Перейти к основному содержимому
Выход

Добро пожаловать в Dell

Моя учетная запись
  • Простое и быстрое размещение заказов
  • Просмотр заказов и отслеживание состояния доставки
  • Создание списка продуктов и доступ к нему
Вход Создать учетную запись Вход на портал Premier Вход в партнерскую программу

IDPA: DP4400 RUCK Reports ESXi firmware_readiness check as Failed due to TLS Communication Failure with iDRAC

Сводка: This article describes a RUCK failure resulting from an unsupported TLS version configuration in iDRAC.

Данная статья применяется к Данная статья не применяется к Эта статья не привязана к какому-либо конкретному продукту. В этой статье указаны не все версии продуктов.
Ознакомьтесь с другими ресурсами

Симптомы

RUCK may fail with the following error.

+-----------+--------------------+--------+-----------------------------------------------+-----------------------------------------------+
| Component | Check              | Status | Message                                       | Remedy                                        |
+-----------+--------------------+--------+-----------------------------------------------+-----------------------------------------------+
| ESXi      | firmware_readiness | FAILED | Firmware pre-upgrade checks failed. [ XXX.XXX.| Use KB https://www.dell.com/support/kbdoc/191 |
|           |                    |        | XXX.XXX ]: The cached response with Node Event| 627 to fix the issue.                         |
|           |                    |        | Service is disabled. Node Event Service is in |                                               |
|           |                    |        |  a degraded state,iDRAC Service Module is not |                                               |
|           |                    |        |  available/active at this time. Check iDRAC S |                                               |
|           |                    |        | ervice Module/iDRAC status.                   |                                               |
+-----------+--------------------+--------+-----------------------------------------------+-----------------------------------------------+

 

The output of dpacli -agentinfo (run from the ACM CLI) may show the agent status as "Degraded" or "Error."

    "status": {
        "idraccache": "Degraded",
        "idracConnection": "N/A",
        "iSM": "N/A",
        "agent": "Degraded"
    }

 

    "status": {
        "idraccache": "OK",
        "idracConnection": "OK",
        "iSM": "N/A",
        "agent": "OK"
    }

 

The ESXi log /scratch/log/pta_debug.log may show the following pattern of errors.

2023/11/27 18:55:24[UTC] [2108525:172927808] WARN  - HttpsClient::handle_handshake: <0x8cda828> async_handshake() failed - tlsv1 alert protocol version [336151598]
2023/11/27 18:55:24[UTC] [2108525:172927808] WARN  - HttpsClient::handle_handshake: <0x8cda828> async_handshake() failed - tlsv1 alert protocol version [336151598]
2023/11/27 18:55:24[UTC] [2108525:197131072] WARN  - WSManClient::isValidResponse: Http request to host: 169.254.0.1, failed with status code: -2
2023/11/27 18:55:25[UTC] [2108525:173456192] WARN  - HttpsClient::handle_handshake: <0x8cda828> async_handshake() failed - tlsv1 alert protocol version [336151598]
2023/11/27 18:55:29[UTC] [2108525:172927808] WARN  - HttpsClient::handle_handshake: <0x8cda828> async_handshake() failed - tlsv1 alert protocol version [336151598]
2023/11/27 18:55:29[UTC] [2108525:194489152] WARN  - DoMethod: Failed to connect to server. Retrying once . . .
2023/11/27 18:55:29[UTC] [2108525:172927808] WARN  - HttpsClient::handle_handshake: <0x8cda828> async_handshake() failed - tlsv1 alert protocol version [336151598]
2023/11/27 18:55:29[UTC] [2108525:194489152] WARN  - isValidResponse: request failed with status code: -2.
2023/11/27 18:55:29[UTC] [2108525:194489152] WARN  - DoMethod: RedFish request failed. [status: -2, response-body: ]

 

Причина

The iDRAC web server has been configured to accept connections using TLS version 1.3 only.
This configuration is unsupported for IDPA and PowerProtect DP series appliances.

 

Разрешение

NOTE: The default TLS version for the iDRAC Web Server configuration is "TLS 1.1 and Higher." The following example assumes that "TLS 1.2 and Higher" is preferred, but this setting may be returned to the default configuration if required.

 

To resolve this issue, perform the following steps.

  1. Open the iDRAC UI in a browser and login as the "root" user
  2. Navigate to "iDRAC Settings" -> "Services" -> "Web Server" -> "Settings"
  3. Under the "TLS Protocol" configuration, ensure that "TLS 1.2 and Higher" is selected
  4. Select "Apply" to apply this change

 

Following these changes, the agent state should normalize within 5-10 minutes (requiring no further actions). If no change is observed, it is recommended to restart the iSM and PTAgent services on the host operating system.

  1. Open an PuTTY/SSH connection to the ESXi (Hypervisor) component as the "root" user
  2. Run /etc/init.d/dcism-netmon-watchdog restart
  3. Run /etc/init.d/DellPTAgent restart
    IDRAC settings

 

Затронутые продукты

PowerProtect Data Protection Software, Integrated Data Protection Appliance Software

Продукты

PowerProtect Data Protection Appliance, Integrated Data Protection Appliance Family
Свойства статьи
Номер статьи: 000219917
Тип статьи: Solution
Последнее изменение: 12 Mar 2024
Версия:  5
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.