Re: unable to access ILO from Browser.

Aamir-Camden · ‎06-05-2017

Hi,

we have Proliant DL380-G7 running VM ESXi 5.0 OS with ILO3 installed.

i am unable to access this server via ILO3. i can login to the server directly and have configured ILO3 with IP.

IP is pingable but when i try to connect to the ILO3 over the network in a browser. it display a page with cert error which is expected but when i click on continue page returns "This page can't be displayed".

any suggestion ?

oakshade · ‎06-05-2017

Aamir,

I just solved the same or a similar problem. I would get a message:

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

When using firefox 48 to login to ILO2 on my LAN. Then I read this from the firefox link presented for solving it:

You may have enabled SSL scanning in your security software such as Avast, Bitdefender, ESET or Kaspersky. Try to disable this option. More details about this are available in the support article How to troubleshoot the error code "SEC_ERROR_UNKNOWN_ISSUER" on secure websites.

So I checked and sure enough my AVG was set for scanning HTTPS (secure connections).

I disabled that portion of AVG and now I get in fine. I am using Free AVG 17.4. You may have a similar problem with something else.

AVG Menu> settings> components> Online shild> customize> uncheck Enable HTTPS scanning

I will have to find out how to configure that differently becuase the scanning of secure sites is something that I appreciate from AVG, but there is an option for setting exceptions. I will have to investigate further.

I hope this helps. Good luck.

Matti_Kurkela · ‎06-06-2017

The error message in the attached screenshot indicates BAD_MAC_ALERT, in other words, the browser does not like the hash algorithm the iLO3 uses for ensuring that the traffic is not tampered with. This is usually because this iLO uses a hash algorithm that has been found to be weak and is getting disabled in browsers.

This tends to happen as browsers get updated with more and more security features, and newer hash and encryption algorithms gradually replace older ones. You should make sure your ILO firmware is up to date to avoid or minimize problems like this.

MK

Erdogan Temur · ‎06-06-2017

Hi,

Please try i.e.

BR.

Kind Regards,
Erdogan.
No support by private messages. Please ask the forum!

Aamir-Camden · ‎06-09-2017

Hi,

Thanks for your kind suggestions, i have partially managed to resolve this issue by building a new Windows 7 Machine with Internet Explorer 10. ILO is now working fine. I have also noticed that the moment i upgrade to IE11. it stops working and return the same error message.

Now i am trying to find out what option in IE11 is rejecting the connection so i can use updated browser and disable the option when need to use ILO.

Regards.

Erdogan Temur · ‎06-09-2017

Hi,

Do the latest ilo firmware update for ie11.

Kind Regards,
Erdogan.
No support by private messages. Please ask the forum!

Matti_Kurkela · ‎06-10-2017

The problem is probablythat in May, Microsoft released an update for IE 11 and Edge to block any certificates using the SHA-1 hash algorithm: Before May 9, IE 11 and Edge would also have accepted a certificate using SHA-1, but would have warned that the certificate was weak. Now, the browsers will reject such a certificate altogether.

Older ILO2/3 firmware versions are unlikely to support any certificate hash algorithms other than MD5 and SHA-1, and now both of them have been deprecated - to the point that the browsers are now dropping support for those algorithms. The latest firmware should add support for newer hash algorithms.

https://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx

(I finally found a webpage that clearly describes Microsoft's hash algorithm policy.)

MK

Aamir-Camden · ‎06-12-2017

Hi Erdogan,

I am unable to find any firware for IE11 for these servers..

Hi Matti,

this coulud be an issue, However any suggestion how can i test this or make it work. any option to enable SHA-1 in IE or other browsers.

Matti_Kurkela · ‎06-14-2017

In year 2015, once it became known that SHA-1 was weak, all browser makers made plans to first have SHA-1 cause warnings/not qualify as secure any more, then to disable it unless specifically enabled, and ultimately completely stop using it. After May 9, 2017 these plans have reached their third phase: SHA-1 is getting completely rejected and you won't be able to change that.

Your only solution is to update to the ILO3 firmware version 1.88, as it adds support for the SHA256 algorithm which will continue to be accepted by the web browsers. The firmware is not IE11-specific in any way.

Here's the link to the download page for that firmware version for VMware ESXi 5.0:

http://h20565.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=4091567&swItemId=MTX_04b05621285145119cbaa69982&swEnvOid=4115

Note that if your current ILO3 firmware version is less than 1.20, you must update to version 1.20 first.

MK

vipin_80 · ‎08-17-2018

Thanks Matti!!!

Upgrading the firmware resolved the issue.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: unable to access ILO from Browser.

unable to access ILO from Browser.