freeipmi-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Freeipmi-users] Intel S3420GP invalid integrity check value

From: Albert Chu
Subject: Re: [Freeipmi-users] Intel S3420GP invalid integrity check value
Date: Wed, 18 May 2011 16:02:06 -0700 
Hi David,

On Wed, 2011-05-18 at 02:40 -0700, David Liontooth wrote:
> Between two Intel S3420GP, I can ipmiping one way, but requests result 
> in "invalid integrity check value." I'm new to this and have a very 
> sketchy understanding of how ipmi works.
> 
> In-band functions work fine:
> 
> # ipmi-fru
> FRU Inventory Device: Default FRU Device (ID 00h)
> 
>    FRU Board Manufacturing Date/Time: 08/25/09 - 22:57:00
>    FRU Board Manufacturer: Intel Corporation
>    FRU Board Product Name: S3420GP
>    FRU Board Serial Number: AZGX93500057
>    FRU Board Part Number: E51974-402
>    FRU FRU File ID: FRU  Ver  04
> 
> The LAN configuration is good enough to ping one way:
> 
> $ ipmiping 192.168.0.56
> ipmiping 192.168.0.56 (192.168.0.56)
> response received from 192.168.0.56: rq_seq=16
> response received from 192.168.0.56: rq_seq=17
> 
> Pinging the other way fails.
> 
> Requesting information fails:
> 
> $  ipmitool -I lanplus -A PASSWORD -H 192.168.0.56 -U admin -P pw -vvvv 
> -o intelplus  sdr
> Querying SDR for sensor list
> IPMI LAN host 192.168.0.56 port 623
> 
>  >> Sending IPMI command payload
>  >>    netfn   : 0x06
>  >>    command : 0x38
>  >>    data    : 0x8e 0x04
> 
> BUILDING A v1.5 COMMAND
>  >> IPMI Request Session Header
>  >>   Authtype   : NONE
>  >>   Sequence   : 0x00000000
>  >>   Session ID : 0x00000000
>  >> IPMI Request Message Header
>  >>   Rs Addr    : 20
>  >>   NetFn      : 06
>  >>   Rs LUN     : 0
>  >>   Rq Addr    : 81
>  >>   Rq Seq     : 00
>  >>   Rq Lun     : 0
>  >>   Command    : 38
> << IPMI Response Session Header
> <<   Authtype                : NONE
> <<   Payload type            : IPMI (0)
> <<   Session ID              : 0x00000000
> <<   Sequence                : 0x00000000
> <<   IPMI Msg/Payload Length : 16
> << IPMI Response Message Header
> <<   Rq Addr    : 81
> <<   NetFn      : 07
> <<   Rq LUN     : 0
> <<   Rs Addr    : 20
> <<   Rq Seq     : 00
> <<   Rs Lun     : 0
> <<   Command    : 38
> <<   Compl Code : 0x00
> IPMI Request Match found
>  >> SENDING AN OPEN SESSION REQUEST
> 
> <<OPEN SESSION RESPONSE
> <<  Message tag                        : 0x00
> <<  RMCP+ status                       : no errors
> <<  Maximum privilege level            : admin
> <<  Console Session ID                 : 0xa0a2a3a4
> <<  BMC Session ID                     : 0x5edfde32
> <<  Negotiated authenticatin algorithm : hmac_sha1
> <<  Negotiated integrity algorithm     : hmac_sha1_96
> <<  Negotiated encryption algorithm    : aes_cbc_128
> 
>  >> Console generated random number (16 bytes)
>   9d dc 4a da 03 30 1f ec 0f 68 ab 51 58 ea c4 cb
>  >> SENDING A RAKP 1 MESSAGE
> 
> <<RAKP 2 MESSAGE
> <<  Message tag                   : 0x00
> <<  RMCP+ status                  : no errors
> <<  Console Session ID            : 0xa0a2a3a4
> <<  BMC random number             : 0x1cec4ac430f62023856cfbb20704f4ec
> <<  BMC GUID                      : 0x42fd9d1e91b511deb654001517add720
> <<  Key exchange auth code [sha1] : 
> 0x1e88193cc012266cabb9b1762c119acd5341416b
> 
> bmc_rand (16 bytes)
>   1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec
>  >> rakp2 mac input buffer (63 bytes)
>   a4 a3 a2 a0 32 de df 5e 9d dc 4a da 03 30 1f ec
>   0f 68 ab 51 58 ea c4 cb 1c ec 4a c4 30 f6 20 23
>   85 6c fb b2 07 04 f4 ec 42 fd 9d 1e 91 b5 11 de
>   b6 54 00 15 17 ad d7 20 14 05 61 64 6d 69 6e
>  >> rakp2 mac key (20 bytes)
>   34 72 43 68 31 76 33 00 00 00 00 00 00 00 00 00
>   00 00 00 00
>  >> rakp2 mac as computed by the remote console (20 bytes)
>   1e 88 19 3c c0 12 26 6c ab b9 b1 76 2c 11 9a cd
>   53 41 41 6b
>  >> rakp3 mac input buffer (27 bytes)
>   1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec
>   a4 a3 a2 a0 04 05 61 64 6d 69 6e
>  >> rakp3 mac key (20 bytes)
>   34 72 43 68 31 76 33 00 00 00 00 00 00 00 00 00
>   00 00 00 00
> generated rakp3 mac (20 bytes)
>   f8 81 b8 aa 4b cd 8f 89 27 74 09 7b ba aa b1 cb
>   40 13 6b 56
> session integrity key input (39 bytes)
>   9d dc 4a da 03 30 1f ec 0f 68 ab 51 58 ea c4 cb
>   1c ec 4a c4 30 f6 20 23 85 6c fb b2 07 04 f4 ec
>   14 05 61 64 6d 69 6e
> Generated session integrity key (20 bytes)
>   34 35 80 5d e7 89 1b 62 af 28 10 f6 8e f6 86 23
>   66 23 ba 3d
> Generated K1 (20 bytes)
>   c7 aa 1a 11 78 fe 40 71 89 82 2e e1 1f 06 09 e1
>   fd 79 d1 b5
> Generated K2 (20 bytes)
>   e2 3b 54 e4 61 26 18 6c b7 46 c2 84 b9 79 f2 9c
>   3a a7 6e ec
>  >> SENDING A RAKP 3 MESSAGE
> 
> <<RAKP 4 MESSAGE
> <<  Message tag                   : 0x00
> <<  RMCP+ status                  : invalid integrity check value
> <<  Console Session ID            : 0x5edfde32
> <<  Key exchange auth code [sha1] : 0x00ec4ac430f62023856cfbb2
> 
> RAKP 4 message indicates an error : invalid integrity check value
> Error: Unable to establish IPMI v2 / RMCP+ session
> Get Device ID command failed
> Unable to open SDR for reading
> 
> The key exchange appears to fail. What am I missing?

