes are not saved if the following error messages are in the OA Syslog after a settings change:
           CONFIG: dhclient.leases has wrong file permissions
           CONFIG: Wrong file permissions detected.  Please reset to factory defaults.
        The workaround is: Save the OA configuration using GUI or CLI before updating the firmware, then restore the configuration after updating the firmware to ensure that the configuration changes are not lost.
      • Fixed a memory leak issue which caused Onboard Administrator to restart every several days when there was a HP StorageWorks 3Gb SAS BL Switch installed with Firmware Version 2.2.x.x or later.
      • Fixed an issue where the Onboard Administrator continuously logged I/O module temperature alerts when a Cisco Catalyst Blade Switch 3020 for HP was installed in a BladeSystem c3000 Enclosure.
      • Fixed an issue where a blade's "enclosure health" status as displayed by iLO could be incorrectly reported as FAILED.
      • Fixed an issue where extra ports were incorrectly reported for CNA Mezz in slot 1 of any full-height server blade.
      • Fixed an issue where fans are shown as degraded and then OK after insertion.
      • Fixed an issue where a change alert was not properly sent to a blade on standby to active transition.
      • Fixed an issue where the Onboard Administrator would not obtain the original DHCP IP address after an Onboard Administrator reboot.

CLI

  • Fixed an issue where the CLI would sometimes abruptly exit when changing Onboard Administrator network settings.
  • Fixed an issue where a SSH or Telnet session to the Onboard Administrator could be lost when changing the Onboard Administrator name on a VLAN enabled network.
  • Fixed an issue where an Onboard Administrator CLI to iLO connection was dropped when the Onboard Administrator received a string from iLO containing "Connection closed", though the user did not intend to exit the iLO connection.

Integrity Blades

  • Fixed an issue where the UUID and serial number was not always updated properly for conjoined HP Integrity SBL server blades.
  • Fixed an issue where the CPU core count was not always displayed properly for conjoined HP Integrity server SBL blades.
  • Fixed an issue where the iLO IP address link for HP Integrity SBL blades on the Device Summary page would produce an HTTP 404 error when clicked. The Web Administration link on the iLO page works correctly and can be used as a workaround for this issue.

EBIPA

  • Fixed an issue where the IP address of certain blades and interconnects would follow the device rather than the bay.

KVM

  • Fixed an Onboard Administrator KVM issue where it would intermittently lose connection to a G7 server blade.
  • Fixed an Onboard Administrator KVM issue where it would display invalid characters when connected to a G7 server blade in suspended video mode.

Virtual Connect

  • Fixed an issue where Virtual Connect may not detect server changes after changing the SBL on Integrity multi-blade servers.
  • Fixed an issue where the Onboard Administrator would not provide VC with the appropriate credentials if the Onboard Administrator was not in the default VLAN.
  • Fixed an issue where powering VC Switch On and Off from Onboard Administrator GUI could result in "Failed" Switch health status.

VLAN

  • Eliminated erroneous error message, "ifconfig: eth0.3: error fetching interface information: Device not found", displayed on the serial console during an OA restart. This message can be ignored on previous Onboard Administrator versions.
Enhancements

Enhancements/New Features

New Hardware Support

  • HP ProLiant BL680c G7 Server
  • HP ProLiant BL620c G7 Server
  • HP StorageWorks D2200sb Storage Blade

Firmware Additions

  • Added support for automatically restoring the Enclosure’s Serial Number on a mid-plane replacement.  This feature requires that all the OA modules and fans be plugged back into the enclosure before power is applied.  Changing power supplies during the midplane service event will not impact this feature.
  • Added additional support for Utility Ready Blades (URB):
    • Added URB SMTP support.  Metered information can now be communicated either through https, SMTP or both.
    • Added an additional URB metering proxy – present power.
    • Added URB Integrity Blade support for Integrity iLO3 server blades.
  • Added Enclosure Serial Number to the Insight Display (LCD) Enclosure Info screen.

Version:3.11 (25 Aug 2010)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.

  • For OA 3.10 installations, HP requires users to update to OA 3.11 at their earliest convenience.
  • For OA 3.00 installations, the user can simply enable the IPv6 feature in the OA and then at some later date upgrade to OA 3.11 as needed.  Note that IPv6 is disabled in the OA by default.
  • For all other OA installations, the user may want to consider updating to OA 3.11 if they are experiencing issues that were addressed in OA 3.00, OA 3.10 or OA 3.11.

Important Notes:

OA Web Services Issue with OA 3.10

      • Onboard Administrator (OA) v3.11 was released to address an issue found in OA 3.10, which could potentially create a condition where the OA’s web services could become inaccessible and cause loss of communications with Virtual Connect Manager.
      • This issue can also be seen in OA 3.00 but doesn’t manifest itself in the same manner due to additional changes in OA 3.10.  In OA 3.00, simply enabling IPv6 support will provide a workaround and OA 3.00 will function properly.  Note that IPv6 is disabled in the OA by default.
      • See customer advisory c02499458 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02499458.

Enclosure Power Subsystem

      • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
  1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
  2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
  3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General

  • Fixed an issue where a half-height blade in the adjacent lower right bay to a full-height blade could not be powered on after applying a VC profile to the full-height blade, resulting in an “Not configured for Virtual Connect” error message on the OA. See customer advisory c02476149 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02476149.
  • Fixed an issue that caused a slow memory leak when the Network Time Protocol (NTP) was enabled and the poll frequency was set to less than 6 minutes in the OA.
  • Fixed an issue where under rare occasions, VC can write a server blade profile before the OA is ready to receive it, which would result in the VC profile being ignored.
  • Fixed an issue where the OA would not properly display a blade’s FlexNIC MAC addresses after removing a VC profile.
  • Fixed an issue where under rare circumstances the Onboard Administrator would run out of resources and fault in a densely populated enclosure of BL2x220 server blades.

GUI

Enhancements

Enhancements/New Features

Hardware Support

  • HP ProLiant BL2x220c G7 Server Blade
  • HP ProLiant BL460c G7 Server Blade
  • HP ProLiant BL465c G7 Server Blade
  • HP ProLiant BL490c G7 Server Blade
  • HP ProLiant BL685c G7 Server Blade

Version:3.10 (21 Jun 2010)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

OA Web Services Issue with OA 3.10

  • ALL OA 3.10 USERS SHOULD UPGRADE TO OA 3.11 OR LATER.
  • Onboard Administrator (OA) v3.11 was released to address an issue found in OA 3.10, which could potentially create a condition where the OA’s web services could become inaccessible and cause loss of communications with Virtual Connect Manager.
  • This issue can also be seen in OA 3.00 but doesn’t manifest itself in the same manner due to additional changes in OA 3.10.  In OA 3.00, simply enabling IPv6 support will provide a workaround and OA 3.00 will function properly.  Note that IPv6 is disabled in the OA by default.
  • See customer advisory c02499458 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02499458.

