Highlighted
1badger11
Bronze

WS-MAN Broken with OME 2.3?

I have aT630 iDRAC that was showing up under system updates using WS-MAN until I upgraded to OME 2.3 and installed iDRAC 2.50. Is there something I missed to get OME to communicate with this iDRAC after the upgrade?

0 Kudos
10 Replies

RE: WS-MAN Broken with OME 2.3?

With OME 2.3, there is an option for Device Type filter been enabled by default. If the T630 iDRAC was discovered by any non default WSMAN options (Guided wizard) in the previous OME versions, then discovery will fail after upgrade and the device wont be listed in System Update portal.

Please check if the device is been discovered with "iDRAC (Server Out of Band)" option of WSMAN in Guided wizard.

0 Kudos
1badger11
Bronze

RE: WS-MAN Broken with OME 2.3?

Problem resolved - The TLS registry entries for the OME server did not apply correctly, re-applied and all working now. Link to the referenced TLS entries below:

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

0 Kudos

RE: WS-MAN Broken with OME 2.3?

What did you mean by TLS entries. What are you referring to. I'm having same issues with idrac discovery and updates borked after OME update to 2.3

OME server is has been running on Win Srv 2012R2 for the last three years. So No server change. Just started having issues since OME 2.3 upgrade.

When running OME troubleshooting on the WSMAN protocol to any idrac 7 or 8 with 2.40.x.x firmware, I get no tls handshake. WT??

Using TLS 1.0 for SSL/TLS handshake.
Error: The remote service point could not be contacted at the transport level.
Using TLS 1.1 for SSL/TLS handshake.
Error: The remote service point could not be contacted at the transport level.
Using TLS 1.2 for SSL/TLS handshake.
Error: The remote service point could not be contacted at the transport level.

SSL Certificate Verification Failed.

0 Kudos
1badger11
Bronze

RE: WS-MAN Broken with OME 2.3?

0 Kudos

RE: WS-MAN Broken with OME 2.3?

thanks - i don't think that applies to Server 2012R2 and up as that is set by default on my version. that KB is for 2012 and below. 

0 Kudos

RE: WS-MAN Broken with OME 2.3?

Please see if following thread is helpful:

en.community.dell.com/.../20022226

Thanks,

Shivendra

0 Kudos

RE: WS-MAN Broken with OME 2.3?

That thread is not very helpful.

Here's summary of weird:

I can reach old idrac6 (firmware 2.85), and idrac9 (firmware cards from same mgt network (icmp, https). For those idrac's on  firmware 2.41.40.40 and 2.50.50.50, I can ping but can't do telnet, ssh, or https. 

All idrac's on 10.2.75.0 (drac subnet)

OME mgt server on 10.1.73.0 (Server 2012R2)

Why would this just affect idrac7/8 cards, while idrac 9 cards are fine?

If this was a client side tls i1.1 or 1.2 ssue on the OME server, there is no way I could reach the idrac9 cards. If this was a firewall issue, there is no way I would reach any of the cards. 

Should be noted this all started after Sept 15, 2017. Lifecycle Logs indicate no further communication with OME server after 9/17/2017. 

Also - other Server 2012R2 and Server 2016 boxes on my mgt subnet can't reach those idrac cards. However, Ubuntu and Windows 10 browsers on the same subnet can reach idrac7/8 cards (via all configured protocols)

Turned off SSL redirection to rule out TLS and still can't reach them from Server2012R2 or Server 2016 (doesn't matter if domain joined or not)

Starting to smell like a Windows update on the server platform. Anyone aware of anything?

0 Kudos
1badger11
Bronze

RE: WS-MAN Broken with OME 2.3?

Just wanted to provide a  little more information on this issue, it appears that I can reach my Dell 630 servers after applying the registry changes. I do not seem to be able to reach the Dell 620 servers, I will admit that they are a little out of date as far as DRAC firmware, I will update the firmware and post back here with further information.

0 Kudos

RE: WS-MAN Broken with OME 2.3?

What version of server OS did you apply the registry entries?

0 Kudos