HP iLO-3 Pain   !      

100% cured

Integrated Lights out (means the server farm has no overhead  lights turned on) so we use ilo to do a remote console login.
If you have  GEN10 server with iLo5 , it now aviods, JAVA pain and .net pain (dot net) the new Ilo5 uses HTML5 coding. ( finally!) and no we can't upgrade to iLo5.
iLo is a R.O.M based web page,  that even works with the server turned off (yellow power button too) It has firmware and it's own processor (some are ARM) and its own java based web pages.  Version 3 iLO is mine.
I love iLo !  you can do all admin work and not drive to the server farm ever unless a hdd fails and you must hot swap it.
Rule one , all PCs and servers must have the RTC (real time clock) set correctly and a good RTC coin cell battery on the motherboard ,being a day off (date) is a big NO GO !

The pain list and some facts(after the Firmware update sure)
  1. It turns out I only needed to buy the Lights Out License to make the iLo3,  fully work right , that is the making the Remote Console work fully.
  2. The iLo3 flipp'n (CA) Aertificate pf Authority fail hard !,  due to crazy JAVA 8  new rules today (Java8 will fight you to the ends of the earth!.  The cure for me was JAVA 7u60 (old)
  3. The Firefox v56 did not like this, but got it to work with  Java  7u60. (had to get an account at Oracle.com to get it) IE11 is more forgivin... and its mate EDGE.
  4.  I refuse to pay $10 a month for the rest if my life, just to have  a personal traceable,  (CA) ;
  5. The license to run remote console cost me $25. (auction-sites New in box un-used) (HP wanted over $100) The iLo 1 or 2 licenses are no good here.
  6. The real pain is all on JAVA ! (Java8 you can't just tell Java, to accept your ROM coded files as known good !).
  7. I self signed my (CA) using OpenSSL published method, it helped some.
  8. All I wanted is to use ilo on my subnet only, and is behind 2 hardware firewalls. Gee, why must this be so damned difficult. (I shout to the sky)
  9. Know that you need 1 license per machine . (to run all features)
  10. You don't need a license to see the iLO  page, and the information and invent logs, you can not do full remote console, lacking a license.

Success now.  (1 day of my life wasted )
I think the biggest pain is this: 1.88v iol3
"Disabled TLSv1.0 when the FIPS mode or Enforce AES/3DES Encryption options are enabled." seen in the HP release notes patch 1.88.
To work around this see my settings at the end of here. See me turn off SSL there.!  ( Firefox V59 works too)


JAVA v8 will not run here. Period.
If you check too many boxes above under adv. security settings it fails hard.


Integrated lights out iLo-3  (aka. HPE iLo) (or in laymans terms,  remote desktop assess, kinda like Anydesk™ program does (partially)  aka: headless servers
This iLo3 is  chip and ASIC chip and uses AUX power.  mine is iLo3. (it is a hidden, web appliance , with it's own Ethenet LAN jack)
What is it?, well it's runs and works even when the server is turned off,  and you can turn it in iLo on boot and even call up and operate at the main BIOS or any that show hot keys powering it on, including P410 ROM )
I found out Firefox hate (with Java) iL03, so used IE11 or Edge and one click CA error and you are good to go.
Rules:
Works best under old Windows IE11,  but still works easy,but Firefox, v56 is a pain, getting the Java happy, and all that, and the old HP certificate failures. (only the remote console is hard to use , and need for a license)
You need a license to use the best features, of all Remote console  "RC", to run, longer that 1 minute. "trial timer" (you can repeat that over and over,  if in trouble on any server, yes buy the license for $24)
The turn on server feature works even with no License, nicely.
Run RC after logging in to iLo and the top left of virtural screen is "power switch" click that and the Server turns on, and cold boots, you can see it boot in your vitural screen, oddly the trial timer does not run until you turn on power.
The iLo license is forever, for you and your server,  and is not transferable!
HP has no discounted license for say upgrade iLo3,  even though it is now legacy status,  just 5 years old.

Let me quote HPE;
"NOTE:
When a user purchases an iLO license, they get the right to use the licensed features perpetually, the time duration in the license refers to the duration for which they are entitled to support and updates.
An iLO license is tied to the life of the server, that it has been applied on, it cannot be transferred from that server to any other server."