Enclosure Power Subsystem

      • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

Enclosure Dynamic Power Cap

      • Caution: If Enclosure Dynamic Power Cap is enabled, the changes in this feature in OA v3.10 may result in servers halted in POST after a reboot and status Degraded due to “Insufficient Enclosure Power”, or the server may be unable to power on.   This condition can be a result of reducing the Enclosure Power Cap after all server blades are powered on.  If the enclosure Power Available is lower than the iLO Advanced report of Initial Power-On Request Value – then that server could encounter this issue.  The workaround is to increase the Enclosure Power Cap to provide more Power Available to the enclosure.
      • Power-on and reboot of server blades requires that the active Onboard Administrator determine that the server power request can be satisfied.  Changes to power supplies, input power feeds, power redundancy mode, power capping, power limit and the power state of other blades and devices in the enclosure may affect the ability to power on a server blade or reboot a server blade.  HP recommends testing a fully configured enclosure from a completely powered-off state before finalizing the enclosure power settings.

VLAN

      • If the Enclosure VLAN feature is enabled:
  1. Ensure that all HP Virtual Connect Ethernet and Virtual Connect FC interconnect modules are configured with the same management VLAN as the OA modules.
  2. Ensure all enclosures with Virtual Connect multi-enclosure domains have the same management VLAN configuration for all VC interconnects and all OA modules.
  3. Ensure that all HP 3G SAS switches are configured with the same management VLAN ID as the OA modules in that enclosure.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

General

  • Fixed security issues indicated in advisory CVE-2010-0740 by updating to openssl-0.9.8n. For more information on the advisory can be found at http://www.openssl.org/news/secadv_20100324.txt.
  • Fixed an issue where the Dynamic DNS setting would be incorrectly displayed on the OA TCP/IP settings page. Instead of reflecting the current state, it would always display "Enabled".
  • Fixed an issue introduced in OA version 3.00 where on cold power-up of the enclosure the OA would intermittently hang at step 11/16.
  • Fixed an issue where an SNMP keying failed trap would have a blank server name and blank spare part number.
  • Fixed an issue where the OA did not report system health status correctly for multi-blade servers.
  • Fixed an issue where the syslog may be filled with unnecessary entries that read "getLCDImage: Unable to acquire Insight Display screenshot".
  • Fixed an issue where the A side of blades in bays 1-8 in a c7000 enclosure or bays 1-4 of a c3000 enclosure would not get an IP assigned by an external DHCP server if EBIPA was disabled for those blades but enabled for the corresponding interconnect bay.

GUI

  • Fixed several issues where the enclosure front views for c3000 and c7000 enclosures would sometimes display a phantom gray cell instead of a blade, too many blades were drawn, or blade server images were incorrectly sized.
  • Fixed an issue where Multi-blade servers would not automatically populate in the left-hand navigation tree of the OA GUI.
  • Fixed an issue where there was a mismatch in the AC/DC power type indicator in both the GUI and the CLI for a DC enclosure.

CLI

  • Fixed an issue which prevented the clearing the LDAP server field when LDAP is enabled.

LCD

  • Fixed an issue where the LCD incorrectly reports the port number on a BL2x220c keying mismatch.

KVM

  • Fixed an issue where the server name on the OA KVM menu would display [Unknown] instead of the default server name.
Enhancements

Enhancements/New Features

Hardware Support

  • HP ProLiant BL465c G7 Server Blade
  • HP ProLiant BL685c G7 Server Blade

Firmware Additions

  • In OA v3.00 the VLAN feature required the Interconnect/Server and the OA to be on the same VLAN ID when VLAN was enabled for the CLI CONNECT command to function.  This limitation has been removed in OA v3.10.
  • Updated the status legend in the OA GUI to include descriptions of each severity level.
  • Improved robustness of certificate recovery.

Version:3.00 (30 Mar 2010)
Fixes

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Important Notes:

    • Onboard Administrator v3.00 EBIPA changes to support configuring device bays or interconnect bays in different IP subnets (particularly to support the new Enclosure VLAN feature) require a new CLI command to save the EBIPA settings. Enclosure configuration files saved on previous Onboard Administrator versions will not have the new SAVE EBIPA command, so it is highly recommended that the Enclosure configuration file be saved after the Onboard Administrator is updated to version 3.00; even if the new EBIPA features are not used, to ensure that the Enclosure configuration file has the proper EBIPA command sequence to restore the EBIPA settings.
    • Internet Explorer 6 does not natively support IPv6. Please review Microsoft Technical Note, http://technet.microsoft.com/en-us/library/cc784580.aspx, for details on using Internet Explorer 6 with the Onboard Administrator v3.00 configured for IPv6.
    • As of Onboard Administrator v2.60, the Onboard Administrator detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680.

Firmware Dependency:

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed:

