New-OVExternalRepository - 400 Bad Request Unable to communicate with webserver

[roladdhp]

I'm having issues with the New-OVExternalRepository command and need help with it unable to connect to the webserver. Below is a detail description of the environment, process and error. Please advise.

Working with Windows 2022, PowerShell 7 (7.4.1), HPEOneView.860 POSH Lib, IIS Windows 2022. OneView for Synergy Ver 870.

Exported BASE64 Self-Signed IIS certificate and saved it to the local directory. IIS has one application called repository which holds the firmware bundle that I wish to access. I can manually access the website (with invalid certificate https: (crossed out), from localhost and from remote client I can manually access the website from the UI of the Synergy OneView Appliance.

However, from the command line this fails. 1) connect to OVMgmt (successful) 2) define and set $remoteserver as ("XX.XX.XX.XXX") and $directory as "repository" 3) New-OVExternalRepository -Name "Synergy_Repo" -Hostname $remoteserver -Directory $directory -Certificate (Get-Content -Path .\webervercert.cer -Raw) 4) New-OVExternalRepository -Name "Synergy_Repo" -Hostname $remoteserver -Directory $directory -Certificate (Get-Content -Path .\webervercert.cer -Raw) -Credential (Get-Credential)

Error:

New-OVExternalRepository: Unable to communicate with the webserver. Verify the webserver address is correct and verify the connectivity between the appliance and the webserver.

Verbose Output from the Command:

VERBOSE: [New-OVExternalRepository] Redacting users Password from Verbose Output
VERBOSE: [New-OVExternalRepository] Bound PS Parameters:
Name                           Value
----                           -----
Directory                      repository
Hostname                       <WebServerIP>
Certificate                    -----BEGIN CERTIFICATE-----…
Name                           Synergy_Repo
Verbose                        True

VERBOSE: [NEW-OVEXTERNALREPOSITORY] Called from: <ScriptBlock>
VERBOSE: [NEW-OVEXTERNALREPOSITORY] Verify auth
VERBOSE: [TEST-OVAUTH] Caller: New-OVExternalRepository
VERBOSE: [TEST-OVAUTH] Verify Auth for **(Redacted - Synergy Appliance IP ADDR)**
VERBOSE: [TEST-OVAUTH] $Appliance is [HPEOneView.Appliance.Connection]
VERBOSE: [TEST-OVAUTH] Received HPEOneview.Appliance.Connection Object:
ConnectionID Name          UserName      AuthLoginDomain Default
------------ ----          --------      --------------- -------
1             'SYNGR-IP'  Administrator LOCAL           True

VERBOSE: [NewObject] Redacting users Password from Verbose Output
VERBOSE: [NewObject] Bound PS Parameters:
Name                           Value
----                           -----
ExternalRepository             True

VERBOSE: [NEWOBJECT] Called from: New-OVExternalRepository
True
VERBOSE: [SEND-OVREQUEST] BEGIN
VERBOSE: [SEND-OVREQUEST] Called from: New-OVExternalRepository
VERBOSE: [SEND-OVREQUEST] Bound PS Parameters:
Key      Value
---      -----
uri      /rest/repositories
method   POST
Hostname 'SYNGR-IP' 
body     @{repositoryName=Synergy_Repo; userName=; password=; repositoryURI=https://<WebServerIP>/repository; nfsFolderPath=; repositoryType=FirmwareExt…

VERBOSE: [SEND-OVREQUEST] Process
VERBOSE: [SEND-OVREQUEST] Hostname value:
ConnectionID Name          UserName      AuthLoginDomain Default
------------ ----          --------      --------------- -------
1            Synergy App IP Administrator LOCAL           True

