Client Automation Standard Practitioners Forum
Showing results for 
Search instead for 
Do you mean 

Out of Band Management cannot find vPro device

Occasional Advisor

Out of Band Management cannot find vPro device

I use Intel AMT SCS to provision vPro client successfully. I also install the OOBM agent on the vPro client. The vPro client is seen in SCS console(see Scs.jpg in the attachment). In HPCA, the client is also shown in "vPro Provisioning"(see hpca2.jpg and hpca3.jpg in the attachment). However, the client device cannot be found using Device Discovery Wizard in HPCA (see hpca1.jpg in the attachment).

Attached the screen captures for the issue. What is the cause of the issue? Is there any settings I missed?
11 REPLIES
HPE Expert

Re: Out of Band Management cannot find vPro device

Hi,

I'm not able to download the attachment. Can you attach once again? also let me know that is the error you are getting on screen as well as log file during your vPro device discovery?

Log file location: \HPCA\tomcat\logs\stdout.log
Occasional Advisor

Re: Out of Band Management cannot find vPro device

Hi Prabu,

The latest update is that after adding a digest user in the profile in SCS console, the client vPro device is discovered in Device Management. However, when we click on the vPro device to manage it, the following error pops up:

"Error: Unable to retrieve information for the selected device.

The possible cause could be the device is not available in network."

Attached the zipped screen captures and the stdout log file.

If you still cannot download the attachment, do you have an email address?
HPE Expert

Re: Out of Band Management cannot find vPro device

Hi,

After adding Digest user to SCS profile, did you re-configure your vPro device using that profile? If not please do re-configure (SCS consile device list -> right click reconfiguration)

Thanks,
Prabu
Occasional Advisor

Re: Out of Band Management cannot find vPro device

Hi,

Which re-configuration option do you mean? I attached a screen capture in SCS console.

Actually i have removed the device and re-provisioned the vPro device several times. Now everything is OK in SCS console. The problem is with HPCA device management.
Thanks!
HPE Expert

Re: Out of Band Management cannot find vPro device

Hi,

Yes, thats what i mentioned. Hope you followed the below procedure,
1. Create SCS profile with atleast one Digest user
2. Provision vPro device with that profile which has Digest user in it.
3. Discover the vPro device from HPCA console.

If still you have issues, please attach your log file? (stdout.log)

Thanks,
Prabu
Occasional Advisor

Re: Out of Band Management cannot find vPro device

We decide to use TLS-PKI mode, enable DHCP on the server, and now vPro client is provisioning itself successfully in SCS console. However, there are still problems after we follow the steps in HPCA OOBM guide:

1. Export the root CA certificate to rootCA.cer and server client certificate to ClientAuth.pfx.

2. Copy the .CER file to the HPCA server and import it to the Java Key Store using the Keytool utility:

Keytool â import â noprompt â alias customcacert â keystore ..\lib\security\cacerts â storepass -file â c:\SCS\rootCA.cer

3.Convert that same CER file to PEM format using the OpenSSL utility in the C:\Program Files\Hewlett-Packard\HPCA\ApacheServer\bin folder:

Openssl x509 â inform DER â outform PEM â in c:\SCS\rootCA.cer â out c:\SCS\rootCA.pem

4. Convert the client certificate to PEM format

Openssl pkcs12 â in C:\SCS\ClientAuth.pfx â out C:\SCS\ClientAuth.pem

5. Modify the C:\Program Files\Hewlett-Packard\HPCA\OOBM\conf\config.properties and add the following lines(please note I have tried other formats such as C:\\SCS\\rootCA.pem and C:/SCS/rootCA.pem. Same results):

root_certificate=C\:\\SCS\\rootCA.pem
client_certificate_pem=C\:\\SCS\\ClientAuth.pem
client_certificate_pfx=C\:\\SCS\\ClientAuth.pfx
ca_server_commonname=wps2008.devhpcae.local

6. Restart the Tomcat service

Now, I cannot discover the client computer in Device Management under "Out of Band Management". In the stdout log under :\Program Files\Hewlett-Packard\HPCA\tomcat\logs, I see the following lines which may indicate the problem:


INFO: vPro device is present in SCS but failed to Discover by OOBM:hp-radia.devhpcae.local
Apr 25, 2011 11:56:07 AM com.hp.ov.amt.devicerepository.DeviceInfoManager getDevices
INFO: Error while creating DeviceInfo object
java.lang.Exception: Root/Client Certificate paths are not configured for OOBM


Attached the full log. Any idea?

Occasional Advisor

Re: Out of Band Management cannot find vPro device

The commmands I used should be the following:

Keytool -import -noprompt -alias customcacert -keystore ..\lib\security\cacerts -storepass -file C:\SCS\rootCA.cer

Openssl x509 -inform DER -outform PEM -in c:\SCS\rootCA.cer -out c:\SCS\rootCA.pem


Openssl pkcs12 -in C:\SCS\ClientAuth.pfx -out C:\SCS\ClientAuth.pem
HPE Expert

Re: Out of Band Management cannot find vPro device

Hi,

You have to add the Root and client certificate pass phrase to the config.properties file.

Please run 2 bat files which are under HPCA/OOBM/bin directory after that you should be able to see the encrypted passwords in config file.

