HPE OneView
1832651 Members
2949 Online
110043 Solutions
New Discussion

HP OneView troubles

 
SOLVED
Go to solution
AdminMSK
Advisor

HP OneView troubles

I ran into the following issues while setting up HP OneView Standard:

1. Registration with HPE Remote Support fails.
I tried to put different checkboxes, but always after clicking the register in HPE Support button, the window hangs in this status and nothing happens.

I found a possible solution to the problem - execute the commands:

# Connect to the appliance

Connect-HPOVMgmt -ComputerName MyAppliance -Credential (Get-Credential -Username myadmin)

# Issue the DELETE REST API call

Send-HPOVRequest -URI /rest/support/portal-registration -Method DELETE -AddHeader @{"If-Match" = "*"}

https://community.hpe.com/t5/HPE-OneView/Replacement-Oneview-appliance-won-t-register-with-insight-online/td-p/7092838#.YHavFjZ7mHs

Installed the HPEOneView.600 module, but the "Send-HPOVRequest" cmdlet is not recognized:
How to register?

2. Not added to the monitoring of the Gen6 server with iLO2.
The documentation says that monitoring should be supported for Gen6:
The minimum firmware version for iLO2 is 2.13, I have updated to the latest available 2.77, but the result has not changed.

Error on DL servers:

Unable to establish trusted communication with the server.
Resolution: Ensure that server iLO is reachable and responding. Check that the server iLO supports the TLS protocol version, cipher suites and certificate strength supported by HPE OneView. Retry importing the server.

 

Error on blade:

Encountered problems with the following: HP_c7000, bay 10.

Locked
 
Resolution

Refresh the enclosure. Reseat the device if necessary. If the problem persists contact your authorized support representative and provide them with a support dump (GEC_181).

17 REPLIES 17
AdminMSK
Advisor

Re: HP OneView troubles

HP OneView v 6.0

ChrisLynch
HPE Pro

Re: HP OneView troubles

Welcome @AdminMSK to the HPE OneView Community.

Typically when the appliance is unable to connect to the HPE OneView Remote Support (OVRS) backend, it is a firewall or proxy issue.  If your management network/infrastructure requires HTTP/HTTPS Proxy for ourbound connectivity, you will need to configure that at the appliance under Settings -> Proxy.

The HPE OneView PowerShell library went through a recent vendor prefix change.  So, the Cmdlets start with -OV, not -HPOV.  That change happened at the HPE OneView 5.30 release last year.  So the code would be:

 

# Connect to the appliance

Connect-OVMgmt -ComputerName MyAppliance -Credential (Get-Credential -Username myadmin)

# Issue the DELETE REST API call

Send-OVRequest -URI /rest/support/portal-registration -Method DELETE -AddHeader @{"If-Match" = "*"}

 

 

We removed TLS 1.0 support from the appliance, which is going to impact the ability to monitor a Gen6 iLO2 system.  iLO2 only supports TLS 1.0, and none of the newer TLS versions.  Let me check if there is anything that can be done with OneView 6.0 here.

As for the c-Class issue, can you log into the OA and identify what generation of server that is?  Unfortunately the error doesn't describe much here.  I'm seeing if I can find an internal document that describes what the error code GEC_181 could reference.  Otherwise, a support case would be needed to analyze an appliance support dump.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
AdminMSK
Advisor

Re: HP OneView troubles

Thanks, but the command still fails with an error:

PS H:\> Send-OVRequest -URI /rest/support/portal-registration -Method DELETE -AddHeader @{"If-Match" = "*"}
[Send-OVRequest]: The appliance may be busy or the request may have exceeded the configuration maximums documented in t
he support matrix. Retry the operation if necessary.
C:\Program Files\WindowsPowerShell\Modules\HPEOneView.600\6.0.2719.1668\HPEOneView.600.psm1:6770 знак:33
+                                 Throw $ErrorRecord
+                                 ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Send-OVRequest:String) [], InvalidOperationException
    + FullyQualifiedErrorId : GENERIC_HTTP_500

 

With HPOneView.500 module same error:

PS H:\> Send-HPOVRequest -URI /rest/support/portal-registration -Method DELETE -AddHeader @{"If-Match" = "*"}
[Send-HPOVRequest]: The appliance may be busy or the request may have exceeded the configuration maximums documented in
 the support matrix. Retry the operation if necessary.
C:\Program Files\WindowsPowerShell\Modules\HPOneView.500\5.0.2736.1630\HPOneView.500.psm1:6580 знак:33
+                                 Throw $ErrorRecord
+                                 ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Send-HPOVRequest:String) [], InvalidOperationException
    + FullyQualifiedErrorId : GENERIC_HTTP_500

 

Blades with errors - Gen6.

