HPE OneView
1748093 Members
5879 Online
108758 Solutions
New Discussion юеВ

Re: HP-Oneview 4.0 upgrade Issues

 
Jkersten1982
Advisor

HP-Oneview 4.0 upgrade Issues

Hello, Have upgraded our 3.0-Oneview appliance to 4.0, and I'm facing issues;

- Error: Unable to establish trusted communication with server, Could not find a valid iLO certificate (on 5 servers). Have already tried to remove the oneview user at the ILO of the server

- Oneview time isn't updated correctly, so adding a new server isn't possible (option Synchronize with VM Host is enabled, Host has correct time)

Any idea how I can fix this? Luckily we have a seperate Oneview for our live servers, but I'd like to solve this problem.

60 REPLIES 60
peyrache
Respected Contributor

Re: HP-Oneview 4.0 upgrade Issues

Hello
>From OV 4.0 release notes page 17
Communication with a managed device may fail despite the
existence of the certificate in the trust store
Under very rare circumstances communication with a managed device may fail with an unable to establish
trusted communication alert (shown below) despite the existence of the certificate in the trust store. The
resolution to add the certificate will fail.
Remote support master task incomplete even though subtasks are completed 17
Suggested action
>From the Settings > Security > Manage Certificate page:
* Delete the device certificate for which the communication failed
* Add the device certificate back with the same alias name
18 Issues
Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Thanks for your reply, however I did read the notes, and it was a part I still had to read (my bad).

However, the certificate (self-signed, which came with ILO) isn't in the list as I search the name (UUID). Also, when I remove the server, I also can't add it back because it complains of the system date/time configured and '[..] all the certificates in the ILO certificate chain are current and valid'.

Any idea?

peyrache
Respected Contributor

Re: HP-Oneview 4.0 upgrade Issues

how are you picked time ?( ntp local ?)
Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Time setting in Oneview is by host, and time of the ILO is picked by Oneview.

At this time, there's 1 minute difference between the ILO host and Oneview Appliance, but the error remains, see attachment

 

peyrache
Respected Contributor

Re: HP-Oneview 4.0 upgrade Issues

Did you try to delete certificate a described in release notes ?
Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Yeah, but the certificate isn't listed under 'Certificate' (No Matches when searching on UUID), so the first step failes. And I can't see how I can download the new certificate.

When I'm trying to add the certificate through Add Certificate -> "option Add certificate from an IP address or hostname", it says "One or more certificate(s) have expired." I think it's a correct message because the certificate on the server is expired (see attachment). Any idea how we can recreate a selfsigned ilo certificate? On a server in the same Oneview appliance, what doesn't have the problem, the certificate is valid untill 2032 or later.

BenjieE
Occasional Advisor

Re: HP-Oneview 4.0 upgrade Issues

Hi,

I have also just had this issue and noticed your post, I had to re-generate the self signed cert by changing iLO host name and resetting the iLO,  and then it fixed the problem and I could import into OneView 4.0. See this link.

The expiry date of the self signed cert is now 2038 following the name change.

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03743622.

I also have lots of locked errors from the upgrade as well relating to Leaf Certificates but cannot solve this even after deleting the expired certs, and removing and re-importing Enclosures. Anyway this is for another thread but lots of problems from the upgrade.

Thanks

Ben

 

BenjieE
Occasional Advisor

Re: HP-Oneview 4.0 upgrade Issues

And you need to change it to something else reset iLo then change the name back and another iLO reset otherwise it doesnt re-generate cert.

Jkersten1982
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Yeah, so, under Network -> ILO Dedicated network port -> General -> change hostname -> submit & reset, than after reset, again change hostname -> Submit & Reset?