Closed DAVIDMARTINEZROBLES closed 6 years ago
Is the IP Address you are connecting with the real IP of your appliance? Or are you trying to connect to your appliance via a NAT address?
it is the real IP Address of the customer appliance.
Then please provide the output from the following:
Import-Module HPOneView.400
[HPOneView.PKI.SslValidation]::EnableVerbose = $true
[HPOneView.PKI.SslValidation]::EnableDebug = $true
Connect-HPOVMgmt -Hostname 10.9.8.11 -Usename Administrator -Password $Password
The Thrusday, i run it in the customer Synergy.
I try connect to another Synergy and this is the output.
PS C:\Users\Damartinez> Import-Module HPOneView.400
PS C:\Users\Damartinez> [HPOneView.PKI.SslValidation]::EnableVerbose = $true
PS C:\Users\Damartinez> [HPOneView.PKI.SslValidation]::EnableDebug = $true
PS C:\Users\Damartinez> Connect-HPOVMgmt -Hostname 22.90.8.114 -Username Administrator -Password $Password
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Starting callback verification.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Certificate: [Subject]
CN=ci-30e171686a38, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Issuer]
CN=ci-30e171686a38, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Serial Number]
008C762A7A2F7C74F3
[Not Before]
23/01/2018 19:23:05
[Not After]
23/01/2019 19:23:05
[Thumbprint]
AB2061F64BDC63F6875296F149AD48006A998EA4
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Host: '22.90.8.114'
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() Looking for '22.90.8.114' within TrustedHosts dictionary.
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() In TrustedHosts dictionary: 'False'
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Cert has chain errors.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Processing 'UntrustedRoot' chain status.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Init parse SAN from certificate.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Certificate does not contain Subject Alternative Names.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() SAN contains host: False
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() The hostname used to connect does not match the Subject or SAN of the provided host certificate. Throw error.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Starting callback verification.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Certificate: [Subject]
CN=ci-30e171686a38, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Issuer]
CN=ci-30e171686a38, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Serial Number]
008C762A7A2F7C74F3
[Not Before]
23/01/2018 19:23:05
[Not After]
23/01/2019 19:23:05
[Thumbprint]
AB2061F64BDC63F6875296F149AD48006A998EA4
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Host: '22.90.8.114'
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() Looking for '22.90.8.114' within TrustedHosts dictionary.
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() In TrustedHosts dictionary: 'False'
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Cert has chain errors.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Processing 'UntrustedRoot' chain status.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Init parse SAN from certificate.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Certificate does not contain Subject Alternative Names.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() SAN contains host: False
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() The hostname used to connect does not match the Subject or SAN of the provided host certificate. Throw error.
Connect-HPOVMgmt : Unable to connect to '22.90.8.114' appliance. The hostname used to connect does not match the Subject or SAN of the provided host certificate.
At line:1 char:1
+ Connect-HPOVMgmt -Hostname 22.90.8.114 -Username Administrator -Passw ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (Hostname:String) [Connect-HPOVMgmt], ApplianceTransportException
+ FullyQualifiedErrorId : HostnameAndCertDoNotMatch,Connect-HPOVMgmt
PS C:\Users\Damartinez>
Hmm.. that last debug output has me concerned a bit. The Subject Alternative Name (SAN) extension to the Self-Signed Certificate is empty, and should not be. While we look internally to see if we can reproduce this condition, you will need to go to the Composer UI and regenerate the Self-Signed Certificate, making sure the Subject Alternative Name (SAN) field is not empty and contains the IPv4 Address of the Composer.
After further investigation, I think there may be something I can do to help address this. I just publishedRelease 4.00.1630.2612 and in PowerShell Gallery.
Can you please test this version with your customer environment and let me know if it helps address? If so, I'll then tag the release to and close this issue.
Closing due to no further activity. If this issue persists, we can re-open this request.
The same problem with the last version of HPOV
PS C:\_INVENTARIOS\Synergy> Import-Module HPOneView.400
PS C:\_INVENTARIOS\Synergy> [HPOneView.PKI.SslValidation]::EnableVerbose = $true
PS C:\_INVENTARIOS\Synergy> [HPOneView.PKI.SslValidation]::EnableDebug = $true
PS C:\_INVENTARIOS\Synergy> Connect-HPOVMgmt -Hostname 192.168.10.92 -Username Administrator -Password CONTRASEÑA
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Starting callback verification.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Certificate: [Subject]
CN=synergy01.mgmt.local, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Issuer]
CN=synergy01.mgmt.local, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Serial Number]
6ED4
[Not Before]
12/03/2018 14:02:42
[Not After]
12/03/2028 14:02:42
[Thumbprint]
914B8513D04978E3DB84517B8A3E9382B860F04D
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Host: '192.168.10.92'
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() Looking for '192.168.10.92' within TrustedHosts dictionary.
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() In TrustedHosts dictionary: 'False'
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Cert has chain errors.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Processing 'UntrustedRoot' chain status.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Init parse SAN from certificate.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Certificate does not contain Subject Alternative Names.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() SAN contains host: False
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() The hostname used to connect does not match the Subject or SAN of the provided host certi
ficate. Throw error.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Starting callback verification.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Certificate: [Subject]
CN=synergy01.mgmt.local, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Issuer]
CN=synergy01.mgmt.local, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Serial Number]
6ED4
[Not Before]
12/03/2018 14:02:42
[Not After]
12/03/2028 14:02:42
[Thumbprint]
914B8513D04978E3DB84517B8A3E9382B860F04D
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Host: '192.168.10.92'
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() Looking for '192.168.10.92' within TrustedHosts dictionary.