There are no connection errors on gen7 and above.

 

 

 

 

 

ChrisLynch
HPE Pro

Re: HP OneView troubles

OneView Remote Support only works with Gen8 and newer servers.  You will need IRS for Gen7 and older phone home support.

That said, I would ask that you open a support case for the original issue.  The appliance is reporting that it has throttled requests because it is too busy.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
AdminMSK
Advisor

Re: HP OneView troubles

I have Gen6, Gen7, Gen8, Gen9 and Gen10 servers. I want to monitor Gen6 and Gen7 health myself. And I also want to automatically create cases for Gen8, Gen9, Gen10. Support for this functionality is described in the documentation, but in fact I cannot register for Remote Support, and Gen6 does not connect to HP OneView at all.

I am using the standard (free) version. And HP support sent me to this forum.

ChrisLynch
HPE Pro

Re: HP OneView troubles

We disabled TLS 1.0 by default for new installations of HPE OneView 5.40 and newer.  Gen6 can only support TLS 1.0, and is unable to support newer TLS versions.

As for OneView Remote Support, it requires a synchronous HTTPS access to our backend API to configure.  If there is a firewall preventing outbound access, you need to ensure that a rule is added (HTTPS/TCP outbound to api.support.hpe.com).  An alternative configuration would be using an HTTP proxy, which you can enable under Settings -> Proxy.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
AdminMSK
Advisor

Re: HP OneView troubles

Today, after restarting the app, the registration was performed automatically.
There was still a question with connecting Gen6 to monitoring.

Found article https://support.hpe.com/hpesc/public/docDisplay?docId=a00111326en_us&docLocale=en_US

but no experience with REST API (how to use these commands and in which application).
Tried it through powershell, but an error is thrown:

Invoke-RestMethod: {"errorSource": null, "data": {}, "details": "The requested resource could not be found.", "Message": "Not Found", "me
ssageParameters ": []," nestedErrors ": []," errorCode ":" GENERIC_HTTP_404 "," recommendedActions ": [" Check the request URI, then resend the
request. "," Verify if the request requires an X-API-Version header. "]}
line: 71 characters: 1
+ Invoke-RestMethod @params
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo: InvalidOperation: (System.Net.HttpWebRequest: HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId: WebCmdletWebResponseException, Microsoft.PowerShell.Commands.InvokeRestMethodCommand

 

If I try to follow the link in the article via the web, where I need to perform PUT, then the same code is 404 - the page was not found:

404 Not Found
The requested resource could not be found.
Check the request URI, then resend the request.
You might want to return to the appliance home.

Powershell example below:
$ username = "blablabla"
$ upassword = "blablabla"

$ auth = $ username + ':' + $ upassword
$ Encoded = [System.Text.Encoding] :: UTF8.GetBytes ($ auth)
$ authorizationInfo = [System.Convert] :: ToBase64String ($ Encoded)

$ jsonSample = '[
{
"type": "ProtocolV1",
"protocolName": "TLSv1.0",
"enabled": true
},
{
"type": "ProtocolV1",
"protocolName": "TLSv1.1",
"enabled": true
},
{
"type": "ProtocolV1",
"protocolName": "TLSv1.2",
"enabled": true
}
] '

$ params = @ {
    Uri = 'https: //applaince/rest/security-standards/protocols'
    Headers = @ {'Authorization' = "Basic $ authorizationInfo"}
    Method = 'PUT'
    Body = $ jsonSample
    #Body = ($ jsonSample | ConvertTo-Json)
    ContentType = 'application / json'
}

Invoke-RestMethod @params

ChrisLynch
HPE Pro

Re: HP OneView troubles

Use Set-OVApplianceSecurityProtocol.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
AdminMSK
Advisor

Re: HP OneView troubles

Thank you, tls 1.0 was enabled using the specified cmdlet.

