iDRAC 8/7 v2.40.40.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 Overview........................................................................................................................15 Benefits of using iDRAC with Lifecycle Controller.............................................................................................................15 Key features..................................................................................................................................................................... 15 New in this release.........
3 Setting up managed system and management station...................................................37 Setting up iDRAC IP address............................................................................................................................................ 37 Setting up iDRAC IP using iDRAC settings utility........................................................................................................38 Setting up iDRAC IP using CMC web interface.......................................
Importing server profile using RACADM..................................................................................................................... 73 Restore operation sequence.......................................................................................................................................74 Monitoring iDRAC using other Systems Management tools............................................................................................. 74 4 Configuring iDRAC....................
Uploading server certificate....................................................................................................................................... 92 Viewing server certificate...........................................................................................................................................92 Uploading custom signing certificate..........................................................................................................................
Enabling or disabling remote RACADM using web interface...................................................................................... 114 Enabling or disabling remote RACADM using RACADM.............................................................................................114 Disabling local RACADM.................................................................................................................................................. 114 Enabling IPMI on managed system.................
Enabling or disabling alerts using web interface........................................................................................................ 144 Enabling or disabling alerts using RACADM...............................................................................................................145 Enabling or disabling alerts using iDRAC settings utility.............................................................................................145 Filtering alerts ............................
Setting warning threshold for power consumption using web interface................................................................... 159 Executing power control operations............................................................................................................................... 159 Executing power control operations using web interface......................................................................................... 159 Executing power control operations using RACADM............
Converting a physical disk to RAID or non-RAID mode............................................................................................. 186 Managing virtual disks.....................................................................................................................................................187 Creating virtual disks.................................................................................................................................................
Previewing virtual console.............................................................................................................................................. 214 Launching virtual console................................................................................................................................................214 Launching virtual console using web interface..........................................................................................................
Modifying a partition................................................................................................................................................ 237 Attaching or detaching partitions............................................................................................................................. 238 Deleting existing partitions.......................................................................................................................................
Configuring iDRAC Quick Sync settings using RACADM..........................................................................................262 Configuring iDRAC Quick Sync settings using iDRAC settings utility........................................................................262 Using mobile device to view iDRAC information.............................................................................................................262 22 Deploying operating systems.....................................
Virtual console................................................................................................................................................................ 281 Virtual media.................................................................................................................................................................. 283 vFlash SD card..........................................................................................................................................
1 Overview The Integrated Dell Remote Access Controller (iDRAC) is designed to make server administrators more productive and improve the overall availability of Dell servers. iDRAC alerts administrators to server issues, helps them perform remote server management, and reduces the need for physical access to the server. iDRAC with Lifecycle Controller technology is part of a larger data center solution that helps keep business critical applications and workloads available always.
NOTE: Some of the features are available only with iDRAC Enterprise license. For information on the features available for a license, see Managing licenses. Inventory and Monitoring • View managed server health. • Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents. • View and export system inventory. • View sensor information such as temperature, voltage, and intrusion.
– PCIe SSD devices: * Inventory and remotely monitor the health of PCIe SSD devices in the server. * Prepare the PCIe SSD to be removed. * Securely erase the data. – Set the backplane mode (unified or split mode). – Blink or unblink component LEDs. – Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update • Manage iDRAC licenses.
• Along with locating iDRACs on a separate management subnet, users should isolate the management subnet/vLAN with technologies such as firewalls, and limit access to the subnet/vLAN to authorized server administrators. Secure Connectivity Securing access to critical network resources is a priority. iDRAC implements a range of security features that includes: • Custom signing certificate for Secure Socket Layer (SSL) certificate. • Signed firmware updates.
• RACADM — The RACADM command or the object that you must use is provided here. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. • iDRAC Settings Utility — Only the task-related information is provided here.
NOTE: For a few features, a system restart is required to enable the features. • Export — Export the installed license into an external storage device for backup or to reinstall it again after a part or motherboard replacement. The file name and format of the exported license is .xml. • Delete — Delete the license that is assigned to a component if the component is missing. After the license is deleted, it is not stored in iDRAC and the base product functions are enabled.
Table 2. Licensed features in iDRAC7 and iDRAC8 Feature Basic iDRAC8 Manage Basic ment (iDRAC 7) iDRAC7 Express iDRAC8 Express iDRAC7 iDRAC8 Express Express for for Blades Blades iDRAC7 Enterprise iDRAC8 Enterprise IPMI 2.0 Yes Yes Yes Yes Yes Yes Yes Yes DCMI 1.
