HPE Community
Operating System - HP-UX
1753970 Members
8110 Online
108811 Solutions
New Discussion

Integrity Virtual Manager ILO Console

 
SOLVED
Go to solution
StevieD
Occasional Contributor

‎01-06-2015 09:10 AM

‎01-06-2015 09:10 AM

Integrity Virtual Manager ILO Console

Hi,

 

I have setup a Integrity VSP host and have everything working now, except I'm unable to get the ILO console to run.  I am able to have the Java window open but it prompts for a username and any username I've entered I get an error that it doesn't have permission.  I have attempted using the obvious one being a valid user on the VSP host, and I've tried my windows client username, plus I've also tried the ILO3 username. None of these are accepted or work.  I've read the docs and there is no mention of this username prompt and I've searched the forums and Internet but haven't found the solution. I have attempted to reset my browsers configuration and have attempted both IE and Mozilla browsers. Here is an output of the Java console. I've also included some software listed from the VSP host. I would appreciate any help I could get if anyone has ran into this before.

 

Thanks,

Steve

 

Java Plug-in 10.67.2.01
Using JRE version 1.7.0_67-b01 Java HotSpot(TM) Client VM
User home directory = C:\Users\desruiss
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
l:   dump classloader list
m:   print memory usage
o:   trigger logging
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
x:   clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
0
user = root
host = souhpuxvsp1
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "user.home" "read")
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "exitVM.64")
 at java.security.AccessControlContext.checkPermission(Unknown Source)
 at java.security.AccessController.checkPermission(Unknown Source)
 at java.lang.SecurityManager.checkPermission(Unknown Source)
 at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
 at java.lang.SecurityManager.checkExit(Unknown Source)
 at java.lang.Runtime.exit(Unknown Source)
 at java.lang.System.exit(Unknown Source)
 at com.jcraft.jcterm.TerminalPanel.run(TerminalPanel.java:228)
 at java.lang.Thread.run(Unknown Source)

 

 

HP-UX 11.31 Software List

-------------------------------

 

# swlist | grep -i Virtual
  HPUX11i-VSE-OE                B.11.31.1403   HP-UX Virtual Server Operating Environment
  SG-IVS-Toolkit                B.02.00        Serviceguard Toolkit for Integrity Virtual Servers
  T2782AC                       A.06.00.00     HP Virtualization Manager for HPUX LTU
  VMMGR                         A.6.3.0.91593  HP-UX Integrity Virtual Server Manager
  VirtualBase                   B.06.30        Base Virtualization Software
  VseAssist                     A.7.4.0.92204  Virtual Server Environment Configuration Assistant
# swlist | grep -i Integrity
  BB068AA                       B.06.30        HP-UX vPars & Integrity VM v6
  SG-IVS-Toolkit                B.02.00        Serviceguard Toolkit for Integrity Virtual Servers
  VMMGR                         A.6.3.0.91593  HP-UX Integrity Virtual Server Manager
  PHSS_41496                    1.0            Integrity Unwind Library
# swlist | grep -i WBEM
  ProviderDefault               B.11.31.1403   Select WBEM Providers
  WBEMMgmtBundle                C.08.01        WBEMMgmtBundle
  WBEMSvcs                      A.02.11.04     HP WBEM Services for HP-UX
#

 

 

0 Kudos
Reply
2 REPLIES 2
Stan_M
HPE Pro

‎01-07-2015 04:18 AM

‎01-07-2015 04:18 AM

Solution

Re: Integrity Virtual Manager ILO Console

The expected username is the one defined on the VSP as an admin user for the guest.

I.e. the one that you would connect to when doing this from command line:

# ssh -l guest1admin <ip_of_remote_console_of_the_guest>

 

The problem itself seems related to Java permissions needed to run JCTerm/JSch and not

to VSMgr or anything installed.

 

I could duplicate the same on my test box and could get around it by relaxing a few settings in java.policy file

(the location may vary depending on your Java version: c:\Program Files (x86)\Java\jre1.8.0_25\lib\security\):

// added these to the grant section:

        permission java.util.PropertyPermission "user.home", "read";
        permission java.net.SocketPermission "#ip_address_of_the_remote_console#:22", "connect";
        permission java.io.FilePermission "C:/Users/#my_win_user_id#/.ssh/-", "read";

 

The values inside #xxx# in the above need to be adjusted to you specific case.

 

Note that relaxing default java permissions may indeed have security implications, but I would

not consider the above as high risk ones. One could possibly play with this to add the settings

just for JCTerm/JSch into a separate domain in the policy file, but I'm not Java guy...

 

HTH

Stan

I work for HPE
0 Kudos
Reply
StevieD
Occasional Contributor

‎01-07-2015 08:16 AM

‎01-07-2015 08:16 AM

Re: Integrity Virtual Manager ILO Console

Thank you Stan.

 

After adding the following lines on your recommendation and making sure I could ping the VSP host by its shortname

I am able to connect using the ILO Console. We're not going to setup the Virtual ILO Remote Console.  I also needed to answer "yes" to continue without RSA Authenticity and "no" to create the SSH known hosts file.

 

permission java.util.PropertyPermission "user.home", "read";

permission java.io.FilePermission "C:/Users/desruiss/.ssh/-", "read";};

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.