Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get-OVserver -name $server | Get-OVIloSso -IloRestSession returns Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not be established, see inner exception #669

Open
aderusha opened this issue Feb 7, 2024 · 3 comments
Open

Get-OVserver -name $server | Get-OVIloSso -IloRestSession returns Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not be established, see inner exception #669

aderusha opened this issue Feb 7, 2024 · 3 comments
Assignees
@ChrisLynchHPE
Labels
NeedMoreInformation UnableToReproduce

Comments

@aderusha
Copy link

aderusha commented Feb 7, 2024
edited
Loading

Get-OVIloSso returns Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not be established, see inner exception."

This problem was originally opened as #614 and then marked closed complete. The problem still exists in PowerShell 7.0+

Expected Behavior

An SSO token should be returned, even against self-signed iLOs, and should work in PowerShell 7 like it does in PowerShell 5.

Actual Behavior

Powershell 5 works as expected, Powershell 7 returns:

Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not| be established, see inner exception."

Steps to reproduce

Get-OVserver -name $server | Get-OVIloSso -IloRestSession -Verbose
VERBOSE: [GET-OVILOSSO] Bound PS Parameters: 
Key            Value
---            -----
IloRestSession True
Verbose        True


VERBOSE: [GET-OVILOSSO] Called from: <ScriptBlock>
VERBOSE: [GET-OVILOSSO] Server Hardware was provided.
VERBOSE: [GET-OVILOSSO] Processing [*****REDACTED******], bay 1
VERBOSE: [SEND-OVREQUEST] BEGIN
VERBOSE: [SEND-OVREQUEST] Called from: Get-OVIloSso
VERBOSE: [SEND-OVREQUEST] Bound PS Parameters: 
Key      Value
---      -----
uri      /rest/server-hardware/35393350-3133-584D-5133-343430375736/iloSsoUrl
Hostname 10.1.2.3


VERBOSE: [SEND-OVREQUEST] Process
VERBOSE: [SEND-OVREQUEST] Hostname value: 
Name         ConnectionId
----         ------------
10.1.2.3            1


VERBOSE: [SEND-OVREQUEST] Filtering for Connection Object via PSObject: 
Name         ConnectionId
----         ------------
10.1.2.3            1


