Unsolved
This post is more than 5 years old
4 Posts
0
23881
Remote Access/OpenManage - console redirect from outside network
Several questions. (PowerEdge 2600 with ERA/O)
I've installed Server Administrator & I have remote access through my web browser - works great. IT Assistant won't even find the server. I just got blown off by Dell Support on the phone on this subject (nice Gold support). I was told it basically wasn't necessary. But I still would like to try it out. He said I needed SNMP services installed to - but I have that. You can't tell me that I can't even get into the dang thing. Any ideas? It's the least important issue I have.
Why don't I have the Remote Access options in my Server Administrator? Are there different versions of the software? Is it different depending on if you have DRAC or ERA? When I go under RAC, all I have is diagnostics. My phone support said I could set up users using the command line interface. But what the heck don't I have this option in the GUI?
Probably most important - I can't get the console redirection to work from outside of our network. I've got the firewall configured to have the ports open that the documentation tells me (21, 23, 80, 443, 5860, 5869, 5900, 32768, 69, 5859, 5981). I actually tried all of those ports opened up but it still didn't work. I really only am leaving open 80, 443, 5900 & 32768. I can do everything but the console redirect. The documentation says that port 5900 & above are for the console redirect. The phone support could only find something about the range being 5900-5950 - with no idea if port selection was random or not. Strike three for phone support. Has anybody had any experience with this? It would be most helpful to be able to do the console redirect from at home & this must be a firewall issue.
Any help would be greatly appreciated.
mschmidt5
4 Posts
0
July 30th, 2004 13:00
Thanks for the reply. I am on vacation for two weeks after today, so I'm not going to mess with the IT Assistant for at least that long. Since we have remote access through a web browser, we're good enough for now.
I am completely updated in software & firmware.
I had been trying to go through the public address from here at work yesterday when I couldn't do the console redirect. I tried it from home last night & it worked. The only thing that didn't work exactly right was that I lost connection during a reboot. I couldn't reconnect to the console so that I could enter the Windows password. It's getting there.
DELL-RobertC
13 Posts
0
July 30th, 2004 13:00
First, to address your IT Assistant question:
The following are some instructions for configuring a managed system, with OpenManage Server Administrator (OMSA) installed on a server that is to be managed by an IT Assistant Management Station.
You will need to install OMSA and SNMP on each server you intend to manage. This will install the agent that communicates with the management station. The latest revision of OMSA that is supported by the server and its OS is recommended.
IT Assistant can be installed on just about any system, (desktop, notebook, or server) running Windows 2000 or Windows XP or Windows Server 2003) that runs SNMP. I recommend that you install SNMP and IIS (for SMTP Service) first before installing IT Assistant. (If you install ITA on a server you intend to manage, install OMSA on the server also, and configure it as you would all managed nodes)
Here are some sample configuration procedures for when you have the above installed:
For a test, lets go with the simplest, least secure options.
Try the following SNMP on the IT Assistant Management station:
SNMP Service-> Security tab ->
-Uncheck "Send Authentication Trap"
-Enter "public" all lowercase letters, and with read/write access ( to be used as both communities in this test)
-Enable "Accept SNMP Packets from any hosts"
SNMP Service-> Traps Tab
-Ensure that "public" is in the dropdown box and in all lower-case letters. No trap destinations are necessary to be entered here (unless this is also a managed node). (Remember to restart the SNMP Service after making the configuration change)
IT Assistant -> Options -> Discovery Cycle ->
- On "Protocol Settings" tab, configure both Get and Set community names to "public" with lowercase letters. - On the "Status Settings" tab, ensure that the "Enable System Status" is checked.
Ensure that the Management Station is on the same Domain or on a trusted Domain to that of the managed node.
Ensure the following is configured on the Managed System (Node):
SNMP Service-> Security tab ->
-Uncheck "Send Authentication Trap"
-Enter "public" all lowercase letters, and with read/write access ( to be used as both communities in this test)
-Enable "Accept SNMP Packets from any hosts"
SNMP Service-> Traps Tab
-Ensure that "public" is in the dropdown box and in all lower-case letters.
-Ensure that the IP Address (which you should be able to "Ping") is entered for the Trap destinations. (Remember to restart the SNMP Service after making the configuration change)
On the IT Assistant console, create a range for the IP of the server you are going to test-manage. Force discovery on that range.
If the server is discovered but Unclassified, then something in the environment is a possible cause, as could be the SNMP protocol itself. Recheck the SNMP settings and restart the SNMP service to apply changes made.
You may need to “Remove Discovered System� and force a rediscovery of it if the system still shows up as unclassified or does not show summary information. Both the Remove and Force operations are done from the Management section on the left pane of IT Assistant.
When all is configured and working correctly, these are items you can change for heightened security if you desire:
- make a more secure community name with mixed characters
- generally ITA can work with separate Get and Set community names but you should test this in isolation after seeing it work with a single name for both get/set parameters.
- the Set community name must be Read/Write or Read/Create, though the Get community typically only has to be set to Read Only.
. always restart the SNMP service on a system after making changes to it’s properties.
Here is a very informative white paper on configuring email actions in IT Assistant:
http://www.dell.com/downloads/global/solutions/configuring_email_actions_OMITA.doc
-----------------------------------------------------------------------------------------------------------
Remote Access Controller in Server Administrator–
You need to ensure of two things:
Install a current version of Server Administrator (presently 1.8). During the install, (if your DRAC III or ERA is properly detected in the system) you will get an option to install Remote Access Controller. This is dependent on the presence of some devices being listed in Device Manager, so if you have disabled or deleted the PCI Funtion 0, PCI Function 2, and Remote Access Controller devices, you need to re-enable them. The drivers can be removed and reinstalled using the OpenManage custom Uninstall (from Add/Remove Programs) and custom Setup. If you are running any OMSA version prior to 1.8, I'd recommend uninstalling it and upgrading to 1.8. Please note that the Array Manager version 3.5, which is an optional install of the OpenManage 1.8 package, does have some system BIOS and PERC driver/firmware pre-requisites.
Flash your ERA or DRAC firmware to the most current revision. In most cases, the latest firmware revision presently is 3.12. You can get this update from http://premiersupport.dell.com and enter your service tag and select Downloads. The ERA/DRAC firmware will be in the Systems Management section.
Without the drivers installed via the OpenManage Setup, and without current firmware revisions, your server is not in an optimal configuration. Please reply to this post if you have further questions or issues.
--------------------------------------------------------
RAC Ports:
You seem to have tried the ports opened that I would recommend. Can you verify whether your firewall/router allows 10/100Mb half-duplex mode connections? There are other ports that open up when a Console Redirect session is established. So far, my research has led me to conclude that these are random within that range. Please let me know if this posting has been helpful, as I can continue to follow-up and confirm this conclusion.