SMTP mail alerts with TLS

Question

Hi all,I'm using SMTP virtual server installed on windows server 2016 to relay mail alerts from iDRAC 8. Current setup of SMTP virtual server allows anonymous access with TLS disabled and this is working. I'm getting mails from iDRAC.But I want to use TLS with user authentication and when I enable TLS on SMTP virtual server with user authentication I'm getting that annoying 'Sending the test mail failed' message from iDRAC.I've tested this from computers that are within and outside of AD and everything is working, SMTP server successfully relays mail to public SMTP server. I've check and TLS 1.2 is working on SMTP virtual server. So currently I'm stuck and don't know how to troubleshoot this issue.It would be really helpful if iDRAC 8 has any debug logs for SMTP server, but I didn't find any. If anyone knows how to get more info (debug logs) on iDRAC SMTP server or any idea on what could cause a problem in this setup, tnx in advance.Server:     R230Bios:         2.12.0Firmware: 2.82.82.82If any extra info is needed, just ask.

DELL-Young E · Answer

Hi, thanks for choosing Dell.   https://dell.to/3uofoKL     https://dell.to/3qt0Bgz   Have you configured SMTP authentication?

dellUser3344 · Answer

Hi,yes, I've configured authentication on iDRAC SMTP.But since there isn't any logs for this part I'm blind and don't know is there something regarding SMTP virtual server certificate or this user/pwd part. Kinda leaning toward that there is something regarding certificate that iDRAC doesn't like, don't know.But on the other side, I've used PowerShell Send-MailMessage to test SMTP virtual server from other computers and didn't get any warnings/issues regarding certificate.

DiegoLopez · Answer

Hello @dellUser3344,

So did you followed the steps of the suggested articles? As you can see there is not much configuration we can do on iDRAC level. Are you sure the server is configured to accept unauthenticated connections?

Regards.

dellUser3344 · Answer

Hi Diego,the only option on SMTP virtual server is unauthenticated access, which isn't working when TLS is enabled.I've tested yesterday a SMTP starttls connection with openssl from linux machine which isn't joined to AD, and the only 'issue' I got in log was 'unable to get local issuer certificate'. But this didn't affect the login process.Here is the image:Username and password are encoded with following cmd: echo -n 'username or pwd' | openssl enc -base64 My setup contains offline root CA and a subordinate CA (joined to AD) which issues certificates. So the only way (that I know of) to solve the 'unable to get local issuer certificate' issue is to add root CA to some kind of trusted root CA store. Don't know if iDRAC has something like that. Also HTTPS with valid certificate is successfully setup on iDRAC.But the question remains if this is causing problems on iDRAC SMTP mail alert?

DiegoLopez · Answer

Hello @dellUser3344, I cannot be sure.  Do you have any way to test it outside of this configuration?  Regards.

dellUser3344 · Answer

Hi Diego,just tried with gmail SMTP, and it's not working. 'DNS iDRAC Name' and 'Static DNS Domain Name' under iDRAC Settings -> Network->Common settings are set to 'idrac01' and my AD domain. SMTP server and port under 'SMTP (Email) Server Address Settings' are set to 'smtp.gmail.com' and 587. Using my gmail account, but without @gmail.com.Also tried a different 'tips' under following thread:https://www.dell.com/community/Systems-Management-General/E-Mail-Alerting-iDRAC7-Gmail/td-p/4235677/page/2But nothing helped, always end up with RAC0225 error message.Also, I've updated iDRAC bios to 2.13.0, if it makes any difference.

DELL-Young E · Answer

Hi, could we try this     https://dell.to/3NrGBot to verify the SMTP settings?

dellUser3344 · Answer

Hi Young,thank you for this suggestion, it is really a handy tool. Now we are getting somewhere. This is the message I get from Troubleshooting tool. And in my SMTP virtual server logs I can see that STARTTLS message isn't sent from it. So Troubleshooting tool doesn't send STARTTLS and it gets rejected while Powershell cmd starts with STARTTLS cmd and successfully sends it.

DELL-Young E · Answer

Hi, I'm not an expert on this tool but

https://dell.to/3Dysolr

How to configure Integrated Dell Remote Access Controller (iDRAC) Email Alerts | Dell US

Could you upgrade iDRAC 9 and follow the steps from here?

dellUser3344 · Answer

Hi,I have iDRAC 8, and it's up-to-date based on downloads.dell.comMy DNS settings: My Alerts are enabled: Destination and mail settings: So basically all is set as mentioned in:https://dell.to/3DysolrMy SMTP virtual server is working, and I'm able to send mail from:    - windows pc joind to AD domain with powershell cmd    - windows pc not joined to AD with powershell cmd    - linux pc not joined to AD with postfix

DELL-Erman O · Answer

Hello, I think it could possibly be an issue with the certifications between the iDRAC and the SMTP server. iDRAC uses an encrypted TLS connection as default, but if the other virtual server doesn't support it, it could be an issue. You can try turning off TLS encryption with the following command over RACADM.

"racadm set idrac.RemoteHosts.ConnectionEncryption None"

iDRAC RACADM Command Line, video link https://dell.to/3JKhbAi

Hope that helps!

dellUser3344 · Answer

Hi Erman,I've tried to set ConnectionEncryption property to none, but I get 'Invalid object specified.' Think that this option is for iDRAC 9, I'm using iDRAC 8.

DELL-Chris H · Answer

DellUser3344,

Would you confirm if you get actual alerts sent, as using the test button does have issues outside of standard configurations, so was wanting to verify if alerts actually get sent when not sent by the test feature.

Let me know what you see.

Rack Servers

SMTP mail alerts with TLS

Was this post helpful?