    • Security Fix for Apache vulnerability CVE-2007-6203. Details of this vulnerability can be found at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6203.
    • Fixed the issue indicated in HP Customer Advisory c01641287 – HP Onboard Administrator – Enclosure Bay IP Addressing (EBIPA) May Not Function Properly if Multiple Subnets Are Used in the Address Range Configuration, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01641287.
    • Fixed the issue indicated in HP Customer Advisor c02046176 - HP Onboard Administrator (OA) - OA Firmware 2.60 May Falsely Report the Status of Some Cisco MDS 9124e Switches, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02046176.
    • Fixed the issue indicated in HP Customer Advisor c01904203 - ProLiant BL460c/xw460c G6 Server Blade - HP Onboard Administrator Does Not Display HP Part Number Information for ProLiant BL460c G6 Server Blades Running Certain Versions of the System ROM, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01904203.
    • Fixed the issue indicated in HP Customer Advisory c02075088 – HP TFT7600 Rackmount Keyboard and Monitor (TFT7600 RKM) - Monitor May Display Video Distortion When Connected to an HP BladeSystem c3000/c7000 Enclosure Onboard Administrator, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02075088.
    • Fixed an issue where uploading a configuration script would intermittently display "500 An internal error has occurred within Apache". The script would successfully execute but no script feedback would be displayed.
    • Fixed an issue where SET FACTORY was not properly clearing all sittings and certificates, and syslog.
    • Fixed an issue an Onboard Administrator operator would be able to force a manual failover. Now only an administrator can perform this task as documented.
    • Fixed an issue where a user would not be properly logged out of a linked enclosure when enabling Two Factor Authentication on the linked enclosure.
    • Fixed an issue where adding a new LDAP group in the Onboard Administrator would default administrator access instead of user access.
    • Fixed an issue where a standby Onboard Administrator’s network settings would be reset during firmware mismatch. This correction for this issue will only take effect when both Onboard Administrators are at v3.00.
    • Fixed an issue where the SET LDAP PORT command would set erroneous information if the command was specified without arguments.
    • Fixed an issue where SSH access to the OA could become disabled when deleting the active user with administrative access.
    • Enhanced user certificate administration. Now if Two Factor Authentication is enabled a warning message will be displayed if attempting to delete a user certificate.
    • Fixed an issue where the DVD Connect Status LCD screen would be unavailable for users with operator privilege.
    • Fixed an issue where XML reply displayed the wrong LCD firmware version.
    • Fixed an issue where the CONNECT SERVER command would terminate the CLI session if the max number of iLO users was reached.
    • Fixed an issue where a weak password would not show the proper error message.
    • Fixed an issue where a degraded blade would generate multiple redundant syslogs.
    • Fixed an issue where a tape storage blade using 50W of power or less would report an error of "too little power".
    • Fixed an issue introduced in version 2.50 where the Insight Display (LCD) DVD connect screen and KVM menu screen would display "Unknown" for blade names.
    • Fixed an issue where Enclosure KVM to individual blades would not handle CAPS LOCK and NUM LOCK keys correctly.
    • Fixed an issue which logged false power supply status changes from OK to UNKNOWN.
    • The ability to sort the iLO Event Log and the blade IML log has been removed from the OA GUI due and will now be displayed in the order received from iLO.
    • Fixed an issue where a PCI partner blade would remain powered on when the partner's server blade was removed. The PCI partner blade will now power off if the server blade is removed.
    • Fixed an issue where the OA would incorrectly report a failed status on some Cisco MDS 9124e switches.
    • Fixed an issue in OA v2.60 where PowerDelay did not work in properly.
    • Fixed an issue where an LDAP search context could not be entered when it contained 127 characters.
    • Fixed an issue where a server blades Power Management Controller version was not be properly cleared when a blade was removed or moved to a different slot.
    • Fixed an issue where the "Virtual Connect Manager ..." link would sometimes open a blank page.
    • Fixed an issue where LDAP search contexts 4-6 were not being set properly when using the First Time Setup Wizard.
    • Fixed an issue where the CONNECT SERVER and CONNECT SERVER SERIAL commands would fail if keys on the keyboard where pressed before the connection was made.
    • Fixed an issue where the "power capacity" values in "enclosure power summary" and "show power" may not match.
    • Fixed an issue where the SHOW VCMODE CLI command would display the message "Operation failed" even though it did not actually fail.
    • Fixed an issue where an Operator-level user was not able to configure opt-out bays for Enclosure Dynamic Power Capping.
    • Fixed an issue where assigning user permissions to interconnect bays in the First Time Setup Wizard would exclude interconnect bay 8 in a c7000 enclosure even if it was checked.
    • Fixed an issue where the "enclosure dynamic power capping" status would be present on some blades but not others.
    • Fixed an issue where unassigning a Virtual Connect profile from a blade would not always update the blade's status.
    • Fixed an issue where a Switch Module's Health LED wasn't always set properly.
    • Added syslog messages to track users who login and logout using Two-Factor authentication.
    • Fixed an issue where setting the enclosure name occasionally failed when using the First Time Setup Wizard.
    • Added the display of BL2x220c blades to the Fan Zones summary page.
    • Added a field on the OA TCP/IP settings page to indicate whether or not the OA was in DHCP mode or Static mode.
    • Fixed an issue where negative Power available values could be displayed for the c7000 enclosure.
    • Fixed an issue were enclosure DVD actions were not recorded in the OA syslog.
    • Modified the maximum URL length used to upload OA configuration scripts from 64 to 127 characters.
    • Fixed an issue where the OA configuration script produced by the Insight display interface did not contain all the information produced through the GUI or CLI interfaces.
    • Fixed an issue where KVM menu screen on the Insight Display would be displayed before initialization was complete. 
Enhancements

Enhancements/New Features

New Hardware Support

  • HP BLc7000 2400W Platinum Power Supply
  • HP Integrity BL890c i2 Server Blade
  • HP Integrity BL870c i2 Server Blade
  • HP Integrity BL860c i2 Server Blade

Firmware Additions

  • Added support for IPv6.
  • Added support for Virtual LAN (VLAN) networking within the c-Class enclosure.
  • Added support for Federal Information Processing Standards (FIPS) 140-2 Level 1.
  • Added support for Internet Explorer 8 in compatibility mode only.
  • Added support for Mozilla Firefox 3.5.
  • Added support for logging blade correctable and uncorrectable memory errors on G6 server blades only.
  • Enhanced Enclosure Dynamic Power Capping:
    • Provides for a maximum allowable cap range based on the hardware and firmware available in the enclosure and installed server blades
    • Can now be enabled in a non redundant power environment
    • Can now be enabled in a DC-powered enclosure
  • Added a new CLI command that retrieves and displays a server blade’s iLO 2 Event Log.
  • Modified the SHOW ALL to also include the iLO 2 Event Log for all installed server blades.
  • Enhanced the handling of previously cached browser pages when upgrading the Onboard Administrator.
  • Self-signed certificates generated with Onboard Administrator v3.00 now use a SHA1 signature instead of the less secure MD5 signature.
  • Enhanced Enclosure Bay IP Addressing (EBIPA) to support individual network settings for each bay instead of global network settings which encompass all bays.
  • The method used to determine duplicate EBIPA IP addresses within OA 2.60 and earlier has been found to be unreliable and at times indicates duplicate IP addresses that were in fact not duplicate, thus duplicate IP address checking has been removed from the OA 3.00.

Version:2.60 (4 Sep 2009)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


Update Requirements

Optional – Users should update to this firmware revision if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.

Important Notes

Onboard Administrator v2.60 now detects power supplies within the scope of Customer Advisory c01519680 and flags them with a “Red X” critical error condition and displays the message: “HP strongly recommends replacing power supply #X at the customer's earliest possible convenience pursuant to Customer Advisory c01519680." Flagged power supplies continue to function and the enclosure remains operational. See customer advisory c01519680 for more information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680

For firmware compatibility information, please see HP BladeSystem Firmware Maintenance, http://www.hp.com/go/bladesystemupdates.

