Skip to main content
Start a Conversation

Unsolved

DR NOBLE

2 Posts

400

February 24th, 2022 08:00

SSH connections from Global Health Task

We changed the credentials needed for SSH connections on our network. Do I need to obliterate my Dell OpenManage Enterprise VM instance and build a new VM instance in order to have Devices use the new credentials?

I read in these forums the SSH credentials are stored with the Devices and cannot be changed.

I tried deleting all the Devices, but then Discovery just re-instated the Devices with the old credentials instead of re-creating the Devices with the new credentials.

I added the SSH IP ranges to the Global Exclusion List but the Global Health Task apparently ignores that list. Discovery also re-instated the Devices in the Global Exclusion List. Perhaps the Global Exclusion List works for blocking initial Discovery, but it doesn’t appear to apply to anything else.

So, hourly, Global Health Task attempts and fails to make an SSH connection to all my Devices because it is using old credentials.

I cannot disable or schedule the Global Health Task. All I can do is adjust the frequency of the Global Health Task job from 1 to 23 hours.

Am I missing something, or is the only solution to fix the SSH connectivity to blow away the current OpenManage Enterprise VM and build a new VM so that Devices are discovered with the correct SSH credentials ?

We are running the latest version of OpenManage Enterprise, 3.8.3.

DELL-Chris H

Moderator

 • 

9.6K Posts

February 24th, 2022 13:00

Dr Noble,

 

All you would need is to either edit the discovery to change credentials, rediscover them with the new credentials, or you can make a new one which will overwrite it as well. 

 

Let me know if this helps.

 

 

 

DR NOBLE

2 Posts

February 28th, 2022 08:00

That might be how it’s supposed to work, but in my experience that’s not how it works. I did this:

Deleted all Devices.

Deleted all Discovery Jobs.

Deleted all alerts.

Essentially I deleted everything I was allowed to delete.

I even added the SSH IP ranges to the Global Exclusion List.

Then I recreated the Discovery Jobs with API Credentials (iDRAC) only.

This should result in no SSH for anything, right?  Wrong.

When the new Discovery Jobs ran the devices were remembered instead of recreated. The Device records contained both the iDRAC IP and the SSH IP. Then the Global Health Task proceeded to initiate and fail SSH connectivity every time it ran (hourly).

Our security systems alert upon failed SSH attempts. This Dell OME issue cannot be ignored.

It’s extra frustrating because the Dell OME Online Help page for Global exclusion of ranges specifically says: “Such devices are globally excluded which implies that they do not take part in any activity performed by OpenManage Enterprise.”

So … both Discovery and Exclusion are not working as expected.

In the end I performed the threatened resolution of powering off the first Dell OpenManage Enterprise VM and building a new Dell OpenManage Enterprise VM. I created it identical to the first one but without SSH connections and it works as expected.

Takeaway: It’s quicker to build a new Dell OpenManage Enterprise server than troubleshoot one that’s not working as documented/expected.

Was this post helpful?

View All

No Events found!

Top