I am taking the lead of implementing OME on our company, and we are trying to set it up as secure as possible.
We have restricted Login IP Range to a particular VLAN, where the sysadmin users are.
Trying to deploy templates to the iDRACs after applying this change, causes SYS046 errors related to NFS
....SYS046 --> Unable to import the Server Configuration Profile from the network share. ....Action : If the file is being copied from an NFS share, make sure that it is accessible from iDRAC. If the file is being copied from a CIFS share, make sure that it is accessible from iDRAC using the share credentials provided. Test the network share access using the Test Network Connection method. For more information, see the Lifecycle Controller User's Guide. ....Getting validation template will be skipped due to target job status : .SYS046
Is this behavior expected? If I use a login IP range that includes the iDRAC vlan, it works.
This is a problem, as our management IP range is quite different from the iDRAC, and we want to have this restricted as much as possible.
We may have a documentation issue or bug with the Login IP Range setting. I just did some testing to find out what it does. Based on the name, I assume that you are setting a range of allowable addresses to login to the appliance administration GUI. It does not appear to do that, I am able to login and manage the appliance from IPs not in the range.
Can you verify that the range does not affect the ability to access the appliance?
Dell EMC, Enterprise Engineer
Get support on Twitter @DellCaresPRO
Hi Daniel, we are trying to do that, restricting access to the OME GUI, and it works, we restricted the access to a IP Range, and only clients coming from that range can access the GUI.
The problem is that it seems to be affecting other things like NFS access, which is problematic for the template deployment to client iDRACs.
When I try to deploy a template and the Login IP Range is not including iDRAC ips, they will fail with the SYS046 error message that I posted. As soon as I open the IP Range to include those, the deployment works as intended.