Unsolved
8 Posts
0
6736
Using Dell OME to check for firmware updates
I was looking for a way to check for any available firmware updates for my servers without rebooting into the lifecycle controller and came across OME. I have a lab setup so I can make sure I have everything working and know how to properly use it before I deploy it in production. The lab setup is as follows:
PowerEdge 1950 with iDRAC5
PowerEdge R515 with iDRAC6
The 1950 and R515 have ESXi 6.5 installed. The 1950 is running a Server 2012 VM acting as a domain controller and DNS server. The R515 has no guests. Both iDRACs and ESXi hosts have their DNS set to the Server 2012 DNS server and have hostnames assigned, as well as static DNS records. I have OME installed on the Server 2012 guest. Both ESXi hosts have the OMSA VIB for ESXi 6.x.
After configuring the discovery ranges, it can see the ESXi hosts but it won't see the iDRACs and, as a result, won't show the list of current firmware versions and available firmware versions. For the ESXi hosts, I have it setup to use WS-MAN and SNMP, and for the iDRACs I have it setup to use WS-MAN for out-of-band. Am I doing something wrong or missing a step? Is there maybe an easier way to get this information?
hstone4
8 Posts
0
May 4th, 2018 15:00
Thanks, I will check this. I'm not sure if it's 1.1 or 1.2 but I will check that as well.
DELL-Josh Cr
Moderator
Moderator
•
8.5K Posts
1
May 4th, 2018 15:00
Hi,
Is the iDRAC firmware up to date and are you using TLS1.1 or 1.2? Did you follow the instructions on page 62 http://topics-cdn.dell.com/pdf/openmanage-essentials-v24_users-guide_en-us.pdf
hstone4
8 Posts
0
May 8th, 2018 15:00
Firmware is currently 1.70, I'm updating to 1.98 now. I was also missing support for TLS 1.1 and 1.2, I'm fixing that now. I will try discovery again after this and let you know how it goes.
hstone4
8 Posts
0
May 8th, 2018 15:00
Is a self-signed cert required for WS-MAN discovery?
DELL-Shivendra K
685 Posts
0
May 9th, 2018 05:00
It is not required. By default OME will ignore certificate checks.
hstone4
8 Posts
0
May 9th, 2018 10:00
Discovery still not working after updating iDRAC and installing the TLS1.1/1.2 update. It sees an unknown object at the IP address I have set for the iDRAC but does not recognize it as an iDRAC and cannot see firmware versions or attempt a firmware update.
DELL-Shivendra K
685 Posts
0
May 11th, 2018 00:00
Possible to run Troubleshooting tool WSMAN test on this IP and share back the results (mask sensitive data)?
hstone4
8 Posts
0
May 11th, 2018 08:00
I ran the WSMAN test on my iDRAC and got these results:
Time: 11-05-2018 10:13:30 AM Device: 192.168.100.14
Protocols Selected are:
WSMAN
WSMAN
Error Using TLS 1.0 for SSL/TLS handshake.
UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
TLS 1.0 Handshake successful.
Identify Failed. Could not connect
hstone4
8 Posts
0
May 11th, 2018 08:00
I ran the test again while checking the "Skip CA Check" and got these results:
Time: 11-05-2018 10:15:07 AM Device: 192.168.100.14
Protocols Selected are:
WSMAN
WSMAN
WSMAN Using TLS 1.0 for SSL/TLS handshake.
TLS 1.0 Handshake successful.
Connected. Could not collect WSMAN profile data.
Top
hstone4
8 Posts
0
May 15th, 2018 09:00
I haven't heard anything in a few days, what else can i try?
DELL-Shivendra K
685 Posts
0
May 29th, 2018 09:00
Next thing to try would be skipping CN check and resetting certificate on the iDRAC. Expired certificate will also bar the server from getting discovered.