HPE Community
Servers - General
1833780 Members
2494 Online
110063 Solutions
New Discussion

Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

 
Aslaksrud
Occasional Collector

‎06-25-2020 03:10 AM - edited ‎06-25-2020 03:12 AM

‎06-25-2020 03:10 AM - edited ‎06-25-2020 03:12 AM

Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Problem description:
Server is installed with SPP 03.2020 (iLO firmware = v2.14). When using PowerShell with HPEiLOcmdlets 3.0.0.0 we get issue when trying to import a LDAP CA Certificate.

The command "Import-HPEiLOLDAPCACertificate" fails to import the certificate and it seems that it expect "CetrificateType" that is not possible to specify. The same Certificate works when added in Gui.

Questions:
- Could this be an issue in the module occuring on iLO with firmware version >=2.10?
- Is it correct that the "CertificateType" is a new property that is added and made mandatory in the latest firmwares which got missed in the analysis?
- Has anyone experienced the same and Is there a fix or workaround for this?

/Lars

1 person had this problem.
0 Kudos
Reply
12 REPLIES 12
ksram
HPE Pro

‎06-29-2020 02:02 AM

‎06-29-2020 02:02 AM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hi @Aslaksrud ,

Please check the pre-requisites : 

We see earlier Minimum .NET Framework version needed is 4.5 and its changed to 4.7.1.

Try this and share the obsrervation


I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
Aslaksrud
Occasional Collector

‎06-29-2020 11:14 PM - edited ‎06-29-2020 11:16 PM

‎06-29-2020 11:14 PM - edited ‎06-29-2020 11:16 PM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hi,

Just tested exactly the same script including "Import-HPEILOLDAPCertificate"on another G10 (iLO5) server with iLO firmware v1.40 and the script worked just like expected with the LDAP certificate installed. So the described issue looks to occure on G10 (iLO5) servers with firmware version >=2.10.

Could you please check internaly with the division developing the HPEiLOcmdlets?
(HPE Support Case 5348215920)

/Lars

0 Kudos
Reply
ksram
HPE Pro

‎06-30-2020 06:32 PM

‎06-30-2020 06:32 PM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hi @Aslaksrud ,

Thank you for sharing the udpate.

We shall follow the main Case for further updates.

 


I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
Aslaksrud
Occasional Collector

‎07-02-2020 03:54 AM

‎07-02-2020 03:54 AM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Thank you for your response.

It would be nice if you could route/enlighte the main case internaly (HPE) to the right division/person, if possible.

thx in advance
Lars Aslaksrud

0 Kudos
Reply
Steve_Tippett
Frequent Advisor

‎09-15-2020 02:04 PM

‎09-15-2020 02:04 PM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

I encountered the same issue today, and found no fix after studying the cmdlet help.  Then I found this thread here in the community forum, so I'm asking my HPE contact to find some updated status from the HPE Support case 5348215920

0 Kudos
Reply
Erik Grimsrud
Occasional Advisor

‎10-27-2020 04:35 PM

‎10-27-2020 04:35 PM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hey Steve,

Did you every hear back from HP about the Import-HPEiLOLDAPCACertificate command not working?

I found that It worked on my ILO 5 when i was sitting at firmware version 1.4x, but after I upgraded to 2.14, and now recently 2.31, Import-HPEiLOLDAPCACertificate cmdlet stopped working.

For anyone else reading this..... I tried to used the Import-HPEiLOLDAPCACertificate command with HPEILOCmdlets 2.2.0.0, 3.0.0.0, and 3.0.0.1 and none of them work. FYI. THe Import-HPEiLOLDAPCACertificate command errors out immidiatly when running the 3.0.0.1 version. 

0 Kudos
Reply
ksram
HPE Pro

‎10-27-2020 10:59 PM

‎10-27-2020 10:59 PM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hi @Erik Grimsrud,

I see that Version:3.0.0.1 (2 Sep 2020) has fixed the issue previously. 

Link : https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_6450d27906114779afde23c875#tab-history

But I see you are experiencing the issue with 3.0.0.1 as well. 

May we know if you can try downgrading the ILO to 2.30 and or 3.0.0.0. and share the observations.