Feature Basic iDRAC8 Manage Basic ment (iDRAC 7) iDRAC7 Express iDRAC8 Express iDRAC7 iDRAC8 Express Express for for Blades Blades iDRAC7 Enterprise iDRAC8 Enterprise Single sign-On (kerberos) No No No Yes No Yes Yes Yes PK authentication (for SSH) No No No Yes No Yes No Yes Power control Yes4 Yes Yes Yes Yes Yes Yes Yes Boot control No Yes No Yes No Yes No Yes Serial-over-LAN Yes Yes Yes Yes Yes Yes Yes Yes Virtual Media No No No No Yes Yes Yes Ye
Feature Basic iDRAC8 Manage Basic ment (iDRAC 7) iDRAC7 Express iDRAC8 Express iDRAC7 iDRAC8 Express Express for for Blades Blades iDRAC7 Enterprise iDRAC8 Enterprise Full agent-free monitoring No Yes No Yes No Yes No Yes Predictive failure monitoring No Yes No Yes No Yes No Yes SNMPv1, v2, and v3 (traps and gets) No Yes Yes Yes Yes Yes Yes Yes Email Alerting No No Yes Yes Yes Yes Yes Yes Configurable thresholds No Yes No Yes No Yes No Yes Fan monitoring N
Feature Basic iDRAC8 Manage Basic ment (iDRAC 7) iDRAC7 Express iDRAC8 Express iDRAC7 iDRAC8 Express Express for for Blades Blades iDRAC7 Enterprise iDRAC8 Enterprise Full configuration inventory No Yes No Yes No Yes No Yes Inventory export No Yes No Yes No Yes No Yes Remote configuration No Yes Yes Yes Yes Yes Yes Yes Zero-touch configuration No No No No No No No Yes System Retire/ Repurpose No Yes No Yes No Yes No Yes Diagnostics, Service, and Logging Em
[1] Requires vFlash SD card media. [2] 500 series and lower rack and tower servers require a hardware card to enable this feature; this hardware is offered at additional cost. [3] Remote agent-free update feature is available only using IPMI. [4] Available only using IPMI. [5] Requires OMSA agent on target server. Interfaces and protocols to access iDRAC The following table lists the interfaces to access iDRAC. NOTE: Using more than one interface at the same time may generate unexpected results. Table 3.
Interface or Protocol Description • • Start, stop, or reset the managed system Update BIOS, PERC, and supported network adapters Lifecycle Controller Use Lifecycle Controller to perform iDRAC configurations. To access Lifecycle Controller, press during boot and go to System Setup → Advanced Hardware Configuration → iDRAC Settings. For more information, see Lifecycle Controller User’s Guide available at dell.com/idracmanuals.
iDRAC port information The following ports are required to remotely access iDRAC through firewalls. These are the default ports iDRAC listens to for connections. Optionally, you can modify most of the ports. To do this, see Configuring services. Table 4.
• The Dell Lifecycle Controller Graphical User Interface For 12th and 13th Generation Dell PowerEdge Servers User’s Guide provides information on using Lifecycle Controller Graphical User Interface (GUI).
Accessing documents from Dell support site You can access the required documents in one of the following ways: • Using the following links: – For all Enterprise Systems Management documents — Dell.com/SoftwareSecurityManuals – For OpenManage documents — Dell.com/OpenManageManuals – For Remote Enterprise Systems Management documents — Dell.com/esmmanuals – For iDRAC and Lifecycle Controller documents — Dell.com/idracmanuals – For OpenManage Connections Enterprise Systems Management documents — Dell.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. The default user name is root and the default password is calvin. You can also log in using Single Sign-On or Smart Card. NOTE: • • You must have Login to iDRAC privilege to log in to iDRAC. iDRAC GUI does not support browser buttons such as Back, Forward, or Refresh.
6. Click Submit. You are logged in to iDRAC with the required user privileges. If you log in with Configure Users privileges and the default account credentials, and if the default password warning feature is enabled, the Default Password Warning page is displayed allowing you to easily change the password.
• Upload a Trusted Certificate Authority (CA) certificate (CA-signed Active Directory certificate) to iDRAC. • Configure the DNS server. • Enable Active Directory login. • Enable Smart Card login. To log in to iDRAC as an Active Directory user using smart card: 1. Log in to iDRAC using the link https://[IP address]. The iDRAC Login page is displayed prompting you to insert the Smart Card.
If iDRAC network LAN is disabled (LAN Enabled = No), SSO is not available. If the server is removed from the chassis, iDRAC IP address is changed, or there is a problem in iDRAC network connection, the option to Launch iDRAC is grayed-out in the CMC web interface. For more information, see the Chassis Management Controller User’s Guide available at dell.com/support/manuals. Accessing iDRAC using remote RACADM You can use remote RACADM to access iDRAC using RACADM utility.
Logging in: ssh username@ or ssh username@ where IP_address is the IP address of the iDRAC. Sending RACADM commands: ssh username@ racadm getversion ssh username@ racadm getsel Related links Using public key authentication for SSH Multiple iDRAC sessions The following table provides the list of multiple iDRAC sessions that are possible using the various interfaces. Table 6.
NOTE: Continue is enabled only if the passwords entered in the New Password and Confirm Password fields match. For information about the other fields, see the iDRAC Online Help. Changing default login password using RACADM To change the password, run the following RACADM command: racadm set iDRAC.Users..Password where, is a value from 1 to 16 (indicates the user account) and is the new user—defined password.
• Increased time intervals with each sequential incorrect login attempt • Log entries NOTE: The sign-errors and alerts, increased time interval for each incorrect login, and log entries are available using any of the iDRAC interfaces such as web interface, Telnet, SSH, Remote RACADM, WS-MAN, and VMCLI. Table 7.
3 Setting up managed system and management station To perform out-of-band systems management using iDRAC, you must configure iDRAC for remote accessibility, set up the management station and managed system, and configure the supported web browsers. NOTE: In case of blade servers, install CMC and I/O modules in the chassis and physically install the system in the chassis before performing the configurations. Both iDRAC Express and iDRAC Enterprise ship from the factory with a default static IP address.
• Access iDRAC through any of the following interfaces: – iDRAC Web interface using a supported browser (Internet Explorer, Firefox, Chrome, or Safari) – Secure Shell (SSH) — Requires a client such as PuTTY on Windows. SSH is available by default in most of the Linux systems and hence does not require a client.
