[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Freeipmi-users] Intel S3420GP invalid integrity check value
From: |
Albert Chu |
Subject: |
Re: [Freeipmi-users] Intel S3420GP invalid integrity check value |
Date: |
Wed, 18 May 2011 16:02:06 -0700 |
Hi David,
On Wed, 2011-05-18 at 02:40 -0700, David Liontooth wrote:
> Between two Intel S3420GP, I can ipmiping one way, but requests result
> in "invalid integrity check value." I'm new to this and have a very
> sketchy understanding of how ipmi works.
>
> In-band functions work fine:
>
> # ipmi-fru
> FRU Inventory Device: Default FRU Device (ID 00h)
>
> FRU Board Manufacturing Date/Time: 08/25/09 - 22:57:00
> FRU Board Manufacturer: Intel Corporation
> FRU Board Product Name: S3420GP
> FRU Board Serial Number: AZGX93500057
> FRU Board Part Number: E51974-402
> FRU FRU File ID: FRU Ver 04
>
> The LAN configuration is good enough to ping one way:
>
> $ ipmiping 192.168.0.56
> ipmiping 192.168.0.56 (192.168.0.56)
> response received from 192.168.0.56: rq_seq=16
> response received from 192.168.0.56: rq_seq=17
>
> Pinging the other way fails.
>
> Requesting information fails:
>
> $ ipmitool -I lanplus -A PASSWORD -H 192.168.0.56 -U admin -P pw -vvvv
> -o intelplus sdr
> Querying SDR for sensor list
> IPMI LAN host 192.168.0.56 port 623
>
> >> Sending IPMI command payload
> >> netfn : 0x06
> >> command : 0x38
> >> data : 0x8e 0x04
>
> BUILDING A v1.5 COMMAND
> >> IPMI Request Session Header
> >> Authtype : NONE
> >> Sequence : 0x00000000
> >> Session ID : 0x00000000
> >> IPMI Request Message Header
> >> Rs Addr : 20
> >> NetFn : 06
> >> Rs LUN : 0
> >> Rq Addr : 81
> >> Rq Seq : 00
> >> Rq Lun : 0
> >> Command : 38
> << IPMI Response Session Header
> << Authtype : NONE
> << Payload type : IPMI (0)
> << Session ID : 0x00000000
> << Sequence : 0x00000000
> << IPMI Msg/Payload Length : 16
> << IPMI Response Message Header
> << Rq Addr : 81
> << NetFn : 07
> << Rq LUN : 0
> << Rs Addr : 20
> << Rq Seq : 00
> << Rs Lun : 0
> << Command : 38
> << Compl Code : 0x00
> IPMI Request Match found
> >> SENDING AN OPEN SESSION REQUEST
>
> <<OPEN SESSION RESPONSE
> << Message tag : 0x00
> << RMCP+ status : no errors
> << Maximum privilege level : admin
> << Console Session ID : 0xa0a2a3a4
> << BMC Session ID : 0x5edfde32
> << Negotiated authenticatin algorithm : hmac_sha1
> << Negotiated integrity algorithm : hmac_sha1_96
> << Negotiated encryption algorithm : aes_cbc_128
>
> >> Console generated random number (16 bytes)
> 9d dc 4a da 03 30 1f ec 0f 68 ab 51 58 ea c4 cb
> >> SENDING A RAKP 1 MESSAGE
>
> <<RAKP 2 MESSAGE
> << Message tag : 0x00
> << RMCP+ status : no errors
> << Console Session ID : 0xa0a2a3a4
> << BMC random number : 0x1cec4ac430f62023856cfbb20704f4ec
> << BMC GUID : 0x42fd9d1e91b511deb654001517add720
> << Key exchange auth code [sha1] :
> 0x1e88193cc012266cabb9b1762c119acd5341416b
>
> bmc_rand (16 bytes)
> 1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec
> >> rakp2 mac input buffer (63 bytes)
> a4 a3 a2 a0 32 de df 5e 9d dc 4a da 03 30 1f ec
> 0f 68 ab 51 58 ea c4 cb 1c ec 4a c4 30 f6 20 23
> 85 6c fb b2 07 04 f4 ec 42 fd 9d 1e 91 b5 11 de
> b6 54 00 15 17 ad d7 20 14 05 61 64 6d 69 6e
> >> rakp2 mac key (20 bytes)
> 34 72 43 68 31 76 33 00 00 00 00 00 00 00 00 00
> 00 00 00 00
> >> rakp2 mac as computed by the remote console (20 bytes)
> 1e 88 19 3c c0 12 26 6c ab b9 b1 76 2c 11 9a cd
> 53 41 41 6b
> >> rakp3 mac input buffer (27 bytes)
> 1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec
> a4 a3 a2 a0 04 05 61 64 6d 69 6e
> >> rakp3 mac key (20 bytes)
> 34 72 43 68 31 76 33 00 00 00 00 00 00 00 00 00
> 00 00 00 00
> generated rakp3 mac (20 bytes)
> f8 81 b8 aa 4b cd 8f 89 27 74 09 7b ba aa b1 cb
> 40 13 6b 56
> session integrity key input (39 bytes)
> 9d dc 4a da 03 30 1f ec 0f 68 ab 51 58 ea c4 cb
> 1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec
> 14 05 61 64 6d 69 6e
> Generated session integrity key (20 bytes)
> 34 35 80 5d e7 89 1b 62 af 28 10 f6 8e f6 86 23
> 66 23 ba 3d
> Generated K1 (20 bytes)
> c7 aa 1a 11 78 fe 40 71 89 82 2e e1 1f 06 09 e1
> fd 79 d1 b5
> Generated K2 (20 bytes)
> e2 3b 54 e4 61 26 18 6c b7 46 c2 84 b9 79 f2 9c
> 3a a7 6e ec
> >> SENDING A RAKP 3 MESSAGE
>
> <<RAKP 4 MESSAGE
> << Message tag : 0x00
> << RMCP+ status : invalid integrity check value
> << Console Session ID : 0x5edfde32
> << Key exchange auth code [sha1] : 0x00ec4ac430f62023856cfbb2
>
> RAKP 4 message indicates an error : invalid integrity check value
> Error: Unable to establish IPMI v2 / RMCP+ session
> Get Device ID command failed
> Unable to open SDR for reading
>
> The key exchange appears to fail. What am I missing?
