Server Products
Data Center Products including boards, integrated systems, Intel® Xeon® Processors, RAID Storage, and Intel® Xeon® Processors
4761 Discussions

what are the minimum encrypted required ports to work KVM redirection using stunnel

User1585051830145643
2,150 Views

I have board S2600WTTR (BIOS ate latest 028) and KVM redirection set to Stunnel encrption and encrypted ports are open in firewall are 7582, 5124, and 5127

still getting error : "Some Global2" and "KVMCLIENT".Also RESET coming from the IPMI

we want to allow only encrpyted port for Remote console to work In addition to the standard TCP/IP ports for browsing the Web interface (80 and 443)

0 Kudos
24 Replies
SergioS_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

Can you please provide us how are you creating the encryption and when you are getting the error messages?

 

Best regards,

Sergio S.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit :https://intel.com/support/serverbios

0 Kudos
User1585051830145643
1,702 Views

Selecting Stunnel from configuration KVM & Media and Launch Remote Console using jnlp and black console opened up with error as per attachment

Dont want to keep open any un-encrypted port for this(Remote console ) operation

 

0 Kudos
SergioS_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

Thank you for the additional information, please allow us some time to check on your question.

 

Best regards,

Sergio S.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit :https://intel.com/support/serverbios

 

0 Kudos
SergioS_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

First, we would like to apologize for the delay on our response.

 

The secure ports that you are using are correct. When KVM encryption is enabled, KVM protocol uses port 7582 for KVM, 5124 for CD/DVD, 5127 for floppy/USB.

 

Another requirement for KVM encryption is that firewall (if any) and NAT should be configured to permit these connections. Besides that, there are no other requirements.

 

Can you please a screenshot of any error messages you could be getting?

 

 

Best regards,

Sergio S.

Intel Customer Support Technician

 

0 Kudos
User1585051830145643
1,702 Views

Thanks no issue , allowing only encrypted ports at firewall does not open remote console using IPMI. PFA error . what are the other required ports other than 7582 for KVM, 5124 for CD/DVD, 5127 are necessary to kept open , remote console to work ? or should it work with mentioned ports only ?

0 Kudos
SergioS_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

Thank you for sharing the screenshot of the error, please allow us more time to investigate.

0 Kudos
SergioS_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

You have already opened all the necessary ports. The indicated ports are the only ones that can be used:

KVM related ports (7582, 5124, 5127), http 80 and TCP 443.

 

This is covered in section 9.3.2 of TPS.

 

We also would like to know what is the browser you are using. The validated ones are Microsoft Internet Explorer and Mozilla Firefox.

 

Does KVM work fine when encryption is set to "none"?

 

In a past interaction, the customer stated: "Also RESET coming from the IPMI". Can you please let us know what you meant by that? 

 

We will be looking forward to your answer.

 

Best regards,

Sergio S.

Intel Customer Support Technician

 

0 Kudos
User1585051830145643
1,702 Views

Used Mozilla Firefox.

Reg: Does KVM work fine when encryption is set to "none"?

Yes

 

0 Kudos
SergioS_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

We appreciate the additional information, one last question can you please also let us know what did you mean with "RESET coming from the IPMI".

 

Thank you

 

Best regards,

Sergio S.

Intel Customer Support Technician

 

0 Kudos
SergioS_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

We are following your case and we would like to know if you found the information from the previous post that we sent you.

 

Thank you

 

Best regards,

Sergio S.

Intel Customer Support Technician

 

 

0 Kudos
User1585051830145643
1,702 Views

Yes , confirmed from your previous communication that (KVM related ports (7582, 5124, 5127), http 80 and TCP 443) these are the only ports should be open and remote console should work , but unfortunately in our case its not working

Request coming on port 7582 is allow as action on firewall but showing session end reason "tcp-rst-from-server"

0 Kudos
SergioS_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

Thank you for the information we are going to check on the information provided and will get back to you.

 

Best regards,

Sergio S.

Intel Customer Support Technician

 

For firmware updates and troubleshooting tips, visit :https://intel.com/support/serverbios

0 Kudos
Emeth_O_Intel
Moderator
1,702 Views

Hello,

 

We would like to ask you the following details in order to have a better understanding of this scenario:

 

  • Which browser is used to access BMC web console?
  • Does KVM work fine if encryption is set to "none"?
  • Extract Debug logs and sysinfo logs from the system.

 

Please let us know the outcome in order to proceed with the next step.

 

Emeth O.

Intel Server Specialist.

0 Kudos
User1585051830145643
1,702 Views

 

Which browser is used to access BMC web console? = Firefox

Does KVM work fine if encryption is set to "none"? = yes

will try to collect logs

0 Kudos
Emeth_O_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

Thank you for replying back.

 

Please share with us the logs as soon as possible in order to proceed with the next step.

If you have more questions, do not hesitate and let me know and I will be more than happy to assist you.

 

 

Best regards,

 

Emeth O.

Intel Server Specialist.

 

0 Kudos
Emeth_O_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

I have been following up on your case in order to verify if you still have questions?

 

Please let us know the outcome in order to proceed with the next step. 

 

Best regards, 

 

Emeth O. 

Intel Server Specialist. 

 

0 Kudos
User1585051830145643
1,702 Views

Hi, due to current situation not able to get logs , need to wait , sorry for delay from my side .

 

0 Kudos
SergioS_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

Thank you for taking the time to share that information with us. We are going to keep this thread open and will follow up with you next week.

Best regards,

Sergio S.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit :https://intel.com/support/serverbios

 

0 Kudos
SergioS_Intel
Moderator
1,702 Views

Hello User15850518301456433508,

 

This message is to let you know that we are still waiting for the logs and we do understand that you are still not able to get them.

 

We will follow up with you in two weeks.

 

Best regards,

Sergio S.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit :https://intel.com/support/serverbios

 

0 Kudos
SergioS_Intel
Moderator
1,571 Views

Hello User15850518301456433508,

 

I am following your case and we would like to let you know if you were able to get the logs requested on the previous post.

 

Best regards,

Sergio S.

Intel Customer Support Technician

For firmware updates and troubleshooting tips, visit :https://intel.com/support/serverbios

 

0 Kudos
Reply