HPE Community
HPE 9000 and HPE e3000 Servers
1753602 Members
6089 Online
108797 Solutions
New Discussion юеВ

Re: HP-UX iLO Remote Serial Console

 
T. Rectenwald
Occasional Advisor

тАО05-04-2008 03:52 AM

тАО05-04-2008 03:52 AM

HP-UX iLO Remote Serial Console

I currently use the MP/iLO device on HP-UX 9000 series systems to connect remotely via telnet. In order to encrypt communications, I've disabled telnet and access the device through the iLO SSL interface. I then attempt to connect to the remote serial console with that.

When I click on the 'View Console' button, Java loads up a terminal and all I get is a black screen with the line cursor blinking. Changing terminal types to hpterm, vt100 (default is vt100+) doesn't help. If I constantly type something or hit the 'Reset' button I eventually get a 'Session ID Mismatch' error.

I'm not sure where the issue is originating. I've attempted this on a variety of different computers with different version of IE and Java so am not sure it is a client issue. The situation is also occurring on several different 9000 series servers.

Any help with this would be appreciated. I imagine it could be a certificate problem, client setup, possible baud rate/terminal setting? (currently set to 9600/vt100+ default).

Best Regards,
Tom
0 Kudos
4 REPLIES 4
Steven E. Protter
Exalted Contributor

тАО05-04-2008 04:19 AM

тАО05-04-2008 04:19 AM

Re: HP-UX iLO Remote Serial Console

Shalom Tom,

You need to go back to telnet and configure the MP/ilo device properly.

Most organizations don't really trust java authentication for console access anyway.

I don't believe this is a problem with your client, but rather the MP device may not be capable of doing what you ask it to do.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Torsten.
Acclaimed Contributor

тАО05-07-2008 09:29 PM

тАО05-07-2008 09:29 PM

Re: HP-UX iLO Remote Serial Console

Hi Tom,

"HP-UX 9000 series systems" is just too general - it's the whole family.

What server model do you have?
On some models ssh access is a licenced feature only.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Matti_Kurkela
Honored Contributor

тАО05-08-2008 01:06 AM

тАО05-08-2008 01:06 AM

Re: HP-UX iLO Remote Serial Console

Note that while the standard HTTPS port 443 is used to download the Java console UI to your browser, the actual encrypted terminal connection from the Java terminal applet to the MP/iLO uses a different port.

The port number should be specified somewhere in the MP/iLO settings. The exact location depends on server model and MP/iLO firmware version. (I think the earliest MP/iLO firmwares might have had the port number hardcoded: see the hardware documentation at docs.hp.com in this case.)

If you have a firewall that allows access to iLO's port 443, but blocks the connection to the Java terminal access port, it might cause problems like what you're describing.

If the console works using telnet to MP/iLO, it's not a baud rate issue.
You should get some output with an incorrect terminal type setting too; it just won't be as pretty.

MK
MK
0 Kudos
ES UNIX Team
Advisor

тАО05-08-2008 04:04 AM

тАО05-08-2008 04:04 AM

Re: HP-UX iLO Remote Serial Console

These machines are rp3410's. My understanding is that the web interface is SSL, i.e. encrypted. Once connected, you would access the console through port 2032 using a Java based encryption. That is the part which doesn't seem to work well. I believe it may have something to do with Java authentication, as I'm getting session ID mismatch errors on the console. I've tried to regenerate the certificate but Java seems unresponsive to that, only wanting to recognize the device through its default name (mp... long string).

Yes, SSH is only available through an advanced license. That is why I was focusing on using SSL, which is freely available instead.

At this point, I've just decided to keep using telnet until such a time that the SSL/remote console interface is stable and functional. I'm dealing with several hundred MP's to manage, so having telnet allows me to do easy pExpect scripting against them anyway. The iLO SSL interface redirects a lot, making cURL coding very unpleasant.

I've just locked everything down except the telnet interface... and of course the password on the devices is separate from the usual root password. I have several Itanium boxes too, will be checking iLO on those as well in a bit to see if the issue has anything to do with the underlying system.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.