1 Rookie
•
2 Posts
5
27632
May 12th, 2021 16:00
iDRAC8 2.80.80.80 inaccessible using FQDN
I just upgraded iDRAC8 in four PE M630p blades of our VRTX to 2.80.80.80 and can't connect to their Web UI anymore using FQDNs I have registered for them in our DNS - browsers and curl report that server returned empty reply, though TLS handshake completes. But I can access them via the CMC by clicking on "Launch iDRAC GUI" button, which redirects to iDRAC's IP address rather than FQDN. Surprisingly, if I access GUI using https://ip.ad.dr.es they work, but not if I use the FQDN, which resolves to this same IP address.
Release notes for 2.80.80.80 state that one of the fixes is, quote, "Fixed an issue launching iDRAC Web UI from FQDN.". I'd say it broke this functionality instead since I was able to access iDRAC Web UI using either IP or FQDN before this release without any issues. Is there any way to get this fixed any time soon?
Thanks in advance for looking into this.
DELL-Shine K
4 Operator
•
3K Posts
1
July 20th, 2021 02:00
@Philip-R , Are you using FQDN which is same as iDRAC DNS name and domain name configured on iDRAC.
This release have Host header security issue fix (Link) and launching iDRAC with hostname and FQDN will work by default if hostname/FQDN used is matching with DNS Name and Domain configured on iDRAC. If you are using a different name to launch iDRAC than one configured in iDRAC then you can add the hostname/FQDN used for launching as an exception by using below racadm command to make it work
To add hostname/FQDN as an exception
racadm set idrac.webserver.ManualDNSEntry test.domain.com
You can also disable host header check on iDRAC by running below command. This command will disable security fix of host header check (Link)
racadm set idrac.webserver.HostHeaderCheck Disabled
Philip-R
1 Rookie
•
17 Posts
0
May 14th, 2021 12:00
After upgrading to 2.80.80.80, the web UI appears completely unavailable.
The last release, 2.75.100.75 retroactively added a "Fixed CVE-2021-21510" item to the release notes, which concerned the redirections from http://hostname/ to another URL.
DELL-Charles R
Moderator
•
4.4K Posts
0
May 14th, 2021 13:00
Hello,
I’m sorry to see DRAC is inaccessible using FQDN after the firmware update.
Try reset the DRAC from the GUI or command line: racadm racreset
Then retry.
Please let me know how it goes.
Philip-R
1 Rookie
•
17 Posts
0
May 15th, 2021 01:00
No joy, even with "racadm racreset hard", even on multiple servers.
DELL-Young E
Moderator
•
5.1K Posts
0
May 16th, 2021 19:00
Hi thanks for choosing Dell. Does the host name has an “_” or not? With and without, you could try test access to idrac FQDN. Wish you a good one!
franklinR530
3 Posts
0
May 17th, 2021 02:00
I can confirm this issue.
After updating to 2.80.80.80 access to the web ui via browser fails.
Max Mustermann
2 Posts
0
May 17th, 2021 03:00
I must also do an roll-back to get the iDrac working again.
/opt/dell/srvadmin/bin/idracadm7 -r -i rollback iDRAC.Embedded.1-1
Philip-R
1 Rookie
•
17 Posts
0
May 17th, 2021 03:00
No, there are not any underscore characters in the hostname (FDQN or otherwise).
DELL-Charles R
Moderator
•
4.4K Posts
0
May 17th, 2021 10:00
Hello all,
Could you post an image of the error you get when FQDN is inaccessible please?
I'll have to escalate this up to the Systems Management Team.
Jack IB
1 Message
0
May 17th, 2021 23:00
I'm having the exact same problem, it just says this when trying to curl the fqdn.
curl: (52) Empty reply from server
If going to the ip address, it loads.
DELL-Erman O
Moderator
•
2.8K Posts
0
May 18th, 2021 00:00
Hi, I did some research on the threadt and I came across this part mentioned on page 13.
https://dl.dell.com/topicspdf/idrac8-lifecycle-controller-v2808080_release-notes_en-us.pdf
Description: After performing the racresetcfg all command and registering FQDN name or changing the DNS name of iDRAC while it is up and running, iDRAC may become inaccessible through configured FQDN name.
Workaround: Access iDRAC through IP or reboot the iDRAC and then access using the updated FQDN name.
Philip-R
1 Rookie
•
17 Posts
0
May 18th, 2021 01:00
This is the response from Chrome 90 when trying to access the iDRAC Web UI by hostname, similar to other users reports from both browser and curl.
The problem, as with 2.75.100.75, occurs with the HTTP redirection from the initial query. Access via IP address "works", although with certificate verification failure.
Rebooting the device doesn't help.
DELL-Shine K
4 Operator
•
3K Posts
0
May 18th, 2021 01:00
Is iDRAC registered to DNS and are you using same FQDN which is registered on DNS by iDRAC? Can you share your server model?
franklinR530
3 Posts
0
May 18th, 2021 01:00
I tried to reset iDRAC several times without success.
Access from IP is possible, but FQDN fails with ERR_EMPTY_RESPONSE
franklinR530
3 Posts
0
May 18th, 2021 02:00
My server model is R530.
FQDN access has been OK with previous versions of iDRAC (<= 2.75.100.75), but fails since update to 2.80.80.80.