Here are some tips, it may help...
ITRC DOC SWCKBAN00000902
Secure Web Console Troubleshooting Tips
Using telnet/http to troubleshoot connectivity
--------------------------------------------------------------------------------
Using telnet/http to troubleshoot connectivity
Follow these steps when you are unable to connect to the SWC (Secure Web Console) or GSP/MP (Guardian Service Processor / Management Processor) using the Internet Explorer or Netscape browser.
SWC: is an external SWC (J3591A) or A180 (built-in) or A400/500(rp24xx) with a SWC PCI card.
GSP: is an A/L/N-class (rp24xx-rp7400) system.
MP: is a Superdome-like architecture (rp7410 and greater).
In this document, SWC-GSP-MP and device means one of the 3 devices {SWC, GSP, MP}.
If you are able to get a login and password screen (prompt), but :
Browser locks up after entering login/passwd values, then go to Login hang
Other problems, visit http://itrc.hp.com and search the knowledge base for document KBAN00000862 "Secure Web Console FAQ".
The proxy server controls access to other systems on the network or through a firewall. The proxy setup is controlled from your browser:
IE: Tools > Internet Options > Connections > LAN Settings
Netscape: Edit > Preferences > Advanced > Proxies
Are you using a proxy server?
Yes: Check if the proxy server is the issue by:
Locate a system where you should be able to reach the SWC-GSP-MP without having to go through a proxy server.
Ping the SWC-GSP-MP from this system to verify connectivity.
Then disable proxy in the browser and try to reach the SWC-GSP-MP from the browser.
If OK, then either run without a proxy, or add the system to the proxy exclusion list and re-enable proxy. You should now be able to connect to the SWC-GSP-MP from you browser.
Else -> Telnet through proxy
No: Check if the proxy server is the issue by:
If you're not sure if a proxy server is needed, just try setting up the proxy server in the browser to see if that makes a difference. Contact your network administrator for the proxy server address and port number.
Then enable proxy in the browser and try to reach the SWC-GSP-MP from the browser.
Telnet without proxy:
If still not working, first verify the device is reachable by pinging the device "ping ip.addr.of.device". If ping fails, investigate connectivity to the device. If ping is OK, then telnet to the SWC-GSP-MP using the http port (80):
From unix: # telnet <SWC-GSP-MP-host-or-IP> <80>
Example: # telnet ip.of.SWC 80
Type: GET /
From DOS: C:\> telnet <SWC-GSP-MP-host-or-IP> <80>
Example: C:\> telnet ip.of.SWC 80
When the telnet window pops up, select Terminal -> Start Logging
Type: GET /
What is being typed in is not echoed back; just blindly type it in
anyway and hope that there are no typo's.
You should see some output.
Close the telnet window. The telnet.log file should now be
viewable from a text editor and will contain the returned output.
The output should look similar to the following:
# telnet ip.of.SWC 80
Trying...
Connected to some.host.name.
Escape character is '^]'.
GET / <-type this in
Click SWC / GSP/MP to see corresponding output, which is the login screen html source.
If the output is similar to above, then turn off proxy in the browser and try to display the login screen from the browser.
If you now get the login and password prompt and are able to login, good. Your done.
If the browser locks up after login, -> check for browser/java conflicts..
Else, contact HP.
If the request timeout (about 1-2 mins), then the output maybe similar to:
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 2925
Content-Type: text/html
Connection: close
. . . .
------------------------------------
Did you get something similar to above? No. Send output to HP
Yes: Then the device is not reachable from this system. Some possible reasons are:
- Port 80 maybe blocked. Yes
- Else, Contact HP
Port 80 maybe disabled.
Try talking to the http port (80) via telnet, or if you know that the http port has been re-assigned, use that port number instead.
# telnet ip.addr.of.SWC-GSP-MP 80
Trying...
Connected to atlwebcache.core.hp.com.
Escape character is '^]'.
GET / <-type this in
Click SWC / GSP/MP to see corresponding output, which is the login screen html source.
If the output is similar to above, then try to display the login screen from the browser.
If you now get the login and password prompt and are able to login, good. Your done.
Else, -> check for browser/java conflicts..