Problems Fixed

    • Fixed an issue where a server blade with Power Management Controller version 0.7 was incorrectly flagged as "Major degraded" when it should have been flagged as “Informational”.
    • Fixed an issue with the “CONNECT INTERCONNECT” command that could intermittently hang the CLI session when using the send break command. This issue would only occur if the remote port settings were incorrect in the CONNECT console, or if the interconnect was not responsive.
    • Fixed an issue where a server blade’s signature information would be inadvertently retained after deleting its Virtual Configuration Domain. This addresses the issue reported in Customer Advisory c01869684.
    • Fixed an issue where the OA could not automatically log into an iLO if there were no local users configured on the ilO.
    • Fixed an issue where the devices name was not displayed on the system status page for degraded devices.
    • Fixed an issue where the OA GUI would improperly display the enclosures graphical front and rear views when on a factory reset was issued if VC was enabled.
    • Fixed an issue in the “HELP ADD LDAP GROUP” command where it incorrectly stated that the number of allowable directory groups was 6.  The help now correctly states that the correct number of 30.
    • Fixed an issue when executing the "GENERATE CERTIFICATE REQUEST" commands where the user was unable to enter the required Country field to proceed with the command.
    • Fixed an issue where a configured user account could not access the Insight Display from the enclosure’s front view even thought the user had the appropriate permissions.
    • Fixed an issue where the OA would display “invalid command” when executing the CLI Help commands “HELP ENABLE SYSLOG REMOTE” or “HELP DISABLE SYSLOG REMOTE”.
    • Fixed an issue where an OA user was allowed to remove the remote syslog server address while remote logging was enabled.  A user must now disable remote logging before clearing the syslog server address.
    • Fixed an issue where partner blades would not power on due to the partner blade being allowed to be incorrectly power on first.
    • Fixed an issue where power cycling the enclosure would cause a server and its partner blade to falsely report "Inappropriate device in adjacent bay".
    • Fixed an issue where the “CONNECT SERVER” command would terminate the CLI session if the maximum number of iLO users had already been created.
    • Fixed an issue where the LCD firmware sync option would still be available when there was mismatched OA hardware.  The OA will now disable the sync button when this condition exists.
    • Fixed an issue where the OA does not show all temperature information for Integrity Servers with unpopulated CPU sockets.
    • Fixed an issue where the “REBOOT SERVER FORCE” command would sometimes result in blades being powered off.
    • Added a syslog message when the allocated power value of a server blade is being updated and iLO is unresponsive.
    • Fixed an issue where an Enclosure Dynamic Power Capping error on a blade would result in the OA's enclosure power summary not to display Enclosure Dynamic Power Capping related information for all blades.
    • Fixed an issue where the KVM connections to a server blade would fail approximately 29 days after the last iLO reset.  When this issue occurs iLO is functioning normally but the OA fails to connect with a syslog message, “OA: KVM Bay X - Connection to blade failed.”
    • Fixed an issue where the enclosure DVD status was inconsistent across GUI, CLI and LCD for all the blades.
    • Modified the OA to no longer log the “OA:tbmuser_logged out of the OA” event.
    • Fixed an issue where the c7000 KVM display menu for bay 16A would report "absent" when a double dense server blade such as the BLx220c was installed in bay 16.
    • Fixed an issue on c3000 Onboard Administrator where the CONNECT INTERCONNECT command would sometimes drop characters if the command was over 16 bytes.
    • Modified the Insight Display representation of double dense server blades to display a distinguishable separation so that it is not confused with the display of a single density server blade.
    • Fixed an issue on the Directory Settings Test page where it would improperly identify failed LDAP test when the ping test failed.
    • Fixed an issue where VC configuration parameters were not correctly applied after recovering from Profile Pending state.
    • Fixed an issue where Enclosure KVM to individual server blades would not handle CAPS LOCK and NUM LOCK keys correctly.
Enhancements

Enhancements/New Features

New HW support:

  • HP ProLiant BL2x220c G6 Server
  • HP ProLiant WS460c G6 Workstation Blade
  • HP ProCurve 6120XG Blade Switch
  • HP ProCurve 6120G/XG Blade Switch
  • HP Virtual Connect 8Gb 20-Port Fibre Channel Module for BladeSystem c-Class
  • HP 10GbE Pass-Thru Module

Functional Enhancements:

  • Modified to increase the number of LDAP search contexts from 3 to 6.
  • Added to the “CONNECT INTERCONNECT” command the ability to send a file to an interconnect module using the XMODEM transfer protocol.

Version:2.52 (31 Jul 2009)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue where a server blade would not properly power on.  The blade appears to power on and approximately 30 seconds later the blade shows powered off at the OA interface.  A second press of the server blade’s power button was required to properly power on the blade.  This issue occurs after an OA reset when the server blade was powered on.
  • Fixed an issue introduced in OA 2.50 which reports an invalid power value condition and lowers the severity of the blade health status from Failed (Red X) to Major Degraded (Orange Triangle) when the OA loses communication with the iLO.

Version:2.51 (29 May 2009)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue introduced in HP BladeSystem Onboard Administrator version 2.50 where the Insight Display (LCD) DVD connect screen, KVM menu screen, SNMP and Alertmail interfaces would display "Unknown" for all server blade names.

Version:2.50 (22 May 2009)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue where the Redundant Onboard Administrator would be improperly initialized when inserted if it’s time zone was different than that of the Primary Onboard Administrator.
  • Fixed an issue where the Onboard Administrator would improperly display the power subsystem redundancy status as FAILED followed immediately by REPARIED.
  • Fixed an issue where the Onboard Administrator would not properly clear a server blades name when a Virtual Connect Profile was unassigned.  To properly address this issue an iLO 2 change was required as well, thus iLO 2 v1.77 is required to correctly address this issue.
  • Fixed an issue where the Onboard Administrator would incorrectly use the previously assigned Virtual Connect Managed MAC address for a Flex-10 device after it was reconfigured.  This issue is only seen after updating to Virtual Connect v2.10.
  • Fixed an issue where a server blade may lose its Virtual Connect profile after an Onboard Administrator failover.
  • Fixed an issue where Virtual Connect assigned serial numbers and UUIDs were not cleared after removing a Virtual Connect domain.
  • Fixed an issue where the performance of the Onboard Administrator may become sluggish after removing and reinserting all Onboard Administrator modules in the c7000 Onboard Administrator tray.
  • Fixed an issue where under rare conditions the Onboard Administrator’s internal switch may stop transmitting packets in a HP BladeSystem c3000 Enclosure.  If this happens, ALL servers in the enclosure would be flagged with a “Red X”.
  • Fixed an issue where the "SHOW ENCLOSURE STATUS" command would sometimes display the power capacity value incorrectly.
  • Fixed an issue where the ports of an HP Smart Array P700m Controller are not correctly enabled when the controller is installed in a HP BL2x220c G5 Server Blade in either HP BladeSystem c3000 or c7000 Enclosure or installed in any HP full height server blade in the HP BladeSystem c3000 Enclosure.
  • Fixed an issue with a HP ProLiant BL2x220c G5 Server Blade where the OA would incorrectly power on the blade server when used with the HP 3G SAS BL Switch before the switch had completed power on tests.
  • Fixed an issue where the Onboard Administrator would erroneously flag some devices with a duplicate IP address message.  Please see customer advisory c01701052 for additional information, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01701052.
  • Fixed an issue where a HP ProLiant BL465c G5 or G1 Server Blade would halt during POST with an erroneous high temperature message.  Please see customer advisory c00880424 for additional information, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00880424.
  • Fixed and issue in the Onboard Administrator where the HP Network Configuration Utility would report 4 ports present on a 2 port mezzanine card when the card was inserted into mezzanine slots 2 or 3.
    Modified the Onboard Administrator to mark as “major degraded” power supplies per Customer Advisory c01519680,  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01519680.
  • Fixed an issue introduced in Onboard Administrator version 2.41 where it would sometimes decline an offered DHCP address request due to receiving an unrelated gratuitous ARP reply.  Symptoms include receiving no DHCP address or receiving a different DHCP address every few reboots.
  • Fixed an issue introduced in Onboard Administrator version 2.41 where the Redundant Onboard Administrator would be improperly initialized due to a deadlock condition when initializing the Redundant Onboard Administrator.
Enhancements

