HPE Community
ProLiant Servers (ML,DL,SL)
1753481 Members
4599 Online
108794 Solutions
New Discussion

Issue with remote console and timeouts when using AD for iLO4 authentication

 
dzr0001
Visitor

‎11-12-2012 11:45 AM

‎11-12-2012 11:45 AM

Issue with remote console and timeouts when using AD for iLO4 authentication

I am currently working with a set of DL360p Gen8 servers with iLO 4 Advanced 1.0.1. I am able to successfully authenticate against active directory to login with iLO. However, whenever I attempt to launch a remote console, I receive the following error:

 

"Please verify with your administrator that you have permission to use this iLO and that the Active Session limit has not been reached."

 

The group this user belongs to has been given rights to everything in the group configuration. Whenever I receive this error, the iLO page resets stating that my session has timed out. I don't experience any of these problems when logging in with a local user. I suspect this issue may somehow be related to a load balancer we have in front of the AD servers. As such, I was wondering if there were any ways to get any kind of debug output from the iLO authentication process.

 


Thanks in advance,

 

Dylan

0 Kudos
Reply
7 REPLIES 7
Oscar A. Perez
Honored Contributor

‎11-13-2012 06:51 AM

‎11-13-2012 06:51 AM

Re: Issue with remote console and timeouts when using AD for iLO4 authentication

Does it happen with the Java Remote Console as well? With Java, you can enable debugging and capture the output from the debug console.
I would also suggest you to upgrade iLO4 firmware to 1.10.



__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
0 Kudos
Reply
dzr0001
Visitor

‎11-13-2012 06:34 PM

‎11-13-2012 06:34 PM

Re: Issue with remote console and timeouts when using AD for iLO4 authentication

Thanks for the reply. I will update the firmware and give it a shot.

 

 

0 Kudos
Reply
dzr0001
Visitor

‎11-14-2012 08:07 AM

‎11-14-2012 08:07 AM

Re: Issue with remote console and timeouts when using AD for iLO4 authentication

Updating the iLO firmware didn't seem to make any difference, unfortunately. When the failure occurs, the relevant message in the java console is:

 

<cut>

RC port number 17990
updated: connecting to 10.10.5.63:17990
network: Connecting http://10.10.5.63:17990/ with proxy=DIRECT
set TcpNoDelay
Received hello byte. Requesting remote connection...
Access denied.
</cut>

If I configure iLO to use one of the domain controllers directly, I can launch the console. If I login to iLO while configured for 1 server, but switch the authentication to use the load balancer before launching the remote console, the console loads fine.

 

Does the iLO do some sort of credential caching that doesn't play nice with directory servers changing?

 

Thanks,


Dylan

 

 

0 Kudos
Reply
Oscar A. Perez
Honored Contributor

‎11-15-2012 10:38 AM - edited ‎11-15-2012 10:39 AM

‎11-15-2012 10:38 AM - edited ‎11-15-2012 10:39 AM

Re: Issue with remote console and timeouts when using AD for iLO4 authentication

That access denied message means that iLO did not grant access to the remote console app due to problems with the credentials.

You can run the .NET Remote Console (IRC.exe) as a standalone app and try playing with more credentials. The IRC.exe file should be somewhere in: c:\Users\<UserName>\AppData\Local\Apps\2.0\...




__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
0 Kudos
Reply
dzr0001
Visitor

‎11-15-2012 12:20 PM

‎11-15-2012 12:20 PM

Re: Issue with remote console and timeouts when using AD for iLO4 authentication

Thanks for the reply. It seems that when I connect directly with the application, it works as expected and without issue. This only occurrs when launching the console through the iLO web interface.

 

Thanks,

 

Dylan

0 Kudos
Reply
yaro137
Advisor

‎12-06-2018 11:21 PM - edited ‎12-06-2018 11:22 PM

‎12-06-2018 11:21 PM - edited ‎12-06-2018 11:22 PM

Re: Issue with remote console and timeouts when using AD for iLO4 authentication

This is interesting as I have exact same issue way after the op reported it and it's 2,61. I always use the .net console. Has it ever been found what is the root cause of this access denied issue? I wouldn't want to give away local admin creds just so ops can connect to the console.

0 Kudos
Reply
yaro137
Advisor

‎01-31-2019 06:20 AM

‎01-31-2019 06:20 AM

Re: Issue with remote console and timeouts when using AD for iLO4 authentication

When I tested the account the Cumulative Rights field only displays "Login". This is odd as as the account is a member of a group in Directory User Context. However, the account is in a diferent domain then the group. Perhaps this is the problem and if so how to go about it?

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.