FILE NAME: iLO5_297.bin TITLE: iLO 5 firmware v2.97 LANGUAGE: English DIVISIONS: Systems PRODUCTS AFFECTED: HPE ProLiant BL460c Gen10 Server HPE ProLiant DL580 Gen10 Server HPE ProLiant DL560 Gen10 Server HPE ProLiant DL385 Gen10 Plus Server HPE ProLiant DL385 Gen10 Plus v2 Server HPE ProLiant DL385 Gen10 Server HPE ProLiant DL380 Gen10 Plus Server HPE ProLiant DL380 Gen10 Server HPE ProLiant DL365 Gen10 Plus Server HPE ProLiant DL360 Gen10 Plus Server HPE ProLiant DL360 Gen10 Server HPE ProLiant DL345 Gen10 Plus Server HPE ProLiant DL325 Gen10 Plus v2 Server HPE ProLiant DL325 Gen10 Plus Server HPE ProLiant DL325 Gen10 Server HPE ProLiant DL180 Gen10 Server HPE ProLiant DL160 Gen10 Server HPE ProLiant DL120 Gen10 Server HPE ProLiant DL20 Gen10 Server HPE ProLiant ML350 Gen10 Server HPE ProLiant ML150 Gen10 Server HPE ProLiant ML110 Gen10 Server HPE ProLiant ML30 Gen10 Server HPE ProLiant ML30 Gen10 Plus Server HPE ProLiant DL20 Gen10 Plus Server HPE ProLiant XL675d Gen10 Plus Server HPE ProLiant XL645d Gen10 Plus Servers HPE ProLiant XL450 Gen10 Server HPE ProLiant XL420 Gen10 Server HPE ProLiant XL290n Gen10 Plus Server HPE ProLiant XL270d Gen10 Server HPE ProLiant XL2x260w Server HPE ProLiant XL230k Gen10 Server HPE ProLiant XL225n Gen10 Plus Server HPE ProLiant XL220n Gen10 Plus Server HPE ProLiant XL190r Gen10 Server HPE ProLiant XL170r Gen10 Server HPE ProLiant MicroServer Gen10 Plus Server HPE ProLiant MicroServer Gen10 Plus v2 Server HPE ProLiant DL110 Gen10 Plus Telco Server HPE XL925g Quad Gen10 Plus EPYC Server HPE Apollo r2800 Gen10 24 SFF Flexible Configure-to-order Chassis HPE Apollo r2600 Gen10 24 SFF Premium Configure-to-order Chassis HPE Apollo r2200 Gen10 12 LFF Configure-to-order Chassis HPE Apollo n2800 Gen10 Plus 24 SFF CTO Chassis HPE Apollo n2600 Gen10 Plus 24 SFF CTO Chassis HPE Apollo 6500 Gen10 System HPE Apollo 6500 Gen10 Plus (Chassis) HPE Apollo 4530 Gen10 HPE Apollo 4510 System HPE Apollo 4200 Gen10 Plus Server HPE Apollo 4200 Gen10 Server HPE Apollo 2000 Gen10 Plus System HPE Synergy 660 Gen10 Compute Module HPE Synergy 480 Gen10 Plus Compute Module HPE Synergy 480 Gen10 Compute Module HPE ProLiant e910 Server Blade HPE ProLiant e910t Server Blade HPE Edgeline e920 Server Blade HPE Edgeline e920t Server Blade THIS VERSION VALIDATED WITH: Microsoft Windows Server 2022 Microsoft Windows Server 2019 Microsoft Windows Server 2016 Red Hat Enterprise Linux 9 Server Red Hat Enterprise Linux 8 Server Red Hat Enterprise Linux 7 Server SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 12 VMware ESXi 8.0 VMware ESXi 7.0 PREREQUISITE: N/A BUILD DATE: September 12, 2023 EFFECTIVE DATE: September 15, 2023 DESCRIPTION: Firmware for the Hewlett Packard Enterprise Integrated Lights-Out 5 Management Controller LAST RECOMMENDED OR CRITICAL VERSION: 2.96 PREVIOUS VERSION: 2.96 UPGRADE REQUIREMENTS: RECOMMENDED UPGRADING FROM A PREVIOUS VERSION OF iLO - Hewlett Packard Enterprise highly recommends a minimum firmware version of iLO 5 v2.41 or later - Minimum supported iLO version for Gen 10 plus Intel platform is iLO 5 v2.42 FIRMWARE DEPENDENCY: - Please note the supported version of AMS with iLO 5 v2.91 is 2.5.0 or later for Windows and Linux components, while it is 2021.10.01 or later for VMware. Failure to use this version will result in properties and monitoring of the drives related to embedded SATA/EHCI to not function correctly. Hewlett Packard Enterprise recommends the following or greater versions of iLO utilities for best performance: - RESTful Interface Tool (iLOREST) 4.5.0.0 - HPQLOCFG v6.0.0 - Lights-Out XML Scripting Sample bundle 6.00.0 - HPONCFG Windows 6.0.0 - HPONCFG Linux 6.0.0 - LOCFG v6.00.0 or later - HPLOMIG 6.0.0 - Schema extender 6.10 - Snap-in (x86) 6.0.0 - Snap-in (x64) 6.0.0 NOTE: Updated utilities and system libraries are required to support the iLO High Security, FIPS, and CNSA security states. NOTE: With the release of iLO 5, some features of iLO