Firmware Updates with Dell OpenManage Essentials (OME)

By admin, April 9, 2012 7:42 pm

The device discovery part turns out to be much easier than expected, probably due to the firmware on all my hardware has been updated recently and snmp has been setup correctly as well.

After you set the IP range and snmp community strings under Discovery and Inventory, OME quickly collects all the Poweredge Servers, Equallogic Arrays, PowerConnect Switches, PowerVault  Arrays as well as finding the corresponding iDrac and OpenManage address automatically.

In fact Dell OpenManage Essentials (OME) is simply a central portal that collects every device in your network, you can view and manage them from one window and best you can receive server fault alert via email, it serves the same purpose as the previous long live Dell IT Assistant but MUCH BETTER!

One of the Best Feature IMOO is System Update (BIOS/Firmware) under Manage for your ESX servers, it automatically pulls the latest firmware catalog from Dell’s FTP and compares with your server firmware level and list out all the latest one for you to choose from, it even pull the hard disk firmware to be precise!

I haven’t test and perform the update yet, but I guess it’s the same theory that System Update will ultilize iDrac and USC to patch your system’s BIOS and various firmware, but I guess it won’t automatically put your ESX to maintenance mode first, for that I think you need to manually do it yourself.

So there is no need to use Repository Manager any more, saving lots of time to build your own catalog and no need to use Dell Management Plugin for VMware vCenter (DMPVV) – that’s why I’ve been emphasizing Dell should make it free of charge.

Some other interesting features including OME can automatically pull the Warranty Information based on Service Tag it gathered from Dell and report very detail hardware information regarding the servers in its inventory.

Finally some words about License Manager that includes with OME, I found it will collect all your iDrac 7 license information and manage from one console. Howerver, it works for 12the generation Poweredge Server and iDrac 7 only which I don’t have any currently, so I’ve uninstalled it.

Btw, since when does Dell start to copy HP and charge remote console KVM license just like iLo? :)

Anyway, I do think Dell OpenManage Essentials (OME) will replace ITA shortly (in my case, I think I will get rid of ITA tomorrow) and it’s a solid management tool for every Dell server administrator.

ome

Update April 14, 2012

I’ve completely re-configured everything on OEM, it’s much easier and most importantly, it discover the inventory and SNMP traps much faster than IT Assistant, so my ITA can finally retire. Thank you very much Dell for making a great product for free!

Update April 18, 2012

How to Configure SNMP Trap Destinations on Linux Server

For OpenManage Essentials to display alerts for a device, you must configure the device to send traps to the OpenManage Essentials server.

To configure a trap destination:

1. Open the file for editing:
/etc/snmp/snmpd.conf

2. Add the following line to the file:
Trapsink <OME IP Address> <community name>

where IP_address is the IP address of the management station and community_name is the SNMP community name

3. To enable the changes, restart the SNMP agent:
/etc/init.d/snmpd restart

Note – this step is only needed once after all configuration changes are completed.

Update June 23, 2021

After almost 10 years, the latest OME Catalog.cab update cannot be applied due to format has been changed for OME version 1.01 as it always falsely shows the latest signature is 03/06/2012.

Originally I thought the only way to update it is manually download the latest update signature from https://downloads.dell.com/catalog/catalog.cab, then use Select a Catalog Source > Use repository manager file, browse to the saved catalog.cab.

But it turned out the catalog format has been changed since, so only solution is to get the latest version 2.5 (1GB size).

In fact OME (OpenManage Essentials) 2.5 is going to be the last version, and moving to OpenManage Enterprise for DellEMC devices.

HIT/VE, ASM/VE and VMware Thin Provision Stun (Equallogic FW v5.2.2) on ESX 4.1

By admin, April 9, 2012 1:11 pm

In case you don’t know, VMware Thin Provision Stun is actually the 4th VAAI feature but it was hidden during its release time in the end of 2010. In case you also don’t know (this is not directly related though), I just learn that VMware’s HA technology is actually from Legato which EMC (VMware’s parent company) acquired back end.

