Dell EMC OpenManage Essentials Version 2.5 User's Guide

Question: Why are SUSE Linux Enterprise and Red Hat Enterprise Linux based-servers not displayed in the Server category after I have discovered it using SSH protocol?

Question: What troubleshooting can I do if a discovery task fails to create or run?

Answer: Ensure that the DSM Essentials Task Manager service is running in Windows services.

Question: Why are my ESX virtual machines not correlated with their ESX host server?

Answer: You must discover the ESXi host server using SNMP and WSMan or the guest virtual machine will not correlate correctly when discovered using SNMP.

Question: Why are devices discovered with WMI getting classified as Unknown?

Answer: WMI discovery classifies a device as unknown when the credential for a user account in the Administrators group (not Administrator) is supplied for the discovery range in some cases.

If you are seeing this issue, read the KB article at support.microsoft.com/?scid=kb;en-us;951016 and apply the registry work as described. This resolution applies to managed nodes with Windows Server 2008 R2.

Question: Why are Dell devices discovered using WS-Man with root CA certificate getting classified as Unknown?

Answer: There may be a problem with the root certificate you are using to discover the WS-Man target(s). For instructions to discover and inventory WS-Man target(s) using a root CA certificate, see Discovering and Inventorying Dell Devices Using WS-Man Protocol With a Root Certificate .

Question: What are SNMP authentication traps?

Answer: An authentication trap is sent when an SNMP agent is hit with an enquiry that contains a community name it does not recognize. The community names are case-sensitive.

The traps are useful to find if someone is probing a system, although its better nowadays to just sniff packets and find out the community name.

If you use multiple community names on the network, and some management might overlap, users may want to turn these off as they become false positives (annoyances).

For more information, see technet.microsoft.com/en-us/library/cc959663.aspx.

When an SNMP agent receives a request that does not contain a valid community name or the host that is sending the message is not on the list of acceptable hosts, the agent can send an authentication trap message to one or more trap destinations (management systems). The trap message indicates that the SNMP request failed authentication. This is a default setting.

Question: Why does OpenManage Essentials not support entering host names with underscore in the discovery wizard?

Answer: Per RFC 952, underscores are not valid in DNS names. A name (net, host, gateway, or domain name) is a text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus sign (-), and period (.). Periods are only allowed when they serve to delimit components of domain style names.

For more information see, ietf.org/rfc/rfc952.txt and zytrax.com/books/dns/apa/names.html .

Question: What is On-demand?

Answer: On-demand is an operation where a managed system is checked for status/health by OpenManage Essentials when an SNMP trap is received. There are no settings to be changed to enable the on-demand feature. However, the IP address of the management system must be available in the trap destination of SNMP service. An SNMP trap is received from the managed system when there is an issue or failure of a server component. These traps can be viewed under the alert logs.

Question: I have discovered the server with the SNMP protocol, but the RAC name of the iDRAC is not displayed in the device tree, portals, and wizards.

Answer: RAC name is displayed only if you have discovered the iDRAC with the WS-Man protocol. Otherwise, the system name is displayed instead of the RAC name.

Question: Why do devices that are already discovered disappear from the device tree during discovery?

Answer: This issue occurs when there are duplicate MAC addresses, which are typically observed with virtual devices that may have MAC addresses that contain only 16 zeroes.

To resolve this issue:

1. Ensure that you are logged in to the operating system with administrative privileges.
   • NOTE: Ensure that you create a backup copy of the dconfig.ini file before you make any changes.
2. Open the dconfig.ini file available at SysMgt\Essentials\configuration.
3. Edit the PRIVATE_MAC_EXCLUDE_LIST line as follows: PRIVATE_MAC_EXCLUDE_LIST=127.0.0.1,0.0.0.0,005345000000,33506F453030,505054503030,0000FFFFFFFF,204153594EFF,000000000000,00000000000000e0,020054554e01,204153594eff,0000000000000000
4. Save the dconfig.ini file, and restart the OpenManage Essentials services.