are not supported by RIBCL or the CLI. Instead, Hewlett Packard Enterprise recommends the use of the iLO RESTful API, particularly for setting the iLO security state and configuring extended user privileges. The iLO RESTful API is the preferred programmatic interface for Gen10 and later systems. The preferred CLI and scripting tool is the RESTful Interface Tool (iLOREST). KNOWN ISSUES: - In a configuration with more than 10 logical network controllers, on bringing the controller up or down stale IP address or Team/Bridge name may be populated against the ports of the physical network adapter. In such scenarios bringing the specific logical network controller down and then resetting iLO will clear the stale data. - HPE now supports only Insight Remote Support central connect. If you are using HPE Insight Online direct connect, Hewlett Packard Enterprise recommends to unregister Insight Online direct connect and register with Insight Remote Support central connect. - Starting iLO 5 v2.72, iLO supports enabling and disabling of HTTP and HTTPS ports separately using Redfish APIs. Ensure you enable both HTTP and HTTPS, if you want to downgrade the firmware below iLO 5 v2.72, else the web server will not start. - When TLS 1.2 and TLS 1.0 are enabled but TLS 1.1 is disabled, certain functionalities of alertmail and remote support might be affected. To avoid this issue, disable TLS 1.0 or revert the settings related to TLS disablement. - To connect to the iLO Service Port with a USB Ethernet adapter, you must use a USB 2.0 device that is based on the AX88772 series chipset from ASIX Electronics Corporation. Hewlett Packard Enterprise recommends the HPE USB to Ethernet Adapter (part number Q7Y55A). - Starting with iLO 5 v1.20, SNMP settings are not backward compatible with older iLO firmware versions. The SNMP settings are discarded when you downgrade the firmware to an earlier version. - When you start the iLO web interface, and then you launch the HTML5 IRC, these interfaces are counted as a single iLO session. This behaviour is different from the .NET IRC and the Java IRC, which are separate sessions from the iLO web interface. The Idle Connection Timeout specifies how long a session can be inactive before it ends automatically. If you start a virtual media operation (such as an OS installation), and the Idle Connection Timeout is reached, the HTML5 IRC and the iLO web interface close automatically, and the virtual media operation is interrupted. To avoid this issue, you can set the Idle Connection Timeout to a longer value, use a different remote console, or make sure that the session is not idle during the virtual media operation. - To support power usage reporting and optimum server thermal fan control on Linux servers with NVIDIA GPU option cards: Blacklist the nouveau video driver, and then load the NVIDIA GPU driver in persistent mode by entering the following command: nvidia-smi -pm 1 - DIMM power reporting in iLO UI/UX graphs would be removed and REST APIs would display 0 Watts on Gen10 and Gen10 Plus AMD platforms because of incorrect reporting - On certain HPE Mellanox adapters that support dual port personality (InfiniBand/Ethernet), the port personality gets reset to the default value during an adapter firmware update. o For more information, refer to the below Customer Advisory on the Hewlett Packard Enterprise Support Center: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00068199en_us. o The document lists iLO 5 v1.48 as the minimum version to install before an adapter firmware update. However, iLO 5 v1.48 or later is required before updating to iLO 5 v2.44 or later. - Redfish Service Validator tool reports conformance issue with certificate schema in iLO, but there is no functionality impact. FIXES: - Increased the maximum boot order to 512 as specified by UEFI EV specification - UefiDevicePath length increased from 256 bytes to 1024 bytes in Redfish to accommodate the buffer. This