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() In TrustedHosts dictionary: 'False'
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Cert has chain errors.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Processing 'UntrustedRoot' chain status.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Init parse SAN from certificate.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Certificate does not contain Subject Alternative Names.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() SAN contains host: False
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() The hostname used to connect does not match the Subject or SAN of the provided host certi
ficate. Throw error.
Connect-HPOVMgmt : Unable to connect to '192.168.10.92' appliance. The hostname used to connect does not match the Subject or SAN of the provided host
certificate.
At line:1 char:1
+ Connect-HPOVMgmt -Hostname 192.168.10.92 -Username Administrator -Pas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (Hostname:String) [Connect-HPOVMgmt], ApplianceTransportException
+ FullyQualifiedErrorId : HostnameAndCertDoNotMatch,Connect-HPOVMgmt
PS C:\_INVENTARIOS\Synergy>
You are using the IP Address of the Composer, which does not match the [Subject]
value of the certificate, and the certificate does not contain any values within the Subject Alternative Names
extension field. You have two options to help resolve this:
C:\Windows\System32\drivers\etc\hosts
file or on the DNS server(s) in your local environment.Settings
-> Security
-> Create Self Signed Certificate
.Hi.
The same problem in new synergy installation
PS C:\_INVENTARIOS\Synergy>
PS C:\_INVENTARIOS\Synergy> [HPOneView.PKI.SslValidation]::EnableDebug = $true
PS C:\_INVENTARIOS\Synergy> [HPOneView.PKI.SslValidation]::EnableVerbose = $true
PS C:\_INVENTARIOS\Synergy> Connect-HPOVMgmt -hostname 22.2.60.10 -u Administrator -p HPinvent2017
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Starting callback verification.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Certificate: [Subject]
CN=BECH2TNGHVSYP02, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Issuer]
CN=BECH2TNGHVSYP02, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Serial Number]
009D7CCC451ABFC075
[Not Before]
04/05/2018 20:54:54
[Not After]
04/05/2028 20:54:54
[Thumbprint]
FA9E9A61F629E8BDE71961CF6CCF3200AE4BC320
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Host: '22.2.60.10'
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() Looking for '22.2.60.10' within TrustedHosts dictionary.
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() In TrustedHosts dictionary: 'False'
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Cert has chain errors.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Processing 'UntrustedRoot' chain status.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Init parse SAN from certificate.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Certificate does not contain Subject Alternative Names.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() SAN contains host: False
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() The hostname used to connect does not match the Subject or SAN of the provided
row error.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Starting callback verification.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Certificate: [Subject]
CN=BECH2TNGHVSYP02, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Issuer]
CN=BECH2TNGHVSYP02, O=Hewlett Packard Enterprise, L=Palo Alto, S=California, C=US
[Serial Number]
009D7CCC451ABFC075
[Not Before]
04/05/2018 20:54:54
[Not After]
04/05/2028 20:54:54
[Thumbprint]
FA9E9A61F629E8BDE71961CF6CCF3200AE4BC320
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Host: '22.2.60.10'
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() Looking for '22.2.60.10' within TrustedHosts dictionary.
VERBOSE: [HPOneVIew.PKI.SslValidator]::IsTrustedHost() In TrustedHosts dictionary: 'False'
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Cert has chain errors.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() Processing 'UntrustedRoot' chain status.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Init parse SAN from certificate.
[DEBUG]: [HPOneVIew.PKI.SslValidator]::ParseSubjectAlternativeName() Certificate does not contain Subject Alternative Names.
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() SAN contains host: False
VERBOSE: [HPOneVIew.PKI.SslValidator]::CertificateValidationCallBack() The hostname used to connect does not match the Subject or SAN of the provided
row error.
Connect-HPOVMgmt : Unable to connect to '22.2.60.10' appliance. The hostname used to connect does not match the Subject or SAN of the provided host c
At line:1 char:1
+ Connect-HPOVMgmt -hostname 22.2.60.10 -u Administrator -p HPinvent201 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (Hostname:String) [Connect-HPOVMgmt], ApplianceTransportException
+ FullyQualifiedErrorId : HostnameAndCertDoNotMatch,Connect-HPOVMgmt
PS C:\_INVENTARIOS\Synergy>
I try to use the second option to resolve the issue, but it did not work
@DAVIDMARTINEZROBLES My comments above about how you are using the IP Address of the Composer, and the SSL certificate cannot be validated (even a self-signed certificate) still stand. How are you performing Hardware Setup on the Composer? Please provide detailed steps.
Same problem. I'm connecting to the appliance via a NAT address, the appliance hostname is not on the DNS server and the C:\Windows\System32\drivers\etc workaround is not valid when using some secure VPNs clients (it disables this type of name resolution for security reasons).
Is there any way/option to simply disable hostname verification? I have no problem when I connect with OneView python binding.
My workaround is:
Connect with the HPOneView.310\Connect-HPOVMgmt Import SSLCertificate Import-HPOVSSLCertificate close the Powershell session and open a new one.
Use the HPOneView.420\Connect-HPOVMgmt
Please fill in as much information as possible to help resolve your issue.
Expected Behavior
Connect to Appliance is not possible.
I´m trying to connect to two Synergy OneView Appliance 3.10.07 and 4.00.07
If I use the HPOneView.310, all is ok.
Actual Behavior
The hostname used to connect does not match the Subject or SAN of the provided host certificate.
Steps to reproduce
Version Information
HPE OneView PowerShell Library Version (
Get-HPOVVersion
or$PSLibraryVersion
): HPE OneView Appliance Version (Get-HPOVVersion -ApplianceVer
):Output from
$PSVersionTable
on your Windows Host:4.0.1612.2800 C:\Program Files\WindowsPowerShell\Modules\HPOneView.400\4.0.1612.2800