Servers - General

Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

 
Aslaksrud
Occasional Collector

Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Problem description:
Server is installed with SPP 03.2020 (iLO firmware = v2.14). When using PowerShell with HPEiLOcmdlets 3.0.0.0 we get issue when trying to import a LDAP CA Certificate.

The command "Import-HPEiLOLDAPCACertificate" fails to import the certificate and it seems that it expect "CetrificateType" that is not possible to specify. The same Certificate works when added in Gui.

Questions:
- Could this be an issue in the module occuring on iLO with firmware version >=2.10?
- Is it correct that the "CertificateType" is a new property that is added and made mandatory in the latest firmwares which got missed in the analysis?
- Has anyone experienced the same and Is there a fix or workaround for this?

/Lars

12 REPLIES 12
ksram
HPE Pro

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hi @Aslaksrud ,

Please check the pre-requisites : 

We see earlier Minimum .NET Framework version needed is 4.5 and its changed to 4.7.1.

Try this and share the obsrervation


I work for HPE

Accept or Kudo

Aslaksrud
Occasional Collector

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hi,

Just tested exactly the same script including "Import-HPEILOLDAPCertificate"on another G10 (iLO5) server with iLO firmware v1.40 and the script worked just like expected with the LDAP certificate installed. So the described issue looks to occure on G10 (iLO5) servers with firmware version >=2.10.

Could you please check internaly with the division developing the HPEiLOcmdlets?
(HPE Support Case 5348215920)

/Lars

ksram
HPE Pro

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hi @Aslaksrud ,

Thank you for sharing the udpate.

We shall follow the main Case for further updates.

 


I work for HPE

Accept or Kudo

Aslaksrud
Occasional Collector

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Thank you for your response.

It would be nice if you could route/enlighte the main case internaly (HPE) to the right division/person, if possible.

thx in advance
Lars Aslaksrud

Steve_Tippett
Frequent Advisor

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

I encountered the same issue today, and found no fix after studying the cmdlet help.  Then I found this thread here in the community forum, so I'm asking my HPE contact to find some updated status from the HPE Support case 5348215920

Erik Grimsrud
Occasional Advisor

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hey Steve,

Did you every hear back from HP about the Import-HPEiLOLDAPCACertificate command not working?

I found that It worked on my ILO 5 when i was sitting at firmware version 1.4x, but after I upgraded to 2.14, and now recently 2.31, Import-HPEiLOLDAPCACertificate cmdlet stopped working.

For anyone else reading this..... I tried to used the Import-HPEiLOLDAPCACertificate command with HPEILOCmdlets 2.2.0.0, 3.0.0.0, and 3.0.0.1 and none of them work. FYI. THe Import-HPEiLOLDAPCACertificate command errors out immidiatly when running the 3.0.0.1 version. 

ksram
HPE Pro

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hi @Erik Grimsrud,

I see that Version:3.0.0.1 (2 Sep 2020) has fixed the issue previously. 

Link : https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_6450d27906114779afde23c875#tab-history

But I see you are experiencing the issue with 3.0.0.1 as well. 

May we know if you can try downgrading the ILO to 2.30 and or 3.0.0.0. and share the observations.

Thank you,

Ram 

 


I work for HPE

Accept or Kudo

Erik Grimsrud
Occasional Advisor

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hey Ram,

I backed down the firmware to 2.30a and the CMDlets were backed down to 3.0.0.0. This time I do not get the red error message, but running the script in -Verbose shows redfish is reporting that a required property is missing.

Running these commands
$cert = Get-Content -Path "H:\Desktop\HP_iLO_Script\XXXXXXXXXXXX.cer" -raw
$iloconnection = Connect-HPEiLO XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com -Username XXXXX -password XXXXXX -DisableCertificateAuthentication
Import-HPEiLOLDAPCACertificate -Connection $iloconnection -Certificate $cert -Verbose


PS H:\> H:\Desktop\HP_iLO_Script\ilo-test.ps1
VERBOSE: Performing the operation "Import-HPEiLOLDAPCACertificate" on target "XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com".
VERBOSE: Executing the cmdlets with 1 task serially.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Validating Cmdlet supportability.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Checking for iLOGeneration, Model and Firmware for Cmdlet Supportability.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Validating parameter supportability.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Getting url value from resource instance.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Creating Redfish request.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Retrieving URL's from parameter mapper.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Forming JSON payload for corresponding URL.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Creating Redfish request.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Sending Redfish request to PATCH/POST/DELETE the JSON payload.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Processing JSON response.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Redfish response message: RequiredPropertyMissing

IP                        Hostname                                                    Status   StatusInfo
--                        --------                                                          ------     ----------
xxx.xxx.xxx.xxx XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com ERROR HPE.Framework.Core.StatusInfo

 

ksram
HPE Pro

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hi @Erik Grimsrud ,

Please confirm the Pre requisites mentioned on the "Installation Instructions" on the iLO cmdlets download link.

Also try to run different commands.. and try the same commands on different Units and check if you are able to run them.

Thank you

Ram 


I work for HPE

Accept or Kudo