stopped GUI to become unresponsive after completion of OS image download. - Increased the timeout based on the debugging from the first time the issue was hit and we saw REST can take even 40+seconds based on the load. To be on a safer side, increased to 30 seconds. - BMC SDB buffer is allocated using the existed sensor number generator API instead of a Fixed value/ incrementing value for each sensor - Crash suspected due to Stack 100% utilisation, same was seen in iLO6 earlier. So increase stack from 16k->18k and retested on failing setup with bootleg. This time we could not see any restdir crash in AHS and SFIC was generated. - Check added on character limit to be configured for DHCPv4 ClientId. If character limit exceed 14 then return 400 Bad request error SECURITY FIXES: For information about the latest security bulletins and vulnerabilities addressed in this version, see the following website: https://support.hpe.com/connect/s/securitybulletinlibrary. Security best practices: For the latest information about security best practices, see the HPE Integrated Lights-Out Security Technology Brief at the following website: http://www.hpe.com/support/ilo-docs. ENHANCEMENTS: - iLO needs to provide IPv4 address for RDE enabled NIC - NVIDIA L40S needs to be enabled on HPE Servers (Gen11, Gen10 Plus) - High Efficiency Mode setting can be modified via iLO for DL110 Gen10 Plus server having only DC Power Supply of Spare Part Number P40359-001 SUPPORT: 1. iLO 5 firmware updates and utilities can be found here: https://www.hpe.com/support/iLO5 2. IPv6 network communications Supported Networking Features IPv6 Over Shared Network Port Connections IPv6 Static Address Assignment IPv6 SLAAC Address Assignment IPv6 Static Route Assignment IPv6 Static Default Gateway Entry DHCPv6 Stateful Address Assignment DHCPv6 Stateless DNS, Domain Name, and NTP Configuration Integrated Remote Console OA Single Sign-On HPE Single Sign-On Web Server SSH Server SNTP Client DDNS Client RIBCL over IPv6 SNMP AlertMail Remote Syslog WinDBG Support HPQLOCFG/HPLOMIG over an IPv6 connection URL-based Virtual Media CLI/RIBCL Key Import over IPv6 Authentication using LDAP and Kerberos over IPv6 iLO Federation IPMI Embedded remote support Networking Features not supported by IPv6 in this release NETBIOS-WINS Key managers 3. You might encounter a "data inconsistency error" when you use iLO Federation Management. This error occurs when an iLO on your network is not responding correctly. Use the data on the Multi-System map page to troubleshoot data inconsistency errors. DOCUMENTATION - 1. iLO 5 documentation is available at https://www.hpe.com/support/ilo-docs. 2. Check the online help for information about how to use iLO. To access the online help, Click the question mark icon in the upper right corner of any iLO web interface page. HOW TO USE - 1. Download the iLO 5 Online Firmware Update Component for your operating system. 2. Install the firmware using one of these options: a) Run the component on the host to be updated. The component will update the iLO 5 firmware and reset the iLO processor. b) Extract the firmware from the component. This will place the firmware image file, iLO5_yyy.bin (where yyy represents the firmware version), in the target directory. You can use the following methods to install firmware: i) Login to iLO, navigate to the Flash Firmware page, and update the firmware from there. ii) Use the iLO RESTful API or ILOREST. For more information, see the following website: http://www.hpe.com/support/restfulinterface/docs. iii) Use the Lights-Out Configuration Utility (HPQLOCFG) and RIBCL/XML scripts to update iLO 5 across the network. iv) Use the Online Lights-Out Configuration utility (HPONCFG) and RIBCL/XML scripts to update iLO 5 from the supported host OS. 3. iLO automatically resets after a successful update. There is no need to manually reset iLO. Copyright 2002-2023 Hewlett Packard Enterprise Development, LP