  • Power Allocation – The Onboard Administrator will now mark as degraded ProLiant Server Blades which erroneously request high amounts of power.  Please see customer advisory c01668472 for additional information, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01668472.
  • Rack Firmware – The Onboard Administrator now displays the ProLiant Server Blade’s Power Management Controller firmware version on the Rack Firmware page.  This is only available with iLO 2 version 1.77 or later.
  • Enclosure Power Summary – The Onboard Administrator now provides an Enclosure Power Summary page which displays a summary of all device power allocations within the HP BladeSystem Enclosure, present power readings for supported ProLiant Server Blades and the enclosure fan subsystem.
  • OA SSL Encryption – the OA now only supports SSL v3 encryption algorithms. Removed SSL v2 encryption support, improving OA security.
  • Factory Defaults – Modified the behavior of restoring the Onboard Administrator to its factory defaults by first requiring the user to manually disable the Virtual Connect mode setting before allowing the Onboard Administrator to be restored to its factory defaults.  A new button was added to the Onboard Administrator’s Factory Defaults web page for easy access to clearing the Virtual Connect mode setting. Clearing the Virtual Connect mode setting is also available in the CLI using the CLEAR VCMODE command.

Version:2.41 (26 Feb 2009)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed issue where a blade would fail to acquire a static IP Address from EBIPA and would instead incorrectly obtain an IP address from an external DHCP server.
  • Fixed issue where EBIPA would not properly assign an IP Address to HP ProLiant BL2x220c servers
  • Fixed several issues where the OA would incorrectly update a device’s configuration information when it was discovered by the OA.
  • Fixed a security issue to no longer display the Virtual Connect Manager account information.
  • Fixed an HP ProLiant BL2x220c server blade IO port mapping issue which could cause the HP ProLiant BL2x220c to not power on.
  • Added a warning for when a user configures an EBIPA IP Addresses that is on a different subnet from the OA’s subnet.
  • Detect and notify users of a customer advisory on HP c7000 power supplies. See customer advisory c01519680 for more information.
  • Fixed an issue where a server blade’s hostname would be incorrectly displayed if the length of the hostname was divisible by 8.
  • Fixed an issue where the Active and Standby OA modules would automatically reboot after being operational for 99 days if no GUI or CLI sessions were initiated during that time.
  • Fixed issue where Administrator account would lose all privileges after executing lost password recovery.
Enhancements

Enhancements/New Features

New HW support:

  • HP ProLiant BL685c G6 Server
  • HP ProLiant BL495c G6 Server
  • HP ProLiant BL490c G6 Server
  • HP ProLiant BL465c G6 Server
  • HP ProLiant BL460c G6 Server
  • HP ProLiant BL280c G6 Server
  • HP c7000 Onboard Administrator Module with KVM
  • HP BLc 4X QDR InfiniBand Interconnect Module
  • HP 4X QDR InfiniBand Dual-Port Mezzanine HCA
Functional Enhancements:
  • Directory Services Integration – Increased the number of LDAP groups to a maximum of 30.
  • OA EBIPA IP addressing – a user will be warned when assigning IP addresses which are already in use.
  • OA Syslog – Added user names to syslog messages. Provide auditing and tracking of OA user initiated actions.
  • iLO Event Log – Added the OA username to iLO auto logon access through the OA. Provides auditing and tracking of iLO access from OA user accounts.
  • Serviceability and Inventory tracking – Added the Power Supply, Fan, and Server Blades Mezzanine model names on the OA Device Summary page.
  • CLI command – Add new CLI command SHOW SERVER NAMES to display server names and serial numbers of server blades. Provides auditing and identification of devices.
  • Virtual Connect Manager firmware version – Added Virtual Connect Manager firmware version number to the OA GUI Firmware Summary Page and CLI “SHOW INTERCONNECT INFO” command.
  • Standby OA Login Page – Added the OA version number.
  • OA Power Reporting – Add current power values to the OA power subsystem redundancy syslog messages. Provides tracking and diagnosis of current power usage.


Version:2.32 (12 Dec 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Resolved a device identification memory (FRU) corruption issue with the HP NC364m Quad Port 1GbE BL-c Adapter which could possibly occur when the OA identifies the adapter.   An indication that the error has occurred is that the adapter would disappear from the OA’s Display even though the device is installed.  Additionally in OA versions 2.25 or later, a message will be logged to the syslog indicating the FRU corruption.
  • Fixed an issue where EBIPA configuration was lost during OA failover to redundant OA.
  • Fixed issue where an OA would unexpectedly reboot after too many open client sessions were reached.
  • Fixed a deadlock issue caused when quickly removing and reinserting the redundant OA module from an enclosure.
  • Fixed an issue where the Enclosure IP configuration may be lost when replacing a redundant OA module or the enclosure mid-plane.
  • Fixed an issue with Enclosure IP mode and OA Failover that caused no communication with Virtual Connect Manager.
  • Fixed an issue where the OA is inaccessible after  NIC speed configuration change
  • Fixed an issue to check for available power before powering on an interconnect module
  • Updated the time zone table to use ‘zoneinfo’ version 2008g.  This corrected an issue with Daylight Savings Time in Australia as well as several other countries.
  • Fixed an issue where the browser would display a “Not Acceptable” error message when attempting to login from some non-English or non-Japanese environments.
Enhancements

New support:

  • Support for new c-Class hardware devices including:
    • HP ProLiant BL460c G5
    • HP ProLiant BL465c G5
    • HP ProLiant BL495c G5
    • HP ProLiant BL680c G5
    • HP ProLiant BL685c G5
    • HP ProLiant xw2x220c Blade Workstation
    • HP ProLiant xw460c Blade Workstation
    • HP StorageWorks SB 1760c Tape Blade
    • HP Virtual Connect Flex-10 10Gb Ethernet Module
    • HP Virtual Connect 4Gb Fibre Channel Module
    • HP NC532m Dual Port 10GbE Multifunction BL-c Adapter
    • HP Smart Array P700m Controller
    • HP 2400W High Efficiency Power Supply for the c7000 enclosure
  • Support HP Insight Power Manager v2.00
Functional Enhancements:
  • To support the Enclosure Dynamic Power Capping feature, OA v2.32 has the following requirements:
    • Requires iLO v1.70 and iLO Select License.
    • On ProLiant blade servers, requires System ROM dated November 2008 or later. On the BL680c, requires 2008.09.23 or later.
    • To function properly across linked enclosures, all linked enclosures are required to be updated to OA v2.30 or later.
  • Added USB Key Support to all HP c-Class BladeSystem Enclosures
    • New OA CLI commands to support showing *.BIN, *.CFG and *.ISO files on USB key and connecting to servers
    • *.BIN file on USB key for OA firmware update
    • *.CFG file on USB key for OA configuration save/restore
    • New Insight Display USB Menu screen providing OA firmware update or OA configuration save/restore
    • *.ISO files on USB key for CD/DVD image files to be connected to servers
    • Blade OS installations can be run directly from an ISO file on a USB key which eliminates the need to burn physical CD/DVD media and allows each blade to access different ISO files.
    • HP BladeSystem Firmware Deployment Tool maintenance CD can be used directly from the .ISO file on a USB Key without burning a physical CD.
    • Enhanced OA GUI Enclosure DVD support including connecting *.ISO files on USB key to servers
  • Support LDAP and Active Directory nested groups.  This feature has been tested up to a depth of 30 nested groups but there is no limit in the depth.
  • Added remote user IP address to syslog entry for successful login to OA
  • Changed OA GUI privilege to all users to access Insight Display screenshots
  • Increase supported length of the x.509 certificate.
  • Added user configurable timeout values for telnet, SSH and GUI sessions.
  • Security fix to allow OA administrator to enable/disable OA GUI login display of Extended Data.
  • Support for both English and Japanese OA GUI versions with same firmware image.
  • Added setting to allow user-specific English or Japanese language selection or use default browser language settings.

Version:2.31 (14 Nov 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue where EBIPA configuration was lost during OA failover to redundant OA.
  • Fixed issue where an OA would unexpectedly reboot after too many open client sessions were reached.
  • Fixed a deadlock issue caused when quickly removing and reinserting the redundant OA module from an enclosure.
  • Fixed an issue where the Enclosure IP configuration may be lost when replacing a redundant OA module or the enclosure mid-plane.
  • Fixed an issue with Enclosure IP mode and OA Failover that caused no communication with Virtual Connect Manager.
  • Fixed an issue where the OA is inaccessible after  NIC speed configuration change
  • Fixed an issue to check for available power before powering on an interconnect module
  • Updated the time zone table to use ‘zoneinfo’ version 2008g.  This corrected an issue with Daylight Savings Time in Australia as well as several other countries.
Enhancements

New support:

  • Support for new c-Class hardware devices including:
    • HP ProLiant BL460c G5
    • HP ProLiant BL465c G5
    • HP ProLiant BL495c G5
    • HP ProLiant BL680c G5
    • HP ProLiant BL685c G5
    • HP ProLiant xw2x220c Blade Workstation
    • HP ProLiant xw460c Blade Workstation
    • HP StorageWorks SB 1760c Tape Blade
    • HP Virtual Connect Flex-10 10Gb Ethernet Module
    • HP Virtual Connect 4Gb Fibre Channel Module
    • HP NC532m Dual Port 10GbE Multifunction BL-c Adapter
    • HP Smart Array P700m Controller
    • HP 2400W High Efficiency Power Supply for the c7000 enclosure
  • Support HP Insight Power Manager v2.00
Functional Enhancements:
  • Enclosure Dynamic Power Capping – Dynamically manages an enclosure’s power allocation to a data center’s provisioned power envelope. See the OA User Guide v2.30 for more in-depth information.
    • Requires iLO v1.70 and iLO Advanced or iLO Select License.
    • Requires System ROM 11/1/08 or later.
    • To function properly across linked enclosures, all linked enclosures are required to be updated to OA v2.31.
  • Added USB Key Support to all HP c-Class BladeSystem Enclosures
    • New OA CLI commands to support showing *.BIN, *.CFG and *.ISO files on USB key and connecting to servers
    • *.BIN file on USB key for OA firmware update
    • *.CFG file on USB key for OA configuration save/restore
    • New Insight Display USB Menu screen providing OA firmware update or OA configuration save/restore
    • *.ISO files on USB key for CD/DVD image files to be connected to servers
    • Blade OS installations can be run directly from an ISO file on a USB key which eliminates the need to burn physical CD/DVD media and allows each blade to access different ISO files.
    • HP BladeSystem Firmware Deployment Tool maintenance CD can be used directly from the .ISO file on a USB Key without burning a physical CD.
    • Enhanced OA GUI Enclosure DVD support including connecting *.ISO files on USB key to servers
  • Support LDAP and Active Directory nested groups.  This feature has been tested up to a depth of 30 nested groups but there is no limit in the depth.
  • Added remote user IP address to syslog entry for successful login to OA
  • Changed OA GUI privilege to all users to access Insight Display screenshots
  • Increase supported length of the x.509 certificate.
  • Added user configurable timeout values for telnet, SSH and GUI sessions.
  • Security fix to allow OA administrator to enable/disable OA GUI login display of Extended Data.
  • Support for both English and Japanese OA GUI versions with same firmware image.
  • Added setting to allow user-specific English or Japanese language selection or use default browser language settings.


Version:2.26 (29 Aug 2008)
Enhancements

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Added OA Japanese localization based on browser language preference settings


Version:2.25 (1 Aug 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Corrected an issue with CLI commands “UPDATE DEVICE TRAY” and “UPDATE DEVICE ALL” where c-Class Power Supplies become unusable (refer to the advisory c01491657 - Onboard Administrator CLI Commands "UPDATE DEVICE TRAY" and "UPDATE DEVICE ALL" May Cause Enclosure Power Supplies to Become Temporarily Unusable in HP BladeSystem c3000 or c7000 Enclosures).
  • Fixed an issue where the blade representation on the GUI can be incorrect (missing or wrong size).
  • Fixed an issue where Virtual Connect credentials can be lost after an Onboard Administrator failover when the Enclosure IP feature is enabled.
  • Fixed an issue where blades may not power on after an c3000 Onboard Administrator Tray module is removed and reinserted (refer to the advisory c01162866 - Removing and Reinserting the HP BladeSystem c-Class Onboard Administrator Module on an HP BladeSystem c-Class c3000 Enclosure During Power-On Self-Test (POST) May Lead to Erroneous "High Temperature Condition" Message).
  • Fixed an issue of spurious and false power supply alerts for the c3000 enclosure.
  • Fixed an issue where virtual connect IP addresses were incorrectly assigned in c3000 enclosures.
  • Fixed an issue where OA reboots due to "Management process unresponsive".
  • Fixed an issue where OA would exhaust all memory resources.
  • Modified the OA firmware for the following partner blades which corrects a problem with erroneous partner power requests when the server blade is power cycled:
    • HP StorageWorks SB40c Storage Blade
    • HP StorageWorks SB1760c Tape Blade, HP StorageWorks SB1760c Tape Blade, HP StorageWorks Ultrium 448c Tape Blade
    • PCI Expansion blade
    • HP Graphics Expansion Blade (for the HP ProLiant xw460c Workstation Blade)
Enhancements