Since then storage vendors start to integrate this great feature with their firmware upgrade following in 2011.

Equallogic incorporated this VMware Thin Provision Stun starting in firmware v5.1, but somehow I found it was hidden even as early as in v5.0.2, it worked out of box even with ESX 4.1.

I didn’t notice much difference in the volume properties under Group Manager after I upgraded PS6000XV to firmware v5.2.2. It was rather at a later time when I added a new volume using the HIT/VE (required FW v5.1 and above as well as MEM v1.1.0), I discovered there was an extra option (Enable VMware Thin Provision Stun) to create the volume with VMware Thin Provision Stun.

03

Double checking: Log to EQL Group Manager, then volume property has a new line now

TP warning mode: Leave online, generate initiator write error

01

You can also verify this by creating a testing volume again using EQL Group Manager, Thin provisioning modes options are selectable now in the new Equallogic firmware.

02

Oh…many may ask what does this thin provision stun do exactly? Well, basically when your Equallogic thin volume runs out of space (ie, maximum in-used space reaches 100%), instead of putting the whole volume offline and letting all VMs crashed on that volume, it will now ONLY suspend those VMs requiring more space continuously. On the other hand, for those VMs on the same volume don’t require more space for the time being, they can keep on working without any problem.

Region Capture

Back to the HIT/VE installation, the whole setup process is pretty simple, only catch is you need to create a new port group on iSCSI vSwtich in order for HIT/VE to access the Equallogic array. This may consider not secure by many system administrators.

One thing I really liked besides VMware Thin Provision Stun feature is ASM/VE. It OFFLOADS the backup process from ESX or vCenter Windows Server to Equallogic array itself, think of it as some kind of VAAI offload for backup. Veeam’s approach is to offload the backup to it’s backup proxy, but Equallogic internal backup (snapshots) is still way faster, well if you have the luxury space to spare that is of course.

The result (smart copy = snapshot) still stored on your Equallogic box, to many this is not wise, as to store the cold backup data in the expensive SAN doesn’t make sense (you can’t store it outside the volume which is being backed up, so if your volume is RAID10 or SSD, you have to store the snapshots in that volume as well, is it true any more? May be I’m wrong).

There is no way to store the snapshot off host as well. (may be there is, I saw one white paper showing how to use Symantec Backup Exec to offload the snapshots from EQL box with ASM/VE)

Oh, there is another great feature of ASM/VE: Smart Clone! It does have its real unique value! It’s extremely useful for application testing or testing a major patch to your VM.

Finally I really like HIT/VE GUI which is very simple and intuitive! To config an Equallogic new volume via HIT/VE is a piece of cake now, it will create everything for you automatically, no more manually configure iSCSI initiator access, VMFS rescan and attach volumes to ESX hosts, etc. A newly created VMFS will be ready within 5 clicks, that’s the beauty of Equallogic and guess what? It’s free of charge as usual!

Running Mac OS X Lion 10.7.3 on VMware Workstation v8.0.2

By admin, April 9, 2012 1:50 am

The installation is pretty easy once you found the correct link, also here. In fact, there is no installation involved as the VMFS has already been fully configured. All you do need to search for VMware Tools for Mac OS X, put it to USB stick and install from within the VM.

I gave the maximum configuration for Mac OS X: 2 vCPUs with 2 cores each, so total 4 vCPUs and 8GB ram, it runs so smooth almost like native, and lightning fast on SSD, it only took 5 seconds to boot into the following screen. The good thing is I can run it in full screen, watch HD movies, play games, download apps. I noticed CPU loading on my Optiplex 990 SFF i5-550 is almost 90% across all 4 cores when full loading the VM.

I haven’t touch Apple’s OS for almost 12 years, it’s exciting to see the familiar face again in a virtual world.

I really start to love VMware Workstation as the unlimited possibilities it can do, next targets will be nested hypervisors, esx5 cluster, view 5 and plugin my iPhone to this Mac VM and use iCloud to sync stuffs, Cool!

macosx

Thoughts about Dell Management Plug-In for VMware vCenter (DMPVV)

By admin, April 9, 2012 12:12 am

Honestly, I have repetitively deployed DMPVV mutiple times in order to get it right.