VERBOSE: [SEND-OVREQUEST] Prior Global Response Error Object for 'SYNGR-IP' found. Clearing.
VERBOSE: [SEND-OVREQUEST] Processing 'SYNGR-IP' appliance connection request. 1 of 1
VERBOSE: [SEND-OVREQUEST] Requested URI '/rest/repositories' to 'SYNGR-IP' 
VERBOSE: [SEND-OVREQUEST] Restclient timeout setting: 20000
VERBOSE: [SEND-OVREQUEST] Body object found. Converting to JSON.
VERBOSE: [SEND-OVREQUEST] HTTP Method is POST. Removing 'ApplianceConnection' NoteProperty from object(s).
VERBOSE: InputObject is [PSCustomObject]. Copying...
VERBOSE: [Send-OVRequest] Redacting users Password from Verbose Output
VERBOSE: [SEND-OVREQUEST] Request Body: {"repositoryName":"Synergy_Repo","userName":"","password":"","repositoryURI":https://<WebServerIP>/repository,"nfsFolderPath":null,"repositoryType":"FirmwareExternalRepo","base64Data":"-----BEGIN CERTIFICATE-----\r\nMIIC9TCCAd2gAwIBAgIQUyAYourxGbpIkzHjFcD9aDANBgkqhkiG9w0BAQsFADAX\r\nMRUwEwYDVQQDEwxFTkdMQUJERVBMT1kwHhcNMjQxMDE2MTg0MjEwWhcNMjUxMDE2\r\nMDAwMDAwWjAXMRUwEwYDVQQDEwxFTkdMQUJERVBMT1kwggEiMA0GCSqGSIb3DQEB\r\nAQUAA4IBDwAwggEKAoIBAQDQIHZhr7CXhgk8bmvmCHHzFN1tohIofDyTko4YfzAo\r\nPznReWrsmxNoDCiIBqS0W9iLoYd98utu3YFI6tDlKBa8/r2AvKCRORMcZtZnrExO\r\nbuUj/v2aXz/SfLWY5GDpFWCmQ8YE3DjBEAaMm+gWL5PSl25oEzJKxiobyVZPur1R\r\ncftWKdq5SWUof7OD3vAkY9HLmXmLMwaqkMbrvKmRU4xkFb26K/xbJnHKrov+QkaZ\r\n8DIEhrkmiRwy3NNK0EaoQaVHxqUvt5zLZET/ECb7YSWmT0vSr1CyNr67ftwiV2Ao\r\n65Q/u9QRexrsAQYgASJG2ATAqnAt5qlL2m32wIOlFLS9AgMBAAGjPTA7MAsGA1Ud\r\nDwQEAwIEsDATBgNVHSUEDDAKBggrBgEFBQcDATAXBgNVHREEEDAOggxFTkdMQUJE\r\nRVBMT1kwDQYJKoZIhvcNAQELBQADggEBAGZr2fr8s38NxX0FYzkkTd1XaBXTYN/O\r\nzfZFSRs33ymwWrjjc/02fMzQxYHlgol3bAMMRxnWrWr8CLlGRbBl9AAN7pbm1flk\r\nDufYtykANGYMbNlUpeOr4TBPpidKIZOueDBs4TYPIXaYqbvhsnhbpo54Dv8l1oxk\r\n9K6SZsGwrqOILd1K+3WcKh4x4cVn/rZIXOA/45SFCEOe5R0CoT2G/irkPAQfHh/v\r\n+vw9w9s4lmBnE49BDhexY8RVL+YS0zctTY0ijrCiBMt2wSMm3JvYT56BTY/Y5oOH\r\nmLu6w5mmNWNCbhYYeISUTtSo/hKI6bm6sdV28mtPCDwvb4Da7RW1kkg=\r\n-----END CERTIFICATE-----\r\n"}
VERBOSE: [SEND-OVREQUEST] Request: POST https:// 'SYNGR-IP'/rest/repositories
VERBOSE: [SEND-OVREQUEST] Request Header 1: User-Agent = HPEOneView.PowerShell/8.60 (Microsoft Windows NT 10.0.20348.0)
VERBOSE: [SEND-OVREQUEST] Request Header 2: Content-Type = application/json
VERBOSE: [SEND-OVREQUEST] Request Header 3: Accept = application/json, text/html, application/xhtml+xml
VERBOSE: [SEND-OVREQUEST] Request Header 4: X-API-Version = 5800
VERBOSE: [SEND-OVREQUEST] Request Header 5: accept-language = en_US
VERBOSE: [SEND-OVREQUEST] Request Header 6: accept-encoding = gzip, deflate
VERBOSE: [SEND-OVREQUEST] Request Header 7: auth = [*****REDACTED******]
VERBOSE: [SEND-OVREQUEST] Net.WebException Error caught
VERBOSE: [SEND-OVREQUEST] Exception Object:
PSMessageDetails      :
Exception             : System.Net.WebException: The remote server returned an error: (400) Bad Request.
                           at System.Net.HttpWebRequest.GetResponse()
                           at CallSite.Target(Closure, CallSite, WebRequest)
TargetObject          :
CategoryInfo          : NotSpecified: (:) [], WebException
FullyQualifiedErrorId : WebException
ErrorDetails          :
InvocationInfo        : System.Management.Automation.InvocationInfo
ScriptStackTrace      : at Send-OVRequest<Process>, C:\Program Files\PowerShell\Modules\HPEOneView.860\8.60.3997.3057\HPEOneView.860.psm1: line 6555
                        at New-OVExternalRepository<Process>, C:\Program Files\PowerShell\Modules\HPEOneView.860\8.60.3997.3057\HPEOneView.860.psm1: line 34927
                        at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {}