Telnet through proxy server:
If still not working, then try to telnet through the proxy server to the SWC-GSP-MP:
From unix: # telnet <proxy-host-or-IP> <port number>
Example: # telnet web-proxy 8088
Type: GET http://ip.addr.of.SWC-GSP-MP/ HTTP/1.0
Type: <return>
From DOS: C:\> telnet <proxy-host-or-IP> <port number>
Example: C:\> telnet web-proxy 8088
When the telnet window pops up, select Terminal -> Start Logging
Type: GET http://ip.addr.of.SWC-GSP-MP/ HTTP/1.0
Type: <return>
What is being typed in is not echoed back, just blindly type it in
anyway and hope that there are no typo's. Hit <return> twice.
You should see some output.
Then close the telnet window. The telnet.log file should now be
viewable from a text editor and will contain the returned output.
The output should look similar to the following:
# telnet web-proxy 8088
Trying...
Connected to atlwebcache.core.hp.com.
Escape character is '^]'.
GET http://ip.addr.of.SWC-GSP-MP/ HTTP/1.0 <-type this in
Click SWC / GSP/MP to see corresponding output, which is the login screen html source.
If the output is similar to above, then try to display the login screen from the browser.
If you now get the login and password prompt and are able to login, good. Your done.
Else, -> check for browser/java conflicts..
If the request timeout (about 1-2 mins), then the output maybe similar to:
HTTP/1.0 503 Service Unavailable
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 2925
Content-Type: text/html
Connection: close
. . . .
------------------------------------
Did you get something similar to above?
No:
- If you did get a socket connection error and have not tried to run without a proxy, then ->Telnet without proxy.
- Else, send output to HP
Yes: Then the device is not reachable from the proxy server. Some possible reasons are:
- Going through a firewall and/or port 80 maybe blocked. Yes
- Going through a firewall, NAT (Network Address Translation) is enabled. Yes
- Else, Contact HP
Going through a firewall and/or port 80 maybe disabled.
Try talking to the http port (80) via telnet, or if you know that the http port has been re-assigned, use that port instead. You should see something similar to the following:
# telnet web-proxy 8088
Trying...
Connected to atlwebcache.core.hp.com.
Escape character is '^]'.
GET http://ip.addr.of.SWC-GSP-MP:80/ HTTP/1.0 <-type this in
Click SWC / GSP/MP to see corresponding output, which is the login screen html source.
Is your output similar to the above? Yes->Browser/java check / No:>send output to HP
NAT enabled:
If you are going through a firewall and NAT (Network Address Translation) is enabled, then the SWC will not work. The IP address of any system/device inside the firewall is hidden from the outside. Therefore, no system will be accessible by hostname or IP address directly. If packets were initiated from within the firewall, then returning packets from outside the firewall may reach systems inside the firewall indirectly.
Possible solution is to use a VPN (Virtual Private Network) tunnel or SSH (Secure Shell) to access a system within the firewall. Then from that system, run a browser to access the SWC-GSP-MP.
Browser/java conflict check:
Now try to get the login screen from your browser by going to http://ip.addr.of.SWC-GSP-MP/. Is the login/password screen now displayed? Yes
If you're browser does not display the password login screen and the source file is similar to the above output text, then the network connectivity is correct and the problem is the browser setup or browser/java conflict. The source file can be viewed by:
IE: View > source
Netscape: View > page source
If you have a SWC, then from the browser, go to http://ip.addr.of.SWC/help/guide.htm . If the help guide displays OK, then connectivity is OK and the browser is able to display html. The help guide does not use java. The problem is than a browser/java issue.
Verify java is enabled and functioning by running this applet on your browser. http://docs.hp.com/hpux/onlinedocs/hw/swc/secureweb/java.html
What is the version of the browser?
IE: Help > About Internet Explorer
Netscape: Help > About Communicator
What is the version of java?
From Unix or DOS: java -version OR jview
Contact ITRC and search the Knowledge Database for browser/java conflicts with the SWC or GSP or GSP/MP. One handy document to search for is "Secure Web Console FAQ". If the problem is still unresolved, then contact HP support.
