FILE NAME: iLO5_272.bin TITLE: iLO 5 firmware v2.72 LANGUAGE: English DIVISIONS: Systems PRODUCTS AFFECTED: HPE ProLiant BL460c Gen10 Server HPE ProLiant DL580 Gen10 Server HPE ProLiant DL560 Gen10 Server HPE ProLiant DL385 Gen10 Plus Server HPE ProLiant DL385 Gen10 Plus v2 Server HPE ProLiant DL385 Gen10 Server HPE ProLiant DL380 Gen10 Plus Server HPE ProLiant DL380 Gen10 Server HPE ProLiant DL365 Gen10 Plus Server HPE ProLiant DL360 Gen10 Plus Server HPE ProLiant DL360 Gen10 Server HPE ProLiant DL345 Gen10 Plus Server HPE ProLiant DL325 Gen10 Plus v2 Server HPE ProLiant DL325 Gen10 Plus Server HPE ProLiant DL325 Gen10 Server HPE ProLiant DL180 Gen10 Server HPE ProLiant DL160 Gen10 Server HPE ProLiant DL120 Gen10 Server HPE ProLiant DL20 Gen10 Server HPE ProLiant ML350 Gen10 Server HPE ProLiant ML150 Gen10 Server HPE ProLiant ML110 Gen10 Server HPE ProLiant ML30 Gen10 Server HPE ProLiant ML30 Gen10 Plus Server HPE ProLiant DL20 Gen10 Plus Server HPE ProLiant XL675d Gen10 Plus Server HPE ProLiant XL645d Gen10 Plus Servers HPE ProLiant XL450 Gen10 Server HPE ProLiant XL420 Gen10 Server HPE ProLiant XL290n Gen10 Plus Server HPE ProLiant XL270d Gen10 Server HPE ProLiant XL2x260w Server HPE ProLiant XL230k Gen10 Server HPE ProLiant XL225n Gen10 Plus Server HPE ProLiant XL220n Gen10 Plus Server HPE ProLiant XL190r Gen10 Server HPE ProLiant XL170r Gen10 Server HPE ProLiant MicroServer Gen10 Plus Server HPE ProLiant DL110 Gen10 Plus Telco Server HPE XL925g Quad Gen10 Plus EPYC Server HPE Apollo r2800 Gen10 24 SFF Flexible Configure-to-order Chassis HPE Apollo r2600 Gen10 24 SFF Premium Configure-to-order Chassis HPE Apollo r2200 Gen10 12 LFF Configure-to-order Chassis HPE Apollo n2800 Gen10 Plus 24 SFF CTO Chassis HPE Apollo n2600 Gen10 Plus 24 SFF CTO Chassis HPE Apollo 6500 Gen10 System HPE Apollo 6500 Gen10 Plus (Chassis) HPE Apollo 4530 Gen10 HPE Apollo 4510 System HPE Apollo 4200 Gen10 Plus Server HPE Apollo 4200 Gen10 Server HPE Apollo 2000 Gen10 Plus System HPE Synergy 660 Gen10 Compute Module HPE Synergy 480 Gen10 Plus Compute Module HPE Synergy 480 Gen10 Compute Module HPE ProLiant e910 Server Blade HPE ProLiant e910t Server Blade HPE Edgeline e920 Server Blade HPE Edgeline e920t Server Blade THIS VERSION VALIDATED WITH: Microsoft Windows Server 2022 Microsoft Windows Server 2019 Microsoft Windows Server 2016 Microsoft Windows Server 2012 R2 Red Hat Enterprise Linux 9 Server Red Hat Enterprise Linux 8 Server Red Hat Enterprise Linux 7 Server Red Hat Enterprise Linux 6 Server SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 11 VMware ESXi 8.0 VMware ESXi 7.0 VMware ESXi 6.7 VMware ESXi 6.5 PREREQUISITE: N/A BUILD DATE: Sept 04, 2022 EFFECTIVE DATE: Sept 14, 2022 DESCRIPTION: Firmware for the Hewlett Packard Enterprise Integrated Lights-Out 5 Management Controller LAST RECOMMENDED OR CRITICAL VERSION: 2.71 PREVIOUS VERSION: 2.71 UPGRADE REQUIREMENTS: RECOMMENDED UPGRADING FROM A PREVIOUS VERSION OF iLO - Hewlett Packard Enterprise highly recommends a minimum firmware version of iLO 5 v2.41 or later. - Direct upgrade to iLO 5 v2.72 is only supported for servers with iLO 5 v1.48 and above. - On servers with an earlier version of iLO 5 installed, you first need to install iLO 5 v1.48, and then install iLO 5 v2.72. For example, if a server has iLO 5 v1.10 installed, install iLO 5 v1.48 first, and then install iLO 5 v2.72. - Minimum supported iLO version for Gen 10 plus Intel platform is iLO 5 v2.42. FIRMWARE DEPENDENCY: - Please note the supported version of AMS with iLO 5 v2.72 is 2.5.0 or later for Windows and Linux components, while it is 2021.10.01 or later for VMware. Failure to use this version will result in properties and monitoring of the drives related to embedded SATA/EHCI to not function correctly. - Install iLO 5 v2.72 version of firmware on HPE ProLiant e910 Server Blade using Service Pack for Edgeline (SPE). - Install iLO 5 v2.72 version of firmware on a Synergy system as part of the overall HPE Synergy Service Pack install. Hewlett Packard Enterprise recommends the following or greater versions of iLO utilities for best performance: - RESTful Interface Tool (iLOREST) 3.5.1.0 - HPQLOCFG v5.3.0 - Lights-Out XML Scripting Sample bundle 