HPE Community
HPE OneView
1836484 Members
2518 Online
110101 Solutions
New Discussion

Re: OneView 7.1 Migration Feature - Only connect errors with correct credentials

 
Vampire25
Occasional Contributor

‎08-23-2022 06:00 AM - edited ‎08-23-2022 10:52 PM

‎08-23-2022 06:00 AM - edited ‎08-23-2022 10:52 PM

OneView 7.1 Migration Feature - Only connect errors with correct credentials

Hi there, I setup a new OneView Server 7.1 and want to use the hardware migration feature of version 7 to migrate my data of the old OneView Server 6.6.

Everytime when I try to connect to the old OneView Server with "Administrator" and PW and the correct DNS/IP Name I get an error that my credentials are not correct.

But actually I can login with the same credentials on the OneView Server 6.6 and the "Administrator" account has ALL necessary rights to do this.

So what and how is the new OneView Server trying to connect to the old appliance? Asked already my firewall team and the told me that nothing is blocking the connection within the two different networks.

0 Kudos
Reply
7 REPLIES 7
ChrisLynch
HPE Pro

‎08-23-2022 08:15 AM

‎08-23-2022 08:15 AM

Re: OneView 7.1 Migration Feature - Only connect errors with correct credentials

You don't connect to your vCenter appliance. You need to specify the IP or FQDN of the source OV 6.6 appliance directly.
I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Vampire25
Occasional Contributor

‎08-23-2022 10:55 PM

‎08-23-2022 10:55 PM

Re: OneView 7.1 Migration Feature - Only connect errors with correct credentials

I am sorry, I wrote two times "vCenter" and corrected my text because it's OneView Server not vCenter Server But the problem description is ok, try to connect with IP/DNS Name to old OneView Server 6.6 with credential of "Administrator" and everytime the same error "credentials are not ok".

As I can't look at the log file in the appliance because HP has only build in access with some supporter and generated access key it is really hard to find error messages *thumbs*

So how to find out more in detail why it is not working.

0 Kudos
Reply
Vampire25
Occasional Contributor

‎08-24-2022 01:18 AM

‎08-24-2022 01:18 AM

Re: OneView 7.1 Migration Feature - Only connect errors with correct credentials

Ahhhh, I found one solution. Actually the "Default directory" was set to our AD Server and login is NOT working.

Changed "Default directory" back to "Local" and login with "Administrator" is possbile.

So it would be VERY nice if somehow in help there is a description on how the syntax has to be to get this migration process working with using "AD Credentials" etc.

0 Kudos
Reply
ChrisLynch
HPE Pro

‎08-25-2022 11:36 AM

‎08-25-2022 11:36 AM

Re: OneView 7.1 Migration Feature - Only connect errors with correct credentials

I spent some time yesterday and this morning trying to reproduce what you reported, and the only way I can is if a user account exists in the Default Domain you are trying to use but doesn't have any permissions to the source appliance.  OneView will generate a very similar message you get when trying to authenticate to the source appliane from its login screen.

So, my lab setup is:

Root Domain: doctors-lab.local (NETBIOS name: doctors-lab)
Child Domain: child1.doctors-lab.local (NETBIOS name: child1)

On the source appliance, I have both domains configured as their own authentication directory:

Screenshot 2022-08-25 112123.jpg

When I configure the source appliance with CHILD1 as the default domain, and attempted to migrate servers to a 7.0 appliance, I am able to authenticate using the following formats:

  • DOCTORS-LAB\user
  • doctors-lab.local\user
  • user@doctors-lab.local

All while CHILD1 is the default authentication directory.  When I attempt to use either of the username formats above, but specifying an account in the CHILD1 domain, authorization (not authentication) fails, as there are no directory groups configured for CHILD1.  When I do add a group, and add a local user in CHILD1 domain, authentication and authorization is successful:

Screenshot 2022-08-25 112827.jpg

 Screenshot 2022-08-25 112922.jpg

If I connect from the source appliance using any of the accounts I have mentioned and shown thus far, I cannot reproduce the issue:

Screenshot 2022-08-25 113009.jpg

Screenshot 2022-08-25 113119.jpg

 

 Here is where it fails, due to an unauthorized user:
Screenshot 2022-08-25 113331.jpg

 

It would be helpful to understand your AD infrastructure a bit more.  What you have defined in Authentication Directories on the source appliance. 

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
ChrisLynch
HPE Pro

‎08-25-2022 11:42 AM

‎08-25-2022 11:42 AM

Re: OneView 7.1 Migration Feature - Only connect errors with correct credentials

Additionally, when I have LOCAL set as the default authentication directory, I can still authenticate with any of the domains I have added, including adding atleast one directory group with the necessary permissions:

Source Appliance Authentication setup:
Source appliance authentication directory configuration, with LOCAL set as default auth directory, and without CHILD1 domain.Source appliance authentication directory configuration, with LOCAL set as default auth directory, and without CHILD1 domain.

 Target Appliance Connecting to Source Appliance with Directory Account:
Target HPE OneView 7.00 appliance authenticated with UPN format to source appliance successfully, viewing migratable servers.Target HPE OneView 7.00 appliance authenticated with UPN format to source appliance successfully, viewing migratable servers.

 

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Vampire25
Occasional Contributor

‎08-31-2022 06:17 AM

‎08-31-2022 06:17 AM

Re: OneView 7.1 Migration Feature - Only connect errors with correct credentials

Hm actually I do not understand everything. Actuall both oneview servers are connected to ad and two groups are authorized to login to oneview server.

But I have to login with "ABC\username" and the domain is "win2k@abc.xx". In OneView this is shown as "win2k.abc.xx\ABC\username".

I tried with AD credential but did not get it working for successfull login.

0 Kudos
Reply
ChrisLynch
HPE Pro

‎08-31-2022 09:37 AM

‎08-31-2022 09:37 AM

Re: OneView 7.1 Migration Feature - Only connect errors with correct credentials

I provided all of the various methods that work in screenshots above.  If you continue to have issues, I would suggest you open a support case so a support enigneer can help investigate why you are blocked from using AD credentials in the method you outlined.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.