WS-MAN Broken with OME 2.3?

Problem resolved - The TLS registry entries for the OME server did not apply correctly, re-applied and all working now. Link to the referenced TLS entries below:

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

What did you mean by TLS entries. What are you referring to. I'm having same issues with idrac discovery and updates borked after OME update to 2.3

OME server is has been running on Win Srv 2012R2 for the last three years. So No server change. Just started having issues since OME 2.3 upgrade.

When running OME troubleshooting on the WSMAN protocol to any idrac 7 or 8 with 2.40.x.x firmware, I get no tls handshake. WT??

Using TLS 1.0 for SSL/TLS handshake.
Error: The remote service point could not be contacted at the transport level.
Using TLS 1.1 for SSL/TLS handshake.
Error: The remote service point could not be contacted at the transport level.
Using TLS 1.2 for SSL/TLS handshake.
Error: The remote service point could not be contacted at the transport level.

SSL Certificate Verification Failed.

See the link below:

support.microsoft.com/.../update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

thanks - i don't think that applies to Server 2012R2 and up as that is set by default on my version. that KB is for 2012 and below. 

Please see if following thread is helpful:

en.community.dell.com/.../20022226

That thread is not very helpful.

Here's summary of weird:

I can reach old idrac6 (firmware 2.85), and idrac9 (firmware cards from same mgt network (icmp, https). For those idrac's on  firmware 2.41.40.40 and 2.50.50.50, I can ping but can't do telnet, ssh, or https. 

All idrac's on 10.2.75.0 (drac subnet)

OME mgt server on 10.1.73.0 (Server 2012R2)

Why would this just affect idrac7/8 cards, while idrac 9 cards are fine?

If this was a client side tls i1.1 or 1.2 ssue on the OME server, there is no way I could reach the idrac9 cards. If this was a firewall issue, there is no way I would reach any of the cards. 

Should be noted this all started after Sept 15, 2017. Lifecycle Logs indicate no further communication with OME server after 9/17/2017. 

Also - other Server 2012R2 and Server 2016 boxes on my mgt subnet can't reach those idrac cards. However, Ubuntu and Windows 10 browsers on the same subnet can reach idrac7/8 cards (via all configured protocols)

Turned off SSL redirection to rule out TLS and still can't reach them from Server2012R2 or Server 2016 (doesn't matter if domain joined or not)

Starting to smell like a Windows update on the server platform. Anyone aware of anything?

Just wanted to provide a  little more information on this issue, it appears that I can reach my Dell 630 servers after applying the registry changes. I do not seem to be able to reach the Dell 620 servers, I will admit that they are a little out of date as far as DRAC firmware, I will update the firmware and post back here with further information.

What version of server OS did you apply the registry entries?

My OME server was upgraded from 2.1 to 2.3 on Windows 2008R2.