- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- iLO5 never generates CSR after running start-hpeil...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2021 01:06 PM - last edited on 09-13-2021 04:20 AM by support_s
08-30-2021 01:06 PM - last edited on 09-13-2021 04:20 AM by support_s
iLO5 never generates CSR after running start-hpeilocertificatesigningrequest
We have a powershell script that we have been using for quite some time to do all of our org's required configs on our fleet of iLOs. In the last month or so, we have not been able to get a CSR to generate after using the start-hpeilocertificatesigningrequest command.
We have 40 hosts that were racked last week that we're trying to config, iLO 5, firmware version 2.44. Using Powershell module HPEiLOCmdLets version 3.1.0.1
Code snip:
#Generating CSR
$Result = Start-HPEiLOCertificateSigningRequest -Connection $iLOConnection -State "redacted" -Country "USA" -City "redacted" -Organization "redacted" -OrganizationalUnit "redacted" -CommonName $ilofqdn -IncludeiLOIP
$CSR = ""
$CSR = Get-HPEiLOCertificateSigningRequest -Connection $iLOConnection
while(-not ($csr.CertificateSigningRequest)) {
Write-Host "Waiting for CSR to be generated ..."
start-sleep -Seconds 60
$CSR = Get-HPEiLOCertificateSigningRequest -Connection $iLOConnection
}
$CSR.CertificateSigningRequest | Out-File -FilePath "c:\temp\$iloname.csr"
write-host -ForegroundColor Green "SSL Certificate Signing Request for this iLO has been generated and saved at 'C:\Temp\$iloname.csr'."
write-host -ForegroundColor Green "Please generate the certificate from organization AD PKI servers and manually load to the iLO."
We have been using this particular script for quote some time (a year or more?) and now it's just not working. The iLO never generates a CSR.
Actual PS console view, with $verbosepreference set to Continue (to show verbose info)
PS C:\> Start-HPEiLOCertificateSigningRequest -Connection $iLOConnection -State "redacted" -Country "USA" -City "redacted" -Organization "redacted" -OrganizationalUnit "redacted" -CommonName $ilofqdn -IncludeiLOIP
VERBOSE: Executing the cmdlets with 1 task serially.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Validating Cmdlet supportability.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Checking for iLOGeneration, Model and Firmware for Cmdlet Supportability.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Validating parameter supportability.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Checking for iLOGeneration, Model and Firmware for parameter Supportability.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Getting url value from resource instance.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Creating Redfish request.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Retrieving URL's from parameter mapper.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Forming JSON payload for corresponding URL.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Creating Redfish request.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Sending Redfish request to PATCH/POST/DELETE the JSON payload.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Processing JSON response.
VERBOSE: [Start-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Redfish response message: GeneratingCertificate
IP Hostname Status StatusInfo
-- -------- ------ ----------
172.23.104.30 vmw-prd-esx30-mgmt INFORMATION HPE.Framework.Core.StatusInfo
And over the next 5-10 minutes, you can just repeatedly get this:
PS C:\> Get-HPEiLOCertificateSigningRequest -Connection $iLOConnection
VERBOSE: Executing the cmdlets with 1 task serially.
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Validating Cmdlet supportability.
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Checking for iLOGeneration, Model and Firmware for Cmdlet Supportability.
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Validating parameter supportability.
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Getting JSON url for ODataType HpeHttpsCert.
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Getting OdataId for OdataType HpeHttpsCert.
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Getting url value from resource instance.
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: JSON url is /redfish/v1/Managers/1/SecurityService/HttpsCert/
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: JSON URL with query is- /redfish/v1/Managers/1/SecurityService/HttpsCert/
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Sending Redfish request.
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Processing JSON response.
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Response Type is HPE.iLO.Response.Redfish.CertificateSigningRequestInfo
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Processing complex JSON response.
VERBOSE: [Get-HPEiLOCertificateSigningRequest][vmw-prd-esx30-mgmt][Redfish]: Converting JSON response to its respective output object.
CertificateSigningRequest :
IP : 172.23.104.30
Hostname : vmw-prd-esx30-mgmt
Status : OK
StatusInfo :
I looked throgh the logs available on the iLO gui and saw nothing relevant. Any one have any idea why our iLOs are no longer generating a CSR from the command? I can go to the GUI and punch in all of the info and generate it; but it's failing from the script on all hosts we've purchased/installed in the last 2 months (that being close to 60 systems).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2021 04:15 AM
09-13-2021 04:15 AM
Re: iLO5 never generates CSR after running start-hpeilocertificatesigningrequest
Hello,
I would recommend to contact HPE Support higher level to get this resolved as it may require deeper analysis and powershell scripting knowledge