Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000193619

iDRAC9 韌體版本 5.10.00.00 上的 HTTP 和 HTTPS FQDN 連線失敗

Summary: Dell iDRAC9 韌體版本 5.10.00.00 會在 FQDN 發生時,封鎖透過完整網域名稱 (FQDN) 進行 HTTP 和 HTTPS 存取。並未定義為 iDRAC Remote Access Controller (RAC) 名稱。

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

Dell Integrated Dell Remote Access Controller 9 (iDRAC9) 韌體版本 5.10.00.00 推出了 HTTP 和 HTTPS 連線變更。在指定完整網域名稱 (FQDN) 位址時,這些變更可能會影響使用者連線。由於這些變更,iDRAC9 使用者可能會遇到連線錯誤、重新導向或「400 - Bad Request」錯誤。當指定的 FQDN 與 iDRAC 的「DNSRacName」或「DNSDomainName」值不符時,就會發生這些連線狀況。

瀏覽器錯誤範例:

Mozilla HTTPS 標頭錯誤
圖 1:Mozilla HTTPS 標頭錯誤 Curl 錯誤範例:

	root@rhel7-vm:~$ curl -k https://iR640-A.dell.com/
	<!DOCTYPE html>
	<head>
	    <title>Bad Request</title>
	    <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon">
	</head>
	<body>
	    <h2>Access Error: 400 -- Bad Request</h2>
	    <pre></pre>
	</body>
	</html>

Cause

iDRAC9 韌體版本 5.10.00.00 中的 Web 伺服器預設會強制執行 HTTP 和 HTTPS 主機標頭檢查。

Resolution

注意:若要查看在使用者介面中正確設定 DNS、iDRAC 名稱和靜態 DNS 網域名稱所用程序的影像,請參閱:如何設定 Integrated Dell Remote Access Controller 9 (iDRAC9) 與 Lifecycle Controller 網路設定?

根據預設,iDRAC9 會檢查 HTTP 和 HTTPS 的主機標頭,並比較定義的「DNSRacName」和「DNSDomainName」。當值不相符時,iDRAC 會拒絕 HTTP 和 HTTPS 連線。在 iDRAC9 5.10.00.00 中,可透過以下 RACADM 命令停用此強制主機標頭檢查。

 

#Disable host header check

racadm set idrac.webserver.HostHeaderCheck 0
注意:只有在 DNS 環境中存在手動主機記錄時,才將 HostHeaderCheck 的值設定為「0」。


啟用 HTTP 和 HTTPS 主機標頭檢查時 (更安全),可使用 IPv4/IPv6 位址、RAC 名稱和定義的 iDRAC FQDN (DNSRacName.DNSDomainName) 來存取 iDRAC。如果最終使用者使用 iDRAC 可能不知道的主機名稱存取 (例如在 DNS 記錄中新增的手動 DNS 項目),iDRAC9 5.10.00.00 韌體版本導入了一個新屬性「ManualDNSEntry」。此新設定最多可更新四個 IP 位址和主機名稱/FQDN,以提供允許的主機標頭清單。當 HTTP 和 HTTPS 主機標頭具備「ManualDNSEntry」設定中的其中一個項目時,便可確保不會丟失傳入要求。

# Add manual entry to allow list

racadm set idrac.webserver.ManualDNSEntry 192.168.20.30

racadm set idrac.webserver.ManualDNSentry 192.168.20.30,idrac.mydomain.com


在以下情況下,需要其餘的設定:

  • 終端使用者使用手動 DNS 組態存取 iDRAC (手動 DNS 主機記錄)
  • 使用主體別名/ Wild card 憑證存取 iDRAC
  • 使用主機 IP 位址直接存取 iDRAC (使用 ISM)
注意:若要解決 ISM 連線問題,停用主機標頭檢查功能是唯一的緩解措施。手動 DNS 項目無法解析 ISM 連線。

Article Properties

Affected Product
iDRAC9 - 5.xx Series, PowerEdge XR2, Poweredge C4140, PowerEdge C6420, PowerEdge C6520, PowerEdge C6525, PowerEdge C6615, PowerEdge C6620, PowerEdge FC640, PowerEdge HS5610, PowerEdge HS5620, PowerEdge M640, PowerEdge M640 (for PE VRTX) , PowerEdge MX740C, PowerEdge MX750c, PowerEdge MX760c, PowerEdge MX840C, PowerEdge R240, PowerEdge R250, PowerEdge R340, PowerEdge R350, PowerEdge R440, PowerEdge R450, PowerEdge R540, PowerEdge R550, PowerEdge R640, PowerEdge R6415, PowerEdge R650, PowerEdge R650xs, PowerEdge R6515, PowerEdge R6525, PowerEdge R660, PowerEdge R660xs, PowerEdge R6615, PowerEdge R6625, PowerEdge R740, PowerEdge R740XD, PowerEdge R740XD2, PowerEdge R7415, PowerEdge R7425, PowerEdge R750, PowerEdge R750XA, PowerEdge R750xs, PowerEdge R7515, PowerEdge R7525, PowerEdge R760, PowerEdge R760XA, PowerEdge R760xd2, PowerEdge R760xs, PowerEdge R7615, PowerEdge R7625, PowerEdge R840, PowerEdge R860, PowerEdge R940, PowerEdge R940xa, PowerEdge R960, PowerEdge T140, PowerEdge T150, PowerEdge T340, PowerEdge T350, PowerEdge T440, PowerEdge T550, PowerEdge T560, PowerEdge T640, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440, PowerEdge XE8545, PowerEdge XE8640, PowerEdge XE9680, PowerEdge XR11, PowerEdge XR12, PowerEdge XR4510c, PowerEdge XR4520c, PowerEdge XR5610, PowerEdge XR7620, PowerEdge XR8610t, PowerEdge XR8620t ...
Last Published Date

06 Jun 2024

Version

8

Article Type

Solution

Back to Top