This option implies that iDRAC's dedicated network port routes its traffic separately from the server's LOM or NIC ports. About managing network traffic, the Dedicated option allows iDRAC to be assigned an IP address from the same subnet or different subnet in comparison to the IP addresses assigned to the Host LOM or NICs. NOTE: In blade servers, the Dedicated option is displayed as Chassis (Dedicated).
Common settings If network infrastructure has DNS server, register iDRAC on the DNS. These are the initial settings requirements for advanced features such as Directory services—–Active Directory or LDAP, Single Sign On, and smart card. To register iDRAC: 1. Enable Register DRAC on DNS. 2. Enter the DNS DRAC Name. 3. Select Auto Config Domain Name to automatically acquire domain name from DHCP. Else, provide the DNS Domain Name. IPv4 settings To configure the IPv4 settings: 1.
NOTE: On blade servers that are set as Chassis (Dedicated), the VLAN settings are read-only and can be changed only using CMC. If the server is set in shared mode, you can configure VLAN settings in shared mode in iDRAC. 1. Under Enable VLAN ID, select Enabled. 2. In the VLAN ID box, enter a valid number from 1 to 4094. 3. In the Priority box, enter a number from 0 to 7 to set the priority of the VLAN ID. NOTE: After enabling VLAN, the iDRAC IP is not accessible for some time.
To enable provisioning server using iDRAC Settings utility: 1. Turn on the managed system. 2. During POST, press F2, and go to iDRAC Settings → Remote Enablement. The iDRAC Settings Remote Enablement page is displayed. 3. Enable auto-discovery, enter the provisioning server IP address, and click Back. NOTE: Specifying the provisioning server IP is optional. If it is not set, it is discovered using DHCP or DNS settings (step 7). 4. Click Network. The iDRAC Settings Network page is displayed. 5.
4. config.xml — If the option 60 filename, service tag-based, and model number-based files are not available, use the default config.xml file. NOTE: If none of these files are on the network share, then the server configuration profile import job is marked as failed for file not found. Related links Auto Config sequence DHCP options Enabling Auto Config using iDRAC web interface Enabling Auto Config using RACADM Auto Config sequence 1.
Configuring option 43 on Windows To configure option 43 on Windows: 1. On the DHCP server, go to Start → Administration Tools → DHCP to open the DHCP server administration tool. 2. Find the server and expand all items under it. 3. Right-click on Scope Options and select Configure Options. The Scope Options dialog box is displayed. 4. Scroll down and select 043 Vendor Specific Info. 5.
• IPAddress (-i) — Indicates the IP address of the file share. NOTE: Sharename (-n), ShareType (-s), and IPAddress (-i) are required attributes that must be passed. • Username (-u) — Indicates the user name required to access the network share. This information is required only for CIFS. • Password (-p) — Indicates the password required to access the network share. This information is required only for CIFS. • ShutdownType (-d) — Indicates the mode of shutdown.
NOTE: Example for Linux NFS and CIFS share: – NFS: -f system_config.xml -i 192.168.0.130 -n /nfs -s 0 -d 0 -t 500 – CIFS: -f system_config.xml -i 192.168.0.130 -n sambashare/config_files -s 2 -u user -p password -d 1 -t 400 Ensure that you use NFS2 or NFS3 for NFS network share • ShutdownType (-d) — Indicates the mode of shutdown. 0 indicates Graceful shutdown and 1 indicates Forced shutdown. NOTE: The default setting is 0.
Using hash passwords for improved security On PowerEdge servers with version 2.xx.xx.xx, you can set user passwords and BIOS passwords using a one-way hash format. The user authentication mechanism is not affected (except for SNMPv3 and IPMI) and you can provide the password in plain text format. With the new password hash feature: • You can generate your own SHA256 hashes to set iDRAC user passwords and BIOS passwords.
Setting up management station A management station is a computer used for accessing iDRAC interfaces to remotely monitor and manage the PowerEdge server(s). To set up the management station: 1. Install a supported operating system. For more information, see the release notes. 2. Install and configure a supported Web browser (Internet Explorer, Firefox, Chrome, or Safari). 3. Install the latest Java Runtime Environment (JRE) (required if Java plug-in type is used to access iDRAC using a Web browser).
Modifying local administrator account settings After setting the iDRAC IP address, you can modify the local administrator account settings (that is, user 2) using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings User Configuration page is displayed. 2. Specify the details for User Name, LAN User Privilege, Serial Port User Privilege, and Change Password. For information about the options, see the iDRAC Settings Utility Online Help. 3.
Modifying thermal settings using iDRAC web interface To modify the thermal settings: 1. In the iDRAC Web interface, go to Overview → Hardware → Fans → Setup. The Fan Setup page is displayed. 2. Specify the following: • Thermal Profile — Select the thermal profile: – Default Thermal Profile Settings — Implies that the thermal algorithm uses the same system profile settings that is defined under System BIOS → System BIOS Settings.System Profile Settings page.
– Default — Sets minimum fan speed to default value as determined by the system cooling algorithm. – Custom — Enter the percentage value. The allowable range for minimum fan speed PWM is dynamic based on the system configuration. The first value is the idle speed and the second value is the configuration max (which may or may not be 100% based on system configuration). System fans can run higher than this speed as per thermal requirements of the system but not lower than the defined minimum speed.
Object Description Usage Example The following error message is displayed: ERROR: RAC947: Invalid object value specified. Make sure to specify the value depending on the type of object. For more information, see RACADM help. To set the limit to the default value: racadm set system.thermalsetting s.
Object Description Usage Example fan speed increasing to full speed. racadm set system.thermalsetting s FanSpeedOffset 3 FanSpeedMediumOffsetV al • • • FanSpeedOffset • • • Getting this variable reads the fan speed offset value in %PWM for Medium Fan Speed Offset setting. This value depends on the system. Use FanSpeedOffset object to set this value using index value 2 Using this object with get command displays the existing Fan Speed Offset value.
Object Description Usage Example • When get command reports 255, it means user configured offset is not applied. between MFSMinimumLimit to MFSMaximumLimit): racadm set system.thermalsetting s.MinimumFanSpeed 45 Values: To view the existing thermal profile setting: racadm get system.thermalsetting s.ThermalProfile • ThermalProfile • • ThirdPartyPCIFanRespo nse • • • It defines the baseline (floor) value for fan speed and system allows fans to go lower than this defined fan speed value.
Most features of iDRAC web interface can be accessed using these browsers with default settings. For certain feature to work, you must change a few settings. These settings include disabling pop-up blockers, enabling Java, ActiveX, or HTML5 plug-in support and so on. If you are connecting to iDRAC web interface from a management station that connects to the Internet through a proxy server, configure the web browser to access the Internet from through this server.
Configuring Mozilla Firefox This section provides details about configuring Firefox to ensure you can access and use all features of the iDRAC web interface. These settings include: • Disabling whitelist feature • Configuring Firefix to enable Active Directory SSO Disabling whitelist feature in Firefox Firefox has a "whitelist" security feature that requires user permission to install plug-ins for each distinct site that hosts a plug-in.
Configuring Internet Explorer to use HTML5-based plug-in The HTML5 virtual console and virtual media APIs are created by using HTML5 technology. The following are the advantages of HTML5 technology: • Installation is not required on the client workstation. • Compatibility is based on browser and is not based on the operating system or installed components. • Compatible with most of the desktops and mobile platforms. • Quick deployment and the client is downloaded as part of a web page.
4. Enable the browser to download encrypted content and to enable third-party browser extensions. To do this, go to Tools → Internet Options → Advanced, clear the Do not save encrypted pages to disk option, and select the Enable third-party browser extensions option. NOTE: Restart Internet Explorer for the Enable third-party browser extension setting to take effect. 5. Go to Tools → Internet Options → Security and select the zone you want to run the application. 6. Click Custom level.
Importing CA certificates to management station When you launch Virtual Console or Virtual Media, prompts are displayed to verify the certificates. If you have custom Web server certificates, you can avoid these prompts by importing the CA certificates to the Java or ActiveX trusted certificate store.
Updating device firmware Using iDRAC, you can update the iDRAC, BIOS, and all device firmware that is supported by using Lifecycle Controller update such as: • Fibre Channel (FC) cards • Diagnostics • Operating System Driver Pack • Network Interface Card (NIC) • RAID Controller • Power Supply Unit (PSU) • NVMe PCIe devices • SAS/SATA hard drives • Backplane update for internal and external enclosures • OS Collector CAUTION: The PSU firmware update may take several minutes depending on the
Table 9. Image file types and dependencies .D7 Image iDRAC DUP Interface Supported Requires LC enabled Supported Requires LC enabled BMCFW64.
NOTE: Configuration changes and firmware updates that are made within the operating system may not reflect properly in the inventory until you perform a server restart. When you check for updates, the version marked as Available does not always indicate that it is the latest version available. Before you install the update, ensure that the version you choose to install is newer than the version currently installed.
Updating firmware using repository Dell Repository Manager (DRM) enables you to create a repository that iDRAC can check for updates. DRM can use the following to creating the repository: • New Dell online catalog • Previous Dell catalog that you have used • Local source repository • A custom repository NOTE: For more information about DRM, see delltechcenter.com/repositorymanager.
3. Enter the required details in the fields that are displayed. For information about the fields, see the iDRAC Online Help. 4. Click Check for Update. 5. After the upload is complete, the Update Details section displays a comparison report showing the current firmware versions and the firmware versions available in the repository. NOTE: Updates that are unsupported or not applicable to the system or installed hardware are not included in the comparison report. 6.
NOTE: Do not create the next scheduled occurrence of an automatic update job if a job is already Scheduled. It overwrites the current scheduled job. 1. In the iDRAC web interface, go to Overview → iDRAC Settings → Update and Rollback. The Firmware Update page is displayed. 2. Click the Automatic Update tab. 3. Select the Enable Automatic Update option. 4. Select any of the following options to specify if a system reboot is required after the updates are staged: • 5.
Updating firmware using CMC web interface You can update iDRAC firmware for blade servers using the CMC Web interface. To update iDRAC firmware using the CMC Web interface: 1. Log in to CMC Web interface. 2. Go to Server → Overview → . The Server Status page is displayed. 3. Click Launch iDRAC Web interface and perform iDRAC Firmware Update.
Updating firmware using Lifecycle Controller Remote Services For information to update the firmware using Lifecycle Controller–Remote Services, see Lifecycle Controller Remote Services Quick Start Guide available at dell.com/idracmanuals. Updating CMC firmware from iDRAC In the PowerEdge FX2/FX2s chassis, you can update the firmware for the Chassis Management Controller and any component that can be updated by CMC and shared by the servers from iDRAC.
Viewing and managing staged updates using RACADM To view the staged updates using RACADM, use jobqueue sub-command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Rolling back device firmware You can roll back the firmware for iDRAC or any device that Lifecycle Controller supports, even if the upgrade was previously performed using another interface.
Rollback firmware using iDRAC web interface To roll back device firmware: 1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Update and Rollback → Rollback. The Rollback page displays the devices for which you can rollback the firmware. You can view the device name, associated devices, currently installed firmware version, and the available firmware rollback version. 2. Select one or more devices for which you want to rollback the firmware. 3.
Recovering iDRAC iDRAC supports two operating system images to make sure a bootable iDRAC. In the event of an unforeseen catastrophic error and you lose both boot paths: • iDRAC bootloader detects that there is no bootable image. • System Health and Identify LED is flashed at ~1/2 second rate. (LED is located on the back of a rack and tower servers and on the front of a blade server.) • Bootloader is now polling the SD card slot.
Related links Scheduling automatic backup server profile Importing server profile Backing up server profile using iDRAC web interface To back up the server profile using iDRAC Web interface: 1. Go to Overview → iDRAC Settings → Server Profile. The Backup and Export Server Profile page is displayed. 2. Select one of the following to save the backup file image: 3. • vFlash to save the backup file image on the vFlash card. Enter the backup file name and encryption passphrase (optional). 4.
5. Enter the backup file name and encryption passphrase (optional). 6. If Network is selected as the file location, enter the network settings. NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters. For information about the fields, see the iDRAC Online Help 7.
After you replace the motherboard on your server, Easy Restore allows you to automatically restore the following data: • System Service Tag • Licenses data • UEFI Diagnostics application • System configuration settings—BIOS, iDRAC, and NIC Easy Restore uses the Easy Restore flash memory to back up the data. When you replace the motherboard and power on the system, the BIOS queries the iDRAC and prompts you to restore the backed-up data.
Restore operation sequence The restore operation sequence is: 1. Host system shuts down. 2. Backup file information is used to restore the Lifecycle Controller. 3. Host system turns on. 4. Firmware and configuration restore process for the devices is completed. 5. Host system shuts down. 6. iDRAC firmware and configuration restore process is completed. 7. iDRAC restarts. 8. Restored host system turns on to resume normal operation.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see Managing licenses.
Related links Logging in to iDRAC Modifying network settings Configuring services Configuring front panel display Setting up managed system location Configuring time zone and NTP Setting up iDRAC communication Configuring user accounts and privileges Monitoring and managing power Enabling last crash screen Configuring and using virtual console Managing virtual media Managing vFlash SD card Setting first boot device Enabling or disabling OS to iDRAC Pass-through Configuring iDRAC to send alerts Viewing iDRA
Modifying network settings using web interface To modify the iDRAC network settings: 1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network. The Network page is displayed. 2. Specify the network settings, common settings, IPv4, IPv6, IPMI, and/or VLAN settings as per your requirement and click Apply.
To configure IP filtering: 1. In iDRAC Web interface, go to Overview → iDRAC Settings → Network → Network. The Network page is displayed. 2. Click Advanced Settings. The Network Security page is displayed. 3. Specify the IP filtering settings. For more information about the options, see iDRAC Online Help. 4. Click Apply to save the settings. Configuring IP filtering using RACADM You must have Configure privilege to perform these steps.
Enabling FIPS Mode CAUTION: Enabling FIPS mode resets iDRAC to factory-default settings. If you want to restore the settings, back up the server configuration profile (SCP) before you enable FIPS mode, and restore the SCP after iDRAC restarts. NOTE: If you reinstall or upgrade iDRAC firmware, FIPS mode gets disabled. Enabling FIPS mode using web interface 1. On the iDRAC web interface, navigate to Overview → iDRAC Settings → Network. 2. Click Advanced Settings next to Options. 3.
The Services page is displayed. 2. Specify the required information and click Apply. For information about the various settings, see the iDRAC Online Help. NOTE: Do not select the Prevent this page from creating additional dialogs check-box. Selecting this option prevents you from configuring services. Configuring services using RACADM To enable and configure services using RACADM, use the set command with the objects in the following object groups: • iDRAC.LocalSecurity • iDRAC.
Configuring TLS using RACADM To check the version of TLS configured: racadm get idrac.webserver.tlsprotocol To set the version of TLS: racadm set idrac.webserver.tlsprotocol TLS 1.0 and Higher TLS 1.1 and Higher TLS 1.2 Only =0 =1 =2 Using VNC client to manage remote server You can use a standard open VNC client to manage the remote server using both desktop and mobile devices such as Dell Wyse PocketCloud.
Setting up VNC viewer with SSL encryption While configuring the VNC server settings in iDRAC, if the SSL Encryption option was enabled, then the SSL tunnel application must be used along with the VNC Viewer to establish the SSL encrypted connection with iDRAC VNC server. NOTE: Most of the VNC clients do not have built-in SSL encryption support. To configure the SSL tunnel application: 1. Configure SSL tunnel to accept connection on :. For example, 127.0.0.1:5930. 2.
• Ambient Temperature • System Model • Host Name • User Defined • None If you select User Defined, enter the required message in the text box. If you select None, home message is not displayed on the server LCD front panel. 3. Enable Virtual Console indication (optional). If enabled, the Live Front Panel Feed section and the LCD panel on the server displays the Virtual console session active message when there is an active Virtual Console session. 4. Click Apply.
