Miscellaneous known issues – HP Onboard Administrator User Manual
Page 321
Troubleshooting 321
To prevent loss of network connectivity during the Onboard Administrator firmware update, prior to
performing the update ensure that network adapter firmware is updated to correct the DCC unavailable
condition, as recommended in the Customer Advisory c03600027
. For more information, refer to this Customer Advisory.
Miscellaneous known issues
•
CLI access denied using an SSH key
Upon attempting to log in to the Onboard Administrator CLI using an SSH key, access might be denied,
in which case you are prompted for a password. This problem might occur with FIPS Mode enabled,
after updating the Onboard Administrator from version 3.7x to a later version. Some third-party utility
tools generate keys smaller than the minimum length allowed by the current version of the Onboard
Administrator. Make sure the installed key length is at least 2048 bits in length. For more information
about SSH key size requirements (in particular the default SSH key type size), see the table in "Default
FIPS Mode settings compared to strong encryption (on page
)."
•
Inability to reconnect to Onboard Administrator after reboot (Trusted Hosts enabled)
With Trusted Hosts enabled, an attempt to reconnect to the Onboard Administrator from a client hosted
on an OS that supports RFC 4941 might fail after that OS has rebooted.
RFC 4941 describes an extension to IPv6 SLAAC that allows for generation of global-scope temporary
IPv6 addresses using interface identifiers that change over time. When an OS that supports RFC 4941
(such as Windows 7) reboots or the current address expires, a new temporary IPv6 address is
generated. When you access the Onboard Administrator from a client hosted on an OS with RFC 4941
support, after a reboot the connection fails because of the client’s new IPv6 address and the resulting
mismatch between that address and the IPv6 address configured for the client in the Trusted Addresses
list.
To avoid this issue, either disable generation of global-scope temporary IPv6 addresses in the OS, or
reconfigure the Trusted Host IP address with the newly generated client IPv6 address.
•
Certificate generation fails ("Could not generate the CSR." error message)
When attempting to generate a certificate from the Active or Standby Onboard Administrator, or using
the GENERATE CERTIFICATE command from the CLI, a "Could not generate the CSR." error message
results. This occurs when attempting to generate either a self-signed certificate or a certificate-signing
request (CSR), and with both mandatory and optional information provided.
This problem might have occurred because the optional Alternative Name was specified incorrectly.
The Alternative Name must be 0 to 511 characters in length, and if not 0, it must contain a list of
keyword:value pairs separated by commas. The valid keyword:value entries include IP:<ip address>
and DNS:<domain name>.
•
Limit the number of simultaneous iLO virtual media session to avoid timeout and performance issues
HP c-Class BladeSystem ProLiant and Integrity iLO virtual media performance is limited by the activity
and number of simultaneous iLO virtual media sessions and the OA workload. The Onboard
Administrator Enclosure DVD and Enclosure Firmware Management features use the iLO virtual media
feature and might have similar performance limitations.
To prevent media timeout issues, HP recommends that you limit the number of simultaneous sessions. If
timeout issues are experienced during OS installation or firmware updates, reduce the number of virtual
media sessions in progress, and restart the operation.
•
Onboard Administrator link to iLO 3 Integrated Remote Console might occasionally fail to launch