Posted by: Nathan Simon
browser, ESXi, Firmware updates, HP, iLO, microsoft, url, Windows Server 2008
One of the key things I keep on top of is firmware and software updates. Ilo has been updates at the beginning of the month and a lot of people over look it. So I am here to remind you all of the updates. Below you will find the list of fixes, additions, and enhancements.
Problems fixed since last release:
Disabled SSL/TLS renegotiation to protect iLO 2 against SSL/TLS plaintext injection attacks (CVE-2009-3555).
Fixed security vulnerabilities mentioned in CVE-2008-7270 and CVE-2010-4180.
Fixed an issue with ROM randomly fails to communicate to iLO 2 during POST causing some Mezzanine cards on blades to get misconfigured.
Fixed an issue where the iLO 2 login page could be requested and displayed in HTTP mode instead of HTTPS secure mode.
Fixed an issue with Set_Pwreg_Alert_Threshold.xml doesn’t validate parameters correctly.
Fixed an issue with Set_Pwreg_Alert_Threshold.xml gives false message when server is in aux power.
Fixed an issue with iLO 2 accepting invalid value for warning_duration.
Fixed an issue where user cannot exit from serial CLI when login prompt is shown.
Fixed an issue where pressing ESC + SHIFT 9 key sequence and ESC + SHIFT Q key sequence multiple times can cause serial CLI to stop responding.
Fixed an issue where the Linux console via iLO 2 Virtual Serial Port could no longer work after iLO 2 reboots.
Fixed an issue where mounting Scripting Virtual Media using an invalid hostname in the URL can cause iLO 2 network to stop responding.
Added Brown-out Recovery Feature for ML/DL servers.
Added Custom SSL Certificate Signing Request (CSR).
Added Support for 2048-bit RSA key in SSL CSR.
Added XML command to delete SSH keys.
Added option to disable the Virtual Media Access port.
Added Support for Java 64-bit JVM/JRE.
Added Support for Integrated Remote Console on Internet Explorer 64-bit Editions.
Added support for Internet Explorer 9, dropped support for Internet Explorer 6.
Improved performance of the iLO 2 Virtual Serial Port when connected via SSH.
After importing a SSL certificate containing a 2048-bit RSA key length, the iLO 2 webGUI could become noticeable slower to some users. This is due to the fact that SSL handshakes with 2048-bit keys take several times more CPU cycles than doing SSL handshakes with 1024-bit keys. The iLO 2 login page could take an extra of 5 to 10 seconds to show up and clicking on the webGUI after the websession is left idle for more than two minutes, could cause the old SSL sessions to expire and force iLO 2 to do new SSL handshakes.
After iLO 2 v2.06 firmware is flashed and running for the first time, iLO 2 will automatically begin to pre-generate 1024-bit and 2048-bit RSA key pairs that are required for the Certificate Signing Request (CSR). This process takes around 20 minutes to complete. During this time, the Remote Console needs to remain closed to allow iLO 2 to finish pre-generating these keys and store them in the NVRAM.
Download the executable here. If you are running Windows Server 2008 directly on hardware you can run the executable and update via Windows, if you are using an ESX Host, you can extract the files and then update ILO from a management server via the browser.