[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Freeipmi-users] Intel S3420GP invalid integrity check value
From: |
David Liontooth |
Subject: |
[Freeipmi-users] Intel S3420GP invalid integrity check value |
Date: |
Wed, 18 May 2011 11:40:44 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10 |
Between two Intel S3420GP, I can ipmiping one way, but requests result
in "invalid integrity check value." I'm new to this and have a very
sketchy understanding of how ipmi works.
In-band functions work fine:
# ipmi-fru
FRU Inventory Device: Default FRU Device (ID 00h)
FRU Board Manufacturing Date/Time: 08/25/09 - 22:57:00
FRU Board Manufacturer: Intel Corporation
FRU Board Product Name: S3420GP
FRU Board Serial Number: AZGX93500057
FRU Board Part Number: E51974-402
FRU FRU File ID: FRU Ver 04
The LAN configuration is good enough to ping one way:
$ ipmiping 192.168.0.56
ipmiping 192.168.0.56 (192.168.0.56)
response received from 192.168.0.56: rq_seq=16
response received from 192.168.0.56: rq_seq=17
Pinging the other way fails.
Requesting information fails:
$ ipmitool -I lanplus -A PASSWORD -H 192.168.0.56 -U admin -P pw -vvvv
-o intelplus sdr
Querying SDR for sensor list
IPMI LAN host 192.168.0.56 port 623
>> Sending IPMI command payload
>> netfn : 0x06
>> command : 0x38
>> data : 0x8e 0x04
BUILDING A v1.5 COMMAND
>> IPMI Request Session Header
>> Authtype : NONE
>> Sequence : 0x00000000
>> Session ID : 0x00000000
>> IPMI Request Message Header
>> Rs Addr : 20
>> NetFn : 06
>> Rs LUN : 0
>> Rq Addr : 81
>> Rq Seq : 00
>> Rq Lun : 0
>> Command : 38
<< IPMI Response Session Header
<< Authtype : NONE
<< Payload type : IPMI (0)
<< Session ID : 0x00000000
<< Sequence : 0x00000000
<< IPMI Msg/Payload Length : 16
<< IPMI Response Message Header
<< Rq Addr : 81
<< NetFn : 07
<< Rq LUN : 0
<< Rs Addr : 20
<< Rq Seq : 00
<< Rs Lun : 0
<< Command : 38
<< Compl Code : 0x00
IPMI Request Match found
>> SENDING AN OPEN SESSION REQUEST
<<OPEN SESSION RESPONSE
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Maximum privilege level : admin
<< Console Session ID : 0xa0a2a3a4
<< BMC Session ID : 0x5edfde32
<< Negotiated authenticatin algorithm : hmac_sha1
<< Negotiated integrity algorithm : hmac_sha1_96
<< Negotiated encryption algorithm : aes_cbc_128
>> Console generated random number (16 bytes)
9d dc 4a da 03 30 1f ec 0f 68 ab 51 58 ea c4 cb
>> SENDING A RAKP 1 MESSAGE
<<RAKP 2 MESSAGE
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Console Session ID : 0xa0a2a3a4
<< BMC random number : 0x1cec4ac430f62023856cfbb20704f4ec
<< BMC GUID : 0x42fd9d1e91b511deb654001517add720
<< Key exchange auth code [sha1] :
0x1e88193cc012266cabb9b1762c119acd5341416b
bmc_rand (16 bytes)
1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec
>> rakp2 mac input buffer (63 bytes)
a4 a3 a2 a0 32 de df 5e 9d dc 4a da 03 30 1f ec
0f 68 ab 51 58 ea c4 cb 1c ec 4a c4 30 f6 20 23
85 6c fb b2 07 04 f4 ec 42 fd 9d 1e 91 b5 11 de
b6 54 00 15 17 ad d7 20 14 05 61 64 6d 69 6e
>> rakp2 mac key (20 bytes)
34 72 43 68 31 76 33 00 00 00 00 00 00 00 00 00
00 00 00 00
>> rakp2 mac as computed by the remote console (20 bytes)
1e 88 19 3c c0 12 26 6c ab b9 b1 76 2c 11 9a cd
53 41 41 6b
>> rakp3 mac input buffer (27 bytes)
1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec
a4 a3 a2 a0 04 05 61 64 6d 69 6e
>> rakp3 mac key (20 bytes)
34 72 43 68 31 76 33 00 00 00 00 00 00 00 00 00
00 00 00 00
generated rakp3 mac (20 bytes)
f8 81 b8 aa 4b cd 8f 89 27 74 09 7b ba aa b1 cb
40 13 6b 56
session integrity key input (39 bytes)
9d dc 4a da 03 30 1f ec 0f 68 ab 51 58 ea c4 cb
1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec
14 05 61 64 6d 69 6e
Generated session integrity key (20 bytes)
34 35 80 5d e7 89 1b 62 af 28 10 f6 8e f6 86 23
