ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Remote console, SSL certificates, and port 80

 
SOLVED
Go to solution
Richardw-au
Visitor

Remote console, SSL certificates, and port 80

Hi All

 

Hopefully there’s somebody out there than can help with this issue.

I have a StoreEasy 1450 with ILO4 out on a customer site. The customer has configured a port forward from 4433 to 443 so I can get access to the ILO interface.

I can log in to ILO but when I try and launch the remote console nothing happens.

 

After a bit of Googling I believe it may be trying to redirect through port 80 due to an untrusted certificate.

http://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=5195931&docId=mmr_kc-0106591&lang=en-us&cc=us&docLocale=en_US

However the above article states that Java RC would work, but for me it does not.

The site is added to trusted sites in IE, and I have tried with protected mode off.

IE, Chrome and Firefox all the same, nothing happens and no clue why.

 

So I have installed a Digicert certificate which is trusted by the browser, but maybe not by the web server in ILO, not 100% sure about that.

Still no joy.

Ports 443 and 80 are in use so there is no option to use them.

I’m pretty sure it’s not a client side issue.

 

ILO Firmware is 2.10

 

The digicert SSL certificate was sent with a certificate for an intermediate trusted CA, but it looks like only one SSL certificate can be installed in ILO.

I believe this must be a very common usage scenario given most small businesses only have one public IP address, and would be hosting a website on port 80

 

Any succinct thoughts and suggestions gratefully received.

5 REPLIES 5
Jimmy Vance
HPE Pro

Re: Remote console, SSL certificates, and port 80

The document you mention could be part of an issue you're seeing. As a test, you could download the stand alone IRC application that doesn't require it to be downloaded from the iLO.  Is there also a port forward setup for 17990? iLO uses port 17990 for remote console.

 

HP Lights-Out Stand Alone Remote Console for Windows

http://h20566.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=5264039&swItemId=MTX_4f842ceb31cf48d392e22705a8&swEnvOid=4060#tab-history

 

 

I've seen others recommend as a best practice to use a VPN to access the remote network instead of poking a bunch of holes in a firewall/router.

 

Default iLO port values

 

Secure Shell (SSH) Port - 22
Remote Console Port - 17990
Web Server Non-SSL Port (HTTP) - 80
Web Server SSL Port (HTTPS) - 443
Virtual Media Port - 17988
SNMP Port - 161
SNMP Trap Port - 162

 

 

No support by private messages. Please ask the forum! Accept or KudoI work for HPE
Richardw-au
Visitor

Re: Remote console, SSL certificates, and port 80

Hi Jimmy

Thanks for your suggestion.

i now have a port forward on the external IP on port 17990 to the ILO NIC. But the remote console still doesnt launch, nor does the standalone remote console connect.

i can telnet to port 17990.

From standalone remote console i get this :

Received an unexpected EOF or 0 bytes from the transport stream

Any ideas what that means?

Jimmy Vance
HPE Pro
Solution

Re: Remote console, SSL certificates, and port 80


@Richardw-au wrote:

Hi Jimmy

Thanks for your suggestion.

i now have a port forward on the external IP on port 17990 to the ILO NIC. But the remote console still doesnt launch, nor does the standalone remote console connect.

i can telnet to port 17990.

From standalone remote console i get this :

Received an unexpected EOF or 0 bytes from the transport stream

Any ideas what that means?


Using the standalone client I was able to access the iLO remote console.  Besides 17990 you also need to have a port forward for port 443

if the customer is using 443 for a webserver, you can use another port and redirect to 443

 

 

On the firewall (linux iptables) I was testing with  I had

 

external     internal

17990        17990

   4003             443

 

using the standalone client you can put everything on the command line, or in the GUI box for Netwrok addres use hostname:port

 

from the command line it is

 

irc.exe -addr address:[https_port] -name login_name -password password

 

irc.exe -help will list the options

 

No support by private messages. Please ask the forum! Accept or KudoI work for HPE
Richardw-au
Visitor

Re: Remote console, SSL certificates, and port 80

Hi Jimmy

Apologies for the delay - i've been dealing with HP support on this also, and that has been a painful experience!

Initially i tried specifying port 17990 on the standalone remote client, and it didnt connect.

The one thing of value i got from hours of sessions with HP support was that i needed to enable IRC requires a trusted certificate in iLO setting on the Remote Console page security tab.

I then retried the Standalone RC using the redirected SSL port and after a really long wait, about 3 minutes, i saw the remote console!

Hope this is of assistance to somebody, and thanks to you for the suggestions.

hablutzel1
Occasional Visitor

Re: Remote console, SSL certificates, and port 80

It didn't work for me.

HP should really address this issue as there is no always the possibility to use port 443 facing the Internet (it is already occupied, organization policy mandates to use a different port, etc).