OPERATIONAL DEFECT DATABASE
...
...
Document Version Release Date Details 2 11/06/2017 Updated Resolution section with permanent fix, iLO 4 firmware 2.22 (or later). 1 10/01/2015 Original document release When upgrading HPE Integrated Lights-Out 4 (iLO 4) firmware to version 2.20 from any earlier version, the following settings will be reset to their default values: On the iLO Administration, Access Settings page,the following settings will revert to defaults: The Minimum password length will be reset to the default of 8 characters. Existing passwords are preserved. The Idle Connection Timeout (minutes) will be reset to the default of 30 minutes. The Authentication Failure Logging will be reset to the default "Enabled-Every third Failure." The Authentication Failures Before Delay is a new setting in firmware version 2.20; earlier versions of iLO 4 firmware used the "Every failure causes delay;" this setting will be reset to the version 2.20 default value of "1- Failure causes no delay." On the iLO Administration, Security, Encryption page, The FIPS Mode will be reset to the default of Disabled, and iLO will not be FIPS compliant. To achieve an FIPS compliant departure from FIPS mode, iLO must be reset to factory defaults. iLO 4 firmware version 2.20 is not FIPS certified. On the iLO Administrator, Security, Directory page, LDAP Directory Authentication will be reset to the default of Disabled. Other LDAP configuration settings are preserved. Kerberos Authentication will be reset to the default of Disabled. Other Kerberos settings including the Kerberos keytab are preserved. Local User Accounts will be reset to the default of Enabled. Local users, passwords, and privileges are preserved. When this occurs, the message, "Firmware upgraded to version 2.20" appears in the iLO event log after the firmware update, but there is no error message to indicate the partial reset to defaults. An additional SNMP trap and iLO event log entry "Security jumper override detected. Security disabled!" will appear a second time after upgrading the firmware if the System Maintenance Switch, and the iLO security override jumper, is set. Due to the change to authentication settings, Authentication failures may occur, sessions may time out unexpectedly, or iLO may unexpectedly report errors setting passwords that are shorter than the default. This occurs because iLO 4 firmware version 2.20 is not correctly importing the settings from the previous versions of iLO.
Any ProLiant Gen8 or Gen9 server upgrading the iL0 4 firmware to version 2.20.
iLO 4 firmware version 2.20 is NO LONGER AVAILABLE for download due to an issue when upgrading to version 2.20 that results in resetting some iLO security settings to default values. Replacement version 2.22 (or later) is available here: Windows: https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_30e9eb3e11104548a326deafbe For all other Operating Systems, navigate to the following URL and choose the appropriate OS from the Operating Environment on the left side of the screen, and then choose version 2.22 (or later): https://support.hpe.com/hpesc/public/home/driverHome?sp4ts.oid=1009143853 As a workaround, use "hponcfg /w config.xml" to capture existing iLO settings before performing the firmware update, modify the file to remove unwanted changes, and reapply the settings using hponcfg /f config.xml after the update is complete. Alternatively, the RIBCL commands for GET_GLOBAL_SETTINGS and GET_DIR_CONFIG can be used to capture the relevant settings. RECEIVE PROACTIVE UPDATES : Receive support alerts (such as Customer Advisories), as well as updates on drivers, software, firmware, and customer replaceable components, proactively via e-mail through HPE Subscriber's Choice. Sign up for Subscriber's Choice at the following URL: Proactive Updates Subscription Form. NAVIGATION TIP : For hints on navigating HPE.com to locate the latest drivers, patches, and other support software downloads for ProLiant servers and Options, refer to the Navigation Tips document .
Click on a version to see all relevant bugs
Hewlett Packard Enterprise Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
