HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Remote console, SSL certificates, and port 80

 
SOLVED
Go to solution
Richardw-au
Visitor

Remote console, SSL certificates, and port 80

Hi All

 

Hopefully there’s somebody out there than can help with this issue.

I have a StoreEasy 1450 with ILO4 out on a customer site. The customer has configured a port forward from 4433 to 443 so I can get access to the ILO interface.

I can log in to ILO but when I try and launch the remote console nothing happens.

 

After a bit of Googling I believe it may be trying to redirect through port 80 due to an untrusted certificate.

http://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=5195931&docId=mmr_kc-0106591&lang=en-us&cc=us&docLocale=en_US

However the above article states that Java RC would work, but for me it does not.

The site is added to trusted sites in IE, and I have tried with protected mode off.

IE, Chrome and Firefox all the same, nothing happens and no clue why.

 

So I have installed a Digicert certificate which is trusted by the browser, but maybe not by the web server in ILO, not 100% sure about that.

Still no joy.

Ports 443 and 80 are in use so there is no option to use them.

I’m pretty sure it’s not a client side issue.

 

ILO Firmware is 2.10

 

The digicert SSL certificate was sent with a certificate for an intermediate trusted CA, but it looks like only one SSL certificate can be installed in ILO.

I believe this must be a very common usage scenario given most small businesses only have one public IP address, and would be hosting a website on port 80

 

Any succinct thoughts and suggestions gratefully received.

4 REPLIES
Jimmy Vance
HPE Pro

Re: Remote console, SSL certificates, and port 80

The document you mention could be part of an issue you're seeing. As a test, you could download the stand alone IRC application that doesn't require it to be downloaded from the iLO.  Is there also a port forward setup for 17990? iLO uses port 17990 for remote console.

 

HP Lights-Out Stand Alone Remote Console for Windows

http://h20566.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=5264039&swItemId=MTX_4f842ceb31cf48d392e22705a8&swEnvOid=4060#tab-history

 

 

I've seen others recommend as a best practice to use a VPN to access the remote network instead of poking a bunch of holes in a firewall/router.

 

Default iLO port values

 

Secure Shell (SSH) Port - 22
Remote Console Port - 17990
Web Server Non-SSL Port (HTTP) - 80
Web Server SSL Port (HTTPS) - 443
Virtual Media Port - 17988
SNMP Port - 161
SNMP Trap Port - 162

 

 




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
Richardw-au
Visitor

Re: Remote console, SSL certificates, and port 80

Hi Jimmy

Thanks for your suggestion.

i now have a port forward on the external IP on port 17990 to the ILO NIC. But the remote console still doesnt launch, nor does the standalone remote console connect.

i can telnet to port 17990.

From standalone remote console i get this :

Received an unexpected EOF or 0 bytes from the transport stream

Any ideas what that means?

Jimmy Vance
HPE Pro
Solution

Re: Remote console, SSL certificates, and port 80


Richardw-au wrote:

Hi Jimmy

Thanks for your suggestion.

i now have a port forward on the external IP on port 17990 to the ILO NIC. But the remote console still doesnt launch, nor does the standalone remote console connect.

i can telnet to port 17990.

From standalone remote console i get this :

Received an unexpected EOF or 0 bytes from the transport stream

Any ideas what that means?


Using the standalone client I was able to access the iLO remote console.  Besides 17990 you also need to have a port forward for port 443

if the customer is using 443 for a webserver, you can use another port and redirect to 443

 

 

On the firewall (linux iptables) I was testing with  I had

 

external     internal

17990        17990

   4003             443

 

using the standalone client you can put everything on the command line, or in the GUI box for Netwrok addres use hostname:port

 

from the command line it is

 

irc.exe -addr address:[https_port] -name login_name -password password

 

irc.exe -help will list the options

 




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
Richardw-au
Visitor

Re: Remote console, SSL certificates, and port 80

Hi Jimmy

Apologies for the delay - i've been dealing with HP support on this also, and that has been a painful experience!

Initially i tried specifying port 17990 on the standalone remote client, and it didnt connect.

The one thing of value i got from hours of sessions with HP support was that i needed to enable IRC requires a trusted certificate in iLO setting on the Remote Console page security tab.

I then retried the Standalone RC using the redirected SSL port and after a really long wait, about 3 minutes, i saw the remote console!

Hope this is of assistance to somebody, and thanks to you for the suggestions.