Question: I discovered a PowerEdge FN IO Aggregator (IOA) with SNMP protocol. Why is the Service Tag of the FN IOA displayed as N/A in the device inventory?

Answer: FN IOAs that were manufactured prior to February 1, 2016 do not have a Service Tag. Therefore, the Service Tag is displayed as N/A.

Question: When trying to discover the Dell devices using WS-Man protocol, an error message is displayed, stating a failure to connect with basic authentication. What do I do?

Answer: This issue is because, the authentication type Basic was not enabled on the OpenManage Essentials system. To enable the Basic authentication type on OpenManage Essentials system, see the Authentication for Remote Connections knowledge base article at Microsoft.com.

Below is the expected configuration for winrm to work:

>winrm get winrm/config/client

Client

NetworkDelayms = 5000

URLPrefix = wsman

AllowUnencrypted = false

Auth

Basic = true

Digest = true

Kerberos = true

Negotiate = true

Certificate = true

CredSSP = false

DefaultPorts

HTTP = 5985

HTTPS = 5986

TrustedHosts

Question: I have discovered a PowerEdge R830 server by using in-band method. OMSA version 8.3 is also installed on the server. Why am I unable to view the software inventory information of the iDRAC and network cards such as Mellanox, QLogic, and Intel?

Answer: To get the software inventory information of the network cards, you must either discover the PowerEdge R830 server by using out-of-band method or run the Firmware and Driver Inventory task for the server.

Question: Why is OpenManage Essentials unable to run discovery, inventory or status polling tasks for iDRACs or CMCs with the WS-Man protocol?

Answer:

1. Open the Troubleshooting Tool, and run the WS-Man test for the target devices.

2. If the test results specify that TLS 1.1 or 1.2 is enabled on the device, perform the following steps on the system where OpenManage Essentials is installed:

   1. Install the update available in KB3140245 at Microsoft.com to enable TLS protocols in winrm.
   2. Set the default protocol as TLS 1.2 with a DWORD registry entry DefaultSecureProtocols in:

      • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

      • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

      • Set the value to 0x00000A00 for enabling TLS 1.0, 1.1 and 1.2.

   3. Restart the system, and then retry the tasks in OpenManage Essentials.

Question: Why do the create template or apply template tasks fail for CMC?

Answer:

1. Open the Troubleshooting Tool, and run the WS-Man test for the target devices.

2. If the test results specify that TLS 1.1 or 1.2 is enabled on the device, perform the following steps on the system where OpenManage Essentials is installed:

   1. To enable TLS in the web browser:
      1. Click Start > Run , type inetcpl.cpl and press Enter.

      2. Click the Advanced tab.

      3. In the Security section, select Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.

   2. To enable TLS for all user accounts:

      1. Create a DWORD registry entry SecureProtocols in [HKLM]\Software\Microsoft\Windows\CurrentVersion\Internet Settings .

      2. Set the value to 0xA80 to enable support for TLS 1.0, TLS 1.1, and TLS 1.2.

   3. Restart the system, and then retry the tasks in OpenManage Essentials.

Question: Why does the RACADM Command Line task fail on iDRACs or CMCs?

Answer:

1. Open the Troubleshooting Tool, and run the WS-Man test for the target devices.

2. If the test results specify that TLS 1.1 or 1.2 is enabled on the device, perform the following steps on the system where OpenManage Essentials is installed:

   1. To enable TLS in the web browser:
      1. Click Start > Run , type inetcpl.cpl and press Enter.

      2. Click the Advanced tab.

      3. In the Security section, select Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.

   2. To enable TLS for all user accounts:

      1. Create a DWORD registry entry SecureProtocols in [HKLM]\Software\Microsoft\Windows\CurrentVersion\Internet Settings .

      2. Set the value to 0xA80 to enable support for TLS 1.0, TLS 1.1, and TLS 1.2.

   3. Restart the system, and then retry the tasks in OpenManage Essentials.

Question: After discovering two Fibre Channel switches that have the same device name and the Service Tag as none, only one switch is displayed in the device tree. What should I do to ensure that both devices are displayed in the device tree?

Answer: Assign a unique name to both the switches and discover them again.