HPE OneView
cancel
Showing results for 
Search instead for 
Did you mean: 

HP-Oneview 4.0 upgrade Issues

 
Highlighted
BhaskarV
Frequent Advisor

Re: HP-Oneview 4.0 upgrade Issues

Thanks @ChrisLynchHPE and @YYCSysAdmin  

Just wanted to clarify to @YYCSysAdmin that you will see the alerts for the expired cerificates but communication will not be disrupted to these iLOs with out of the box / default settings. The alerts are for you to take notice of and fix the expired certificates on such iLOs which is what you are doing by making use of the powershell script. Let me know if this is what you are seeing in OneView 4.10 as well.. 

Regards,
Bhaskar



I am a HPE Employee
YYCSysAdmin
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Thank you for the information. I am trying to get our Lab environment as clean as possible and remove any and all warnings and critical events to get it as clean as I can!

YYCSysAdmin
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Just to let everyone know, the script provided to bulk update the SSL certs worked great once I renewed the Appliance self-signd SSL cert.

All iLO certs are now good!

ChrisLynchHPE
Neighborhood Moderator

Re: HP-Oneview 4.0 upgrade Issues

@YYCSysAdminSo glad to hear you got it fixed.

YYCSysAdmin
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Well Chris, maybe I spoke too soon. I have been trying to now use this on production but it is failing trying to authenticate. Our production system does use AD to login, I have tried with both AD account as well as the local administrator account but I keep getting this error:

We did just generate a new self signed certificate for the Appliance via the Oneview GUI this morning.

Connect-HPOVMgmt : Unable to establish trusted communication with the server. The certificate of the root CA that has authorized the directory server certificate is not present in the OneView trust store. Add the certificate of the root CA that has 
authorized the directory server's certificate into the OneView trust store and retry the operation. 
At C:\Users\********\*********\Documents\00. Scripts\HPE\Generate a new iLO self-signed SSL certificate.ps1:136 char:9
+         Connect-HPOVMgmt -appliance $IP -UserName $username -Password ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Send-HPOVRequest:String) [Connect-HPOVMgmt], InvalidOperationException
    + FullyQualifiedErrorId : InvalidOperation,Connect-HPOVMgmt
Adis_S
Advisor

Re: HP-Oneview 4.0 upgrade Issues

@YYCSysAdmin

Try to use -DisableCertificateAuthentication parameters with your Connect-HPEiLO command egg:

$connection = Connect-HPEiLO -Credential $credential -IP $srvILO -Timeout 200 -DisableCertificateAuthentication

 

If certification Authentication is what you actually need and would use, then import the Root CA Certificate (from Cert Sign Authority, egg. Microsoft CA in house) to OneView Appliance by going to:  Settings | Manage Certificates | Add certificates.

 

 

YYCSysAdmin
Advisor

Re: HP-Oneview 4.0 upgrade Issues

Hello @Adis_S

Thank you for that, however I do not have that string in this script as the script Chris posted connects in through OneView, closest to that I think is:

Connect-HPOVMgmt -appliance $IP -UserName $username -Password $password | Out-Null

Is there a way to run a script direct against a single iLO vs going in through OneView? I know the benefit of the OneView method is it will also update OneView with the new cert / force it to recheck..