PS H:\> Get-OVApplianceSecurityProtocol
Mode: LEGACY

Name    Enabled ModeIsEnabled CipherSuites
----    ------- ------------- ------------
TLSv1.2 True    True          {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 True, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 True,
                              TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 True, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 True...
                              }
TLSv1.1 True    True          {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA True, TLS_RSA_WITH_AES_256_CBC_SHA True, TLS_RSA_WITH
                              _AES_128_CBC_SHA True, TLS_RSA_WITH_AES_128_GCM_SHA256 True...}
TLSv1   True    True          {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA True, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA True, TLS
                              _ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA True, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA True...}


Now, according to the article (https://support.hpe.com/hpesc/public/docDisplay?docId=a00111326en_us&docLocale=en_US), it is necessary to recreate the certificate so that the signature algorithm changes from MD5 to SHA1.

I renamed ilo, checked with firefox that the certificate algorithm had changed to SHA1, but HP Oneview still does not want to add the Gen6 server.

Error in HP OneView:
Unable to add server hardware: blablabla.domain
Unable to determine the hardware configuration for 'blablabla.domain'.
Resolution: Verify that 'blablabla.domain' is a management processor with supported firmware. Consult the HPE OneView Support Matrix for a list of supported hardware.

Servers - DL320G6, DL360G6, DL380G6
ilo2 version - 2.33 (latest)
I go to the iLO without any problems, though he is a little thoughtful.

AdminMSK
Advisor

Re: HP OneView troubles

It turned out to add a Gen6 servers after downgrading the iLO2 firmware version to 1.32.

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-a00072193en_us

 

Now I have a new problem. I cannot manage or delete a group. The name of the group contains Cyrillic and this is probably the reason. Granting rights through a group works (adding a user to a group in AD), but when you select a group in the console, management tools are not available and the following message appears:

Unable to locate the item you requested.

The item you requested does not exist or is restricted by scope. It is possible that another user has deleted this item. Refresh this page or select a different item.

 

For other groups without Cyrillic, control is available. How to remove this group from HP Oneview?

AdminMSK
Advisor

Re: HP OneView troubles

And how can I disable Diffie-Hellman in HP Oneview 6.0? So that I don't have to rollback firmware on all Gen6 servers.

AdminMSK
Advisor

Re: HP OneView troubles

The version iLO2 has not been specified correctly. The iLO2 firmware version that works with HP Oneviev 6.0 is 2.32

ChrisLynch
HPE Pro

Re: HP OneView troubles

And how can I disable Diffie-Hellman in HP Oneview 6.0? So that I don't have to rollback firmware on all Gen6 servers.

Unfortunately, we have no ability to disable individual ciphers within OneView.  The only way to disable weaker ciphers and protocols is to put the appliance into either FIPS or CNSA mode.  Which that will break (or in your case continue to break) communication with older servers and components.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
ChrisLynch
HPE Pro

Re: HP OneView troubles

The version iLO2 has not been specified correctly. The iLO2 firmware version that works with HP Oneviev 6.0 is 2.32

Are you saying that downgrading from 2.33 to 2.32 fixed your problem?  If it didn't, I would suggest you open a support case for this issue.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
AdminMSK
Advisor
Solution

Re: HP OneView troubles

Yes, downgrade are solved problem.

1. Enable TLS 1.0 on HP OneView.

2. Upgrade\downgrade iLO2 firmware to ver. 2.32

3. Change iLO2 certificate singning algorytm from MD5 to SHA1.

After these actions, Gen5 and Gen6 servers are successfully added for monitoring.

 

Can you suggest how to remove a group with a Cyrillic name in the name from Shchtu HPOneView?

AdminMSK
Advisor

Re: HP OneView troubles

Can you suggest how to remove a group with a Cyrillic in the name from  HPOneView?

ChrisLynch
HPE Pro

Re: HP OneView troubles

We currently do not offer the ability to disable individual ciphers within OneView today. 

Please know that the Gen5 servers you are adding are not supported and are not tested to work as even monitored devices.  We are also looking at deprecating legacy servers in the future.  Deprecation will always be documented at least in the Release Notes for that release.  We are looking at other ways to communicate legacy hardware support deprecation.

This legacy hardware deprecation is to remove vulnerable algorithms (i.e. TLS 1.0) and disable weaker ciphers from OneView.  This would mean supported Gen6 and Gen7 servers would no longer be monitorable from OneView in a future release.  And in your case, the Gen5 servers certainly would not be monitorable.

I cannot comment on a timeline. Just we are looking at planning that here in the near future.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo