Skip to content

IPMI Troubleshooting

Issue: IPMI is not reachable

If Tenantos can't establish a connection to IPMI, the power status is unavailable and an "error" label is added to the IPMI device assignment.

Move the mouse to the error label to receive the exact error message:

Tooltip IPMI error

To solve the issue, please:

  • Ensure that the correct remote agent is selected.
  • Ensure that the IPMI connection details are correct.
  • Ensure that the remote agent can establish a connection to IPMI.

Ensure that the remote agent can establish a connection to IPMI

Info

You may want to execute unset HISTFILE before executing the ipmitool command to not save the password in your shell history.

Connect via SSH to your remote agent and execute following command:

ipmitool -I lanplus -H IPMI_IP -U ADMIN -P YOUR_PASSWORD chassis power status -v

If you see the same error message as in Tenantos, ensure via ping that you can reach the IPMI device:

ping IPMI_IP

If ping is not possible

If ping is not possible, it's likely a connectivity issue. Please ensure that your agent has access into your IPMI network. If IPMI is located within a private network, please read this page to find out how to include the agent into your private network.

If ping is possible

  • Ensure that IPMI over LAN is enabled at the IPMI settings, like on this screenshot.
  • Some IPMI versions do not accept connections via RMCP if the default password has not been changed. If you are forced to change the password after logging in into the IPMI web interface, please do so.

Issue: KVM console does not work / Error: "This KVM type is not supported"

This error appears specifically for Java-based KVM consoles. If your IPMI device does not support Java consoles, you can use the web IPMI feature instead. However, if your IPMI does support Java consoles and you see this error, follow the initial troubleshooting steps below. If the issue persists, submit a implementation request.

Initial Troubleshooting

If your IPMI provides a Java console but this error appears, try the following steps:

  1. Manually verify that the Java console launches correctly when accessed directly through the IPMI web interface
  2. Perform a BMC reset, which often resolves related issues
  3. Test the console again after the BMC has restarted

If the issue persists after these steps, the IPMI model may require implementation support.

Implementation Request

Tenantos natively supports a variety of different IPMI models, but unfortunately, IPMI consoles are not standardized and each vendor does its own implementation. Often IPMI even differs from model to model.

If you have servers that are not supported and you would like to see them integrated, please either provide access to them via a public IP or provide access to your Tenantos installation.

  • If you provide access to your installation, please include in your request the link to the server and whether it is currently in use.
  • If you provide direct access to the IPMI device, please whitelist the IPs mentioned on the following page.

After you have prepared everything, please send us the data via support ticket. Java KVM implementation requests, just like all other device integration requests, are welcome from all customers, including those with minimal support licenses.

Issue: IPMI status "Error in open session response message : insufficient resources for session"

If you encounter this issue on iDRACs, the issue can be solved by following these steps:

Menu Overview -> IDRAC SETTINGS -> User Authentication
-> Click on the user ID of your admin account -> Next
-> Check "change your password" checkbox and enter the same (or new) password
-> Click "Apply"

Credits and deeper explanation: https://stackoverflow.com/a/64297080

If the issue persists after following these steps, please verify that the IPMI encryption key is set to 0000000000000000000000000000000000000000. Additionally, ensure that the "Channel Privilege Level Limit" is configured to "Administrator". Click here to view a screenshot.

Issue: Set Session Privilege Level to ADMINISTRATOR failed: Unknown (0x80)

This error message usually indicates insufficient permissions of the IPMI account. An IPMI account with admin privileges needs to be stored in Tenantos.

Issue: HP iLO console not working due to "com.hp.ilo2.intgapp.intgapp"

If an outdated version of iLO is installed, an error message may appear when attempting to open the console, such as:

General Exception
Name: com.hp.ilo2.intgapp.intgapp
ExitException: ExitException[ 3]java.lang.StackoverflowError
Screenshot

To solve the issue, please update the iLO firmware. Once the firmware has been updated, the error message should no longer appear, and the console should function as expected.

Issue: Java console outputs "Connection refused" or a similar message

This message can have several causes. Try the following steps in order:

1. Verify network connectivity to the KVM port

Make sure that the remote agent handling the IPMI connection can reach the KVM port of the IPMI device. The exact port depends on the IPMI vendor and model. You can find it in the JNLP file when launching the Java console manually from the IPMI web interface, or directly in the IPMI configuration.

2. Verify the date and time on the IPMI itself

Check the date and time configured directly on the IPMI device. An incorrect date configuration can cause SSL certificate validation to fail.

Correct the date manually or configure NTP on the IPMI device.

3. Set the "Fake Date" option on the IPMI connection

If the IPMI date is configured correctly but the issue persists, the IPMI itself may use an expired SSL certificate for encrypted KVM communication. Depending on the Java viewer of the vendor, this can result in a "Connection Failed" or "Connection refused" error.

The "Fake Date" option at the IPMI connection simulates a specific date inside the Docker container, allowing the Java viewer to accept the (then valid) certificate.

  • Format: yyyy-mm-dd

Supermicro: Expired built-in iKVM certificate

A TLS certificate embedded in many Supermicro BMC firmwares was issued with a fixed 10-year validity and expired on 2026-05-17. On affected models, this causes a "Connection failed" error in the Java KVM console.

Because the iKVM uses mutual TLS, the expired certificate is validated twice. The Java viewer checks the BMC's server certificate, and the BMC validates the client certificate against its own clock. Changing only the client-side date ("Fake Date" option) is therefore not sufficient.

Tenantos automatically attempts to work around this for affected Supermicro servers when a console is opened. Where this succeeds, the Java KVM works again with no action required.

If the automatic handling does not resolve the issue for a specific server, use one of the following options:

  • Enable support access and provide the link to the affected server so the automatic handling can be reviewed for that model.
  • Install a Supermicro BMC firmware update for that model, if one is available. Updated firmware often includes a new certificate.
  • Set the date on the IPMI/BMC itself to a date before 2026-05-17 (for example, 2023) and enable the "Fake Date" option on the IPMI connection. Both are required together because of the mutual TLS validation described above.

Issue: "cURL error 35: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure"

This error message typically indicates an SSL issue on the IPMI device's side. For HP iLO, the issue can be resolved by following these steps:

  1. Go to Administration.
  2. Navigate to Security.
  3. Open the Encryption tab.
  4. Set Enforce AES/3DES Encryption to "Enabled".

Issue: Console URL invalid or IP not permitted

NoVNC console sessions are limited to the IP address of the user who created the console for security reasons. If you open the NoVNC console and see the message "Console URL invalid or IP not permitted", it indicates that the IP address was not correctly recognized.

This error message typically appears when the console is opened via a billing integration and the end user IP isn't correctly identified by the billing integration. This might occur if a CDN is used and the original IP address isn't restored.

In general, it can be said that the cause is a server-side configuration problem. To verify this, please perform the following steps:

  1. Open Tenantos and click on the "Logs" entry in the sidebar.
  2. Look for the "Opened Server Console" entry and click on the info symbol on the right.
  3. The "Post Data" will show the IP address that was passed to Tenantos.
  4. Check the webserver access log at /var/log/nginx/access.log to find out the real IP, to cross-verify that the IP in the post data is indeed wrong: cat /var/log/nginx/access.log | grep /console/

Another common cause is a mismatch in protocol: The billing integration might be accessible via IPv6, while Tenantos isn't. When an IPv6 client opens the console, the IPv6 address is passed on, however, Tenantos is opened via IPv4. To avoid this, it is recommended to configure Tenantos to be accessible via the same protocols as the billing integration.

If the problem arises when the console is directly opened via Tenantos, it is likely that a CDN, such as Cloudflare, is causing the issue. The troubleshooting steps are the same, except that the authorized IP cannot be seen in the post data, but can be seen directly in the table, in the "User IP" column. If this is causing the issue, you may need to adjust the nginx configuration to restore the original IPs.