5.40.0 - HPONCFG Windows 5.5.0 - HPONCFG Linux 5.7.0 - LOCFG v5.40.0 or later - HPLOMIG 5.3.0 NOTE: Updated utilities and system libraries are required to support the iLO High Security, FIPS, and CNSA security states. NOTE: With the release of iLO 5, some features of iLO are not supported by RIBCL or the CLI. Instead, Hewlett Packard Enterprise recommends the use of the iLO RESTful API, particularly for setting the iLO security state and configuring extended user privileges. The iLO RESTful API is the preferred programmatic interface for Gen10 and later systems. The preferred CLI and scripting tool is the RESTful Interface Tool (iLOREST). KNOWN ISSUES: - HPE now supports only Insight Remote Support central connect. If you are using HPE Insight Online direct connect, Hewlett Packard Enterprise recommends to unregister Insight Online direct connect and register with Insight Remote Support central connect. - iLO 5 v2.72 supports enabling and disabling of HTTP and HTTPS ports separately using Redfish APIs. Ensure you enable both HTTP and HTTPS, if you want to downgrade the firmware below iLO 5 v2.72, else the web server will not start. - When TLS 1.2 and TLS 1.0 are enabled but TLS 1.1 is disabled, certain functionalities of alertmail and remote support might be affected. To avoid this issue, disable TLS 1.0 or revert the settings related to TLS disablement. - To connect to the iLO Service Port with a USB Ethernet adapter, you must use a USB 2.0 device that is based on the AX88772 series chipset from ASIX Electronics Corporation. Hewlett Packard Enterprise recommends the HPE USB to Ethernet Adapter (part number Q7Y55A). - Starting with iLO 5 v1.20, SNMP settings are not backward compatible with older iLO firmware versions. The SNMP settings are discarded when you downgrade the firmware to an earlier version. - When you start the iLO web interface, and then you launch the HTML5 IRC, these interfaces are counted as a single iLO session. This behavior is different from the .NET IRC and the Java IRC, which are separate sessions from the iLO web interface. The Idle Connection Timeout specifies how long a session can be inactive before it ends automatically. If you start a virtual media operation (such as an OS installation), and the Idle Connection Timeout is reached, the HTML5 IRC and the iLO web interface close automatically, and the virtual media operation is interrupted. To avoid this issue, you can set the Idle Connection Timeout to a longer value, use a different remote console, or make sure that the session is not idle during the virtual media operation. - To support power usage reporting and optimum server thermal fan control on Linux servers with NVIDIA GPU option cards: Blacklist the nouveau video driver, and then load the NVIDIA GPU driver in persistent mode by entering the following command: nvidia-smi -pm 1 - DIMM power reporting in iLO UI/UX graphs would be removed and REST APIs would display 0 Watts on Gen10 and Gen10 Plus AMD platforms because of incorrect reporting - On certain HPE Mellanox adapters that support dual port personality (InfiniBand/Ethernet), the port personality gets reset to the default value during an adapter firmware update. o For more information, refer to the below Customer Advisory on the Hewlett Packard Enterprise Support Center: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00068199en_us. o The document lists iLO 5 v1.48 as the minimum version to install before an adapter firmware update. However, iLO 5 v1.48 or later is required before updating to iLO 5 v2.44 or later. - Redfish Service Validator tool reports conformance issue with certificate schema in iLO, but there is no functionality impact. FIXES: - ‘SessionTimeout’ property missing under ‘/redfish/v1/SessionService’ URI - GUI reporting configured drives as unconfigured. - A router failover post iLO NIC link down and link up could cause iLO to be rendered unreachable over router (default gateway). - Incorrect SNMP Trap Data value for cpqSm2CntlrBadLoginAttempts (OID 1.3.6.1.4.1.232.9.2.2.14) - Patch operation under redfish URI chassis/1/Thermal not working - When a storage controller is configured in Passthrough Mode in ESXi, iLO might take a bit longer to discover