Server Management - Remote Server Management

iLO2 "Directory Default Schema" Config

New Member

iLO2 "Directory Default Schema" Config

I have been trying for several days to get a new iLO2 card to play nicely with Active Directory. I have used the "Lights-Out Migration Utility" to do a config, have done several myself (based on the "Conveniently integrating HP ProLiant Lights-Out processors with Microsoft® Active Directory" Integration Note, and nothing is working.
Here are the details:
Under "Directory" tab:
Using Directory Default Schema, "Directory Server Address" is "server1.domain.lcl", LDAP Port is 636, "Directory User Context 1": CN=Users,DC=domain,DC=lcl
"Directory User Context 2: OU=Users,DC=domain,DC=lcl
For User Admin - Group Accounts, the "Administrator" group is set with a "Security Group Distinguished Name" of CN=iLO,CN=Users,DC=domain,DC=lcl.

We have 4 AD users (all Domain Admins) in the iLO group which we wish to give access to the iLO2. Our iLO2 card has the Advanced license and is running v. 1.79 firmware.

The result I am getting is this:
When I perform a "test settings", the failure occurs at "User Authentication" with the following log -
Initiating Directory Settings diagnostic for server server1.domain.lcl
Directory Server address server1.domain.lcl resolved to
Accepting Directory Server certificate for /CN=server1.domain.lcl signed by /DC=lcl/DC=domain/CN=server2
Unable to authenticate test user username [Invalid credentials]
Ceasing tests.
Some diagnostics FAILED for server server1.domain.lcl

Attempting to log on to the iLO2 card in the following formats fails:

Any help would be greatly appreciated.
Thank you.

Re: iLO2 "Directory Default Schema" Config

Were you ever able to resolve this issue? I have been struggling with the exact problem for some time now.

New Member

Re: iLO2 "Directory Default Schema" Config

Nope, eventually just gave up. I really needed this to work, but it isn't something I can spend a whole week on!

Re: iLO2 "Directory Default Schema" Config

I hear ya -- I don't know why it has to be so difficult. The OA ldap config is very simple -- why is iLO/iLO2 so different?

I was able to get mine working, but you end up having to use the Display name of the user. So instead of the username, JSmith for example, you use John Smith. It works, but since it's different than OA It will just be confusing.
Ben Short
Frequent Advisor

Re: iLO2 "Directory Default Schema" Config

Just out of interest, is the username you log in with the same as the Common Name (CN) of the AD User Object?

Quite often these two values will not match up depending on your AD Deployment.

With a bit of poking around with ADExplorer or ADSI you should be able to locate what the CN of your user account is.

Try logging in with the CN and hopefully that may solve your problem :)
New Member

Re: iLO2 "Directory Default Schema" Config

The magic answer for me was that the login name to use was the display name! In my case the display name is different from the user logon name.
My display name is John Doe and my user logon name is johndoe, with or CORPCONTOSO\ as alternatives.
To log on in iLO now I just juse John Doe with the right capitals and my password and I log in to iLO from my AD account.
That was what is was just trying to find out the last couple of days.

note to HP: please make this more clear in your documentation.