HTTP/HTTPS FQDN Connection Failures On iDRAC
Information
Summary: |
Cause of unavailable GUI after iDrac firmware upgrade. |
Environment: |
Product: Flowmon Version: Any Platform: HW |
Question/Problem Description: |
After iDrac firmware upgrade it is not possible access to iDrac web GUI. |
Steps to Reproduce: | |
Error Message: | Error 400 Bad Request. |
Defect Number: | |
Enhancement Number: | |
Cause: | The iDRAC9 firmware version 5.10.00.00 blocks HTTP / HTTPS access through Fully Qualified Domain Name (FQDN) when the FQDN is not defined as the iDRAC RAC Name. |
Resolution: | 1. By default, iDRAC9 will check the HTTP / HTTPS Host Header and compare to the defined 'DNSRacName' and 'DNSDomainName'. When the values do not match, the iDRAC will refuse the HTTP / HTTPS connection. In iDRAC9 5.10.00.00, this Host Header enforcement can be disabled with the following RACADM command:
sudo /opt/dell/srvadmin/sbin/racadm set idrac.webserver.HostHeaderCheck 02. When the HTTP / HTTPS Host Header check is enabled (more secure), iDRAC can be accessed using the IPv4/IPv6 address, the RAC Name and/or the defined iDRAC FQDN (DNSRacName.DNSDomainName). If end-user is accessing with hostnames that iDRAC may not be aware of (such as a manual DNS entries added in DNS records), iDRAC9 5.10.00.00 firmware version introduced a new attribute 'ManualDNSEntry'. This new setting can be updated with up to 4 IP addresses / host names / FQDNs to provide an allow-list of Host Headers. This ensures that incoming requests are not dropped when the HTTP / HTTPS Host Header carries one of the entries in the 'ManualDNSEntry' setting. You can manual entry to allow a list with the command: sudo /opt/dell/srvadmin/sbin/racadm set idrac.webserver.ManualDNSEntry <IP> |
Workaround: | |
Notes: |
Was this article helpful?
0 out of 0 found this helpful