1 Rookie
•
93 Posts
0
11271
T330 iDRAC upgrade fail -> 400 Bad Request in web
Hi!
I just upgraded iDRAC on a (remote) T330.
It was a big jump from 2.50.50.50 to 2.81.81.81 (a bit too big i guess hehe)
Now i just see "400 Bad Request" when accessing the iDRAC web.
I am guessing i can not fix this remotely.
But can it be fixed by someone onsite?
I dont have a Dell Tower here so cant experiment.
Also that remote server only has iDRAC Express...
DELL-Shine K
4 Operator
4 Operator
•
3K Posts
1
December 9th, 2021 17:00
2.81.81.81 release have Host header security issue fix (Link) and launching iDRAC with hostname and FQDN will work by default if hostname/FQDN used is matching with DNS Name and Domain configured on iDRAC. If you are using a different name to launch iDRAC than one configured in iDRAC then you can add the hostname/FQDN used for launching as an exception by using below racadm command to make it work
To add hostname/FQDN as an exception
racadm set idrac.webserver.ManualDNSEntry test.domain.com
You can also disable host header check on iDRAC by running below command. This command will disable security fix of host header check (Link)
racadm set idrac.webserver.HostHeaderCheck Disabled
DELL-Shine K
4 Operator
4 Operator
•
3K Posts
0
December 9th, 2021 07:00
Are you trying to access iDRAC using IP address or FQDN/Hostname? Can you check whether you can SSH to iDRAC IP address?
DELL-Shine K
4 Operator
4 Operator
•
3K Posts
0
December 9th, 2021 08:00
Can you try accessing iDRAC using IP address and see whether it works. Can you also confirm whether hostname is matching with DNS name configured on iDRAC?
Alexander-36725
1 Rookie
1 Rookie
•
93 Posts
0
December 9th, 2021 08:00
Used a hostname that points to the correct IP (but doesnt confirm to the ssl-cert there).
But YES, i can ssh!
/admin1-> help
[Usage]
show [ ] [ ] [ ]
[ == ]
set [ ] [ ] =
cd [ ] [ ]
create [ ] [ = ]
[ = ]
delete [ ]
exit [ ]
reset [ ] [ ]
start [ ] [ ]
stop [ ] [ ]
version [ ]
help [ ] [ ]
load -source [ ] [ ]
dump -destination [ ] [ ]
Alexander-36725
1 Rookie
1 Rookie
•
93 Posts
0
December 9th, 2021 10:00
So i can not rollback to older iDRAC-version using ssh/racadm?
Alexander-36725
1 Rookie
1 Rookie
•
93 Posts
0
December 9th, 2021 13:00
Well, this is strange.
When i use its IP, it works!
When i use a hostname it doesnt (but did before).
So, now i have to look up and enter IPs in the address bar??
Is this a known bug, or is there some kind of security reason for this?
Alexander-36725
1 Rookie
1 Rookie
•
93 Posts
0
December 10th, 2021 04:00
Ok, super, thanks for the excellent clarification!
mazafak
8 Posts
3
December 15th, 2021 13:00
this change in defaults is not reasonable.
a lot of iDRACs are sitting on air-gapped networks.
there might be no DNS service and no direct access for security purposes. it has to AT LEAST accept 'localhost' as that's what it will look like when people forward ports via a bastion host. that's how it has been since the beginning of time.
I bet iDRAC9 got the same thing as of 5.10.00.00 and that's why it errors out with "internal server error"
Alexander-36725
1 Rookie
1 Rookie
•
93 Posts
1
December 15th, 2021 14:00
I really do agree with @mazafak
Fabio M
1 Message
0
January 31st, 2023 08:00
The option "acadm set idrac.webserver.HostHeaderCheck Disabled" resolved my problem. Thanks