HPE Community
HPE OneView
1826177 Members
2235 Online
109691 Solutions
New Discussion

Re: OneView 8.5 is not using the configured proxy for checking for updates

 
Marc Vanderhaegen_1
Advisor

‎09-21-2023 05:23 AM - last edited on ‎09-21-2023 07:18 AM by

‎09-21-2023 05:23 AM - last edited on ‎09-21-2023 07:18 AM by

OneView 8.5 is not using the configured proxy for checking for updates

Hello,

I am trying to configure the automatic check for updates in the Settings - Updates but we can't get it to work.
We have configured our proxy in the Settings - Proxy section. We have tried our prod proxy, acc proxy, with authentication, without authentication but with no luck.

Our network team has checked the proxy logs and there is no trace of any communication between the appliance and the proxy.
They then checked the network traffic on the appliance and they noticed that the appliance, instead of contacting the proxy, contacts our internal dns to get the ip address of midway.ext.hpe.com.

This is not new to the 8.5 version, the problem was already present in 8.2, 8.3 and 8.4.
Does anyone else have this problem ?
Thanks in advance for your help.
Marc

1 person had this problem.
0 Kudos
Reply
11 REPLIES 11
DanCernese
HPE Pro

‎09-21-2023 05:36 AM

‎09-21-2023 05:36 AM

Re: OneView 8.5 is not using the configured proxy for checking for updates

HPE OneView must resolve midway.ext.hpe.com to choose which of the many access points to connect to (it will test responses for several).  That is a name that resolves to a dozen or more choices, you can see them with any DNS or web tool.

You said "instead" of contacting the proxy-- after resolving the name (using the DNS server you specified), it will use the proxy and contact those endpoints.  If for some unexplained reason you believe the proxy setting is not being used, you could restart the appliance, but I've never had to do that.

 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Marc Vanderhaegen_1
Advisor

‎09-21-2023 05:44 AM

‎09-21-2023 05:44 AM

Re: OneView 8.5 is not using the configured proxy for checking for updates

Hello,

Thanks for your answer.
It is the proxy that is foreseen to do the name resolution through the external dns, the appliance shouldn't contact the internal dns.

Marc

 

0 Kudos
Reply
DanCernese
HPE Pro

‎09-21-2023 05:55 AM

‎09-21-2023 05:55 AM

Re: OneView 8.5 is not using the configured proxy for checking for updates

The appliance only knows what DNS server settings you have entered.  Whether or not you have a proxy setting is secondary, it is not a determining factor (that's not how proxy works).



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Marc Vanderhaegen_1
Advisor

‎09-21-2023 06:10 AM - edited ‎09-21-2023 06:13 AM

‎09-21-2023 06:10 AM - edited ‎09-21-2023 06:13 AM

Re: OneView 8.5 is not using the configured proxy for checking for updates

Sorry, I was not clear in my post and I messed up my explanation; when you configure a http proxy and try to access an external address, the machine should do an HTTP GET 'url' to the proxy and it is the proxy who does a lookup (for himself).

0 Kudos
Reply
DanCernese
HPE Pro

‎09-21-2023 06:23 AM

‎09-21-2023 06:23 AM

Re: OneView 8.5 is not using the configured proxy for checking for updates

No, sorry for assuming too much myself.  In HPE OneView we are not simply asking to reach a destination.  It performs an algorithm to determine which endpoint is appropriate.  That's why it needs to find all the endpoints (without using HTTP) first.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
Marc Vanderhaegen_1
Advisor

‎09-21-2023 06:59 AM

‎09-21-2023 06:59 AM

Re: OneView 8.5 is not using the configured proxy for checking for updates

Thanks for your answer, I will check with our network team what are the possible workarounds.

Marc

 

0 Kudos
Reply
ChrisLynch
HPE Pro

‎09-21-2023 11:52 AM

‎09-21-2023 11:52 AM

Re: OneView 8.5 is not using the configured proxy for checking for updates

While some HTTP/HTTPS proxies do expect to resolve an FQDN on behalf of the client, that isn't how our proxy client support works. The appliance performs a DNS lookup based on the configured DNS servers in the appliance networking config. Once resolved, the configured HTTP/HTTPS Proxy is contacted for Internet connectivity.
I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
Marc Vanderhaegen_1
Advisor

‎09-28-2023 08:47 PM

‎09-28-2023 08:47 PM

Re: OneView 8.5 is not using the configured proxy for checking for updates

Thanks for the explanation.

Unfortunately, after reviewing the problem, our networking team has refused to implement a workaround. 

0 Kudos
Reply
PJ1986
Occasional Visitor

‎10-30-2023 03:40 AM

‎10-30-2023 03:40 AM

Re: OneView 8.5 is not using the configured proxy for checking for updates

We have the same problem in our infrastructure.

I don't understand why the appliance uses an internal DNS server when there is a proxy configured in the settings.

We have a lot of similar appliances working fine with our proxy. These appliances ask our internal dns server for internal adresses or names and ask the proxy for external adresses.

It makes no sense to ask an internal DNS server for a servername or IP address thats public.

When you configure a proxy, the appliance should be so intelligent to ask through this proxy.
0 Kudos
Reply
AmjedD
Frequent Visitor

‎01-09-2024 10:21 AM

‎01-09-2024 10:21 AM

Re: OneView 8.5 is not using the configured proxy for checking for updates

Hi,

I've been following you for some time. Our security team has prevented the use of resolving external DNS addresses thereby preventing the forwarding to the proxy. One internal collegue suggested disabling dns, however I only see the option of leaving DNS blank, which did not resolve the issue. Is it possible to setup a local hosts file or do you have any other work around?

0 Kudos
Reply
ericj3
New Member

‎11-08-2024 01:29 PM

‎11-08-2024 01:29 PM

Re: OneView 8.5 is not using the configured proxy for checking for updates

I agree that this design choice was poor on HP's part.  Most enterprises do not allow internal server to resolve internet addresses.  This should be done by the proxy.

HP really needs to fix this.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.