Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Server Management - Remote Server Management
cancel
Showing results for 
Search instead for 
Did you mean: 

Remote console and VSP

Bill Brown99
Occasional Visitor

Remote console and VSP

Hello all:

I'm having a bit of trouble accessing a remote console on a DL580, ILO2.

Notes:
- I work in a very large environment with lots of firewalls and BigIPs.
- my connectivity is 100% VPN.

While the network team tries to figure out where to put in port 23 firewall rules so that I can get a console, I'm trying to figure out another way to do it.

Goal: All I want to do is to get to the console. Any how, any way.

Background: we have tons of servers and it is only this new network with new servers that I can not yet reach a console. I am able to get to the ILO2 via http, as well as via ssh. However, I can not start a console from the web interface because of port 23. I get the "check for available telnet connections" error. I have validated the ILO2 settings with other servers and believe they are correct, and that my blocking point is in fact, port 23.

I've read about the VSP and it looks good. If I read correctly, I just have to redirect the BIOS output to the serial port, and then ssh to the ILO2 and issue "vsp". The latter part works just fine.

But here is the obvious question: How can I redirect the output from the BIOS, if I can't get there in the first place? That's the whole reason to get the console - so that I can kickstart the server and install the OS.

Thanks in advance for help with this problem.

Regards,
Bill

5 REPLIES
acartes
Honored Contributor

Re: Remote console and VSP

The classic "how do I remote manage the system I can't access remotely" question :)

>> my blocking point is in fact, port 23.

Reconfigure the iLO to use a non-blocked remote console port (something other than port 23: telnet).
Change this iLO setting using the browser interface or the SSH interface. In the browser, look on the Administration / Access page as "Remote Console / Telnet Port".

Reconfiguring the port to something that is not blocked allows access. iLO will be reset after changing this, but you can log back in after a minute or so. You cannot piggyback on a port already in use by that iLO.

>> I've read about the VSP and it looks good. If I read correctly, I just have to redirect the BIOS output to the serial port, and then ssh to the ILO2 and issue "vsp".

For text consoles, this may be ideal for you. Note athat the BIOS redirection will assist with POST, but you may need to load host OS support to bind a terminal to the virtual serial port.

>> How can I redirect the output from the BIOS, if I can't get there in the first place?
Not to put the cart before the horse, but you can use the remote console to reconfigure this after adjusting the port assignment: the remote console access is allowed through POST for all systems.

Incidentally, there is a HOWTO whitepaper focused on the iLO Virtual Serial Port usage. Start here:
http://h18013.www1.hp.com/products/servers/technology/whitepapers/index.html
then click remote management to see the HOWTO.
Bill Brown99
Occasional Visitor

Re: Remote console and VSP

Thanks for the reply.

I'm still waiting to hear from the network guys to see if using an alternate [open] port for the console is an option.

Also, I've gleaned that HOWTO on the VSP. It assumes you have low level access to the box so in order to adjust the POST/BIOS output to the serial port. I don't have that access.

I'm 1000 miles from the server with one way to access the console, and that is through the ILO. If I could reach the console in any other way, I wouldn't need to redirect it to use the VSP in the ILO, and all would be good.

Basically the chicken and egg scenario. And the egg is not hatching.

It's a OS-less system, so my focus at this point is simply gaining the console of the hardware.

Bill

acartes
Honored Contributor

Re: Remote console and VSP

Assuming SSH port 23 is open-

As a temporary workaround, you could swap the SSH port to 23 and the Remcons port to 22. This would render SSH inaccessible but remote console would be accessible.
Bill Brown99
Occasional Visitor

Re: Remote console and VSP

Thanks again, but it did not work.

After swapping the port definitions for ssh and telnet in the Admin / access area of the ILO, here's what happened when I tried to get a remote console:

From within the web ILO environment, same error ["check available telnet connections"] and from my desktop, it doesn't matter if I hit port 22 or 23, they both just get me to the ILO, not to the actual console.

So both telnet and ssh appear to be functional from my desktop to the server ILO. The problem is the ILO's remote console starting a session - it seems to demand port 23 and then tries to spawn a session back to my desktop. That fails, probably because of firewall and routing issues.

Regardless, it appears to be an issue with the network, rather than the server.

I am going to give up on trying to find a quick fix for this and leave the servers pending until the networking people get the configuration straightened out.

Thanks for your thoughts. I'll send you some points.

Bill

Jimmy Vance
HPE Pro

Re: Remote console and VSP

by default the system ROM should be set to do serial console, the option is set to 'auto'. When set to auto, if it detects a serial connection during post it will redirect the console output to the serial port, so have your vsp session running as soon as you power on the system, or before you power on the system.

Another option I use to get past firewalls is tunnel all the iLO ports across an SSH session. You'll need a system on the same network as the iLO that you can ssh into.

the command is:


ssh -L 22:10.100.100.214:22 -L 80:10.100.100.214:80 -L 3389:10.100.100.214:3389 -L 443:10.100.100.214:443 -L 17988:10.100.100.214:17988 -L 17990:10.100.100.214:17990 -L 23:10.100.100.214:23 @system.to.tunnel.through

(the above is one line)

Launch your browser and go to https://localhost




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!