New features:

  • Added GUI LDAP Test Page feature
  • Added a CLI command “SHOW SERVER BOOT ORDER”.
  • Enhanced the EBIPA feature to allow a leading numeric value for DNS name settings.
  • Improved C7000 Dynamic Power Saving functionality. This improvement requires an update to the Onboard Administrator Tray microcode from version 1.2 to version 1.3. Upon upgrading to the Onboard Administrator firmware V2.25, the Onboard Administrator Tray microcode will be automatically updated.
  • Improved the downgrade firmware option so the Onboard Administrator configuration is not lost when downgrading the Onboard Administrator to version 2.21.

Version:2.21 (13 Jun 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed a network loop issue that can result when a forced Onboard Administrator failover is initiated from the Standby Onboard Administrator while the Active Onboard Administrator is in its boot-up sequence or non-responsive.
  • Fixed an issue where Virtual Connect modules may lose inter-module communication upon an Onboard Administrator failover.
  • Fixed an issue with the CLI EBIPA INTERCONNECT commands where EBIPA IP settings are not configured for Interconnect modules after the command execution. This issue existed only with the Onboard Administrator firmware V2.20. The GUI functionality was not affected. The CLI commands affected are:
    • SET EBIPA INTERCONNECT
    • ENABLE EBIPA INTERCONNECT
    • DISABLE EBIPA INTERCONNECT
  • Fixed an issue where the CLI SET USER PASSWORD command intermittently resulted in an error response when the command was issued via Telnet or SSH.

Version:2.20 (17 Apr 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Eliminated false Power Supply alerts for c7000 enclosures
  • EBIPA address setting changes do not reset Interconnect Modules
Enhancements

New hardware support:

  • HP ProLiant BL260c G5 Server Blade
  • Cisco Catalyst Blade Switch 3120X for HP
  • Cisco Catalyst Blade Switch 3120G for HP
New features:
  • Enclosure IP address option
  • Onboard Administrator failover upon link loss
  • Power-on delay option
  • Onboard Administrator network port – forced setting option
  • Onboard Administrator remote syslog logging option
  • Onboard Administrator strict password option
  • Onboard Administrator Name setting via Insight Display

Version:2.13 (15 Feb 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Fixed an issue where the Onboard Administrator could clear the Virtual Connect parameters from one or more servers following the sequence of events described below. This issue caused a "Profile Pending" condition, detected and reported by Virtual Connect Manager, that required affected servers to be powered off to clear the problem.

The Onboard Administrator is rebooted, power-cycled, or failed over followed by any of these events:

  • The Virtual Connect Manager (executing on a Virtual Connect Ethernet module in I/O bay 1 or 2) failed over
  • The Virtual Connect Manager changed IP addresses (due to a change in network connection, DHCP server, or Enclosure Bay IP Addressing setting)
  • The Virtual Connect Manager was used to change the Virtual Connect Domain Name value.


Version:2.12 (17 Jan 2008)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue where the Onboard Administrator displayed wrong Serial Numbers or Part Numbers for HP ProLiant Blade Servers. Blade servers must complete POST (Power On Self Test) at least one time before the Onboard Administrator can display the correct information.
  • Fixed an issue where the Onboard Administrator Port Mapping page showed all zeros for some HP ProLiant Blade Servers’ embedded NIC MAC addresses.
  • Fixed an identification error for some Cisco MDS 9124e Fabric Switches.

Version:2.11 (20 Dec 2007)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


Fixed security vulnerability with file uploads


Version:2.10 (28 Nov 2007)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Updated Daylight Saving Mode for New Zealand
  • Disabled web server trace/track capability to improve for security
  • Corrected Enclosure Part Number information for c3000
  • Corrected possible erroneous Onboard Administrator failover at enclosure cold power-up. This problem sometimes occurred with a full c7000 enclosure with multiple mezzanine cards installed on Integrity blades (at enclosure cold power-up).
  • Corrected possible erroneous health status display of Interconnect Modules (at enclosure cold power-up).
  • Fixed an issue where a fan in the wrong slot is marked as degraded (instead of location error information).
  • Fixed an issue where the Insight Display may stop responding.
  • Fixed an issue where a PCI Expansion blade is erroneously marked as critical when its partner blade is removed.
  • Fixed an issue where SNMP alert destinations may get reset after an Onboard Administrator reboots.
  • Fixed an issue where a SB40c Storage Blade won’t power on if it replaces a server blade that was configured for Virtual Connect.
  • Fixed an issue where the Onboard Administrator may display wrong MAC addresses for NICs 3 and 4 on a BL860c blade.
  • Fixed an issue where the Onboard Administrator may report a blade server is powered on while consuming 0 watts. The server blade status is actually off when this issue occurs.
  • Fixed an issue where the Onboard Administrator may encounter an unintended re-boot when Virtual Connect is installed.
  • Included an updated version (2.10.3) of the HP 4Gb Fibre Channel Pass-Thru Module Firmware. This Firmware should be loaded onto the Fibre Channel Pass-Thru Module if its HBA Ports exhibit low SAN bandwidth or become unresponsive under certain conditions.
Enhancements

New Hardware Support:

  • NC360m Dual-port  1GbE BL-c Adapter
  • NC364m Quad-port 1GbE BL-c Adapter
  • 1/10Gb-F Virtual Connect Ethernet Fiber Module
  • StorageWorks SB920c Tape Blade
  • Tower Version of c3000 Enclosure
  • KVM Module for c3000 Enclosure
  • DC Power Supply for c7000 Enclosure
New Firmware Features:
  • Two-factor Authentication option for Onboard Administrator log-in
  • SNMP Test Trap Generator
  • Alertmail Test Mail Generator
  • Integrity Blade System Health information is available in the OA GUI and CLI. as a diagnostic field
  • In SNMP, added AC Input Power consumption information for each power supply
  • Improved GUI loading performance for multiple enclosure display
  • Added Onboard Administrator syslog entries for single sign-on events from HP System Insight Manager.

Version:2.04 (19 Sep 2007)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Corrected an issue where fan speed was limited if a server blade was in bay 16 of the HP BladeSystem c7000
  • Corrected  the HP BladeSystem c3000 port-mapping information for the HP Network Configuration Utility
  • Eliminated false “power supply failed” messages under Dynamic Power Saving mode
  • Corrected an issue where the CLI UPDATE IMAGE TFTP command did not supporting paths
  • Corrected an issue where the Enclosure Part Number display did not match the actual Enclosure SKU Part Number.