66 23 ba 3d
Generated K1 (20 bytes)
c7 aa 1a 11 78 fe 40 71 89 82 2e e1 1f 06 09 e1
fd 79 d1 b5
Generated K2 (20 bytes)
e2 3b 54 e4 61 26 18 6c b7 46 c2 84 b9 79 f2 9c
3a a7 6e ec
>> SENDING A RAKP 3 MESSAGE
<<RAKP 4 MESSAGE
<< Message tag : 0x00
<< RMCP+ status : invalid integrity check value
<< Console Session ID : 0x5edfde32
<< Key exchange auth code [sha1] : 0x00ec4ac430f62023856cfbb2
RAKP 4 message indicates an error : invalid integrity check value
Error: Unable to establish IPMI v2 / RMCP+ session
Get Device ID command failed
Unable to open SDR for reading
The key exchange appears to fail. What am I missing?
What is the freeipmi equivalent to the ipmitool command used above?
User, Lan conf and bmc-info output below.
Cheers,
Dave
# bmc-config output
Section User5
Username admin
Enable_User Yes
Lan_Enable_IPMI_Msgs Yes
Lan_Enable_Link_Auth Yes
Lan_Enable_Restricted_to_Callback No
Lan_Privilege_Limit Administrator
SOL_Payload_Access Yes
EndSection
Section Lan_Conf
IP_Address_Source Static
IP_Address 192.168.0.50
MAC_Address 00:15:17:AD:D6:F4
Subnet_Mask 255.255.255.0
Default_Gateway_IP_Address 192.168.0.178
Default_Gateway_MAC_Address 00:E0:81:5F:E9:2E
Backup_Gateway_IP_Address 0.0.0.0
Backup_Gateway_MAC_Address 00:00:00:00:00:00
Vlan_id 0
Vlan_Id_Enable No
Vlan_Priority 0
EndSection
# bmc-info
Device ID : 33
Device Revision : 1
Device SDRs : unsupported
Firmware Revision : 1.10
Device Available : yes (normal operation)
IPMI Version : 2.0
Sensor Device : supported
SDR Repository Device : supported
SEL Device : supported
FRU Inventory Device : supported
IPMB Event Receiver : supported
IPMB Event Generator : supported
Bridge : unsupported
Chassis Device : supported
Manufacturer ID : Intel Corporation (343)
Product ID : 62
Auxiliary Firmware Revision Information : 10012200h
GUID : 00000000-0000-0000-0000-0000434D4249
System Firmware Version : rsion1.0
System Name : Manager
Primary Operating System Name : SE Server 1.0
Operating System Name :
Channel Information
Channel Number : 0
Medium Type : IPMB (I2C)
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : session-less
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 1
Medium Type : 802.3 LAN
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : multi-session
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 3
Medium Type : 802.3 LAN
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : multi-session
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 4
Medium Type : Asynch. Serial/Modem (RS-232)
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : single-session
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 6
Medium Type : IPMB (I2C)
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : session-less
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 7
Medium Type : System Interface (KCS, SMIC, or BT)
Protocol Type : KCS
Active Session Count : 0
Session Support : session-less
Vendor ID : Intelligent Platform Management Interface forum
(7154)
- [Freeipmi-users] Intel S3420GP invalid integrity check value,
David Liontooth <=
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value SOLVED, David Liontooth, 2011/05/18
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, Albert Chu, 2011/05/18
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, David Liontooth, 2011/05/18
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, Albert Chu, 2011/05/18
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, David Liontooth, 2011/05/19
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, Albert Chu, 2011/05/19
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, David Liontooth, 2011/05/19
- Re: [Freeipmi-users] Intel S3420GP invalid integrity check value, Albert Chu, 2011/05/19