Thank you,

Ram 

 


I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
Erik Grimsrud
Occasional Advisor

‎10-28-2020 11:00 AM - edited ‎10-28-2020 11:05 AM

‎10-28-2020 11:00 AM - edited ‎10-28-2020 11:05 AM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hey Ram,

I backed down the firmware to 2.30a and the CMDlets were backed down to 3.0.0.0. This time I do not get the red error message, but running the script in -Verbose shows redfish is reporting that a required property is missing.

Running these commands
$cert = Get-Content -Path "H:\Desktop\HP_iLO_Script\XXXXXXXXXXXX.cer" -raw
$iloconnection = Connect-HPEiLO XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com -Username XXXXX -password XXXXXX -DisableCertificateAuthentication
Import-HPEiLOLDAPCACertificate -Connection $iloconnection -Certificate $cert -Verbose


PS H:\> H:\Desktop\HP_iLO_Script\ilo-test.ps1
VERBOSE: Performing the operation "Import-HPEiLOLDAPCACertificate" on target "XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com".
VERBOSE: Executing the cmdlets with 1 task serially.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Validating Cmdlet supportability.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Checking for iLOGeneration, Model and Firmware for Cmdlet Supportability.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Validating parameter supportability.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Getting url value from resource instance.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Creating Redfish request.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Retrieving URL's from parameter mapper.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Forming JSON payload for corresponding URL.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Creating Redfish request.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Sending Redfish request to PATCH/POST/DELETE the JSON payload.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Processing JSON response.
VERBOSE: [Import-HPEiLOLDAPCACertificate][XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com][Redfish]: Redfish response message: RequiredPropertyMissing

IP                        Hostname                                                    Status   StatusInfo
--                        --------                                                          ------     ----------
xxx.xxx.xxx.xxx XXXXXXXXXXXXXXX-mgmt.xxx.xxx.com ERROR HPE.Framework.Core.StatusInfo

 

0 Kudos
Reply
ksram
HPE Pro

‎10-28-2020 08:50 PM

‎10-28-2020 08:50 PM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hi @Erik Grimsrud ,

Please confirm the Pre requisites mentioned on the "Installation Instructions" on the iLO cmdlets download link.

Also try to run different commands.. and try the same commands on different Units and check if you are able to run them.

Thank you

Ram 


I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
Erik Grimsrud
Occasional Advisor

‎10-30-2020 08:21 AM

‎10-30-2020 08:21 AM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Hello Ram,

I am running Windows 10 with the latest patches/Security updates. It comes with Windows Management Framework 5.1 already installed and .net Framework 4.6 already installed. I have updated .Net Framwork and I have installed Powershell 7. Still getting the same error.


I can run a number of other Cmdlets with no issue. I have problems with the below 3 Cmdlets running in 3.0.0.0 and 3.0.0.1 with Firmware 2.30a and 2.31 so far.


Add-HPEiLODirectoryGroup - Target URL(s) could not be found

Import-HPEiLOLDAPCACertificate - Missing CertificateType or Missing Propery Type

Update-HPEiLOFirmware - Object reference not set to an instance of an object.

 

0 Kudos
Reply
Steve_Tippett
Frequent Advisor

‎10-30-2020 09:02 AM

‎10-30-2020 09:02 AM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Erik, you are not alone.   Those 3 cmdlets also error for me.   This is getting pretty frustrating.   Issues were reported in June and we still don't have resolution.  I asked my local HPE contact to inquire, the response I received was that the current development branch of the iLo cmdlets will fix these errors when paired with a still-to-be-released iLo 5 firmware (2.40)?    Perhaps the need to address Ripple20 vunerability delayed the progress on these bug fixes, but I'm still not happy.

0 Kudos
Reply
Erik Grimsrud
Occasional Advisor

‎10-30-2020 09:33 AM

‎10-30-2020 09:33 AM

Re: Powershell | iLO5 | HPEiLOCmdlets 3.0.0.0 | Import a LDAP CA Certificate

Well, its good to know they are working on a fix, but I really hope they get this fixed sooner rather than later. I have to configure the iLOs on 290 brand new servers that came in and doing this by hand is going to suck. Seems like everytime a new firmware version is released it fixes one CMDlet and breaks three others.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.