VERBOSE: [SEND-OVREQUEST] Processing '10.1.2.3' appliance connection request. 1 of 1
VERBOSE: [SEND-OVREQUEST] Requested URI '/rest/server-hardware/35393350-3133-584D-5133-343430375736/iloSsoUrl' to '10.1.2.3'
VERBOSE: [SEND-OVREQUEST] Restclient timeout setting: 20000
VERBOSE: [SEND-OVREQUEST] Request: GET https://10.1.2.3/rest/server-hardware/35393350-3133-584D-5133-343430375736/iloSsoUrl
VERBOSE: [SEND-OVREQUEST] Request Header 1: User-Agent = HPEOneView.PowerShell/8.50 (Microsoft Windows NT 10.0.14393.0)
VERBOSE: [SEND-OVREQUEST] Request Header 2: Content-Type = application/json
VERBOSE: [SEND-OVREQUEST] Request Header 3: Accept = application/json, text/html, application/xhtml+xml
VERBOSE: [SEND-OVREQUEST] Request Header 4: X-API-Version = 5600
VERBOSE: [SEND-OVREQUEST] Request Header 5: accept-language = en_US
VERBOSE: [SEND-OVREQUEST] Request Header 6: accept-encoding = gzip, deflate
VERBOSE: [SEND-OVREQUEST] Request Header 7: auth = [*****REDACTED******]
VERBOSE: [SEND-OVREQUEST] Response time: 00:00:00.7872814
VERBOSE: [SEND-OVREQUEST] Response Status: 200 (OK)
VERBOSE: [SEND-OVREQUEST] Response Header 1: Date = Wed, 07 Feb 2024 17:20:15 GMT
VERBOSE: [SEND-OVREQUEST] Response Header 2: Server = Apache
VERBOSE: [SEND-OVREQUEST] Response Header 3: Cache-Control = no-cache
VERBOSE: [SEND-OVREQUEST] Response Header 4: Pragma = no-cache
VERBOSE: [SEND-OVREQUEST] Response Header 5: X-XSS-Protection = 1; mode=block
VERBOSE: [SEND-OVREQUEST] Response Header 6: X-Frame-Options = DENY
VERBOSE: [SEND-OVREQUEST] Response Header 7: X-Content-Type-Options = nosniff
VERBOSE: [SEND-OVREQUEST] Response Header 8: Strict-Transport-Security = max-age=31536000
VERBOSE: [SEND-OVREQUEST] Response Header 9: Content-Security-Policy = default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.hpe.com; font-src 'self' https://hpefonts.s3.amazonaws.com https://fonts.gstatic.com;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
VERBOSE: [SEND-OVREQUEST] Response Header 10: Keep-Alive = timeout=15, max=100
VERBOSE: [SEND-OVREQUEST] Response Header 11: Connection = Keep-Alive
VERBOSE: [SEND-OVREQUEST] Response Header 12: Transfer-Encoding = chunked
VERBOSE: [SEND-OVREQUEST] Response Header 13: Content-Type = application/json; charset=utf-8
VERBOSE: [SEND-OVREQUEST] Response Header 14: Expires = 0
VERBOSE: [SEND-OVREQUEST] FinalResponse: {"iloSsoUrl":"https://10.4.5.6:443/Proxy/SSO?TKN=[*****REDACTED******]&HA=SHA384&KEY=ssononce [*****REDACTED******]&XE=dmvdisyncp01.deaconess.com&UN=ostadmin&UA=4&URL=https://10.4.5.6:443"}
VERBOSE: [SEND-OVREQUEST] Manual Pagination: False
VERBOSE: [SEND-OVREQUEST] Response object, no paging needed.
VERBOSE: [SEND-OVREQUEST] Cleaning up HttpWebRequest
VERBOSE: [SEND-OVREQUEST] Does nextPageUri member exist: False
VERBOSE: [SEND-OVREQUEST] Is nextPageUri Null or Empty: True
VERBOSE: [SEND-OVREQUEST] Stopping Do/Until loop because nextPageUri doesn't exist and have received all objects.
VERBOSE: [SEND-OVREQUEST] End
VERBOSE: [GET-OVILOSSO] Generating and returning iLO REST/RedFish SSO Session object
VERBOSE: [GET-OVILOSSO] Getting Redfish SessionID token from iLO, 10.4.5.6.
Get-OVIloSso: Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not be established, see inner exception."

$> $Error[0].Exception.InnerException

Status         : UnknownError
Response       : 
TargetSite     : System.Net.WebResponse GetResponse()
Message        : The SSL connection could not be established, see inner exception.
Data           : {}
InnerException : System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
                  ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
                    at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
                    at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
                    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
                    --- End of inner exception stack trace ---
                    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
                    at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
                    at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
                    at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
                    at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellation(CancellationToken cancellationToken)
                    at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
                    at System.Net.Http.HttpMessageHandlerStage.Send(HttpRequestMessage request, CancellationToken cancellationToken)
                    at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
                    at System.Net.Http.HttpMessageHandlerStage.Send(HttpRequestMessage request, CancellationToken cancellationToken)
                    at System.Net.Http.Metrics.MetricsHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
                    at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
                    at System.Net.Http.HttpMessageHandlerStage.Send(HttpRequestMessage request, CancellationToken cancellationToken)
                    at System.Net.Http.SocketsHttpHandler.Send(HttpRequestMessage request, CancellationToken cancellationToken)
                    at System.Net.Http.HttpClient.Send(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)
                    at System.Net.HttpWebRequest.SendRequest(Boolean async)
                    at System.Net.HttpWebRequest.GetResponse()
HelpLink       : 
Source         : System.Net.Requests
HResult        : -2146233087
StackTrace     :    at System.Net.HttpWebRequest.GetResponse()
                    at CallSite.Target(Closure, CallSite, HttpWebRequest)