Configuring time zone and NTP You can configure the time zone on iDRAC and synchronize the iDRAC time using Network Time Protocol (NTP) instead of BIOS or host system times. You must have Configure privilege to configure time zone or NTP settings. Configuring time zone and NTP using iDRAC web interface To configure time zone and NTP using iDRAC web interface: 1. Go to Overview → iDRAC Settings → Properties → Settings. The Time zone and NTP page is displayed. 2.
Setting first boot device using web interface To set the first boot device using iDRAC Web interface: 1. Go to Overview → Server → Setup → First Boot Device. The First Boot Device page is displayed. 2. Select the required first boot device from the drop-down list, and click Apply. The system boots from the selected device for subsequent reboots. 3. To boot from the selected device only once on the next boot, select Boot Once.
NOTE: iDRAC Service Module (iSM) provides more features for managing iDRAC through the operating system. For more information, see the iDRAC Service Module Installation Guide available at dell.com/support/manuals. When enabled through dedicated NIC, you can launch the browser in the host operating system and then access the iDRAC Web interface. The dedicated NIC for the blade servers is through the Chassis Management Controller.
Category Manufacturer Type • • • • 57800S QP rNDC (10G BASE-T + 1G BASE-T) 57800S QP rNDC (10G SFP+ + 1G BASE-T) 57840 4x10G KR 57840 rNDC Intel • • • i540 QP rNDC (10G BASE-T + 1G BASE-T) i350 QP rNDC 1G BASE-T x520/i350 rNDC 1GB Qlogic QMD8262 Blade NDC In-built LOM cards also support the OS to iDRAC pass-through feature. The following cards do not support the OS to iDRAC Pass-through feature: • Intel 10 GB NDC. • Intel rNDC with two controllers – 10G controllers does not support.
For Linux operating systems, configure the USB NIC as DHCP on the host operating system before enabling USB NIC. If the operating system on the host is SUSE Linux Enterprise Server 11, CentOS 6.5, CentOS 7.0, Ubuntu 14.04.1 LTS, or Ubuntu 12.04.4 LTS then after enabling the USB NIC in iDRAC, you must manually enable DHCP client on the host operating system. For information to enable DHCP, see the documents for SUSE Linux Enterprise Server, CentOS, and Ubuntu operating systems.
Enabling or disabling OS to iDRAC Pass-through using web interface To enable OS to iDRAC Pass-through using Web interface: 1. Go to Overview → iDRAC Settings → Network → OS to iDRAC Pass-through. The OS to iDRAC Pass-through page is displayed. 2. Select any of the following options to enable OS to iDRAC pass-through: • • LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or NDC.
5. Click Back, click Finish, and then click Yes. The details are saved. Obtaining certificates The following table lists the types of certificates based on the login type. Table 12. Types of certificate based on login type Login Type Certificate Type How to Obtain Single Sign-on using Active Directory Trusted CA certificate Generate a CSR and get it signed from a Certificate Authority SHA-2 certificates are also supported.
For each iDRAC to be trusted by the management station, that iDRAC’s SSL certificate must be placed in the management station’s certificate store. Once the SSL certificate is installed on the management stations, supported browsers can access iDRAC without certificate warnings. You can also upload a custom signing certificate to sign the SSL certificate, rather than relying on the default signing certificate for this function.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Uploading server certificate After generating a CSR, you can upload the signed SSL server certificate to the iDRAC firmware. iDRAC must be reset to apply the certificate. iDRAC accepts only X509, Base 64 encoded Web server certificates. SHA-2 certificates are also supported. CAUTION: During reset, iDRAC is not available for a few minutes.
Uploading custom signing certificate You can upload a custom signing certificate to sign the SSL certificate. SHA-2 certificates are also supported. Uploading custom signing certificate using web interface To upload the custom signing certificate using iDRAC web interface: 1. Go to Overview → iDRAC Settings → Network → SSL. The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, select Upload Custom SSL Certificate Signing Certificate and click Next.
The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, select Delete Custom SSL Certificate Signing Certificate and click Next. 3. A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as required. After iDRAC resets, a new self-signed certificate is generated.
• Obtained using racadm get -f .xml -t xml command. • Obtained using racadm get -f .xml -t xml and then edited. For information about the get command, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. The configuration file is first parsed to verify that valid group and object names are present and the basic syntax rules are followed.
5 Viewing iDRAC and managed system information You can view iDRAC and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.
• Power Supply Units (PSUs) • Fans • Fibre Channel HBAs • USB • NVMe PCIe SSD devices The Firmware Inventory section displays the firmware version for the following components: • BIOS • Lifecycle Controller • iDRAC • OS driver pack • 32-bit diagnostics • System CPLD • PERC controllers • Batteries • Physical disks • Power supply • NIC • Fibre Channel • Backplane • Enclosure • PCIe SSDs NOTE: Software inventory displays only the last 4 bytes of the firmware version.
NOTE: If there is only one power supply in the system, the power supply redundancy is set to Disabled. • Removable Flash Media — Provides information about the Internal SD Modules; vFlash and Internal Dual SD Module (IDSDM). – When IDSDM redundancy is enabled, the following IDSDM sensor status is displayed — IDSDM Redundancy Status, IDSDM SD1, IDSDM SD2. When redundancy is disabled, only IDSDM SD1 is displayed.
Monitoring performance index of CPU, memory, and I/O modules In Dell’s 13th generation Dell PowerEdge servers, Intel ME supports Compute Usage Per Second (CUPS) functionality. The CUPS functionality provides real-time monitoring of CPU, memory, and I/O utilization and system-level utilization index for the system. Intel ME allows out-of-band (OOB) performance monitoring and does not consume CPU resources.
• System Performance section — Displays the current reading and the warning reading for CPU, Memory and I/O utilization index, and system level CUPS index in a graphical view. • System Performance Historical Data section: – Provides the statistics for CPU, memory, IO utilization, and the system level CUPS index. If the host system is powered off, then the graph displays the power off line below 0 percent. – You can reset the peak utilization for a particular sensor. Click Reset Historical Peak.
An event is generated if the system continues to operate above the normally supported temperature threshold for a specified operational time. If the average temperature over the specified operational time is greater than or equal to the warning level (> = 8%) or the critical level (> = 0.8%), an event is logged in the Lifecycle Log and the corresponding SNMP trap is generated.
NOTE: This feature is available with iDRAC Express and iDRAC Enterprise licenses. To view the OS information, make sure that: • You have Login privilege. • iDRAC Service Module is installed and running on the host operating system. • OS Information option is enabled in the Overview → Server → Service Module page. iDRAC can display the IPv4 and IPv6 addresses for all the interfaces configured on the Host OS.
specific MAC address for iDRACs in a chassis. The chassis–assigned MAC address is stored in CMC non–volatile memory and is sent to iDRAC during an iDRAC boot or when CMC FlexAddress is enabled. If CMC enables chassis–assigned MAC addresses, iDRAC displays the MAC address on any of the following pages: • Overview → Server → Properties Details → iDRAC Information. • Overview → Server → Properties WWN/MAC. • Overview → iDRAC Settings → Properties iDRAC Information → Current Network Settings.
6 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: • iDRAC Web Interface • Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only • IPMI Serial Over LAN • IPMI Over LAN • Remote RACADM • Local RACADM • Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
Related links Communicating with iDRAC through serial connection using DB9 cable Switching between RAC serial and serial console while using DB9 cable Communicating with iDRAC using IPMI SOL Communicating with iDRAC using IPMI over LAN Enabling or disabling remote RACADM Disabling local RACADM Enabling IPMI on managed system Configuring Linux for serial console during boot Supported SSH cryptography schemes Communicating with iDRAC through serial connection using DB9 cable You can use any of the following
Enabling RAC serial connection After configuring serial connection in BIOS, enable RAC serial in iDRAC. NOTE: This is applicable only for iDRAC on rack and tower servers. Enabling RAC serial connection using web interface To enable RAC serial connection: 1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → Serial. The Serial page is displayed. 2. Under RAC Serial, select Enabled and specify the values for the attributes. 3. Click Apply. The RAC serial settings are configured.
Parameter Allowed values (in bps) 9600, 19200, 57600, and 115200. 3. Enable the IPMI serial hardware flow control using the command. racadm set iDRAC.IPMISerial.FlowContro 1 4. Set the IPMI serial channel minimum privilege level using the command. racadm set iDRAC.IPMISerial.ChanPrivLimit Parameter = 2 = 3 = 4 5.
The key sequence directs you to the iDRAC Login prompt (if the iDRAC is set to RAC Serial mode) or to the Serial Connection mode where terminal commands can be issued if iDRAC is set to IPMI Serial Direct Connect Terminal Mode. Switching from RAC serial to serial console To switch to Serial Console Mode when in RAC Serial Interface Communication Mode, press Esc+Shift, Q. When in terminal mode, to switch the connection to the Serial Console mode, press Esc+Shift, Q.
NOTE: If the boot loader or operating system provides serial redirection such as GRUB or Linux, then the BIOS Redirection After Boot setting must be disabled. This is to avoid potential race condition of multiple components accessing the serial port. Configuring iDRAC to use SOL You can specify the SOL settings in iDRAC using Web interface, RACADM, or iDRAC Settings utility. Configuring iDRAC to use SOL using iDRAC web interface To configure IPMI Serial over LAN (SOL): 1.
Enabling supported protocol using web interface To enable SSH or Telnet, go to Overview → iDRAC Settings → Network → Services and select Enabled for SSH or Telnet, respectively. To enable IPMI, go to Overview → iDRAC Settings → Network and select Enable IPMI Over LAN. Make sure that the Encryption Key value is all zeroes or press the backspace key to clear and change the value to NULL characters. Enabling supported protocol using RACADM To enable the SSH or Telnet, use the following commands.
NOTE: Run OpenSSH from a VT100 or ANSI terminal emulator on Windows. Running OpenSSH at the Windows command prompt does not result in full functionality (that is, some keys do not respond and no graphics are displayed). Before using SSH or Telnet to communicate with iDRAC, make sure to: 1. Configure BIOS to enable Serial Console. 2. Configure SOL in iDRAC. 3. Enable SSH or Telnet using iDRAC Web interface or RACADM.
• connect • console com2 This connects iDRAC to the managed system’s SOL port. Once a SOL session is established, iDRAC command line console is not available. Follow the escape sequence correctly to open the iDRAC command line console. The escape sequence is also printed on the screen as soon as a SOL session is connected. When the managed system is off, it takes sometime to establish the SOL session. NOTE: You can use console com1 or console com2 to start SOL.
