Hi OME users,
It has been observed that after upgrading to the latest firmware version (iDRAC >= 220.127.116.11, M1000e CMC >= 5.2, FX2 CMC >= 1.4, VRTX CMC >= 2.2), the iDRAC or CMC displays an “unknown” status.
The latest firmware version supports TLS 1.1 as the default communication protocol. If the browser or operating system where OpenManage Essentials is installed, does not support TLS 1.1 protocol, then the device displays an “unknown” status.
To resolve this issue, see “Step 2: Verifying Dell Management Consoles” in the following KB article: http://www.dell.com/Support/Article/us/en/19/SLN302365
Note: Ensure the required registry updates are done either manually or using the “Easy Fix” described in the Microsoft support article - "Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows"
I'm still having this issue after trying your fix above with IDRACs showing unknown and also the servers with 18.104.22.168 not updating the inventory properly. All of them are showing non-compliant though their IDRACs are up to date. My OME server is a Windows server 2012 R2 version 22.214.171.1246. Any help would be appreciated.
Same issue here, I've followed the original steps with no success.. All applicable iDRACs are updated but OME still shows them as non-compliant. OME version 126.96.36.1996. Any direction on how to fix this?
Windows Server 2012 R2 has by default TLS 1.1/1.2 enabled and you shall not be hitting the issue with OME installed on Windows Server 2012R2.
Can you run the latest Troubleshooting tool shipped with OME 2.2 and perform ws-man test?
That will give you some direction.
This is what I get running the WS-Man test:
Using TLS 1.0 for SSL/TLS handshake.Error: A complete request could not be sent to the remote server.Using TLS 1.1 for SSL/TLS handshake.UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.TLS 1.1 Handshake successful.The WS-Man target has TLS 1.1 enabled. If OME is unable to discover this device, install the required updates on the system where OME is installed. For more details, see “Enabling support for TLS 1.1 or 1.2” at delltechcenter.com/ome.Identify Failed. Could not connect
Let me know if I can give you any additional information on this.
I am seeing similar issues with new servers running 188.8.131.52 for DRAC firmware:
Protocols Selected are: WSMAN
Using TLS 1.0 for SSL/TLS handshake.Error: A complete request could not be sent to the remote server.Using TLS 1.1 for SSL/TLS handshake.TLS 1.1 Handshake successful.
The WS-Man target has TLS 1.1 enabled. If OME is unable to discover this device, install the required updates on the system where OME is installed. For more details, see “Enabling support for TLS 1.1 or 1.2” at delltechcenter.com/ome.
Connected. WSMAN profiles found on the remote device are: 1. Profile Registration2. Base Metrics3. Base Server and Physical Asset4. BIOS and Boot Management5. CPU6. Event Filter7. Fan8. Fiber Channel9. iDRAC Card10. Job Control11. LC Management12. License Management13. Memory14. OS Deployment15. PCI Device16. Persistent Storage17. Power State Management18. Power Supply19. Record Log20. Role Based Authorization21. Sensors22. Service Processor23. Simple Identity Management24. Simple NIC25. Simple RAID26. Software Inventory27. Software Update28. System Info29. Video30. SystemQuickSync31. USBDevice32. Physical Computer System View33. Command Line Protocol Service34. SM CLP Admin Domain35. SMASH Collections
Thanks Cameron for the details.
As a next step, can you try running the below winrm commands replacing IP/credentials as required and see if it returns valid output.
winrm e cimv2/root/dcim/DCIM_SystemView -u:user -p:password -r:https://a.b.c.d/wsman:443 -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
If it gives valid output, then OME should not have any problem discovering the respective iDRAC.
If it does not, then I would suggest to refer "How the DefaultSecureProtocols registry entry works" in https://support.microsoft.com/en-us/kb/3140245 and ensure required registries are enabled.
I had previously installed the windows update from that link but I did not run the "easy fix" . After running that and rebooting OME server I am now able to fully see my dracs with 184.108.40.206 in OME.
Thanks for your help!
Glad that your problem got solved.
Thanks for taking time and updating this thread.
Hi we have some similar issues with ESXi hosts and updating to latest firmware.
We have discovered ESXi hosts by WSMAN and iDRAC and the Servers all reported under RAC and ESXi groups in OME all ok.
So we set about updating the firmware using OME - packages all downloaded ok and started to update.
However the task does not complete successfully - runs firmware updates but never reports back and times out. We have checked and in fact the firmware did update on the hosts we chose - iDRAC, BIOS, LifeCycle, OS Driver and UEFI Diags - so the iDRAC shows versions are updated.
However the inventory despite being updated shows previous versions of the firmware in OME. Also RAC in OME reports as off and we can no longer access the iDRAC via IE - 'this page cannot be displayed' yet before the updates we could access via IE. Now have to use Firefox and add exception to access the iDRAC.
We experienced the same issue when updating another host using OME - so it seems the update of the iDRAC means it can no longer communicate back to OME.
Servers R720 and R730 ESXi, OME on Server 2012