IBM Support

VPN HMC Remote - Customer Instructions

Troubleshooting


Problem

This document provides complete customer instructions for setting up a VPN connection to a HMC.

Resolving The Problem

Use the following steps to set up a VPN connection to a HMC:

    • - Step 1: Determine the following before continuing

      AVerify that the HMC has at least a service pack installed. Have the person accessing the HMC open up a console session to the HMC (it will not work with WebSM; the console session is started at the physical HMC). Type the following command:

      lshmc -V

      A screen similar to the following is shown:

      This is the HMC console screen.

      		If nothing appears regarding MHxxxxx after the line that says HMC Build Level, no service packs are installed. It is highly recommended that the HMC has at least a service pack to avoid issues. In addition, confer with the HMC team to verify if the HMC is at a supported release.

      Note: If the HMC is at Version 6 Release 1.0 or Release 1.1, the minimum service pack is MH00912.
      BTo Telnet to a partition after the HMC connection is established, ensure the following command works on the command line for that partition:

      TELNET LOOPBACK

      If that does not work, ensure the loopback interface is active and that there is no Telnet security installed on this partition. The CS1 team can assist with Telnet issues to the operating system.

      Note : Telnet to the loopback interface is performed from the i5 OS command line, not from the HMC.
      • - Step 2: Verify the connectivity requirements are met

        AEnsure that the system can get through the network to open a VPN connection. Refer to the appropriate Rochester Support Center knowledgebase document:

        For HMC V6 or lower:
        New, HMC Internet ECS Setup. To link to document New immediately, click here .

        For HMC V7 and higher:
        New, Configuring HMC Version 7 and Later for Call Home Using Internet VPN. To link to document New immediately, click here Database 'DCF Technotes (IBM i)', View 'Products', Document 'Configuring HMC Version 7 and Later for Call Home'
        BRefer to the following Rochester Support Center knowledgebase document for listing of ports and TCP/IP addresses needed for VPN connectivity (Not required if you are using dial out VPN) :

        N1015940, Message HSCF0004 Server Firmware Licensed Internal Code Update Fails:


        • - Step 3: Enable the VPN remote

          Task 1Go to Service Applications. (Refer to Figure 1 for Tasks 1 through 3.)

          Note: If this is an HMC Version 7 or higher, it is called Service Management rather than Service Applications.
          Task 2Go to Remote Support.

          Note: If this is an HMC Version 7 or higher, skip this task and go to Task 3.
          Task 3Go to Customize Inbound Connectivity.

          Note: If this is an HMC Version 7 or higher, it is called Manage Inbound Connectivity rather than Customize Inbound Connectivity.
          Figure 1

          Pre-Version 7 HMC

          This is the HMC Pre-Version 7 Remote Support screen.


          Version 7 or higher HMC

          This is the HMC Version 7 Service Management screen.

          Task 4Click on the Remote Service tab. (Refer to Figure 2.)
          Task 5Select the VPN option.
          Task 6Select the box Allow access to the local console if HMC access is necessary.
          Task 7Select the box Allow access to managed system partitions if access to the partitions is necessary.
          Task 8Select the physical system that is being used.
          Task 9Highlight the partitions we need to access. For an HMC at version 7 or higher, there will be a Select box (refer to Figure 2).
          Task 10Click on the Prepare button to start the next step.

          Figure 2

          Pre-Version 7 HMC

          This is the HMC Pre-Version 7 Customized Inbound Connectivity screen.

          For Version 7 or higher HMC, use the Select box to select the partitions you want.

          This is the HMC Version 7 Manage Inbound Connectivity screen.

          Task 11The console status shows Disabled. (Refer to the Figure 3 for Tasks 11 and 12.)
          Task 12Click on the Start button.

          Figure 3

          Pre-Version 7 HMC

          This is the HMC Pre-Version 7 Remote Service Session screen.

          Version 7 or higher HMC

          This is the HMC Version 7 Remote Service Session screen.
          Task 13The Console status is changed to Enabled. (Refer to the Figure 4 for Tasks 13 and 14.)

          Note: If this fails here, ensure that Step 2 was correctly followed. In Step 2 Task A, there is a test procedure to ensure the HMC can send a test request to IBM in this link --> HMC Internet ECS Setup. To link to document New immediately, click here Database 'DCF Technotes (IBM i)', View 'Products', Document 'Configuring HMC Version 6 and Earlier for Call Home Using Internet VPN'
          Task 14There is a message stating that the connection opened successfully.

          Figure 4

          This is the HMC Pre-Version 7 Remote Service Session screen.

          Note: Do not close the window above because it will disconnect.

        [{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"6.1.0"}]

        Historical Number

        366884802

        Document Information

        Modified date:
        18 December 2019

        UID

        nas8N1019140

        Page Feedback