Version Information

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.0
PSEdition                      Core
GitCommitId                    7.4.0
OS                             Microsoft Windows 10.0.14393
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

$> Get-Module HPEOneView.850

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     8.50.3667…            HPEOneView.850                      {Add-OVApplianceTrustedCertificate, Add-OVBaseline, Add-OVClusterManager, Add-OVClusterNode…}

$> Get-OVVersion
10.1.2.3                        LibraryVersion Path
------------                        -------------- ----
ApplianceVersion: 8.60.01.485169.00 8.50.3667.2043 C:\Program Files\WindowsPowerShell\Modules\HPEOneView.850\8.50.3667.2043
@aderusha aderusha added the Bug label Feb 7, 2024
@aderusha aderusha changed the title Get-OVserver -name $server | Get-OVIloSso -IloRestSession returns Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not| be established, see inner exception Get-OVserver -name $server | Get-OVIloSso -IloRestSession returns Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not be established, see inner exception Feb 7, 2024
@danthomasbbc
Copy link

danthomasbbc commented Apr 12, 2024
edited
Loading

+1 for this behaviour

Get-OVVersion

#####################      LibraryVersion Path
----------------------------        -------------- ----
ApplianceVersion: 8.70.00.486025.00 8.50.3667.2043 C:\Program Files\WindowsPowerShell\Modules\HPEOneView.850\8.50.3667.2043`

`$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.1
PSEdition                      Core
GitCommitId                    7.4.1
OS                             Microsoft Windows 10.0.19045
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0`

@ChrisLynchHPE ChrisLynchHPE self-assigned this Oct 2, 2024
@ChrisLynchHPE
Copy link
Member

You are not including the -SkipCertificateCheck switch parameter. If you do not include it, then the library expects the iLO cert to be trusted. Please include this switch parameter and try again.

@jullienl
Copy link

Facing the same issue:

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.1
PSEdition                      Core
GitCommitId                    7.4.1
OS                             Microsoft Windows 10.0.20348
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