VERBOSE: [SEND-OVREQUEST] Exception Message: The remote server returned an error: (400) Bad Request.
VERBOSE: [SEND-OVREQUEST] InnerException FullyQualifiedErrorId:
VERBOSE: [SEND-OVREQUEST] InnerException Message:
VERBOSE: [SEND-OVREQUEST] Exception
VERBOSE: [SEND-OVREQUEST] Getting Error Response
VERBOSE: [SEND-OVREQUEST] ERROR RESPONSE: {"errorCode":"REPOSITORY_NOT_REACHABLE","message":"Unable to communicate with the webserver.","details":"","messageParameters":[],"recommendedActions":["Verify the webserver address is correct and verify the connectivity between the appliance and the webserver."],"errorSource":null,"nestedErrors":[],"data":{}}
VERBOSE: [SEND-OVREQUEST] Response Status: HTTP 400 [Bad Request]
VERBOSE: [SEND-OVREQUEST] Response Header: Date = max-age=31536000
VERBOSE: [SEND-OVREQUEST] Response Header: Server = default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://www.hpe.com/; font-src 'self' https://hpefonts.s3.amazonaws.com/ https://fonts.gstatic.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;
VERBOSE: [SEND-OVREQUEST] Response Header: Cache-Control = close
VERBOSE: [SEND-OVREQUEST] Response Header: Pragma = chunked
VERBOSE: [SEND-OVREQUEST] Response Header: X-XSS-Protection = application/json; charset=utf-8
VERBOSE: [SEND-OVREQUEST] Response Header: X-Frame-Options = 0
VERBOSE: [SEND-OVREQUEST] Response Header: X-Content-Type-Options =
VERBOSE: [SEND-OVREQUEST] Response Header: Strict-Transport-Security =
VERBOSE: [SEND-OVREQUEST] Response Header: Content-Security-Policy =
VERBOSE: [SEND-OVREQUEST] Response Header: Connection =
VERBOSE: [SEND-OVREQUEST] Response Header: Transfer-Encoding =
VERBOSE: [SEND-OVREQUEST] Response Header: Content-Type =
VERBOSE: [SEND-OVREQUEST] Response Header: Expires =
VERBOSE: [SEND-OVREQUEST] HTTP 400 error caught.
VERBOSE: [NEW-ERRORRECORD] Building ErrorRecord object
VERBOSE: [SEND-OVREQUEST] Cleaning up HttpWebRequest
New-OVExternalRepository: Unable to communicate with the webserver. Verify the webserver address is correct and verify the connectivity between the appliance and the webserver.
PS C:\Users\hpedeploy>

[roladdhp]

Appears the issue is with Self-Signed Certificates. The documentation does not explain this or this could still be an error with the code. However, taking the Self-Signed Certificate and issuing Add-OVApplianceTrustedCertificate with the unsigned certificate prior to running the New-OVExternalRepository command results in the repository being added. Again the documentation needs to reflect this.

I will wait for additional comments before closing the case.

[ChrisLynchHPE]

The error message is an error from the appliance itself, not the Cmdlets use. By default, self-signed certificates are never trusted, because the Issuer and Common Name are the same value. The Issuer needs to be trusted in order to use self-signed certs. This issue wouldn't have been with the Cmdlet. This issue should be closed.

[roladdhp]

Thank you.

Closing this request. Documentation should have a footnote where certificates are used that non-trusted certificates must be added to the trusted store on the appliance. It makes sense, but not clear when working through the command. This is something that becomes trivial, once you have gone through the pain once :-).

Sorry one more comment. The error message should be more clear that the certificate is not trusted or known by the appliance, versus that it can't connect to the webserver.

Again thank you.