Unsolved
This post is more than 5 years old
10 Posts
0
5454
OME 2.3 and iDRAC 9
Hi,
we are using OME 2.3 on windows 2012 R2 Standard
Currenlty we have serveral iRMC 7 and 8 servers working with the OME but now we got new R640 Servers and they are not discovered via WSMAN.
Port is open:
PORT STATE SERVICE
443/tcp open https
wsman on iDRAC 8:
winrm e cimv2/root/dcim/DCIM_SystemView -u:xxxx -p:xxxxx -r:https://x.x.x.x/wsman:443 -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
DCIM_SystemView
AssetTag =
BIOSReleaseDate = 06/16/2016
BIOSVersionString = 2.1.7
BaseBoardChassisSlot = NA
BatteryRollupStatus = 1
BladeGeometry = 255
BoardPartNumber =
BoardSerialNumber =
CMCIP = null
CPLDVersion = 1.0.1
CPURollupStatus = 1
ChassisModel
ChassisName = Main System Chassis
ChassisServiceTag =
ChassisSystemHeight = 1
CurrentRollupStatus = 1
DeviceDescription = System
EstimatedExhaustTemperature = 40
EstimatedSystemAirflow = 19
ExpressServiceCode =
FQDD = System.Embedded.1
FanRollupStatus = 1
...
wsman on iDRAC 9:
winrm e cimv2/root/dcim/DCIM_SystemView -u:xxxx -p:xxxxx -r:https://x.x.x.x/wsman:443 -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
WSManFault
Message = WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.
Error number: -2144108250 0x80338126
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.
The iDRAC 9 is in a different subnet, but the rest is the same.
Any suggested support path here?
Thanks!
DELL-Chris H
Moderator
Moderator
•
8.8K Posts
0
October 26th, 2017 09:00
Guy.Foetz,
I would start with testing that the WinRM is functional locally and remotely, then we can proceed from there. If you follow this link it will give you the steps to test it locally as well as remotely.
Let me know what you see as a result.
Thanks.
DELL-Shivendra K
685 Posts
0
October 26th, 2017 10:00
Another thing to check would be TLS settings on the iDRAC and OME server. They should match for proper handshake. winrm is dependent on this.
guy.foetz
10 Posts
0
October 27th, 2017 00:00
Local:
winrm id
IdentifyResponse
ProtocolVersion = schemas.dmtf.org/.../wsman.xsd
ProductVendor = Microsoft Corporation
ProductVersion = OS: 6.3.9600 SP: 0.0 Stack: 3.0
SecurityProfiles
SecurityProfileName = hxxp://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos
Remote IDRAC8:
winrm id -r:https://x.x.x.x/wsman:443 -u:xxxx -p:xxx -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
IdentifyResponse
ProtocolVersion = schemas.dmtf.org/.../wsman.xsd
ProductVendor = Dell, Inc.
ProductVersion = iDRAC : System Type = 13G Monolithic : LC Version = 2.41.40.40 : Version = 2.41.40.40
SMASHVersion = 2.0.0
ProductName = iDRAC
SystemGeneration = 13G Monolithic
FirmwareVersion = 2.41.40.40
LifecycleControllerVersion = 2.41.40.40
SecurityProfiles
SecurityProfileName = HTTP_TLS_1, HTTP_TLS_2
Remote IDRAC9:
winrm id -r:https://x.x.x.x/wsman:443 -u:xxx -p:xxxxx -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
WSManFault
Message = WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer i
s accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from thi
s computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the sa
me local subnet.
Error number: -2144108250 0x80338126
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible o
ver the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By
default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subne
t.
Regards,
Guy
guy.foetz
10 Posts
0
October 27th, 2017 00:00
It works with 20 servers and IDRAC8 with the dame TLS settings, so I would say that this is not a problem,
But thanks for the hint
DELL-Chris H
Moderator
Moderator
•
8.8K Posts
0
November 7th, 2017 12:00
Sorry for the delay. Would you confirm that you have configured your settings to match those on page 345 here, as well as try the steps on page 346?
Let me know what you see.
guy.foetz
10 Posts
0
November 7th, 2017 23:00
Here the wsman config:
PS C:\Users\Administrator> winrm get winrm/config/client
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true [Source="GPO"]
Auth
Basic = true [Source="GPO"]
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts [Source="GPO"]
and the regitry keys are all set as showed on page 346
Regards,
Guy
GeertC
1 Rookie
1 Rookie
•
70 Posts
0
November 10th, 2017 00:00
I'm having exactly the same problem.
All other iDRAC are working, IDRAC from R640 is not
When using this command line, I get correct information back from R640
winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxx -r:https://x.x.x.x/wsman -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
When using this command line, I get an error
winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxx -r:https://x.x.x.x/wsman:443 -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
Error message
WSManFault
Message = The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not su
pport the WS-Management protocol.
Error number: -2144108269 0x80338113
The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-M
anagement protocol.
guy.foetz
10 Posts
0
November 10th, 2017 02:00
Hi,
thank you for this hint, this seems to help, in addition it seems to have problems with proxy settings.
In the Documentation winrm uses the IE setting by default, but it does not look like that, as if I disable proxy setting in IE it still does not work, but if I set
-pac:no_proxy
to the winrm the connection works.
so I got it work with:
winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxxx -r:https://x.x.x.x/wsman -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic -pac:no_proxy
but still not works in OME, I will further check with proxy settings maybe this solves it
Guy
guy.foetz
10 Posts
0
November 10th, 2017 02:00
Dears,
I got it to work :D
there were WINHTTP proxy settings, as they are needed by Windows update, but the bypass list was wrong, hust the old range was defined and not the new one.
So I added the new Range and it works now.
netsh winhttp show proxy
Regards,
Guy
GeertC
1 Rookie
1 Rookie
•
70 Posts
0
November 10th, 2017 03:00
:-( i'm not following :-)
In internet Explorer no proxy is set, it's even grayed out because of GPO
(we are not allowed to change server proxy settings)
This is my output , so not using any proxy
C:\WINDOWS\system32>netsh winhttp show proxy
Current WinHTTP proxy settings:
Direct access (no proxy server).
guy.foetz
10 Posts
0
November 10th, 2017 04:00
and check with wireshark if you get a connection, this helped me to find the problem
guy.foetz
10 Posts
0
November 10th, 2017 04:00
I still have the problem you mentioned with winrm and the 443 port, but in OME it works now.
Did you set all the registry keys for TLS?
GeertC
1 Rookie
1 Rookie
•
70 Posts
0
November 10th, 2017 07:00
For me this was the solution
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in
Reg Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\
Type: DWORD
Name: DefaultSecureProtocols
Value Hex: 00000A00
Reg Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\
Type: DWORD
Name: DefaultSecureProtocols
Value Hex: 00000A00