Some intel motherboards have a lot of IPMI non-compliance issues.  In
FreeIPMI, I'd suggest trying out some of the workarounds listed in the
manpage.  I currently see 3 Intel motherboards w/ workarounds available:
"intel20", "opensesspriv", and "integritycheckvalue" that could be used
w/ -W. (e.g. -W opensesspriv).

> What is the freeipmi equivalent to the ipmitool command used above?

In FreeIPMI, lanplus is equal to "IPMI 2.0", so it'd be
--driver-type=lan_2_0, -A is '-a', -H is -h, -U is -u, -P is -p, and -o
is sort of like -W (depending on implementation).

The 'sdr' command in ipmitool most closely resembles FreeIPMI's
ipmi-sensors tool.

Hope that helps,

Al

> User, Lan conf and bmc-info output below.
> 
> Cheers,
> Dave
> 
> # bmc-config output
> 
> Section User5
>          Username                                admin
>          Enable_User                             Yes
>          Lan_Enable_IPMI_Msgs                    Yes
>          Lan_Enable_Link_Auth                    Yes
>          Lan_Enable_Restricted_to_Callback       No
>          Lan_Privilege_Limit                     Administrator
>          SOL_Payload_Access                      Yes
> EndSection
> 
> Section Lan_Conf
>          IP_Address_Source                       Static
>          IP_Address                              192.168.0.50
>          MAC_Address                             00:15:17:AD:D6:F4
>          Subnet_Mask                             255.255.255.0
>          Default_Gateway_IP_Address              192.168.0.178
>          Default_Gateway_MAC_Address             00:E0:81:5F:E9:2E
>          Backup_Gateway_IP_Address               0.0.0.0
>          Backup_Gateway_MAC_Address              00:00:00:00:00:00
>          Vlan_id                                 0
>          Vlan_Id_Enable                          No
>          Vlan_Priority                           0
> EndSection
> 
> # bmc-info
> Device ID             : 33
> Device Revision       : 1
> Device SDRs           : unsupported
> Firmware Revision     : 1.10
> Device Available      : yes (normal operation)
> IPMI Version          : 2.0
> Sensor Device         : supported
> SDR Repository Device : supported
> SEL Device            : supported
> FRU Inventory Device  : supported
> IPMB Event Receiver   : supported
> IPMB Event Generator  : supported
> Bridge                : unsupported
> Chassis Device        : supported
> Manufacturer ID       : Intel Corporation (343)
> Product ID            : 62
> Auxiliary Firmware Revision Information : 10012200h
> 
> GUID : 00000000-0000-0000-0000-0000434D4249
> 
> System Firmware Version       : rsion1.0
> System Name                   : Manager
> Primary Operating System Name : SE Server 1.0
> Operating System Name         :
> 
> Channel Information
> 
> Channel Number       : 0
> Medium Type          : IPMB (I2C)
> Protocol Type        : IPMB-1.0
> Active Session Count : 0
> Session Support      : session-less
> Vendor ID            : Intelligent Platform Management Interface forum 
> (7154)
> 
> Channel Number       : 1
> Medium Type          : 802.3 LAN
> Protocol Type        : IPMB-1.0
> Active Session Count : 0
> Session Support      : multi-session
> Vendor ID            : Intelligent Platform Management Interface forum 
> (7154)
> 
> Channel Number       : 3
> Medium Type          : 802.3 LAN
> Protocol Type        : IPMB-1.0
> Active Session Count : 0
> Session Support      : multi-session
> Vendor ID            : Intelligent Platform Management Interface forum 
> (7154)
> 
> Channel Number       : 4
> Medium Type          : Asynch. Serial/Modem (RS-232)
> Protocol Type        : IPMB-1.0
> Active Session Count : 0
> Session Support      : single-session
> Vendor ID            : Intelligent Platform Management Interface forum 
> (7154)
> 
> Channel Number       : 6
> Medium Type          : IPMB (I2C)
> Protocol Type        : IPMB-1.0
> Active Session Count : 0
> Session Support      : session-less
> Vendor ID            : Intelligent Platform Management Interface forum 
> (7154)
> 
> Channel Number       : 7
> Medium Type          : System Interface (KCS, SMIC, or BT)
> Protocol Type        : KCS
> Active Session Count : 0
> Session Support      : session-less
> Vendor ID            : Intelligent Platform Management Interface forum 
> (7154)
> 
> 
> _______________________________________________
> Freeipmi-users mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/freeipmi-users
-- 
Albert Chu
address@hidden
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory
reply via email to
[Prev in Thread] Current Thread [Next in Thread]