HPE OneView
cancel
Showing results for 
Search instead for 
Did you mean: 

HP-Oneview 4.0 upgrade Issues

Jkersten1982
Advisor

HP-Oneview 4.0 upgrade Issues

Hello, Have upgraded our 3.0-Oneview appliance to 4.0, and I'm facing issues;

- Error: Unable to establish trusted communication with server, Could not find a valid iLO certificate (on 5 servers). Have already tried to remove the oneview user at the ILO of the server

- Oneview time isn't updated correctly, so adding a new server isn't possible (option Synchronize with VM Host is enabled, Host has correct time)

Any idea how I can fix this? Luckily we have a seperate Oneview for our live servers, but I'd like to solve this problem.

35 REPLIES
Highlighted
peyrache
Respected Contributor

Re: HP-Oneview 4.0 upgrade Issues

Hello
>From OV 4.0 release notes page 17
Communication with a managed device may fail despite the
existence of the certificate in the trust store
Under very rare circumstances communication with a managed device may fail with an unable to establish
trusted communication alert (shown below) despite the existence of the certificate in the trust store. The
resolution to add the certificate will fail.
Remote support master task incomplete even though subtasks are completed 17
Suggested action
>From the Settings > Security > Manage Certificate page:
* Delete the device certificate for which the communication failed
* Add the device certificate back with the same alias name
18 Issues
Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Thanks for your reply, however I did read the notes, and it was a part I still had to read (my bad).

However, the certificate (self-signed, which came with ILO) isn't in the list as I search the name (UUID). Also, when I remove the server, I also can't add it back because it complains of the system date/time configured and '[..] all the certificates in the ILO certificate chain are current and valid'.

Any idea?

peyrache
Respected Contributor

Re: HP-Oneview 4.0 upgrade Issues

how are you picked time ?( ntp local ?)
Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Time setting in Oneview is by host, and time of the ILO is picked by Oneview.

At this time, there's 1 minute difference between the ILO host and Oneview Appliance, but the error remains, see attachment

 

peyrache
Respected Contributor

Re: HP-Oneview 4.0 upgrade Issues

Did you try to delete certificate a described in release notes ?
Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Yeah, but the certificate isn't listed under 'Certificate' (No Matches when searching on UUID), so the first step failes. And I can't see how I can download the new certificate.

When I'm trying to add the certificate through Add Certificate -> "option Add certificate from an IP address or hostname", it says "One or more certificate(s) have expired." I think it's a correct message because the certificate on the server is expired (see attachment). Any idea how we can recreate a selfsigned ilo certificate? On a server in the same Oneview appliance, what doesn't have the problem, the certificate is valid untill 2032 or later.

BenjieE
Occasional Advisor

Re: HP-Oneview 4.0 upgrade Issues

Hi,

I have also just had this issue and noticed your post, I had to re-generate the self signed cert by changing iLO host name and resetting the iLO,  and then it fixed the problem and I could import into OneView 4.0. See this link.

The expiry date of the self signed cert is now 2038 following the name change.

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03743622.

I also have lots of locked errors from the upgrade as well relating to Leaf Certificates but cannot solve this even after deleting the expired certs, and removing and re-importing Enclosures. Anyway this is for another thread but lots of problems from the upgrade.

Thanks

Ben

 

BenjieE
Occasional Advisor

Re: HP-Oneview 4.0 upgrade Issues

And you need to change it to something else reset iLo then change the name back and another iLO reset otherwise it doesnt re-generate cert.

Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Yeah, so, under Network -> ILO Dedicated network port -> General -> change hostname -> submit & reset, than after reset, again change hostname -> Submit & Reset?

BenjieE
Occasional Advisor

Re: HP-Oneview 4.0 upgrade Issues

Yes, works on DL servers, but with Blades in an Enclosure proving more tricky to get OneView to refresh.

 

Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

OK, i've done the hard way (so factory reset ILO and configure ILO again via SHH through my Vmware machines with HPONCFG), but that takes a lot more time. WIll try this also.

Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Hmm, ILO 4-2.55 will not regenerate the certificate after renaming the ILO hostname..

BenjieE
Occasional Advisor

Re: HP-Oneview 4.0 upgrade Issues

My servers were iLO 3's havent had to re-generate the certs on my iLO 4 sevrers yet.

 

Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Ah. So, it's better to factory reset the ILO and reapply the settings. Than problem is solved.

But it was kinda weird the problem came up after applying the update from 3.10 to 4.0. It is something in 4.0 what doesn't work as it should do.

Dennis Handly
Acclaimed Contributor

Re: HP-Oneview 4.0 upgrade Issues

@Jkersten1982I think it's a correct message because the certificate on the server is expired

 

Strange, your certificate was never valid, says it expires in 2006 and started in 2017.

(Unless it uses a 32 bit time_t that can't handle dates after 2038?)

Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

@Dennis Handly yeah, that's strange right? I've updated the ILO  on most of the servers when we started to use Oneview for simple monitoring ot the state of the servers, the oldest ilo v4 was 1.30. Don't know if that was the reason for it.

thomaspunktelf
Occasional Advisor

Re: HP-Oneview 4.0 upgrade Issues

Hi,
I`m facing the same problem with the "Leaf certificate...is expired" errors.
Is there any possibility to unlock and clear or hide this alert?
I`ve deleted and recreated the certificates as described, but the errors aren`t gone.

regards
Tom

Chris_L1
Advisor

Re: HP-Oneview 4.0 upgrade Issues

We just finished updating our instances of OneView and had the same issue with all Gen-7 (iLO3) servers.  We fixed by doing what was stated earlier in this posting.  

Note:  we still have a few Gen-7s (DL380 and DL360) that did not resolve after performing the rename/rediscover steps.  The one thing that they all have in common is that they are at iLO ver. 1.88.  We are working on getting these updated and will try the fix on these remaining servers.

Just wanted to share the firmware observation.

ChrisLynchHPE
Neighborhood Moderator

Re: HP-Oneview 4.0 upgrade Issues

I wanted to let those in this thread know that we have a patch in the works to address these issues.  For customers looking to upgrade to 4.00, I would ask that you hold off on performing that upgrade.  The patch I mentioned is currently on track for early this month (Feb 2018).  I will post back on this thread with the exact details of the patch, including version and location when we have that.

JP_Conklin
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Thanks Chris.

AndreWein
Occasional Visitor

Re: HP-Oneview 4.0 upgrade Issues

Hello Chris, i´m from Schwarz IT in Germany. We talked about Oneview in Madrid last Year.

We need the Fix from the certificate errors on Oneview 4.0.

Matthew Ingram
Regular Advisor

Re: HP-Oneview 4.0 upgrade Issues

I see 4.00.07 was released but no menton of a fix for this issue.

ChrisLynchHPE
Neighborhood Moderator

Re: HP-Oneview 4.0 upgrade Issues

The 4.00.07 patch was released specifically to address the cert issues during upgrades.
sysadmin4151
Occasional Advisor

Re: HP-Oneview 4.0 upgrade Issues

So 4.00.07 doesn't apply if you're already on 4.00.05? Tried to upgrade and it failed, something about pre check version 4.00.05.