Version:2.02(a) (31 Jul 2007)
Version:2.01 (29 Jun 2007)
Fixes

Upgrade Requirement:
Critical - HPE requires users update to this version immediately.


  • Fixed an issue where a user couldn't login to a ProLiant Essentials Integrated Lights-Out 2 with a Select License
  • Fixed an identification error with the Cisco MDS 9124e
  • Eliminated false “fan degraded” alerts.
  • Eliminated false “power supply failed” alerts.
  • Corrected the issue of missing server names on the GUI tree view.
  • Corrected the issue of fan speed remaining high when blades are not allowed to complete POST.
  • Corrected the LDAP issue “LDAP users that employ a search context to authenticate to the Onboard Administrator have no permissions”.
  • Corrected the LDAP issue “LDAP users cannot authenticate to the Onboard Administrator when it is configured for Novell eDirectory or NDS servers."
  • Allowed DDNS change to take effect without rebooting the Onboard Administrator.
  • Corrected the issue of false Enclosure Link alerts.
  • V2.00 firmware detects certain serial numbers of HP ProLiant BL465c server blades and informs the customer to have the system board replaced (refer to the Customer Advisory c01064842).
  • V2.00 firmware includes the updated firmware for the following devices. Use the CLI Update command to update these devices as required.
    • HP StorageWorks SB40c Storage Blade
      • Corrected the issue where the SB40c may go offline and disconnect from the partner Blade server.
    • HP StorageWorks Ultrium 448c Tape Blade
      • Corrected the issue where the tape blade may go offline and disconnect from the partner Blade server.
    • Ethernet Pass-through module
      • Corrected the issue of activity LED being ON when there is no link.
      • Corrected the issue of long link up-time on the copper port.
  • Fixed an issue where MAC addresses were not shown properly in the server info page when a server blade had a Virtual Connect profile
Enhancements

New Hardware Support:

  • USB DVD drive support for iLO virtual media scripting for HP ProLiant server blades in c-7000 enclosures. HP Integrity blade support will be available in conjunction with an appropriate Integrity iLO firmware release in the future.
  • PCI Expansion Blade
  • GbE2c Layer 2/3 Ethernet Blade Switch
  • 1:10Gb Ethernet BL-c Switch
Features and Enhancements:
  • Increased the maximum Onboard Administrator password length to 40 characters (from 8).
  • Increased the maximum Onboard Administrator user name length to 40 characters (from 13).
  • Enhanced the GUI Port Mapping page to display Mezz card product name and MAC addresses.
  • Added automatic refreshing of selected Power Management and Thermal Management pages.
  • Enhanced the GUI Power Summary page to display the current power output for each individual power supply.
  • Enhanced the GUI Current Enclosure Inventory scripts and the CLI “Show All” command to include additional inventory and status data.
  • Enhanced the GUI Rack View page to display iLO2 and BIOS firmware versions.
  • Added a GUI display of active Onboard Administrator sessions. Added an option to terminate Onboard Administrator sessions.
  • Enhanced the GUI Bay Summary Virtual Button drop-down menu to include all available iLO options (Momentary Press, Press & Hold and Reset).
  • Added a Print button on various GUI device status pages.
  • Allowed blades to power on when the fan sub-system is degraded by one failed fan.
  • Allowed “root” as a user name (previously it was reserved).
  • Allowed “*” in SNMP community strings.
  • Increased the maximum NTP polling period to 24 hours.
  • Added Onboard Administrator Syslog entries that indicate its external network speed (10 or 100 Mbps) and duplex mode (full or half).
  • Added a CLI command (HPONCFG) to send RIBCL scripts to selected iLOs.
  • Added a CLI command (Update) to update selected microcontroller firmware for enclosure infrastructure components.


Version:1.30 (15 Feb 2007)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


  • Fixed an issue where an Interconnect Module would erroneously be marked as having a non-recoverable error
  • Corrected a FRU display issue with Ethernet Pass-through modules
  • Corrected an issue where an HP ProLiant BL465c would not power up and would display an error message in the iLO remote console that said “high temperature condition detected by processor”
Enhancements

  • Added support for the HP Integrity BL860c
  • Added support for the Cisco MDS 9124 and Cisco MDS 9124e
  • Enhanced thermal logic
  • Enhanced EBIPA to allow specific IP address assignment per bay
  • Added a CLI command to simulate a removal and insertion of a device
  • Added iLO CLI access from the command line for both HP ProLiant and HP Integrity servers.
  • Added iLO virtual serial console access from the command line for HP ProLiant servers
  • Added support for Internet Explorer 7.0 and Firefox 2.0
  • Improved the time it takes for the OA to power on a full enclosure of devices
  • Added support for the daylight savings time changes in 2007 and 2008
  • Added iSCSI MAC address display on the GUI Port Mapping page
  • Added CLI commands to program the enclosure serial number, enclosure part number and AC input module type
  • GUI Navigation Tree now shows the Blade Server Name if it's set by the customer in the server blade's RBSU

Version:1.20 (5 Dec 2006)
Fixes

Upgrade Requirement:
Recommended - HPE recommends users update to this version at their earliest convenience.


  • Minor bug fixes
Enhancements

  • Low Voltage Power support for HP BladeSystem c7000 single-phase enclosures
  • Support for a 24 hour power meter for the entire enclosure
  • Enhanced Thermal Logic features
  • GUI enhancements


Version:1.12 (8 Nov 2006)
Fixes
  • Fixed a bug where the user may get the error "The soap response packet was unparseable" when entering text into the web interface.
  • Fixed a bug where a password that was eight characters long could be matched to a password of greater than eight characters if the first eight characters were equivalent.
  • Fixed a bug where commands being run remotely from an SSH client may not complete successfully

Version:1.11 (11 Oct 2006)
Enhancements
Updated to prevent a kernel panic when an IEEE802.2 link-level test frame is sent to the OA MAC address. The link-level test frame is used to test network connectivity at the link-layer (layer 2). This release removes Logical Link Layer type 2, connection oriented support from the kernel.

Version:1.1 (3 Oct 2006)
Enhancements
Added support for the following:
  • HP 1/10Gb Virtual Connect Ethernet Module
  • HP Infiniband for HP BladeSystem c-Class
  • HP StorageWorks SB-40c


Version:1.01 (24 Aug 2006)
Fixes
Resolved an issue where not all blades would power on upon insertion into the enclosure.

Version:1.00 (23 Aug 2006)
Enhancements

Upgrade Requirement:
Optional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.


Initial release.


Legal Disclaimer: Products sold prior to the November 1, 2015 separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. may have older product names and model numbers that differ from current models.