Schlagwort: HPE

HPE SPP Update with COM and ESX

Dezember 23, 2024 / Armin / Keine Kommentare

Here I will guide you to Install the HPE Service Pack for ProLiant (SPP) using Compute Ops Management (COM) on VMware ESX Server.
(Will work similarly with Windows Server also.)

There is a new Note in the Manual:
Compute Ops Management updates the iSUT mode from the default AutoStage mode to AutoDeploy mode after iSUT is installed or upgraded to version 2.9.3 or later. If a reboot is required during a firmware update, it will proceed regardless of the iSUT configuration.

Therefore, the following ESX settings are now only necessary for older versions:

Start the ESX Shell and SSH on the ESX Server:

Optional: Set ESX into Maintenance Mode

Activate the HPE Software Update Tool (SUT):
sut -set mode=AutoDeployReboot
To Check:
sut -status

To check above 2.9.3:

Set the iSUT enableiloqueuedupdates flag to true.
Use the following iSUT command to set this flag:
sut –set enableiloqueuedupdates=true

If you installed or updated the iSUT version or changed the mode, reset iLO or the server, and then wait for five minutes before initiating a firmware update through Compute Ops Management.

You only need to set this the first time for each server.

Go to https://common.cloud.hpe.com/ and start COM:

Now, it’s simple.
Select the Server, you want to Update and Actions > Update Firmware:
(It is currently a bit misleading, because this can also be used to update the drivers.)

Select your Setings:

In this case, the update will not be performed because we have also selected the drivers update, but for this the ESX server must be in maintenance mode.

Problem solved, now it works:

COM checks which firmware and possibly drivers are required and only these are transferred to the iLO board. This is different from before.

At one Point Firmware of the iLO itself is being Updated, and then iLO is offline for some minutes.

Attention: Do not click here! Lay back and Drink your ☕.

Now iSUT inside ESX (or Windows) should pick up the Driver:

Attention: Can be a long time until the Update starts, the default is 5 Min., don’t be nervous!

If you like, watch the Progress also here in iLO:

When everything is done, the Queue will be empty, and the Server reboots (If in Maintenance Mode).

During the Reboot, some post Firmware updates will be done (UEFI, PICs).

Complete!

Solve vCenter Host TPM attestation alarm with HPE ProLiant

Juli 30, 2024 / Armin / Keine Kommentare

If you get this Message on a HPE ProLiant Server

here is a way to solve it.

First, set the Host in Maintenance Mode.
Than open a CLI connection to the ESXi and Enter:

esxcli system settings encryption get
Mode: TPM Require Executables Only From Installed VIBs: false
Require Secure Boot: false

Set Secure Boot to true with:
esxcli system settings encryption set –require-secure-boot=T

Verify the change.
esxcli system settings encryption get
Mode: TPM Require Executables Only From Installed VIBs: false
Require Secure Boot: true

To save the setting, run the following command:
/bin/backup.sh 0

Now Reboot the Server and Enter the UEFI BIOS by pressing F9.
Change TPM Settings in
System Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > Trusted Platform Module Options
as here:

Annotation:
VMware ESXi 7.0 cannot handle SHA386.
SHA386 only works with VMware ESXi 8.0.

F12: Save and Exit for Reboot

Maybe vCenter is now showing this

in that case, go back to CLI and enter
esxcli system settings encryption recovery list

Save the output in a secure, remote location as a backup, in case you must recover the secure configuration.
Now, Right-click on the alarm and select Reset to Green.

Done

Reference:
Enable or Disable the Secure Boot Enforcement for a Secure ESXi Configuration (vmware.com)

HPE SPP Update with OneView 8

März 23, 2023 / Armin / Keine Kommentare

Silently OneView has introduced the installation of a Service Pack for ProLiant without the need for a Server profile.

And now with OneView 8.2 HPE going next Step toward the Customer and allowing the Firmware and Driver Update without the need to have a OneView License.
Yes, having a free Monitoring only Version is good enough, this makes sense because the free iLO Amplifier offers the same Feature.

Time to show how we Update the Server with OneView, it’s so easy. 😊

Let’s Start, login to OneView and choose Firmware Bundles on the bottom:

Here we have to Upload the Service Pack for ProLiant into the OneView Repository:

Now go back to the Server Hardware, select your Server(s) and choose Update Firmware under the Actions Menu:

Select the Firmware Baseline and choose the Installation policy.
With OV 8.2 we are able to deploy Firmware and OS Drivers if the Server has iLO 5 or newer.
To deploy also the OS Driver, set the SUT Mode to AutoDeploy, as I describe here:
HPE SPP Update with SUM and ESX

That’s all, the Update is now rolling out, OV will copy the needed Update Files to the iLO NVRAM, and then the Server will Install them locally.
Some Updates still need a reboot.

Armin Kerl

How to suppress 3PAR notification

Februar 14, 2023 / Armin / Keine Kommentare

The HPE 3PAR storage systems are constantly monitored by the so-called „Service Processor“. That can be a dedicated Physical Server or in most cases a virtual machine. The SP has ready-made rules, which send corresponding alarm messages to the added Contacts. Sometimes it’s just a matter of suppressing annoying alerts, like in this case where a programming error generates constant unintentional emails.

Document – Advisory: HPE 3PAR StoreServ Storage, HPE Alletra 9000, and HPE Primera 600 Storage – Operating System Upgrade May Report Invalid Checksum Validation | HPE Support

Here I show you how to suppress these messages in SP 5.x, because it’s a bit tricky:

First, log into the „Service Console“ GUI and select Contacts.

Then click Edit and select the storage system.

Use the pencil for your Storage System to Edit.

Have all Rules displayed and search for the rule that appears in the email notification text. In this case „IDE file“.

Remove this Rule for every Contact.
The Rule is not lost, you can later choose „Default“ to reset all Rules.
Better check again, sometimes the setting is lost when you jump back and forth.

Done

HPE SPP Update with SUM and ESX

Februar 3, 2023 / Armin / Ein Kommentar

Here I will guide you to Install the HPE Service Pack for ProLiant (SPP) using Software Update Manager (SUM) on VMware ESX Server.
(Will work similarly with Windows Server also.)

Let’s begin now.

Start the ESX Shell and SSH on the ESX Server:

Optional: Set ESX into Maintenance Mode

Activate the HPE Software Update Tool (SUT):
sut -set mode=AutoDeployReboot
To Check:
sut -status

Mount or extract the Service Pack ProLiant ISO File and start with launch_sum.bat on any Windows PC or Server on the Network.

Start the Service Pack ProLiant on any Windows PC or Server in the Network and choose Nodes:

Now add the Server, since Gen10 (iLO5) Driver and Firmware were installed by iLO.

First, the Files were copied into the NVRAM of iLO.
Then the Installation Queue will be created.
Most of the Firmware is Installed direct.
For Driver, the SUT-Tool picks them from iLO and installs them in the OS.
If the Server is in Maintenance Mode, at the end an automatic reboot is triggered.
At the Reboot, Firmware is installed, which cannot be done Online.

In SUM add the Server(s) by „Add Node„: