HPE 9000 and HPE e3000 Servers
1748195 Members
4804 Online
108759 Solutions
New Discussion

Re: Issue with iLO

 
Jeffrey F. Goldsmith
Super Advisor

Issue with iLO

Good morning.  I am having some trouble with connecting to my HP-UX rp3440-4 server via iLO.   Currently the OS version on the server is HP-UX 11.23.  My server is old and we are in the process of moving our applications off of it to windows server 2012 servers.  My desktop PC is Windows 10 and I am using Microsoft Edge, Firefox 41.0.0 and Chrome 45.0.2454.101 as my web browsers.  I have Java 8.60 installed on my PC as well.

 

When I try to start iLO using Firefox I get the error:

"Secure Connectin Failed".

An error occurred during a connection to 172.16.0.5. SSL peer reports incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_alert)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

 

When I try to start iLO using ChromeI get the error:

SSL server probably obsolete.

Unable to connect securely to the server. This website may have worked previously, but there is a problem with the server. Connecting to such sites weakens security for all users and thus has been disabled.

 

When I try to start iLO using Microsoft Edge I am able to get to the iLO login page but it shows that I am getting a Certificate error at the top of the screen.  I am able to login but get the following information:

This site says... iLO ACCESS IS NOT SECURE

Default iLO users are currently configured and remote access is enabled.

Modify default users' passwords or delete users

or

Disable all types of remote access

 

When I go to the Remote serial console and click on the View Console I get the "Certificatre error" again and the console window doesn't start.  This is what the certificate error says:

 

Webdite Identification:

This site's security certificate doesn't match its address. It was issued for a different site. This could be an error, or it might mean that someone will try to steal any info you send to the server.

You should close this site immedately.

 

I had been able to logon to the iLO prior to going to Windows 10.  Is there something that I need to change on my PC to be able to connect to the servers usin iLO?

 

Thanks for any help you can give.

 

 

Just so you know, what I did was to connect to the server was to use ssh to connect to the server.

 

3 REPLIES 3
Torsten.
Acclaimed Contributor

Re: Issue with iLO

The reason could be the old firmware of this "ILO" (better call it MP). However, there is no benefit in using the GUI, better simply do ssh to the MP.


Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.

__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
GLockman1
New Member

Re: Issue with iLO

I have had this issue too. It would seem that TLS 1.2 in modern browsers is too new for the encryption of the old iLO firmware causing an ssl error when trying to connect. I opened IE and went to Tools, Advanced, and unchecked TLS 1.2 and I was in like Flynn. Although this is a good work around for an emergency, I suspect that an update to the firmware will resolve the issue. 

Bill Hassell
Honored Contributor

Re: Issue with iLO

Save yourself a lot of grief with JavaJunk browsers and secure connections. Get a copy of PuTTY and telnet to the MP (iLO).  The console interface is a separate computer and is used to communicate with the hardware. Telnet always works and never requires fancy certificates and encryption. The MP might work better with newfangled Win10 stuff if the firmware is updated but I avoid these problems on all HP-UX servers by keeping it simple. The telnet connection means that the text can always be copy/pasted and keywords searched without retyping the text from a jpg screen shot.

Note: Telnet is not a secure protocol and should only be used when rebooting, reinstalling or troubleshooting hardware problems. The MP (aka, GSP, iLO, LAN console, etc) for *any* server, switch, tape changer, etc should always be treated as a security liability and never connected to a corporate network. Instead, these connections should be on an isolated network and accessible through a secure data center server. Virtually all console connections support telnet.



Bill Hassell, sysadmin