ProLiant Servers (ML,DL,SL)
1748052 Members
4851 Online
108758 Solutions
New Discussion

Re: Accessing ILO4 Integrated Remote Console through tunnel

 
Crls
Occasional Contributor

Accessing ILO4 Integrated Remote Console through tunnel

Hello everyone,

I have a Proliant DL20 Gen9. From the local network I can access the .NET remote terminal without any issue (I don't know why I get an UnsatisfiedLinkError exception when I try to use java web start). 

Now, I would like to access the remote console from outside the local network through an ssh tunnel. I have forwarded all the required ports: 17990, 17988, 443 and 80 but nothing happens when I try to launch the terminal, I am not even asked permission to run the application as I would be in the local network.

I have run some tests in the local network using network tools and it seems that the ILO4 website tries to download the .NET application from the internal IP address of the server as follows:

ServerILOIP: 192.168.1.103

AuxServer: 192.168.1.40

MyLaptop: 192.168.1.120

 - I set up an ssh tunnel listening on ports 17990, 17988, 443 and 80 at AuxServer and forwarding them to the same ports at ServerILOIP.

- From MyLaptop I open Microsoft Edge and I open https://AuxServer. I can log in and browse the ILO4 website normally. If I launch the .NET remote console, it opens and works normally.

However, when I launch the application, a connection is open from MyLaptop to ServerILOIP, port 80, to download the application. The query is: 

GET /html/IRC.application?addr=192.168.1.40&sessionKey=ffb2e05d06ea4fd73a718da31250e4f5&lang=en&port=443&alt_mode=0&cofc_goback=false 

Note that I connected to AuxServer with the browser and the important ports, including 80, are forwarded to ServerILOIP. The application should (and can) be downloaded from AuxServer:80, but it tries to make the direct connection. It is like the local IP of the server is hardcoded somewhere in the code of the website.

This seems to be why I cannot use the remote console from the outside, because it still tries to connect to the local IP address, which is not directly accessible. Do you know any way to circunvent this problem?

Any suggestions will be much appreciated.

Regards,

 

 

 

 

 

3 REPLIES 3
AmRa
HPE Pro

Re: Accessing ILO4 Integrated Remote Console through tunnel

Hi 

This might be due to iLO secuirty setting.

Please follow the workaround mentioned in customer advisory and share the observation.

https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c05237563

I am an HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
AmRa
HPE Pro

Re: Accessing ILO4 Integrated Remote Console through tunnel

Also if iLO is on a private IP you can check by doing NAT.

I am an HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
Crls
Occasional Contributor

Re: Accessing ILO4 Integrated Remote Console through tunnel

Hello @AmRa,

Thanks for your reply. 

The "Enforce AES/3DES Encryption" setting was already disabled. However, I discovered that there is a remote console standalone application:

https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_4f842ceb31cf48d392e22705a8

which does work by simply redirecting ports 443 and 17990.

Regarding your suggestion to use NAT, like I said in my previous message, when launching the remote console directly from the ILO website, it tries to download the application by connecting directly to the address of the ILO NIC. Therefore, unless that address is directly accesible (which it cannot be from the outside, as it has a private address), I cannot see how it could work. It seems the private address of the server is hardcoded somewhere in the ILO website.

Regards