Region-Capture

1. You really need to make sure you have read Dell OpenManage Software Compatibility Matrix before installing any OM software because you need to upgrade the firmware for BIOS/iDrac/Lifecycle to their respective minimum requirement as stated in the guide.

2. DMPVC DOES NOT NEED to use a DHCP server

I even created a W2K8 R2 DHCP server, but found there is a place in menu for me to configurate the fix IP for the appliance.

3. DMPVC cannot start in vCenter saying some wired permission problem, things like Access Denied!

The problem is because I registered the vCenter using IP in DMPVV, but used host name when I login with vSphere client, after I changed hostname to IP, everything worked. Probably it’s my DNS not working properly, anyway, IP is fine for my case.

4. Connection Profile doesn’t work, then I found out you have to turn on Remote Enablement during the installation of OMSA on ESX.

The reason you see that error message about “OMSA is not installed” could be due to that when you installed the OMSA, you didn’t install it with -c option which installs the “Remote Enablement” component of OMSA. And our appliance talks to OMSA thought its remote enablement layer. Without successfully connect to OMSA, the iDrac connection will fail too as we correlate the correct iDrac IP with the server by getting the iDrac IP from OMSA first. Please reinstall the OMSA with –c option and that should solve your issue. Once you pass the connection test from the connection profile, please make sure to run inventory from the Job Queue by clicking the “Run Now”.

That indeed was the fix, and the -c is listed in the user guide for the command line, however there is no explanation in the user guide why it needs to be there, so I did not re-run the OMSA 6.4 installer. Perhaps the OMSA team could add the -c switch to the -x (for express) switch for OMSA, so that it is automatically included? Also according to the OMSA 6.4 install manual, if you run the -x switch it runs the express setup with all options included and ignores any other switches, apparently this is not true.

For OMSA 7.0

Run the following command to perform an express install with Remote Enablement parameters:
sh linux/supportscripts/srvadmin-install.sh -c -x

-c is for Remote Enablement
-x is for Express

Then start the applicable services by running the following command:
sh linux/supportscripts/srvadmin-services.sh start

5. License Disappeared

Sometimes after a reboot or DMPVV reset to factory default, license disappear, I have to re-deploy the whole thing again, well, the last successful re-install only took me 5 minutes as I have done it over 6 times. :)

6. CANNOT contact iDrac (SOLVED, but UNSOLVED for the time being)

My iDRAC subnet is on a separate switch, so COS Service Console obviously won’t work, this was by design as I want to physically separate all network segments, and it’s not routable. I knew in order for default DMPVC to work is to put COS and DRAC network on the same network segment which is NOT SECURE as far as I concern. Why doesn’t DMPVV give us an option to specify the subnet for iDrac and add another network adapter for this purpose?

During the research, I also found out by using Alt+F2, login as readonly with default admin password, then you can perform some network trouble shooting such as ping and tracepath.

Anyway, I still can’t figure out a way to route the traffic from DMPVC to iDrac via vCenter server without using a L3 router or firewall device. Is it possible to use route add on vCenter Windows server to redirect the DMPVV traffic to iDrac? If you know, please let me know.

So I was not able to test the firmware upgrade feature, but I am 100% sure it’s utilizing iDrac’s USC firmware updating feature to fetch firmware from ftp.dell.com and then perform the upgrade on the background, it’s the same as if you reboot the server and press F10 USC.

7. Service Temporarily Unavailable

DMPVC web server always crashes, probably due to I gave it 1GB (reduced from 3GB), after I changed to 2GB, it stopped crashing, but still loading the host page is extremely slow, around 2 minutes. Oh, DMPVV is a resource eater,taking up 2GB of ram fully and 100% CPU cycle when it’s connecting to the host.

