HPE OneView

Re: HP OneView troubles

 
SOLVED
Go to solution
AdminMSK
Advisor

Re: HP OneView troubles

It turned out to add a Gen6 servers after downgrading the iLO2 firmware version to 1.32.

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-a00072193en_us

 

Now I have a new problem. I cannot manage or delete a group. The name of the group contains Cyrillic and this is probably the reason. Granting rights through a group works (adding a user to a group in AD), but when you select a group in the console, management tools are not available and the following message appears:

Unable to locate the item you requested.

The item you requested does not exist or is restricted by scope. It is possible that another user has deleted this item. Refresh this page or select a different item.

 

For other groups without Cyrillic, control is available. How to remove this group from HP Oneview?

AdminMSK
Advisor

Re: HP OneView troubles

And how can I disable Diffie-Hellman in HP Oneview 6.0? So that I don't have to rollback firmware on all Gen6 servers.

AdminMSK
Advisor

Re: HP OneView troubles

The version iLO2 has not been specified correctly. The iLO2 firmware version that works with HP Oneviev 6.0 is 2.32

ChrisLynch
HPE Pro

Re: HP OneView troubles

And how can I disable Diffie-Hellman in HP Oneview 6.0? So that I don't have to rollback firmware on all Gen6 servers.

Unfortunately, we have no ability to disable individual ciphers within OneView.  The only way to disable weaker ciphers and protocols is to put the appliance into either FIPS or CNSA mode.  Which that will break (or in your case continue to break) communication with older servers and components.


I am an HPE employee

Accept or Kudo

ChrisLynch
HPE Pro

Re: HP OneView troubles

The version iLO2 has not been specified correctly. The iLO2 firmware version that works with HP Oneviev 6.0 is 2.32

Are you saying that downgrading from 2.33 to 2.32 fixed your problem?  If it didn't, I would suggest you open a support case for this issue.


I am an HPE employee

Accept or Kudo

AdminMSK
Advisor
Solution

Re: HP OneView troubles

Yes, downgrade are solved problem.

1. Enable TLS 1.0 on HP OneView.

2. Upgrade\downgrade iLO2 firmware to ver. 2.32

3. Change iLO2 certificate singning algorytm from MD5 to SHA1.

After these actions, Gen5 and Gen6 servers are successfully added for monitoring.

 

Can you suggest how to remove a group with a Cyrillic name in the name from Shchtu HPOneView?

AdminMSK
Advisor

Re: HP OneView troubles

Can you suggest how to remove a group with a Cyrillic in the name from  HPOneView?

ChrisLynch
HPE Pro

Re: HP OneView troubles

We currently do not offer the ability to disable individual ciphers within OneView today. 

Please know that the Gen5 servers you are adding are not supported and are not tested to work as even monitored devices.  We are also looking at deprecating legacy servers in the future.  Deprecation will always be documented at least in the Release Notes for that release.  We are looking at other ways to communicate legacy hardware support deprecation.

This legacy hardware deprecation is to remove vulnerable algorithms (i.e. TLS 1.0) and disable weaker ciphers from OneView.  This would mean supported Gen6 and Gen7 servers would no longer be monitorable from OneView in a future release.  And in your case, the Gen5 servers certainly would not be monitorable.

I cannot comment on a timeline. Just we are looking at planning that here in the near future.


I am an HPE employee

Accept or Kudo