Question & Answer
Question
When the user tries to connect to IBM DataPower Gateway with the ipmitool command, the error "Unable to establish IPMI v2 / RMCP+ session" is reported in the command output.
With the "-vvv" option, the output of the ipmitool command shows that RAKP 2 HMAC is invalid.
./ipmitool -vvv -I lanplus -H xx.xx.xx.xx -U ipmiadmin -L operator chassis selftest
Password:
>> Sending IPMI command payload
>> netfn : 0x06
>> command : 0x38
>> data : 0x8e 0x03
BUILDING A v1.5 COMMAND
>> IPMI Request Session Header
>> Authtype : NONE
>> Sequence : 0x00000000
>> Session ID : 0x00000000
>> IPMI Request Message Header
>> Rs Addr : 20
>> NetFn : 06
>> Rs LUN : 0
>> Rq Addr : 81
>> Rq Seq : 00
>> Rq Lun : 0
>> Command : 38
<< IPMI Response Session Header
<< Authtype : NONE
<< Payload type : IPMI (0)
<< Session ID : 0x00000000
<< Sequence : 0x00000000
<< IPMI Msg/Payload Length : 16
<< IPMI Response Message Header
<< Rq Addr : 81
<< NetFn : 07
<< Rq LUN : 0
<< Rs Addr : 20
<< Rq Seq : 00
<< Rs Lun : 0
<< Command : 38
<< Compl Code : 0x00
>> SENDING AN OPEN SESSION REQUEST
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Maximum privilege level : operator
<< Console Session ID : 0xa0a2a3a4
<< BMC Session ID : 0x00000006
<< Negotiated authenticatin algorithm : hmac_sha1
<< Negotiated integrity algorithm : hmac_sha1_96
<< Negotiated encryption algorithm : aes_cbc_128
>> Console generated random number (16 bytes)
4a 5b 3a 62 04 29 ab 20 6b ab d4 0d 3f d0 81 cd
>> SENDING A RAKP 1 MESSAGE
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Console Session ID : 0xa0a2a3a4
<< BMC random number : 0xa7a2ecf3ac9bb13ba7e23bf7369bb13b
<< BMC GUID : 0x42bc5ee4a4df4fc8814ebf196cad60dd
<< Key exchange auth code [sha1] : 0xb34b1d34e5cd45eb6b99cb4a7b26171661e76b83
bmc_rand (16 bytes)
a7 a2 ec f3 ac 9b b1 3b a7 e2 3b f7 36 9b b1 3b
>> rakp2 mac input buffer (67 bytes)
a4 a3 a2 a0 06 00 00 00 4a 5b 3a 62 04 29 ab 20
6b ab d4 0d 3f d0 81 cd a7 a2 ec f3 ac 9b b1 3b
a7 e2 3b f7 36 9b b1 3b 42 bc 5e e4 a4 df 4f c8
81 4e bf 19 6c ad 60 dd 13 09 69 70 6d 69 61 64
6d 69 6e
>> rakp2 mac key (20 bytes)
6d 33 28 74 63 59 68 2d 47 4c 38 2a 21 3b 5f 00
00 00 00 00
>> rakp2 mac as computed by the remote console (20 bytes)
8a 31 72 ba 7d 84 f5 40 c3 41 f5 80 ab 00 6f 44
c7 fb e4 31
> RAKP 2 HMAC is invalid
Error: Unable to establish IPMI v2 / RMCP+ session
Cause
The error "RAKP 2 HMAC is invalid" means that the password of the ipmi user is incorrect.
Answer
Check whether the password provided to the ipmitool command is the same as the one configured in DataPower.
In DataPower WebGUI, try to update the password of the IPMI user and click Apply. Then, run the ipmitool command again with the same password and see whether the error is resolved.
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m50000000CduQAAS","label":"DataPower->MGMT (MM)->IPMI"}],"ARM Case Number":"TS003953838","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Product Synonym
DataPower
Was this topic helpful?
Document Information
Modified date:
08 June 2021
UID
ibm16333445