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Apache/2.2.3 (CentOS) Server at xxx.xxx.xxx.xxx Port 443

8. Proxy to get firmware

This is the same issue as the above pt 6, see it’s going to bite back anyway, there is no direct connecting to Internet from within DMPVV, so you have to use a proxy server to download firmware, a better way would be adding a 3rd network adapter and connecting to your External port, hope this can be changed in the next release.

Finally, some good readings (total 3 parts) can be found on Virtual Life Style web site.

One of the coolest features I want to highlight is the PXE-less provisioning of the hypervisor to a physical server. This uses a combination of the Lifecycle Controller and iDRAC to deploy an installation ISO to the server. And since it is really tightly integrated with the VMware stack, the host is added to vCenter and configured using Host Profiles automatically, resulting in a true zero-touch deployment of a server. How cool!

In fact, there is a How to video regarding “Auto Discovery & Hypervisor Deployment – Dell Management Plug-In for VMware vCenter ”

One last word to add, I do think Dell Management Plug-In for VMware vCenter (DMPVV) is simply a proxy between ESX host and vCenter, still it should be made free as all the features of DMPVV can be achieved using different Dell server management products together. DMPVV is just a fancy toy that made all of them into a single product instead.

FYI, 12th generation servers such as R720/R620 doesn’t have to use OMSA as it it’s completely agent-less and no longer depends on OMSA agents within ESX hosts in order for DMPVV to work.

Poweredge R710 Firmware Update Causes PCI Interrupt Conflict, H700 Raid Disappeared!

By admin, April 8, 2012 11:33 pm

Dell Management Plugin for vCenter (DMPVC) v1.5 has been released on April 5th with 1 Free Host, so I couldn’t wait to test this management software. I’ve read through the prerequisites and found out many components such as BIOS, iDrac, Raid Controller, LifeCycle Controller, etc are required to be updated to the latest version before DMPVC can properly work.

So the next obvious thing is to go ahead and update my Poweredge R710 server. Of course there are many ways to update the Poweredge firmware running ESX, Repository Manager is one of them, probably the best one, but today I found out the connection to ftp.dell.com is extremely fast (about 30-50M/s), so I took the short cut and use F10 USC (Unified Server Configurator) to perform the update via ftp.

After I pulled the firmware catalog (again, it’s 2 months outdated, but new enough for DMPVC) and selected everything (BIOS, iDrac, H700, Broadcom, LC) but iDrac (v1.8) as I want to do that at last while I am using iDrac Remote Console to perform the updates.

The whole thing took about 1 hour to complete the 12 steps. I noticed something funny when the last reboot started, R710 complained Plug and Play Configuration Error and H700 Raid Menu has completely gone! I booted into BIOS and found H700 was no longer listed in the available storage devices, what?

OK, was it something to do with old iDrac version again? I then use USC to update iDrac to v1.8 and I lost the console when the iDrac restarted. After iDrac came back, I couldn’t login to iDrac web GUI, Damn! I called up data center and asked the staff to change the iDrac password (Ctrl + E), guess what? I still couldn’t login!

Babe! This leave me no choice but physically travel to data center, after 30 minutes, I was sitting in front of the LCD besides my rack and scratching my head, couldn’t figure out a bit why my H700 disappeared and I couldn’t login to iDrac.

Called local Pro-Support (HK) and as usual (this really let me think NO TO PURCHASE ANY MORE PRO-SUPPORT LEVEL SERVICE IN THE FUTURE), useless advice, asking me to pull out the Drac card and insert again, and finally ordered a replacement H700 (to arrive in 1-2 hours) and support staff to come within 3-4 hours.

During the chatting with Pro-Support staff, I googled a bit and found someone had EXACTLY THE SAME SYMPTOM as mine! The problem is after updating the extra 2 Quad Port 5709c Broadcom cards, it reset the Broadcom card to default with ROM Enabled, LOM (on-board Broadcom remains Disabled though, strange), so this ROM CONFLICTS with H700’s ROM, leading to PCI Interrupt Conflicts and blocked H700 Raid Configuration ROM to show up! After Disabled the Broadcom ROM one by one (has to do it 8 times), H700 was back online and the local Pro-Support staff told me they have never encountered such thing before, ok, I must say over the last 10 years, I solved my own hardware problem more than they do, I can do a MUCH BETTER JOB and more knowledge than they are, and why I am paying a premium for the Pro Support service level? @#$@#!!!@!!! No more! Lost for Dell!

