OME 2.3 and iDRAC 9 - Dell OpenManage Essentials - Systems Management - Dell Community
Systems Management Forums

OME 2.3 and iDRAC 9

Systems Management

Systems Management
Dell Systems Management Solutions: Dell OpenManage, iDRAC, Repository Manager, Microsoft SCCM, Chassis Managment Controller, and more

OME 2.3 and iDRAC 9

  • Hi,

    we are using OME 2.3 on windows 2012 R2 Standard 

    Currenlty we have serveral iRMC 7 and 8 servers working with the OME but now we got new R640 Servers and they are not discovered via WSMAN.

    Port is open:

    PORT    STATE SERVICE
    443/tcp open  https

    wsman on iDRAC 8:

    winrm e cimv2/root/dcim/DCIM_SystemView -u:xxxx -p:xxxxx -r:https://x.x.x.x/wsman:443 -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
    DCIM_SystemView
        AssetTag =
        BIOSReleaseDate = 06/16/2016
        BIOSVersionString = 2.1.7
        BaseBoardChassisSlot = NA
        BatteryRollupStatus = 1
        BladeGeometry = 255
        BoardPartNumber =
        BoardSerialNumber =
        CMCIP = null
        CPLDVersion = 1.0.1
        CPURollupStatus = 1
        ChassisModel
        ChassisName = Main System Chassis
        ChassisServiceTag =
        ChassisSystemHeight = 1
        CurrentRollupStatus = 1
        DeviceDescription = System
        EstimatedExhaustTemperature = 40
        EstimatedSystemAirflow = 19
        ExpressServiceCode =
        FQDD = System.Embedded.1
        FanRollupStatus = 1
    ...

    wsman on iDRAC 9:

    winrm e cimv2/root/dcim/DCIM_SystemView -u:xxxx -p:xxxxx -r:https://x.x.x.x/wsman:443 -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
    WSManFault
        Message = WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

    Error number:  -2144108250 0x80338126
    WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

    The iDRAC 9 is in a different subnet, but the rest is the same.

    Any suggested support path here?


    Thanks!

  • Guy.Foetz,

    I would start with testing that the WinRM is functional locally and remotely, then we can proceed from there. If you follow this link it will give you the steps to test it locally as well as remotely. 

    Let me know what you see as a result.

    Thanks.

    Chris Hawk

    Dell | Social Outreach Services - Enterprise
    Get Support on Twitter @DellCaresPro 
    Download the Dell Quick Resource Locator app today to access PowerEdge support content on your mobile device! (iOS, Android, Windows)

  • Another thing to check would be TLS settings on the iDRAC and OME server. They should match for proper handshake. winrm is dependent on this.

    Thanks,

    Shivendra

  • It works with 20 servers and IDRAC8 with the dame TLS settings, so I would say that this is not a problem,

    But thanks for the hint

  • Local:

     winrm id
    IdentifyResponse
        ProtocolVersion = schemas.dmtf.org/.../wsman.xsd
        ProductVendor = Microsoft Corporation
        ProductVersion = OS: 6.3.9600 SP: 0.0 Stack: 3.0
        SecurityProfiles
            SecurityProfileName = hxxp://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos

    Remote IDRAC8:

    winrm id -r:https://x.x.x.x/wsman:443 -u:xxxx -p:xxx  -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
    IdentifyResponse
        ProtocolVersion = schemas.dmtf.org/.../wsman.xsd
        ProductVendor = Dell, Inc.
        ProductVersion = iDRAC : System Type = 13G Monolithic : LC Version = 2.41.40.40 : Version = 2.41.40.40
        SMASHVersion = 2.0.0
        ProductName = iDRAC
        SystemGeneration = 13G Monolithic
        FirmwareVersion = 2.41.40.40
        LifecycleControllerVersion = 2.41.40.40
        SecurityProfiles
            SecurityProfileName = HTTP_TLS_1, HTTP_TLS_2

    Remote IDRAC9:

    winrm id -r:https://x.x.x.x/wsman:443 -u:xxx -p:xxxxx  -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic
    WSManFault
        Message = WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer i
    s accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from thi
    s computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the sa
    me local subnet.

    Error number:  -2144108250 0x80338126
    WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible o
    ver the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By
     default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subne
    t.

    Regards,

    Guy

  • Sorry for the delay. Would you confirm that you have configured your settings to match those on page 345 here, as well as try the steps on page 346?

    Let me know what you see. 

    Chris Hawk

    Dell | Social Outreach Services - Enterprise
    Get Support on Twitter @DellCaresPro 
    Download the Dell Quick Resource Locator app today to access PowerEdge support content on your mobile device! (iOS, Android, Windows)

  • Here the wsman config:

    PS C:\Users\Administrator> winrm get winrm/config/client
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = true [Source="GPO"]
        Auth
            Basic = true [Source="GPO"]
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts [Source="GPO"]

    and the regitry keys are all set as showed on page 346

    Regards,

    Guy

  • I'm having exactly the same problem.

    All other iDRAC are working, IDRAC from R640 is not

    When using this command line, I get correct information back from R640
    winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxx -r:https://x.x.x.x/wsman -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic

    When using this command line, I get an error
    winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxx -r:https://x.x.x.x/wsman:443 -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic



    Error message

    WSManFault
    Message = The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not su
    pport the WS-Management protocol.

    Error number: -2144108269 0x80338113
    The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-M
    anagement protocol.

  • Hi,

    thank you for this hint, this seems to help, in addition it seems to have problems with proxy settings.

    In the Documentation winrm uses the IE setting by default, but it does not look like that, as if I disable proxy setting in IE it still does not work, but if I set

    -pac:no_proxy

    to the winrm the connection works.

    so I got it work with:

    winrm e cimv2/root/dcim/DCIM_SystemView -u:root -p:xxxx -r:https://x.x.x.x/wsman -SkipCNcheck -SkipCAcheck -encoding:utf-8 -a:basic -pac:no_proxy

    but still not works in OME, I will further check with proxy settings maybe this solves it

    Guy

  • Dears,

    I got it to work :D

    there were WINHTTP proxy settings, as they are needed by Windows update, but the bypass list was wrong, hust the old range was defined and not the new one.

    So I added the new Range and it works now.

    netsh winhttp show proxy

    Regards,

    Guy

  • :-( i'm not following :-)


    In internet Explorer no proxy is set, it's even grayed out because of GPO
    (we are not allowed to change server proxy settings)

    This is my output , so not using any proxy

    C:\WINDOWS\system32>netsh winhttp show proxy

    Current WinHTTP proxy settings:
    Direct access (no proxy server).

  • I still have the problem you mentioned with winrm and the 443 port, but in OME it works now.

    Did you set all the registry keys for TLS?

  • and check with wireshark if you get a connection, this helped me to find the problem

  • For me this was the solution

    https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

     Reg Path:         HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\

    Type:   DWORD
    Name: DefaultSecureProtocols
    Value Hex:       00000A00


    Reg Path:            HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\

    Type:   DWORD
    Name: DefaultSecureProtocols
    Value Hex:       00000A00