Highlighted
guy.foetz
Bronze

OME 2.3 and iDRAC 9

Hi,

we are using OME 2.3 on windows 2012 R2 Standard 

Currenlty we have serveral iRMC 7 and 8 servers working with the OME but now we got new R640 Servers and they are not discovered via WSMAN.

Port is open:

PORT    STATE SERVICE
443/tcp open  https

wsman on iDRAC 8:

winrm e cimv2/root/dcim/DCIM_SystemView -u:xxxx -p:xxxxx -r:https://x.x.x.x/wsman:443 -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
DCIM_SystemView
    AssetTag =
    BIOSReleaseDate = 06/16/2016
    BIOSVersionString = 2.1.7
    BaseBoardChassisSlot = NA
    BatteryRollupStatus = 1
    BladeGeometry = 255
    BoardPartNumber =
    BoardSerialNumber =
    CMCIP = null
    CPLDVersion = 1.0.1
    CPURollupStatus = 1
    ChassisModel
    ChassisName = Main System Chassis
    ChassisServiceTag =
    ChassisSystemHeight = 1
    CurrentRollupStatus = 1
    DeviceDescription = System
    EstimatedExhaustTemperature = 40
    EstimatedSystemAirflow = 19
    ExpressServiceCode =
    FQDD = System.Embedded.1
    FanRollupStatus = 1
...

wsman on iDRAC 9:

winrm e cimv2/root/dcim/DCIM_SystemView -u:xxxx -p:xxxxx -r:https://x.x.x.x/wsman:443 -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
WSManFault
    Message = WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

Error number:  -2144108250 0x80338126
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

The iDRAC 9 is in a different subnet, but the rest is the same.

Any suggested support path here?


Thanks!

Tags (2)
0 Kudos
13 Replies
Moderator
Moderator

RE: OME 2.3 and iDRAC 9

Guy.Foetz,

I would start with testing that the WinRM is functional locally and remotely, then we can proceed from there. If you follow this link it will give you the steps to test it locally as well as remotely. 

Let me know what you see as a result.

Thanks.

Chris Hawk

Dell | Social Outreach Services - Enterprise
Get Support on Twitter @DellCaresPro 
Download the Dell Quick Resource Locator app today to access PowerEdge support content on your mobile device! (iOS, Android, Windows)

0 Kudos

RE: OME 2.3 and iDRAC 9

Another thing to check would be TLS settings on the iDRAC and OME server. They should match for proper handshake. winrm is dependent on this.

Thanks,

Shivendra

0 Kudos
guy.foetz
Bronze

RE: OME 2.3 and iDRAC 9

It works with 20 servers and IDRAC8 with the dame TLS settings, so I would say that this is not a problem,

But thanks for the hint

0 Kudos
guy.foetz
Bronze

RE: OME 2.3 and iDRAC 9

Local:

 winrm id
IdentifyResponse
    ProtocolVersion = schemas.dmtf.org/.../wsman.xsd
    ProductVendor = Microsoft Corporation
    ProductVersion = OS: 6.3.9600 SP: 0.0 Stack: 3.0
    SecurityProfiles
        SecurityProfileName = hxxp://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos

Remote IDRAC8:

winrm id -r:https://x.x.x.x/wsman:443 -u:xxxx -p:xxx  -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
IdentifyResponse
    ProtocolVersion = schemas.dmtf.org/.../wsman.xsd
    ProductVendor = Dell, Inc.
    ProductVersion = iDRAC : System Type = 13G Monolithic : LC Version = 2.41.40.40 : Version = 2.41.40.40
    SMASHVersion = 2.0.0
    ProductName = iDRAC
    SystemGeneration = 13G Monolithic
    FirmwareVersion = 2.41.40.40
    LifecycleControllerVersion = 2.41.40.40
    SecurityProfiles
        SecurityProfileName = HTTP_TLS_1, HTTP_TLS_2

Remote IDRAC9:

winrm id -r:https://x.x.x.x/wsman:443 -u:xxx -p:xxxxx  -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
WSManFault
    Message = WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer i
s accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from thi
s computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the sa
me local subnet.

Error number:  -2144108250 0x80338126
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible o
ver the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By
 default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subne
t.

Regards,

Guy

0 Kudos
Moderator
Moderator

RE: OME 2.3 and iDRAC 9

Sorry for the delay. Would you confirm that you have configured your settings to match those on page 345 here, as well as try the steps on page 346?

Let me know what you see. 

Chris Hawk

Dell | Social Outreach Services - Enterprise
Get Support on Twitter @DellCaresPro 
Download the Dell Quick Resource Locator app today to access PowerEdge support content on your mobile device! (iOS, Android, Windows)

0 Kudos
guy.foetz
Bronze

RE: OME 2.3 and iDRAC 9

Here the wsman config:

PS C:\Users\Administrator> winrm get winrm/config/client
Client
    NetworkDelayms = 5000
    URLPrefix = wsman
    AllowUnencrypted = true [Source="GPO"]
    Auth
        Basic = true [Source="GPO"]
        Digest = true
        Kerberos = true
        Negotiate = true
        Certificate = true
        CredSSP = false
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    TrustedHosts [Source="GPO"]

and the regitry keys are all set as showed on page 346

Regards,

Guy

0 Kudos
GeertC
Bronze

RE: OME 2.3 and iDRAC 9

I'm having exactly the same problem.

All other iDRAC are working, IDRAC from R640 is not

When using this command line, I get correct information back from R640
winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxx -r:https://x.x.x.x/wsman -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic

When using this command line, I get an error
winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxx -r:https://x.x.x.x/wsman:443 -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic



Error message

WSManFault
Message = The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not su
pport the WS-Management protocol.

Error number: -2144108269 0x80338113
The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-M
anagement protocol.

0 Kudos
guy.foetz
Bronze

RE: OME 2.3 and iDRAC 9

Hi,

thank you for this hint, this seems to help, in addition it seems to have problems with proxy settings.

In the Documentation winrm uses the IE setting by default, but it does not look like that, as if I disable proxy setting in IE it still does not work, but if I set

-pac:no_proxy

to the winrm the connection works.

so I got it work with:

winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxxx -r:https://x.x.x.x/wsman -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic -pac:no_proxy

but still not works in OME, I will further check with proxy settings maybe this solves it

Guy

0 Kudos
guy.foetz
Bronze

RE: OME 2.3 and iDRAC 9

Dears,

I got it to work Smiley Very Happy

there were WINHTTP proxy settings, as they are needed by Windows update, but the bypass list was wrong, hust the old range was defined and not the new one.

So I added the new Range and it works now.

netsh winhttp show proxy

Regards,

Guy

0 Kudos