Direct Attach NVMe Drive. - iLO hostname displays the previous host name after iLO reset. - NVMe Backplane Firmware Package 1.0 is not getting updated through iLO. - Issue with the JSON payload for Country property - Issue with Alertmail IP address reporting on Moonshot systems. - The following weak TLS 1.2 ciphers are disabled in High security state: - 256-bit AES with RSA, ECDH, and a SHA384 MAC (ECDHE-RSA-AES256-SHA384) - 256-bit AES with RSA, DH, and a SHA256 MAC (DHE-RSA-AES256-SHA256) - 128-bit AES with RSA, ECDH, and a SHA256 MAC (ECDHE-RSA-AES128-SHA256) - 128-bit AES with RSA, DH, and a SHA256 MAC (DHE-RSA-AES128-SHA256) SECURITY FIXES: For information about the latest security bulletins and vulnerabilities addressed in this version, see the following website: https://support.hpe.com/connect/s/securitybulletinlibrary. Security best practices: For the latest information about security best practices, see the HPE Integrated Lights-Out Security Technology Brief at the following website: http://www.hpe.com/support/ilo-docs. ENHANCEMENTS: - Cannery Row Solution Support. - Added support to auto-restore the IPMI and SNMP configuration settings to custom defaults (manually enabled by the user) instead of the factory defaults during abrupt AC power cycle. - iLO PLDM Downstream Drive firmware update support enabled. - Enhanced the Alerting Mechanism to allow clearing of Events without resetting iLO. - PATCH support for Redfish Property "DateTimeLocalOffset" - Ability to update Firmware on SATA Drives without Operating System Support. - Ability to disable/enable TLS 1.0 and/or TLS 1.1 in Production state. - The Temperature page now displays the temperature details of the available PCIe subcomponents. SUPPORT: 1. iLO 5 firmware updates and utilities can be found here: https://www.hpe.com/support/iLO5 2. IPv6 network communications Supported Networking Features IPv6 Over Shared Network Port Connections IPv6 Static Address Assignment IPv6 SLAAC Address Assignment IPv6 Static Route Assignment IPv6 Static Default Gateway Entry DHCPv6 Stateful Address Assignment DHCPv6 Stateless DNS, Domain Name, and NTP Configuration Integrated Remote Console OA Single Sign-On HPE Single Sign-On Web Server SSH Server SNTP Client DDNS Client RIBCL over IPv6 SNMP AlertMail Remote Syslog WinDBG Support HPQLOCFG/HPLOMIG over an IPv6 connection URL-based Virtual Media CLI/RIBCL Key Import over IPv6 Authentication using LDAP and Kerberos over IPv6 iLO Federation IPMI Embedded remote support Networking Features not supported by IPv6 in this release NETBIOS-WINS Key managers 3. You might encounter a "data inconsistency error" when you use iLO Federation Management. This error occurs when an iLO on your network is not responding correctly. Use the data on the Multi-System map page to troubleshoot data inconsistency errors. DOCUMENTATION - 1. iLO 5 documentation is available at https://www.hpe.com/support/ilo-docs. 2. Check the online help for information about how to use iLO. To access the online help, Click the question mark icon in the upper right corner of any iLO web interface page. HOW TO USE - 1. Download the iLO 5 Online Firmware Update Component for your operating system. 2. Install the firmware using one of these options: a) Run the component on the host to be updated. The component will update the iLO 5 firmware and reset the iLO processor. b) Extract the firmware from the component. This will place the firmware image file, iLO5_yyy.bin (where yyy represents the firmware version), in the target directory. You can use the following methods to install firmware: i) Login to iLO, navigate to the Flash Firmware page, and update the firmware from there. ii) Use the iLO RESTful API or ILOREST. For more information, see the following website: http://www.hpe.com/support/restfulinterface/docs. iii) Use the Lights-Out Configuration Utility (HPQLOCFG) and RIBCL/XML scripts to update iLO 5 across the network. iv) Use the Online Lights-Out Configuration utility (HPONCFG) and RIBCL/XML scripts to update iLO 5 from the supported host OS. 3. iLO automatically resets after a successful update. There is no need to manually reset iLO. Copyright 2002-2022 Hewlett Packard Enterprise Development, LP