Once this is done, try to restart the tomcat and try to re-discover.

Thanks,
Prabu
Occasional Advisor

Re: Out of Band Management cannot find vPro device

I did run the two commands before. Below is the results:


C:\Program Files\Hewlett-Packard\HPCA\OOBM\bin>amtpem_chgpwd

C:\Program Files\Hewlett-Packard\HPCA\OOBM\bin>echo off
Enter the HP CA Installed directory location: ( e.g. C:\Program Files\Hewlett-Pa
ckard\HPCA ) C:\Program Files\Hewlett-Packard\HPCA
Enter passphase for AMT PEM Certificate:!qaz2wsx
"C:\Program Files\Hewlett-Packard\HPCA\jre\bin\java.exe" -cp "C:\Program Files\H
ewlett-Packard\HPCA\tomcat\webapps\oobm\WEB-INF\classes";"C:\Program Files\Hewle
tt-Packard\HPCA\tomcat\webapps\oobm\WEB-INF\lib\hp-ca-common-07.50.000-20090108.
213641-50.jar"; com.hp.ov.amt.ui.utils.AmtConfigure !qaz2wsx pem_certificate_pas
sword true C:\Program Files\Hewlett-Packard\HPCA
Exception in thread "main" java.lang.NullPointerException
at com.hp.ov.amt.ui.utils.AmtConfigure.main(AmtConfigure.java:72)
Configuration value is successfully updated
Press any key to continue . . .



C:\Program Files\Hewlett-Packard\HPCA\OOBM\bin>amtpfx_chgpwd

C:\Program Files\Hewlett-Packard\HPCA\OOBM\bin>echo off
Enter the HP CA Installed directory location: ( e.g. C:\Program Files\Hewlett-Pa
ckard\HPCA ) C:\Program Files\Hewlett-Packard\HPCA
Enter passphase for AMT PFX Certificate:!qaz2wsx
"C:\Program Files\Hewlett-Packard\HPCA\jre\bin\java.exe" -cp "C:\Program Files\H
ewlett-Packard\HPCA\tomcat\webapps\oobm\WEB-INF\classes";"C:\Program Files\Hewle
tt-Packard\HPCA\tomcat\webapps\oobm\WEB-INF\lib\hp-ca-common-07.50.000-20090108.
213641-50.jar"; com.hp.ov.amt.ui.utils.AmtConfigure !qaz2wsx pfx_certificate_pas
sword true C:\Program Files\Hewlett-Packard\HPCA
Exception in thread "main" java.lang.NullPointerException
at com.hp.ov.amt.ui.utils.AmtConfigure.main(AmtConfigure.java:72)
Configuration value is successfully updated
Press any key to continue . . .


However, I didn't find any encrypted passphase in either config.properties or configuration.properties.

Is there anything I was doing wrong?
Occasional Advisor

Re: Out of Band Management cannot find vPro device

I found the cause. In the amtpem_chgpwd batch file, a file name "hp-ca-common-07.50.000-20090108.
213641-50.jar" is specified:

C:\Program Files\Hewle
tt-Packard\HPCA\tomcat\webapps\oobm\WEB-INF\lib\hp-ca-common-07.50.000-20090108.
213641-50.jar

However, when I open the folder C:\Program Files\Hewle
tt-Packard\HPCA\tomcat\webapps\oobm\WEB-INF\lib\, I only found a file named hp-ca-common.jar.

Therefore, I changed the file name hp-ca-common-07.50.000-20090108.
213641-50.jar in amtpem_chgpwd.bat to hp-ca-common.jar. After that, ran the batch file got the following message:

C:\Program Files\Hewlett-Packard\HPCA\OOBM\bin>echo off
Enter the HP CA Installed directory location: ( e.g. C:\Program Files\Hewlett-Pa
ckard\HPCA ) C:\Program Files\Hewlett-Packard\HPCA
Enter passphase for AMT PEM Certificate:!qaz2wsx
"C:\Program Files\Hewlett-Packard\HPCA\jre\bin\java.exe" -cp "C:\Program Files\H
ewlett-Packard\HPCA\tomcat\webapps\oobm\WEB-INF\classes";"C:\Program Files\Hewle
tt-Packard\HPCA\tomcat\webapps\oobm\WEB-INF\lib\hp-ca-common.jar"; com.hp.ov.amt
.ui.utils.AmtConfigure !qaz2wsx pem_certificate_password true C:\Program Files\H
ewlett-Packard\HPCA
Encrypted value: {AES256}txM3KttoslZqXzYH/0zB0w==
Configuration value is successfully updated



I opend the config.properties and found the encrypted passphase had been added.

Now, the client device is discovered in Device Management. However, I am still unable to open the device or power on/off the device. I got the following error:

"; nested exception is: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca."

Attahed the latest stdout log.
HPE Expert

Re: Out of Band Management cannot find vPro device

Hi,

Yes, that was the issue with our bat file and fixed in our latest release. Are you using Windows 2008 server for HPCA installation?
Please note that we have an issue with Win2k8 server for TLS issue. In this case, you may need to use Non Secured mode or TLS mode on Win2k3 server.

Thanks,
Prabu
//Add this to "OnDomLoad" event