- Community Home
- >
- Software
- >
- HPE OneView
- >
- Re: HP-Oneview 4.0 upgrade Issues
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-10-2019 08:44 PM
тАО01-10-2019 08:44 PM
Re: HP-Oneview 4.0 upgrade Issues
Thanks @ChrisLynch and @YYCSysAdmin
Just wanted to clarify to @YYCSysAdmin that you will see the alerts for the expired cerificates but communication will not be disrupted to these iLOs with out of the box / default settings. The alerts are for you to take notice of and fix the expired certificates on such iLOs which is what you are doing by making use of the powershell script. Let me know if this is what you are seeing in OneView 4.10 as well..
Regards,
Bhaskar
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-11-2019 08:05 AM
тАО01-11-2019 08:05 AM
Re: HP-Oneview 4.0 upgrade Issues
Thank you for the information. I am trying to get our Lab environment as clean as possible and remove any and all warnings and critical events to get it as clean as I can!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2019 01:31 PM - edited тАО01-14-2019 02:43 PM
тАО01-14-2019 01:31 PM - edited тАО01-14-2019 02:43 PM
Re: HP-Oneview 4.0 upgrade Issues
Just to let everyone know, the script provided to bulk update the SSL certs worked great once I renewed the Appliance self-signd SSL cert.
All iLO certs are now good!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-14-2019 02:04 PM
тАО01-14-2019 02:04 PM
Re: HP-Oneview 4.0 upgrade Issues
@YYCSysAdminSo glad to hear you got it fixed.
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2019 09:27 AM
тАО01-17-2019 09:27 AM
Re: HP-Oneview 4.0 upgrade Issues
Well Chris, maybe I spoke too soon. I have been trying to now use this on production but it is failing trying to authenticate. Our production system does use AD to login, I have tried with both AD account as well as the local administrator account but I keep getting this error:
We did just generate a new self signed certificate for the Appliance via the Oneview GUI this morning.
Connect-HPOVMgmt : Unable to establish trusted communication with the server. The certificate of the root CA that has authorized the directory server certificate is not present in the OneView trust store. Add the certificate of the root CA that has authorized the directory server's certificate into the OneView trust store and retry the operation. At C:\Users\********\*********\Documents\00. Scripts\HPE\Generate a new iLO self-signed SSL certificate.ps1:136 char:9 + Connect-HPOVMgmt -appliance $IP -UserName $username -Password ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Send-HPOVRequest:String) [Connect-HPOVMgmt], InvalidOperationException + FullyQualifiedErrorId : InvalidOperation,Connect-HPOVMgmt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-17-2019 10:52 PM - edited тАО01-21-2019 12:43 AM
тАО01-17-2019 10:52 PM - edited тАО01-21-2019 12:43 AM
Re: HP-Oneview 4.0 upgrade Issues
Try to use -DisableCertificateAuthentication parameters with your Connect-HPEiLO command egg:
Connect-HPEiLO -Credential (Get-Credential) -IP <ilofqdn> -Timeout 200 -DisableCertificateAuthentication
If certification Authentication is what you actually need and would use, then import the Root CA Certificate (from Cert Sign Authority, egg. Microsoft CA in house) to OneView Appliance by going to: Settings | Manage Certificates | Add certificates.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-18-2019 11:20 AM - edited тАО01-18-2019 12:11 PM
тАО01-18-2019 11:20 AM - edited тАО01-18-2019 12:11 PM
Re: HP-Oneview 4.0 upgrade Issues
Hello @Adis_S
Thank you for that, however I do not have that string in this script as the script Chris posted connects in through OneView, closest to that I think is:
Connect-HPOVMgmt -appliance $IP -UserName $username -Password $password | Out-Null
Is there a way to run a script direct against a single iLO vs going in through OneView? I know the benefit of the OneView method is it will also update OneView with the new cert / force it to recheck..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2019 11:29 PM
тАО01-20-2019 11:29 PM
Re: HP-Oneview 4.0 upgrade Issues
I did not check script from @ChrisLynch i just gave you an example, which I use to connect to single iLO and which ignores the Certificate Authentication.
But seems there is no such option "DisableCertificateAuthentication" for Connect-HPOVMgmt.
Normaly when adding a Directory servers for Domain login it imports a Domain Root CA certificates to, which can be checked when going over WebGUI to Security | Directory | Edit Directory under Directory servers there is column with "Certificate Status". Do you have anything there?
So for your case you need to import your Root CA into Oneview bei using WebGUI and going to "Security | Manage certificates | Add certificates" . An additional step could popup, to import same cert on your workstation/management server from where you are starting your script.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2019 11:15 AM
тАО01-22-2019 11:15 AM
Re: HP-Oneview 4.0 upgrade Issues
The Connect-HPOVMgmt Cmdlet does not contain a parameter like the iLO Cmdlets do. This is because the HPE OneView PowerShell library supports session state of authenticated connections. Each Cmdlet does not have credential support to authenticate to an iLO individually.
The HPE OneView PowerShell library examines the SSL certificate of the connecting appliance and validates its validity using .Net methods.
That being said, yes, the iLO Cmdlets or HPEREST Cmdlets can be used indipendently of HPE OneView to perform various operations. If you simply wanted to generate the iLO certificate using the HPERest Cmdlets, then you would want to look at Line 237 from the script I linked you to.
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2019 11:23 AM
тАО01-22-2019 11:23 AM
Re: HP-Oneview 4.0 upgrade Issues
@YYCSysAdmin wrote:Well Chris, maybe I spoke too soon. I have been trying to now use this on production but it is failing trying to authenticate. Our production system does use AD to login, I have tried with both AD account as well as the local administrator account but I keep getting this error:
We did just generate a new self signed certificate for the Appliance via the Oneview GUI this morning.
Connect-HPOVMgmt : Unable to establish trusted communication with the server. The certificate of the root CA that has authorized the directory server certificate is not present in the OneView trust store. Add the certificate of the root CA that has authorized the directory server's certificate into the OneView trust store and retry the operation. At C:\Users\********\*********\Documents\00. Scripts\HPE\Generate a new iLO self-signed SSL certificate.ps1:136 char:9 + Connect-HPOVMgmt -appliance $IP -UserName $username -Password ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Send-HPOVRequest:String) [Connect-HPOVMgmt], InvalidOperationException + FullyQualifiedErrorId : InvalidOperation,Connect-HPOVMgmt
That Connect-HPOVMgmt error is originating from the appliance. Genreating the appliances SSL certificate is not the source. Can you validate that you have added all of the CA certs (root and subordinates) to your appliance? You can change your login code to:
Connect-HPOVMgmt -Hostname $appliance -Username $MyAccountName -Password $MyPassword -AuthLoginDomainLOCAL
Then you can run other Cmdlets bypassing Authentication Directory issues you have. Just make sure that you have a local user account.
I am an HPE employee