For the strange iDrac problem, the solution is to reset it to factory default and reconfigure IP and password again.

So this is my 3rd time nightmare experience when performing firmware upgrade on Poweredge 11th generation server. Never thought a NIC ROM will conflict with Raid card’s ROM and never thought iDrac will block access after upgrading the firmware.

Later, I was able to reproduce the same symptom on another Poweredge R710 with same hardware configuration, ie, H700 disappeared, no more Ctrl + R menu due to Broadcom 5709 ROM conflicts with H700 ROM!

The good thing after all the troubles is I was finally able to use Dell Management Plugin for vCenter to discover the host and do things as it should be.

One thing I noticed R710 Firmware v6.0.7 has a new virtualization feature called SR-IOV, good for 10G/s cards for DCB, but I don’t have those, it will be useful if I upgrade to 10G/s later.

Last but not least, I found vMotion no longer works after the host exit Maintenance Mode, it complains CPU are not compatible with the source host as I tried to vMotion back the VMs, so I can upgrade the next ESX host. It turned out to be the latest BIOS v6.0.7 also updated the CPU Microprocessor Code to Step B, so it’s not the same as v2.0.9, so how am I going to migrate my VMs to this new host and performed the upgrade on my existing ESX host? Luckily, I have the luxury to power down those few VMs for a short period of time, and cold migrate them to the next host, so problem solved, haha…Ultimately it would be great if my client has a 3 nodes cluster of course.

Finally, I forgot iDrac is tightly integrated with LifeCycle Controller, so I should upgrade iDrac first, then BIOS with all the other components such as H700 Raid and Broadcom NICs depends if your iDrac still allows you to login to the web GUI that is, huh?!

In fact, I have updated all the iDrac firmware again to v1.85 today by uploading the .bin file directly via iDrac’s web GUI from a Windows host, it’s much simpler and clean to do that way.

One more thing to take care of is you can’t upgrade the iDrac while you are still connecting to remote console using USC method, it will perform the upgrade but saying something got conflict, so use the above alternative method will solve this problem.

On Windows system, it’s a much easier job, just apply the firmware update one by one at the same time, after everything has been updated, then reboot the server.

Anyhow, I would suggest using Dell Repository Manager to do the job for your next BIOS upgrade on Poweredge 11th generation servers.

How to fit 2.5″ Crucial M4 128GB SSD into Dell Optiplex 990 SSF with Original 3.5″ Disk Attached

By admin, April 8, 2012 6:23 pm

I bought the Optiplex 990 SSF 2.5″ HD Kit (for 2 x 2.5″ hard disks with special split SATA power cables) from Dell almost 3 months ago and thinking putting a SSD in my desktop for WMware workstation VMFS.

I’ve been on/off thinking if I should buy myself another 2.5″ 500GB disk and clone everything over using Acronis just to use this 2.5″ HD Kit, but the problem is the original 3.5″ 500GB WD still carries a 5 years warranty, so why waste it?

If I keep the original 3.5″, then the 990 SSF doesn’t have enough space to fit in any more hard disk. So the real headache is how am I going to put that 2.5″ Crucial M4 SSD in my tiny 990 SSF case?

I’ve tried to put it everywhere, like above the CPU fan blower (yes, I knew it’s a hot zone), but it doesn’t fit somehow, looked again, luckily I found the perfect spot, it’s the bottom left corner, it fits 100% with no more or less space left, haha!

As the power supply is 90% efficient, it’s not hot at all, the Crucial SSD is not producing much heat neither as there is no moving mechanical parts involved. Tested with HWiNFO64, the temperature sensors shows the same with or without this SSD added.

Another mission impossible has been successfully accomplished.