get-module -name HPEOneView.860 | select version

Version
-------
8.60.3997.3057


$server | Get-OVIloSso -IloRestSession -SkipCertificateCheck -v

VERBOSE: [SEND-OVREQUEST] Processing 'composer.lj.lab' appliance connection request. 1 of 1
VERBOSE: [SEND-OVREQUEST] Requested URI '/rest/server-hardware/39313738-3034-5A43-3232-31373035545A/iloSsoUrl' to 'composer.lj.lab'
VERBOSE: [SEND-OVREQUEST] Restclient timeout setting: 20000
VERBOSE: [SEND-OVREQUEST] Request: GET https://composer.lj.lab/rest/server-hardware/39313738-3034-5A43-3232-31373035545A/iloSsoUrl
VERBOSE: [SEND-OVREQUEST] Request Header 1: User-Agent = HPEOneView.PowerShell/8.30 (Microsoft Windows NT 10.0.20348.0)
VERBOSE: [SEND-OVREQUEST] Request Header 2: Content-Type = application/json
VERBOSE: [SEND-OVREQUEST] Request Header 3: Accept = application/json, text/html, application/xhtml+xml
VERBOSE: [SEND-OVREQUEST] Request Header 4: X-API-Version = 5200
VERBOSE: [SEND-OVREQUEST] Request Header 5: accept-language = en_US
VERBOSE: [SEND-OVREQUEST] Request Header 6: accept-encoding = gzip, deflate
VERBOSE: [SEND-OVREQUEST] Request Header 7: auth = [*****REDACTED******]
VERBOSE: [SEND-OVREQUEST] Response time: 00:00:00.8698640
VERBOSE: [SEND-OVREQUEST] Response Status: 200 (OK)
VERBOSE: [SEND-OVREQUEST] Response Header 1: Date = Wed, 30 Oct 2024 10:00:43 GMT
VERBOSE: [SEND-OVREQUEST] Response Header 2: Server = Apache
VERBOSE: [SEND-OVREQUEST] Response Header 3: Cache-Control = no-cache
VERBOSE: [SEND-OVREQUEST] Response Header 4: Pragma = no-cache
VERBOSE: [SEND-OVREQUEST] Response Header 5: X-XSS-Protection = 1; mode=block
VERBOSE: [SEND-OVREQUEST] Response Header 6: X-Frame-Options = DENY
VERBOSE: [SEND-OVREQUEST] Response Header 7: X-Content-Type-Options = nosniff
VERBOSE: [SEND-OVREQUEST] Response Header 8: Strict-Transport-Security = max-age=31536000
VERBOSE: [SEND-OVREQUEST] Response Header 9: Content-Security-Policy = default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.hpe.com; font-src 'self' https://hpefonts.s3.amazonaws.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;  
VERBOSE: [SEND-OVREQUEST] Response Header 10: Keep-Alive = timeout=15, max=100
VERBOSE: [SEND-OVREQUEST] Response Header 11: Connection = Keep-Alive
VERBOSE: [SEND-OVREQUEST] Response Header 12: Transfer-Encoding = chunked
VERBOSE: [SEND-OVREQUEST] Response Header 13: Content-Type = application/json; charset=utf-8
VERBOSE: [SEND-OVREQUEST] Response Header 14: Expires = 0
VERBOSE: [SEND-OVREQUEST] FinalResponse: {"iloSsoUrl":"https://192.168.3.208:443/Proxy/SSO?TKN=38eed7a5a78b068929f15c84276493a52d2df65a90b1039f9e6a4f7ddd6ddcd83275b2bf39235567ca4736e762f90b216dd263f1d650ed647ecbe233c985d218adaa152ef7cd6463384a08e46fdc9ffce682ec96bf50bea32f806c8060687c1c5f4046b912b0973d1edcd40b7e6b384724b15424256960fea49af7338de0b6890c7a44b56d9d9ab4908dcf73c3f43b64f9079abbcfe0e598d4fd99fc9ba33ad5557693773f0241c6ebbc64b30d6cb0863fb057af03523c507684d877a7d53e383a19d2c31af329b262369f5f15c1c3797343b25582de6d2760649267529365ff2302b5734ecf653618abeb2c933f5915ec8d68dc83782bf5ff60f285e7c340d3&HA=SHA384&KEY=ssononce 30881bee2e151c19419d48156cf457ef&XE=composer.lj.lab&UN=Administrator&UA=4&URL=https://192.168.3.208:443"}
VERBOSE: [SEND-OVREQUEST] Manual Pagination: False
VERBOSE: [SEND-OVREQUEST] Response object, no paging needed.
VERBOSE: [SEND-OVREQUEST] Cleaning up HttpWebRequest
VERBOSE: [SEND-OVREQUEST] Does nextPageUri member exist: False
VERBOSE: [SEND-OVREQUEST] Is nextPageUri Null or Empty: True
VERBOSE: [SEND-OVREQUEST] Stopping Do/Until loop because nextPageUri doesn't exist and have received all objects.
VERBOSE: [SEND-OVREQUEST] End
VERBOSE: [GET-OVILOSSO] Generating and returning iLO REST/RedFish SSO Session object
VERBOSE: [GET-OVILOSSO] Caller requested to skip certificate validation for endpoint.
VERBOSE: [GET-OVILOSSO] PowerShell Core 'edition'.
VERBOSE: [GET-OVILOSSO] ServicePointManager.ServerCertificateValidationCallback is not null, another policy already exists.
VERBOSE: [GET-OVILOSSO] Getting Redfish SessionID token from iLO, 192.168.3.208.
Get-OVIloSso: Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not be established, see inner exception."