I will give examples for 1 server only and one users and the lowest cost, Essentials, version
HPE part number
BD775A 0D1  ( 76  pages to read just to learn that)  The record button will be dead, on the cheap version! It says  for Essentials.
or #512485-B21 (works too) Advanced, and seen on sale. (hint)
avoid the licenses for Scale-out and pay as you go. The magic words "Pre-OS only"  what in the world does that mean in the Scale-out columns.?
Answer it means console always works for 1min. (no license) or forever with the black screen seen at no power yet) that is how with no license you  can power on remote works for free.
"Your licenses do not expire. They are valid for the life of the server on which they are applied."

HPE, has 1 zillion dead links now,  and 99% of all google searches point to 404. (took me too long  to find this,,,,the key to finding this is the above document PDF and links dead there,  then on the HPE site search ilo, )
Hint: I had to use my skills at tracking dead link histories, to find this.
Page 25, Small Business, purchase, Is here, for $115.
 
Best HP link of all is this.
Lights Out headless remote access is very powerful here:

Dangme,  my old iLo1 license does not work on my iL03 system, dag nab it.! Dat sucks.
This list below is for iLo3,4,5 here, to find this chapter was hard, with millions of dead HP links only, Google has billions all wrong, and all float to the top like turds.
The find the cheapest price only, single server wins, and 1yr,  as does no autolicense updates, flexible is more persons so more $$$
On the used market (NIB , new on box) the Advanced can be cheaper., even $24.
To cheat with say 2 home servers? (a theory) use 1 licence on both, then keep a firewall between them or only plug one in when needed. I'd be afraid to have 2 on same subnet. (like this, nor will I try)
Be nice if HP activated ilo3 for free on legacy systems.  Super nice... or a cheap Cadaver license for folks 65years or older,  $10 via paypal. I am happy found a fire sale, I did...




Mine is 485 here. Works on G7 iL03


Screen one, I have my host file set to  iLo3.com =  raw IP  (when you boot the BIOS shows you  your the ILO IP)

For ilo to work the first time it must be setup with power on, boot F8 iLO3 setup menu.
I then enable it and make sure DHCP is on,  so your router can assign an IP address to it.
Next run any  IP port scanner (free) or ask your router the IP of ilo, good routers tell you the list if connected devices.
I then at the router, set this IP to reservered for iL03.
In my host file I do this,  iLo3.local =  ip4 address found and set.  (per std. host file rules)
I then type in my browser,  this URL iLo3.local and bingo you get the below. (please ignore the dot com below)
You must log in first, but to do that you need to run the F8 boot key and configure your iLO ROM first. (usernames and passwords) This is so cool, I love it. iLo

After  logging in above and picking remote console you next hit the POWER SWITCH below  you see the server boot and P.O.S.T up and last my server, page.
To log in to the server, hit the keyboard TAB (control+alt+del) option there.






Now run remote console.  Push the Power Switch at red arrow.


In the above, screen this  is BIOS sign on, can take 3 to 5 minutes to get this screen,(ram size huge, longer) then you get the F8 prompts for iLo or RAID.
Then and last the Windows, login screen pops. (mine is windows server 2012 r2)


Windows Server?
You can run the HP SSA appl. to  control the RAID.

Warning : Server 2012 only installs on true 64bit computers and servers never old 32bit metal ! Some 32bit apps run on this 64bit OS will   run or NOT, (on a case by case Application test, test it or ask your source)
If you ever ran a compliler you would know the checkboxes there,  (32bit, 64b or both; the builders choice is always true) Why not just run it and watch it puke or not. Takes you what, 1 seconds work?


HP SSA  , see how I tests questionable used SAS drives here.


end iLO and logging in.


Firmware updates: (this costs you nothing at HP see link below !)
The iLo3 can not be flash ROM upgraded to iLO4 or 5, as those use different ARM processors.! You must match firmware to the correct generation.
My iLo3 is version 1.89 July 2017  at HPE.com you must search for key word Firmware to find them,   ( HPE web site is super hard to navigate and is not small business friendly (1 server)
If your iLo time of day or M/D/Y  is wrong, then set it in the OS or BIOS and reboot, or the license key activation fails.
I flashed mine just now, by extracting (7zip extract here) the exe below file to 189.bin file.
Then logged into iLO3 web page(https:), and clicked Admin, the firmware, then browse to bin file then up upload, and it took 2-3min to upload then it burned the ROM and rebooted to 1.89 all by itself and nothing missing.
I discovered this nice web page that indexes the firmware far more easy that HP does. (but is just  link to HP deep server files )


Newest at HP firmwere is:
Firmware - Lights-Out Management Version: 1.89(19 Oct 2017)  
file: cp032171.exe

the Bin file is inside this exe(so extract it)



version 2.  11-9-2017