IMG_6500

I moved the VMDK over from my USB 3.0 Lacie disk to Crucial SSD, fired up VMware workstation v8.02, wow! Windows 8 Preview boots in 6 seconds, can’t believe how fast it is!

Finally, I tested with two mostly used desktop SSD benchmark tools, both shows good results.

Also IOMeter shows 4,200 IOPS under 4k 60% random  65% read, although strangely I can easily get 7,200 in R710, probably it’s the way 990 SSF has a much lower bandwidth with its 6Gbps SATA on-board connection, that’s why it’s called Desktop PC instead of Server. Still with 4,200 IOPS, it beats a single Equallogic PS6000XV (14 x 15K SAS in RAID10) at only 0.5% of the cost. Sounds fantastic right? Then why buy Equallogic any more? Ha…if you run it a bit longer, you will see why your Equallogic box pays off, longer means running for 12-24 hours, you will see the single SSD disk dropping to 1/10 of its IOPS and Equallogic sustain all the way like a champ!

Anyway, it’s more than enough for VMware workstation and I am totally satisfied with the result!

crystaldiskmark

asssd

To See is To Believe: Geminoid F in Hong Kong

By admin, April 8, 2012 5:57 pm

Geminoid F is currently in Hong Kong for exhibition.

I saw it from 1 meter away today, the facial expression of Geminoid F is amazing, I would say it looks at least 65% real to me, especially when it sings.

Geminoid F reminds me that I wanted to be an expert in Electronics + Mechanical engineering field years back, to make something like this was also my ultimate goal back then. :)

GF

Dell Client System Update for Optiplex 990 SFF

By admin, April 7, 2012 4:29 pm

I used to go to Dell’s web site and download the firmware update one by one for my Optiplex 990 SFF.

When I asked Dell local support if there is a tool that can automatically scan my PC and download all the appropriate firmware updates all together at once, the answer is there is none (the standard answer as usual).

So as usual I never believe such BS, googled around and located this tool: Dell Client System Update.

It’s funny that if you work for Dell and your post is technical support for desktop, you should know this tools by heart, but the reality is always the opposite, sigh.

igam9j4vc2_j0tp-qxrr6q39502

Dell OpenManage Essentials (OME)

By admin, April 7, 2012 12:15 pm

Well, it’s the annual upgrade season, I have finally performed all the firmware updates on our server and storage, it’s kind of a nightmare (another article follow up shortly). Every time I upgrade the firmware on Poweredge, Powervault, PowerConnect or Equaulogic, it’s a “Press and Pray” session, YAKE!!!

So the old rule of thumb applies, if there is nothing happen to your machine or you don’t need that particular feature, DON’T DO IT!

Anyway, during the way performing all kinds of upgrade, I found Dell has quietly released two new tools.

Dell OpenManage Essentials and Dell Power Center (allows you to measure data center power usage, and it’s not free, but has 60 days trial), from what it described, Dell OpenManage Essentials is the next generation of monitoring and management tool, so you don’t need that crappy DMC (oh…dead after only 2 revisions as expected), well IT Assistant is fine though (long live, still using it, latest version is v8.9).

In additional, it seemed you can also integrate Repository Manager with OME to update firmware on ESX, so why do we pay for Dell Management Plug-in for vCenter after all? Well, you may argue it’s unified solution that you can do everything without leaving vCenter and looking cool, but who cares, as long as we get the jobs done, whatever is cost effective comes first in my theory!

Btw, why does Dell have so many system management tools for the same goal and over lapping each other? There is an Overview if you are interested. It took me almost forever to really get familiar with each of them, OpenMange, iDrac, Life Cycle Controller, F10 USC, Repository Manager, DMC, IT Assistant, DMP for VC, and now Dell OpenManage Essentials, can’t Dell produce one for all? I really do hope OME is the final one that has everything integrated and WORKED (Hopefully that is).

