HPE Community
HPE OneView
1753905 Members
9882 Online
108810 Solutions
New Discussion

Re: HP-Oneview 4.0 upgrade Issues

 
Jkersten1982
Advisor

‎05-24-2018 03:21 AM

‎05-24-2018 03:21 AM

Re: HP-Oneview 4.0 upgrade Issues

@KSM1 yeah I know, I have corrected it for the Gen8 machines. for Gen7 machines I can't get it fixed. Certificate has a correct date (start 2018/end 2033), but the error still remains.

And second, the error starting with 'Leaf certificate' is still displayed as a critical alerts. I still can't remove the error myself.

0 Kudos
Reply
YYCSysAdmin
Frequent Advisor

‎01-09-2019 02:42 PM

‎01-09-2019 02:42 PM

Re: HP-Oneview 4.0 upgrade Issues

Currently on OneView 4.10 and this issue still exist it seems, 3 iLO connections reporting SSL certs 

Valid From Jan 30 23:00:00 2013 GMT

 

Valid Until Dec 26 17:31:44 2001 GMT

0 Kudos
Reply
BhaskarV
Trusted Contributor

‎01-09-2019 09:30 PM

‎01-09-2019 09:30 PM

Re: HP-Oneview 4.0 upgrade Issues

Hi @YYCSysAdmin

I work for HPE.
Can you help us with any further information you can share on this?

The incorrect valid from / valid until dates in certificates on some of the iLOs - are you having trouble in fixing the firmware and certificates on the 3 iLOs?

Or, are you stating that
1. the locked alerts are still there in OneView 4.10 and not getting cleared even though the certificates got fixed?
2. OneView 4.10 is alerting about the specific bad certificates (whereas it should not be)

Regards,
Bhaskar


I am an HPE employee

Accept or Kudo

Reply
YYCSysAdmin
Frequent Advisor

‎01-10-2019 07:22 AM

‎01-10-2019 07:22 AM

Re: HP-Oneview 4.0 upgrade Issues

Hello,

The iLO are gen 4, using firmware 2.60 May 23 2018, on blade nodes ProLiant BL460c Gen8. We are using OneView 4.10 currently. The alerts are showing for 3 nodes and the expiration date is showing as Dec 2001

 

Issued By
C = US, ST = TX, L = Houston, O = Hewlett-Packard Company, OU = ISS, CN = iLO Default Issuer (Do not trust)
Valid From
Jan 30 23:00:00 2013 GMT
Valid Until
Dec 26 17:31:44 2001 GMT
Serial Number
52:6a:a1:3c

I will be doing a host rename on the iLO and a power cycle for it to generate new certificates, unless there is a better method that does not require me to power cycle the blade node?

0 Kudos
Reply
ChrisLynch
HPE Pro

‎01-10-2019 07:26 AM

‎01-10-2019 07:26 AM

Re: HP-Oneview 4.0 upgrade Issues

A power cycle of the server is never required just to change or update the iLO SSL Cert, let alone the iLO configuration.  If you want to automate this process, or do multiple iLOs without needing to go to their respective web management UI's, you can use this PowerShell script.


I am an HPE employee

Accept or Kudo

Reply
YYCSysAdmin
Frequent Advisor

‎01-10-2019 09:17 AM

‎01-10-2019 09:17 AM

Re: HP-Oneview 4.0 upgrade Issues

Thank you Chris,

I was going by what a couple of other people had posted their solution was to the issue.

0 Kudos
Reply
YYCSysAdmin
Frequent Advisor

‎01-10-2019 10:50 AM

‎01-10-2019 10:50 AM

Re: HP-Oneview 4.0 upgrade Issues

Question, as I am running into an issue. I am trying to test this in our lab but receiving an error

"The certificate is not truested due to these X509CertChain flags: NotTimeValid"  -

I checked the GitHub page but do not see a support thread related to this script. The MS links did provide possible ignore flags but I am unsure where to put them into the script to ingnore the NotValidTime error.

I would like to test this out in our lab first if possible.

0 Kudos
Reply
ChrisLynch
HPE Pro

‎01-10-2019 11:33 AM

‎01-10-2019 11:33 AM

Re: HP-Oneview 4.0 upgrade Issues

Replace Line 166:

[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

with

[System.Net.ServicePointManager]::CertificatePolicy = { $true }

 


I am an HPE employee

Accept or Kudo

Reply
YYCSysAdmin
Frequent Advisor

‎01-10-2019 02:48 PM

‎01-10-2019 02:48 PM

Re: HP-Oneview 4.0 upgrade Issues

Thank you very much!

My next inquiry, can i specify this to only do a single iLO vs all nodes in OneView? Or does it prompt once run?

0 Kudos
Reply
ChrisLynch
HPE Pro

‎01-10-2019 02:51 PM

‎01-10-2019 02:51 PM

Re: HP-Oneview 4.0 upgrade Issues

Line 170 is where you would change to something like:

$servers = Get-HPOVServer -Name ServerName

or for wildcard search

$servers = Get-HPOVServer -Name ServerName*


I am an HPE employee

Accept or Kudo

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.