SWC-GSP-MP hangs after login/password:
Does the browser hang after entering the login and password? No
After login and password are entered, the SWC-GSP-MP starts using the assigned port (default is 23-SWC, 2023-GSP/MP). See login screen source (SWC / GSP/MP) for port assignment. If this port is blocked, then the SWC-GSP-MP will hang. With some firewalls, the firewall recognizes that port 23 is for telnet and will convert the incoming packets to telnet and send to the SWC. Same thing on packets coming from the SWC going out through the firewall. Problem is the SWC does not know how to talk telnet. It just uses the telnet port. With SWC firmware version A2.0, the SWC port can be re-assigned to another port number 2000-2400. Try re-assigning the port number to see if that corrects the problem. If the device is a GSP/MP, then port 2023 is used by default. The port number can also be changed. If still having problems, Contact HP.
Contact HP Support:
If you are still seeing problems and have not found the answer by searching the Knowledge Base at itrc.hp.com, including the "Secure Web Console FAQ" (Doc: KBAN00000862), then Contact HP Support via ITRC to open a call and supply any pertinent information and file contents with the call. Or, you may contact HP directly at 1-800-633-3600.
--------------------------------------------------------------------------------
APPENDIX
Figure 1: SWC login screen html text:
HTTP/1.0 200 OK
Connection: close
Date: FRI, 13 FEB 1970 22:50:51 GMT
Content-type: text/html
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=iso-8859-1">
<TITLE>vme2 - HP Secure Web Console</TITLE>
<P ALIGN=CENTER><BR>
</HEAD>
<BODY>
<APPLET CODE=hp/secwebc/applet/SecWebC.class ARCHIVE=awc.jar WIDTH=750 HEIGHT=480>
<PARAM NAME=ChallengeId VALUE=4>
<PARAM NAME=Challenge VALUE="dad3d2a4">
<PARAM NAME=BoxState VALUE=0>
<PARAM NAME=IPAddress VALUE="xxx.xxx.xxx.xxx">
<PARAM NAME=PortAddress VALUE="23">
<PARAM NAME=TerminalType VALUE="0">
<PARAM NAME=UseFrame VALUE = On>
<PARAM NAME=MenuBar VALUE = "On">
<PARAM NAME=Title VALUE = "HP Secure WEB Console">
<PARAM NAME=ScrollBar VALUE = "On">
<PARAM NAME=SubTitle VALUE = "Hewlett Packard">
<PARAM NAME=Version VALUE = "B=A.02.01.001:A=A.02.01.001:R=A.02.01.001">
</APPLET>
</BODY>
</HTML>
Notice that the:
PortAddress=23 - the port the SWC communicates with after login/password has been provided.
IPAddress - set to the IP address of the SWC.
Version - The SWC firmware version. B=A.02.01.001:A=A.02.01.001:R=A.02.01.001 = A2.0
Click Back to return to previous screen.
--------------------------------------------------------------------------------
Figure 2: GSP/MP login screen html text:
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>HP Web Console on <GSPname> </TITLE>
<P ALIGN=CENTER><BR>
</HEAD>
<BODY>
<TABLE><TR><TD>
<IMG SRC=/HPSmallInvent.gif WIDTH=160 HEIGHT=120>
</TD><TD>
<APPLET CODE="pericom/TeemWorld/TeemWorld.class" ARCHIVE="TeemWorld.jar"
WIDTH=640 HEIGHT=480>
<PARAM name=UseFrame value = On>
<PARAM name=Host value = xxx.xxx.xxx.xxx>
<PARAM NAME=MenuBar VALUE = On>
<PARAM name=Port value = 2023>
<PARAM NAME=IPAddress VALUE = xxx.xxx.xxx.xxx>
<PARAM NAME=SubnetMask VALUE = xxx.xxx.xxx.0>
<PARAM NAME=IPGateway VALUE = xxx.xxx.xxx.xxx>
<PARAM NAME=Title VALUE = "HP Web Access">
<PARAM NAME=SubTitle VALUE = "Hewlett Packard">
<PARAM name=Emulation value = hpterm>
<PARAM name=SessionID value = /0000024A>
</APPLET>
</TD></TR></TABLE>
</BODY>
</HTML>
Notice that the:
Port=2023 - the port the GSP communicates with after login/password has been provided.
Host - set to the IP address of the GSP.
Emulation - Terminal Emulation.