Some intel motherboards have a lot of IPMI non-compliance issues. In
FreeIPMI, I'd suggest trying out some of the workarounds listed in the
manpage. I currently see 3 Intel motherboards w/ workarounds available:
"intel20", "opensesspriv", and "integritycheckvalue" that could be used
w/ -W. (e.g. -W opensesspriv).
> What is the freeipmi equivalent to the ipmitool command used above?
In FreeIPMI, lanplus is equal to "IPMI 2.0", so it'd be
--driver-type=lan_2_0, -A is '-a', -H is -h, -U is -u, -P is -p, and -o
is sort of like -W (depending on implementation).
The 'sdr' command in ipmitool most closely resembles FreeIPMI's
ipmi-sensors tool.
Hope that helps,
Al
> User, Lan conf and bmc-info output below.
>
> Cheers,
> Dave
>
> # bmc-config output
>
> Section User5
> Username admin
> Enable_User Yes
> Lan_Enable_IPMI_Msgs Yes
> Lan_Enable_Link_Auth Yes
> Lan_Enable_Restricted_to_Callback No
> Lan_Privilege_Limit Administrator
> SOL_Payload_Access Yes
> EndSection
>
> Section Lan_Conf
> IP_Address_Source Static
> IP_Address 192.168.0.50
> MAC_Address 00:15:17:AD:D6:F4
> Subnet_Mask 255.255.255.0
> Default_Gateway_IP_Address 192.168.0.178
> Default_Gateway_MAC_Address 00:E0:81:5F:E9:2E
> Backup_Gateway_IP_Address 0.0.0.0
> Backup_Gateway_MAC_Address 00:00:00:00:00:00
> Vlan_id 0
> Vlan_Id_Enable No
> Vlan_Priority 0
> EndSection
>
> # bmc-info
> Device ID : 33
> Device Revision : 1
> Device SDRs : unsupported
> Firmware Revision : 1.10
> Device Available : yes (normal operation)
> IPMI Version : 2.0
> Sensor Device : supported
> SDR Repository Device : supported
> SEL Device : supported
> FRU Inventory Device : supported
> IPMB Event Receiver : supported
> IPMB Event Generator : supported
> Bridge : unsupported
> Chassis Device : supported
> Manufacturer ID : Intel Corporation (343)
> Product ID : 62
> Auxiliary Firmware Revision Information : 10012200h
>
> GUID : 00000000-0000-0000-0000-0000434D4249
>
> System Firmware Version : rsion1.0
> System Name : Manager
> Primary Operating System Name : SE Server 1.0
> Operating System Name :
>
> Channel Information
>
> Channel Number : 0
> Medium Type : IPMB (I2C)
> Protocol Type : IPMB-1.0
> Active Session Count : 0
> Session Support : session-less
> Vendor ID : Intelligent Platform Management Interface forum
> (7154)
>
> Channel Number : 1
> Medium Type : 802.3 LAN
> Protocol Type : IPMB-1.0
> Active Session Count : 0
> Session Support : multi-session
> Vendor ID : Intelligent Platform Management Interface forum
> (7154)
>
> Channel Number : 3
> Medium Type : 802.3 LAN
> Protocol Type : IPMB-1.0
> Active Session Count : 0
> Session Support : multi-session
> Vendor ID : Intelligent Platform Management Interface forum
> (7154)
>
> Channel Number : 4
> Medium Type : Asynch. Serial/Modem (RS-232)
> Protocol Type : IPMB-1.0
> Active Session Count : 0
> Session Support : single-session
> Vendor ID : Intelligent Platform Management Interface forum
> (7154)
>
> Channel Number : 6
> Medium Type : IPMB (I2C)
> Protocol Type : IPMB-1.0
> Active Session Count : 0
> Session Support : session-less
> Vendor ID : Intelligent Platform Management Interface forum
> (7154)
>
> Channel Number : 7
> Medium Type : System Interface (KCS, SMIC, or BT)
> Protocol Type : KCS
> Active Session Count : 0
> Session Support : session-less
> Vendor ID : Intelligent Platform Management Interface forum
> (7154)
>
>
> _______________________________________________
> Freeipmi-users mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/freeipmi-users
--
Albert Chu
address@hidden
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory
- [Freeipmi-users] Intel S3420GP invalid integrity check value, David Liontooth, 2011/05/18
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value SOLVED, David Liontooth, 2011/05/18
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value,
Albert Chu <=
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, David Liontooth, 2011/05/18
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, Albert Chu, 2011/05/18
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, David Liontooth, 2011/05/19
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, Albert Chu, 2011/05/19
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, David Liontooth, 2011/05/19
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, Albert Chu, 2011/05/19