OME 2.3 and iDRAC 9

Guy.Foetz,

I would start with testing that the WinRM is functional locally and remotely, then we can proceed from there. If you follow this link it will give you the steps to test it locally as well as remotely. 

Let me know what you see as a result.

Thanks.

Another thing to check would be TLS settings on the iDRAC and OME server. They should match for proper handshake. winrm is dependent on this.

Local:

 winrm id
IdentifyResponse
    ProtocolVersion = schemas.dmtf.org/.../wsman.xsd
    ProductVendor = Microsoft Corporation
    ProductVersion = OS: 6.3.9600 SP: 0.0 Stack: 3.0
    SecurityProfiles
        SecurityProfileName = hxxp://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos

Remote IDRAC8:

winrm id -r:https://x.x.x.x/wsman:443 -u:xxxx -p:xxx  -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
IdentifyResponse
    ProtocolVersion = schemas.dmtf.org/.../wsman.xsd
    ProductVendor = Dell, Inc.
    ProductVersion = iDRAC : System Type = 13G Monolithic : LC Version = 2.41.40.40 : Version = 2.41.40.40
    SMASHVersion = 2.0.0
    ProductName = iDRAC
    SystemGeneration = 13G Monolithic
    FirmwareVersion = 2.41.40.40
    LifecycleControllerVersion = 2.41.40.40
    SecurityProfiles
        SecurityProfileName = HTTP_TLS_1, HTTP_TLS_2

Remote IDRAC9:

winrm id -r:https://x.x.x.x/wsman:443 -u:xxx -p:xxxxx  -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
WSManFault
    Message = WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer i
s accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from thi
s computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the sa
me local subnet.

Error number:  -2144108250 0x80338126
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible o
ver the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By
 default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subne
t.

Regards,

Guy

It works with 20 servers and IDRAC8 with the dame TLS settings, so I would say that this is not a problem,

But thanks for the hint

Sorry for the delay. Would you confirm that you have configured your settings to match those on page 345 here, as well as try the steps on page 346?

Let me know what you see. 

Here the wsman config:

PS C:\Users\Administrator> winrm get winrm/config/client
Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = true [Source="GPO"]
    Auth
        Basic = true [Source="GPO"]
        Digest = true
        Kerberos = true
        Negotiate = true
        Certificate = true
        CredSSP = false
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    TrustedHosts [Source="GPO"]

and the regitry keys are all set as showed on page 346

Regards,

Guy

I'm having exactly the same problem.

All other iDRAC are working, IDRAC from R640 is not

When using this command line, I get correct information back from R640
winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxx -r:https://x.x.x.x/wsman -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic

When using this command line, I get an error
winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxx -r:https://x.x.x.x/wsman:443 -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic



Error message

WSManFault
Message = The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not su
pport the WS-Management protocol.

Error number: -2144108269 0x80338113
The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-M
anagement protocol.

Hi,

thank you for this hint, this seems to help, in addition it seems to have problems with proxy settings.

In the Documentation winrm uses the IE setting by default, but it does not look like that, as if I disable proxy setting in IE it still does not work, but if I set

-pac:no_proxy

to the winrm the connection works.

so I got it work with:

winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxxx -r:https://x.x.x.x/wsman -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic -pac:no_proxy

but still not works in OME, I will further check with proxy settings maybe this solves it

Guy

Dears,

I got it to work :D

there were WINHTTP proxy settings, as they are needed by Windows update, but the bypass list was wrong, hust the old range was defined and not the new one.

So I added the new Range and it works now.

netsh winhttp show proxy

Regards,

Guy

:-( i'm not following :-)


In internet Explorer no proxy is set, it's even grayed out because of GPO
(we are not allowed to change server proxy settings)

This is my output , so not using any proxy

C:\WINDOWS\system32>netsh winhttp show proxy

Current WinHTTP proxy settings:
Direct access (no proxy server).

and check with wireshark if you get a connection, this helped me to find the problem

I still have the problem you mentioned with winrm and the 443 port, but in OME it works now.

Did you set all the registry keys for TLS?

For me this was the solution

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

 Reg Path:         HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\

Type:   DWORD
Name: DefaultSecureProtocols
Value Hex:       00000A00

Reg Path:            HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\

Type:   DWORD
Name: DefaultSecureProtocols
Value Hex:       00000A00