HPE Community
Server Management - Remote Server Management
1752679 Members
5304 Online
108789 Solutions
New Discussion юеВ

Re: iLO and Java version

 
Cory Hug
Frequent Advisor

тАО05-26-2005 02:36 AM

тАО05-26-2005 02:36 AM

Re: iLO and Java version

JVM 1.4.2 doesn't work for us either.

Getting to the board with the IP address works fine, as far as logging in goes, but the remote console screen still doesn't work.

When using the full DNS name, I do get the login prompt. It just won't take any ID and password I put in. It acts like it's an invalid ID and password, even though the exact same ID and pw log in successfully if I use only the board name (without the DNS domain) or the IP address directly.

The RILOEII firmware I have is the latest 1.15.
0 Kudos
Reply
Cory Hug
Frequent Advisor

тАО08-31-2005 06:31 AM

тАО08-31-2005 06:31 AM

Re: iLO and Java version

We've solved it. It turned out not to be an HP issue at all, but I wanted to post it here in case somebody else runs into this and is as puzzled as we were.

This turned out be a pretty complicated issue because it involves an interaction between 2 separate things. Either one by itself wouldn't have caused this issue, it's the combination of the two that created it.

My company uses an auto-config .pac file for proxy configuring in Internet Explorer. The idea being that it detects the host you're connecting to and if it's an internal host (on our own Intranet) then it shouldn't route traffic through the proxy servers. If the host is outside our network, then traffic is routed through the proxy servers.

The first part of this stemmed from the fact that we discovered that the .pac file didn't have all of our subnets included in it so it was routing traffic for some of our internal subnets through our proxy servers when it didn't need to be. It just so happens that all of the servers that my team manages are on those missed subnets. In talking with other people in our company I found some servers on other subnets where the RILOE remote console screen worked fine because those subnets were proprely included in the .pac file.

The 2nd part has to do with our proxy server. Our proxy server has a security "feature" that blocks signed Java applets that DON'T come from a trusted root issuer. Of course, these RILOE boards by default have self-created certificates that don't go back to a trusted issuer (like Thwate or Verisign, etc.).

So again, it's a combination of these 2 together that caused the problem.
If the auto-config .pac file didn't incorrectly route traffic through the proxy servers it wouldn't be a problem. Or, if the proxy server didn't have this security feature turned on then it wouldn't be a problem even if the traffic was being routed through the proxy.

The solution in our case was that they fixed the .pac file to make sure our WAN subnets were included and traffic to them was not routed through the proxy server.

It could also have been fixed by shutting off the "feature" on the proxy server that blocked the applet, but our security folks don't want to do that because it blocks potentially malicious applets from external web sites.

I also know that the RILOE boards can import a 3rd party certificate and that might also solve this since it could have a certificate with a trusted root that the proxy server would allow. But it would be a big hassle for as many servers as we have, not only to set up initially but also to maintain every time we replace, add, or remove a server (my team manages about 60 servers, and the company as a whole has a couple hundred).

Oh, we also found out why JRE 1.3.1 doesn't have this issue. JRE 1.3.1 can't handle auto-config proxy settings so it just ignores them and doesn't send any traffic through the proxy. Of course this means we can't run any Java applets from external web sites with the JRE 1.3.1 version.
0 Kudos
Reply
Arron_3
New Member

тАО09-21-2005 04:33 AM

тАО09-21-2005 04:33 AM

Re: iLO and Java version

I'm also having this problem on both iLO and RIB2 boards. I'm running JRE 5.0 and when I launch the remote desktop window, a java warning box pop's up, but off the screen. I've disabled aplet caching, and every security option I can within the java console, but I'm still not able to get it to work correctly.

We're using self signed certificates and I've added our entire certificate tree within the JRE console. I didn't have any problems with version Sun Java 1.3 or with MS Java.
0 Kudos
Reply
Doug Wolff
New Member

тАО10-26-2005 08:09 AM

тАО10-26-2005 08:09 AM

Re: iLO and Java version

I am having a similar problem to Arron but only with RILOE. I'll be checking the HP site for the latest drivers and then trying to go back to JRE 1.5.0_04.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.