HPE OneView
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

MarioE
Advisor

Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Hello

I upgraded HPE OneView from Verion 4.00.07 to 4.00.07.02.
Since I have installed this update .02, I receive about 20 messages every day:

Bild1.jpg

Unable to establish trusted communication with the server. The iLO certificate does not have any IP address or host name specified.

Some of these alarms are "Locked".
When I do a refresh of the server, the alarm is mostly cleared again. Sometimes I have to do the refresh 2 or 3 times.

However, most alarms will be cleared right away:

Bild2.jpg

I only have ProLiant DL Server in the HPE OneView. This error I have over all servers (G7, Gen8, Gen9) with all iLO FW versions and over again. Only with the Gen10 servers I do not have this problem.

Does anyone else have this problem?

 

 

11 REPLIES
peyrache
Respected Contributor

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Only update ? nor Ilo Ip address change ?
MarioE
Advisor

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

I only did the updates of the HPE OneView. Before the update, I had never seen this error. I did not make any changes to the iLOs.

peyrache
Respected Contributor

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Shall you post exact error message (complete screen)
Thanks
MarioE
Advisor

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Unable to establish trusted communication with the server. The iLO certificate does not have any IP address or host name specified.

Resolution Ensure that the iLO is set up with a certificate that has a valid ip address or host name specified. After setting up iLO with the certificate as specified, in case of a CA signed certificate, ensure that the root certificate and the appropriate intermediate certificates are present in OneView's trust store. In case a new iLO self-signed certificate was generated to correct the issue, add the same into OneView's trust store. Refresh the server and retry the operation. Use the link provided below to add certificate(s) to OneView's trust store.

Event details
certificateMismatch true
clearPriorEvents true
correctiveAction Ensure that the iLO is set up with a certificate that has a valid ip address or host name specified. After setting up iLO with the certificate as specified, in case of a CA signed certificate, ensure that the root certificate and the appropriate intermediate certificates are present in OneView's trust store. In case a new iLO self-signed certificate was generated to correct the issue, add the same into OneView's trust store. Refresh the server and retry the operation. Use the link provided below to add certificate(s) to OneView's trust store.
locked     true
resourceUri   /rest/server-hardware/32333536-3030-5A43-3234-323730484452

peyrache
Respected Contributor

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Should be related to:
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00042194en_us&docLocale=en_US
or
Certificate expiration alerts reported during HPE OneView 4.0 upgrade

HPE OneView has a new certificate-related security setting: "Check for expiration of self-signed certificates". The setting is disabled by default. When disabled, a warning alert is displayed for any device with an expired certificate on the device's resource screen. For example, server hardware screen. Additionally, separate alerts for expired certificates are displayed on the Settings > Activity screen.

After HPE OneView 4.0 upgrade, under certain circumstances, warning alerts for expired iLO certificates are not displayed on the corresponding server hardware screen. Note that any server hardware warning alerts will be displayed on the Settings > Activity screen.

The certificate expiration alerts displayed on the Settings > Activity screen are created incorrectly as critical, locked alerts (red alerts) instead of warning alerts.

Suggested action

Communications with devices is not impacted by these specific critical alerts. Both warning and critical alerts are cleared automatically when the corresponding expired certificates are fixed. The certificate alert can be fixed by either generating a new self-signed certificate for the device and placing that in the HPE OneView certificate trust store or by performing a certificate signing request and using a certificate authority-issued certificate for the device. For more information on regenerating iLO certificates, see Correcting expired certificates for an iLO.
MarioE
Advisor

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

I have no self-signed certificates. All iLO certificate are Trusted SSL Certificate signed by our Certification Authority (CA).
All certificates are valid and have not expired.

peyrache
Respected Contributor

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

So the best is to open a case to HPE support
For Oneview dump analysis
ChrisLynchHPE
Neighborhood Moderator

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

If you have not already, please add your Issuing and all chain CA certs to your appliance.  Please see this help link about this topic and to navigate other supporting documentation.

ChrisLynchHPE
Neighborhood Moderator

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Just as a quick follow up, 4.00.07.02 was only released to address an SNMPv3 issue with Gen10 and the recently released iLO 1.20 firmware.

Rextor
Occasional Visitor

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Did you find a solution for this one? We are facing the same problem when using certificates from our own certificate authority and not the self signed certificates

MarioE
Advisor

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Yes, I could solve the problem.
We are in the process of replacing our internal CA.
That means I have to enter both CA servers under Settings - Manage certificates (Trust Store).
I had to recreate all iLO Trusted SSL Certificate signed by our old CA, with the new CA.

In the Trust Store, I have changed nothing more, just recreated the certificates with the new CA. That is, there are still both CA (old and new) registered in the Trust Store.

I had both CA registered in the Trust Store for some time, but I only had problems after the update to Version 4.00.07.02.