- Community Home
- >
- Software
- >
- HPE OneView
- >
- Re: HP-Oneview 4.0 upgrade Issues
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2018 03:08 AM
05-18-2018 03:08 AM
Re: HP-Oneview 4.0 upgrade Issues
Kick of this topic., as I'm facing 3 issues with another Oneview environment (on another location) from 3.x to 4.00.07.02. Had a lot of expired ILO certificates (15), this issue is resolved by reset the ilo to factory defaults, re-add the ip-address etc again and update the certificates in the store in OV.
1. a lot of 'leaf certificate with alias name 'xxx' is expired. I can't remove these alerts myself, they are locked in 'Active Alerts'
2. CA certificate with alias name xx is expired. Can i see somewhere if this CA Certificate is still being used by some device?
3. Alert 'The appliance certificate does not have 'Client Authentication' in its Enhanced Key Usage field which is required for OneView to communicate to an iLO that has two-factor authentication mode enabled.' Where can I change this or resolve this behavior?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2018 06:11 AM
05-18-2018 06:11 AM
Re: HP-Oneview 4.0 upgrade Issues
I just installed version 4.00.09 and after thast the certificate problem was gone.
Now i just have to figure out how to get a leaf certificate, but the critical error is gone.
Kenneth
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2018 07:07 AM
05-18-2018 07:07 AM
Re: HP-Oneview 4.0 upgrade Issues
Glad to hear the 4.00.09 patch helped fix the critical error. The leaf certificate is the iLO cert. As long as it is being managed, and no further errors about the certificate have been reported, the cert should already be trusted within the appliance certificate store.
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2018 07:13 AM
05-18-2018 07:13 AM
Re: HP-Oneview 4.0 upgrade Issues
@Jkersten1982 wrote:Kick of this topic., as I'm facing 3 issues with another Oneview environment (on another location) from 3.x to 4.00.07.02. Had a lot of expired ILO certificates (15), this issue is resolved by reset the ilo to factory defaults, re-add the ip-address etc again and update the certificates in the store in OV.
1. a lot of 'leaf certificate with alias name 'xxx' is expired. I can't remove these alerts myself, they are locked in 'Active Alerts'
2. CA certificate with alias name xx is expired. Can i see somewhere if this CA Certificate is still being used by some device?
3. Alert 'The appliance certificate does not have 'Client Authentication' in its Enhanced Key Usage field which is required for OneView to communicate to an iLO that has two-factor authentication mode enabled.' Where can I change this or resolve this behavior?
- The 4.00.09 update will help fix this issue.
- Unfortunately, not today.
- You need to validate in your Cert Authority template that it will create a certificate with both "Server Authentication" and "Client Authentication" Ehanced Key Usage proerties when issuing the certificate. If you are using Microsoft Certificate Authority, these ehance key usage properties are standard in the Web Server template.
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2018 07:15 AM
05-18-2018 07:15 AM
Re: HP-Oneview 4.0 upgrade Issues
Hmm didn't notice .09 was released; will try to upgrade the OV to this version this weekend or next week, and let's see what happends than. Still working to fix the issue(s), out of the blue, there are some servers complaining now about; the following. Strange thing is, the certificate is valid, so I don't expect these messages at all.
Unable to establish trusted communication with the server. The iLO certificate does not have any IP address or host name specified.
The certificate has a hostname, so i have to figure out why this error is happening and howto resolve this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2018 07:18 AM
05-18-2018 07:18 AM
Re: HP-Oneview 4.0 upgrade Issues
@ChrisLynch wrote:
- The 4.00.09 update will help fix this issue.
- Unfortunately, not today.
- You need to validate in your Cert Authority template that it will create a certificate with both "Server Authentication" and "Client Authentication" Ehanced Key Usage proerties when issuing the certificate. If you are using Microsoft Certificate Authority, these ehance key usage properties are standard in the Web Server template.
Thanks! Will give it a try later. Maybe my issues what I'm facing now is also resolved when upgrading to 4.00.09. Will let you know.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2018 02:37 AM
05-22-2018 02:37 AM
Re: HP-Oneview 4.0 upgrade Issues
This morning, I have deployed update 4.00.09 to resolve 2 issues.
After the upgrade the 2 errors are still displayed in Oneview:
1. 'Leaf certificate' with alias name <hash> is expired
2. 'Unable to establish trusted communication with the server. ILO certificate does not have any IP address or host specified'
Is there something what we can do to remove the alerts?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2018 06:30 AM
05-22-2018 06:30 AM
Re: HP-Oneview 4.0 upgrade Issues
I found this interiesting document here https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00041655en_us&docLocale=en_US, my issue is that the date validation from to is reversed.
I tried to follow a link in the file, but it took me to an HPE site where this file does not exist.
this is the link https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03743622
is there a solution to this?
Kenneth
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2018 03:11 AM
05-23-2018 03:11 AM
Re: HP-Oneview 4.0 upgrade Issues
That document was superseded by https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00042194en_us
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2018 10:49 PM
05-23-2018 10:49 PM
Re: HP-Oneview 4.0 upgrade Issues
@Jkersten1982 I was able to fix the Certificate problem, all it took was to reset the ILO to default and then set it up again with the correct ip and so on, then the certificate was renewed with correct from - to date and all went green again :)
hope this will help you to solve your issue.
Kenneth