I tried different options but none worked:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null

$server | Get-OVIloSso -IloRestSession -SkipCertificateCheck -v

VERBOSE: [SEND-OVREQUEST] Does nextPageUri member exist: False
VERBOSE: [SEND-OVREQUEST] Is nextPageUri Null or Empty: True
VERBOSE: [SEND-OVREQUEST] Stopping Do/Until loop because nextPageUri doesn't exist and have received all objects.
VERBOSE: [SEND-OVREQUEST] End
VERBOSE: [GET-OVILOSSO] Generating and returning iLO REST/RedFish SSO Session object
VERBOSE: [GET-OVILOSSO] Caller requested to skip certificate validation for endpoint.
VERBOSE: [GET-OVILOSSO] PowerShell Core 'edition'.
VERBOSE: [GET-OVILOSSO] ServicePointManager.ServerCertificateValidationCallback is null, setting to 'true' to override.
VERBOSE: [GET-OVILOSSO] Getting Redfish SessionID token from iLO, 192.168.3.208.
Get-OVIloSso: Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not be established, see inner exception."

$server | Get-OVIloSso -IloRestSession -v

VERBOSE: [SEND-OVREQUEST] Manual Pagination: False
VERBOSE: [SEND-OVREQUEST] Response object, no paging needed.
VERBOSE: [SEND-OVREQUEST] Cleaning up HttpWebRequest
VERBOSE: [SEND-OVREQUEST] Does nextPageUri member exist: False
VERBOSE: [SEND-OVREQUEST] Is nextPageUri Null or Empty: True
VERBOSE: [SEND-OVREQUEST] Stopping Do/Until loop because nextPageUri doesn't exist and have received all objects.
VERBOSE: [SEND-OVREQUEST] End
VERBOSE: [GET-OVILOSSO] Generating and returning iLO REST/RedFish SSO Session object
VERBOSE: [GET-OVILOSSO] Getting Redfish SessionID token from iLO, 192.168.3.208.
Get-OVIloSso: Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not be established, see inner exception."

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
$handler = [System.Net.Http.HttpClientHandler]::new()
$handler.ServerCertificateCustomValidationCallback = { $true }
$httpClient = [System.Net.Http.HttpClient]::new($handler)

$server | Get-OVIloSso -IloRestSession -SkipCertificateCheck -v

VERBOSE: [GET-OVILOSSO] Generating and returning iLO REST/RedFish SSO Session object
VERBOSE: [GET-OVILOSSO] Caller requested to skip certificate validation for endpoint.
VERBOSE: [GET-OVILOSSO] PowerShell Core 'edition'.
VERBOSE: [GET-OVILOSSO] ServicePointManager.ServerCertificateValidationCallback is not null, another policy already exists.
VERBOSE: [GET-OVILOSSO] Getting Redfish SessionID token from iLO, 192.168.3.208.
Get-OVIloSso: Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not be established, see inner exception."

$server | Get-OVIloSso -IloRestSession -v

VERBOSE: [SEND-OVREQUEST] Manual Pagination: False
VERBOSE: [SEND-OVREQUEST] Response object, no paging needed.
VERBOSE: [SEND-OVREQUEST] Cleaning up HttpWebRequest
VERBOSE: [SEND-OVREQUEST] Does nextPageUri member exist: False
VERBOSE: [SEND-OVREQUEST] Is nextPageUri Null or Empty: True
VERBOSE: [SEND-OVREQUEST] Stopping Do/Until loop because nextPageUri doesn't exist and have received all objects.
VERBOSE: [SEND-OVREQUEST] End
VERBOSE: [GET-OVILOSSO] Generating and returning iLO REST/RedFish SSO Session object
VERBOSE: [GET-OVILOSSO] Getting Redfish SessionID token from iLO, 192.168.3.208.
Get-OVIloSso: Exception calling "GetResponse" with "0" argument(s): "The SSL connection could not be established, see inner exception."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ChrisLynchHPE ChrisLynchHPE

Labels
NeedMoreInformation UnableToReproduce
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ChrisLynchHPE @aderusha @jullienl @danthomasbbc