Dell Hardware Management Products
•Integrated Dell Remote Access Controller (iDRAC) with Lifecycle Controller (LC)
•Dell Chassis Management Controller (CMC) for blade servers
•Dell OpenManage Server Administrator (OMSA)
•Dell OpenManage Client Instrumentation (OMCI)
•Basic management utilities with IPMI

Dell Consoles
•Dell OpenManage Essentials (OME)
•Dell Management Console (DMC)
•Dell IT Assistant (ITA)
•Dell Remote Access Configuration Tool (DRACT)
•Dell OpenManage Power Center (OM PC)

Dell Services
•Managed Services
•Professional Services
•SaaS Management

Dell Tools and Utilities
•Update Utilities
–Dell Repository Manager (DRM)
–Dell OpenManage Server Update Utility (SUU)
–Dell OpenManage Systems Build and Update Utility (SBUU)
–Dell Update Packages (DUP)
–Dell Client Configuration Toolkit (CCTK)

•Customer Scripts and Processes
–Dell OpenManage Deployment Toolkit (DTK)
–RACADM
–IPMI

ToolIntegration With Third Party Consoles
•Microsoft System Center Operations Manager (SCOM) Server Management Pack Suite
•Dell Lifecycle Controller Integration (DLCI) pack for Microsoft System Center Configuration Manager (ConfigMgr)
•Dell Server PRO Management Pack for Microsoft System Center Virtual Machine Manager (SCVMM)
•Dell Management Plug-in for VMware vCenter
•BMC Software

Connections With Third Party Consoles
•Dell OpenManage Connection for Computer Associates Network and Systems Management (CA NSM)
•Dell Smart Plug-in (SPI) for HP Operations Manager for Windows
•Dell OpenManage Connection for IBM Tivoli Netcool/OMNIBus
•Dell OpenManage Connection for HP OpenView NNM
•Dell OpenManage Connection for Tivoli Enterprise Console

Firefox iDrac Certificate Problem: sec_error_reused_issuer_and_serial

By admin, April 7, 2012 11:27 am

I found I can no longer use Firefox to access my iDrac page after upgrading the iDrac 6 firmware to latest v1.85.

The particular message is “sec_error_reused_issuer_and_serial”.

Googled it a bit, removed cert8.db and key3.db, some iDrac page worked, some doesn’t as the old and new iDrac cert shares the same digital signature.

Finally, found this from the iDrac 6 v1.85 release note:

* iDRAC default certificate expire date changed to 2023, to get this updated certificate clear the “Preserve Configuration flag” option while updating iDRAC firmware through GUI. Make sure you delete cache from the GUI (IE as well as Firefox).

Firefox web browser might encounter an error if the certificate contains the same serial number as another certificate. Use this ink or the following procedure to resolve the same.

Workaround:

Delete your old exception and use temporary exceptions for subsequent visits to the iDRAC page.

To delete your old exception:
1. On the Firefox window, click the “Firefox” button and then click “Options.”
For Windows XP, click Tools and then “Options.”
For Linux OS, click “Edit” and then “Preferences.”

2. Select the “Advanced” panel.

3. Click on the Encryption tab.

4. Click “View Certificates” to open the Certificate Manager window.

5. In the Certificate Manager window click the “Servers” tab.

6. Identify the item that corresponds to the site that generates the error.
Note: The Certificate Authority (CA) for that server – the CA name appears above the site name.

7. Click on the server certificate that corresponds to the site that generates the error and press “Delete.”

8. Click OK when prompted to delete the exception.

9. Click the “Authorities” tab and select the the item that corresponds to the CA that you noted earlier and then press “Delete.”

10.Click OK when prompted to delete the exception.

To add a temporary exception to allow access to the page:

When you go to the iDRAC page, you will be presented with an Untrusted error.
Click on the “I Understand the Risks” link at the bottom of the error,
Click on Add Exception… to open the Add Security Exception window.
Click Get Certificate to fill in the Certificate Status section of the Add Security Exception window.
Click to un-check the Permanently store this exception item.
Click Confirm Security Exception to close the Add Security Exception window.

The iDRAC page will load now.

Pages: Prev 1 2 3 4 5 6 7 ...255 256 257 ...327 328 329 Next