• To quit a SOL session from Telnet on Linux, press and hold Ctrl+]. A Telnet prompt is displayed. Type quit to exit Telnet. If a SOL session is not terminated completely in the utility, other SOL sessions may not be available. To resolve this, terminate the command line console in the Web interface under Overview → iDRAC Settings → Sessions.
NOTE: The iDRAC IPMI supports the RMCP+ protocol. For more information, see the IPMI 2.0 specifications at intel.com. Enabling or disabling remote RACADM You can enable or disable remote RACADM using the iDRAC Web interface or RACADM. You can run up to five remote RACADM sessions in parallel. NOTE: Remote RACADM is enabled by default. Enabling or disabling remote RACADM using web interface 1. In iDRAC Web interface, go to Overview → iDRAC Settings → Network → Services. 2.
# NOTICE: You do not have a /boot partition. This means that all # kernel and initrd paths are relative to /, e.g. # root (hd0,0) # kernel /boot/vmlinuz-version ro root=/dev/sdal # initrd /boot/initrd-version.img #boot=/dev/sda default=0 timeout=10 #splashimage=(hd0,2)/grub/splash.xpm.gz serial --unit=1 --speed=57600 terminal --timeout=10 serial title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.
#This does, of course, assume you have power installed and your #UPS is connected and working correctly. pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" #If power was restored before the shutdown kicked in, cancel it.
Scheme Type Algorithms ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha1 Encryption chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com MAC hmac-sha1 hmac-ripemd160 umac-64@openssh.com Compression None NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell recommends not enabling DSA public key support.
where: • -t is rsa. • –b specifies the bit encryption size between 2048 and 4096. • –C allows modifying the public key comment and is optional. NOTE: The options are case-sensitive. Follow the instructions. After the command executes, upload the public file. CAUTION: Keys generated from the Linux management station using ssh-keygen are in non-4716 format. Convert the keys into the 4716 format using ssh-keygen -e -f /root/.ssh/id_rsa.pub > std_rsa.pub. Do not change the permissions of the key file.
The Users page is displayed. 2. In the User ID column, click a user ID number. The Users Main Menu page is displayed. 3. Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next. The View/Remove SSH Key(s) page is displayed with the key details.
7 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. This default user name is root and the password is calvin. As an administrator, you can setup user accounts to allow other users to access iDRAC.
Table 18. Recommended characters while accessing network shares Characters Length 0-9 A-Z a-z -*/:?@\_| User name: 1-16 Password: 1-20 Configuring local users You can configure up to 16 local users in iDRAC with specific access permissions. Before you create an iDRAC user, verify if any current users exist. You can set user names, passwords, and roles with the privileges for these users.
NOTE: You can also use racadm get -f and view or edit the myfile.cfg file, which includes all iDRAC configuration parameters. To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the RACADM Command Line Interface Guide available at dell.com/idracmanuals. If you use the configuration XML file, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol attributes to enable SNMPv3 authentication.
Table 19. iDRAC roles Current Generation Prior Generation Privileges Administrator Administrator Login, Configure, Configure Users, Logs, System Control, Access Virtual Console, Access Virtual Media, System Operations, Debug Operator Power User Login, Configure, System Control, Access Virtual Console, Access Virtual Media, System Operations, Debug Read Only Guest User Login None None None Table 20.
If you are using Microsoft Enterprise Root CA to automatically assign all your domain controllers to an SSL certificate, you must: 1. Install the SSL certificate on each domain controller. 2. Export the Domain Controller Root CA Certificate to iDRAC. 3. Import iDRAC Firmware SSL Certificate.
racadm sslcertdownload -t 0x1 -f 2. On the domain controller, open an MMC Console window and select Certificates → Trusted Root Certification Authorities. 3. Right-click Certificates, select All Tasks and click Import. 4. Click Next and browse to the SSL certificate file. 5. Install iDRAC SSL Certificate in each domain controller’s Trusted Root Certification Authority.
Role Groups Default Privilege Level Permissions Granted Bit Mask Commands, Access Virtual Console, Access Virtual Media, Test Alerts, Execute Diagnostic Commands Role Group 2 None Log in to iDRAC, Configure 0x000000f9 iDRAC, Execute Server Control Commands, Access Virtual Console, Access Virtual Media, Test Alerts, Execute Diagnostic Commands Role Group 3 None Log in to iDRAC 0x00000001 Role Group 4 None No assigned permissions 0x00000000 Role Group 5 None No assigned permissions 0x0000000
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog FQDN. Make sure that DNS is configured correctly under Overview → iDRAC Settings → Network. 7. Click Next. The Active Directory Configuration and Management Step 3 of 4 page is displayed. 8. Select Standard Schema and click Next. The Active Directory Configuration and Management Step 4a of 4 page is displayed. 9.
3. If DHCP is disabled on iDRAC or you want manually enter the DNS IP address, enter the following RACADM command: racadm set iDRAC.IPv4.DNSFromDHCP 0 racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 4. If you want to configure a list of user domains so that you only need to enter the user name when logging in to the web interface, use the following command: racadm set iDRAC.UserDomain..
can perform authentication and authorization with Active Directory. Additionally, the administrator must add iDRAC to at least one association object for users to authenticate. The following figure shows that the association object provides the connection that is needed for the authentication and authorization. Figure 2. Typical setup for active directory objects You can create as many or as few association objects as required.
The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both iDRAC1 and iDRAC2.
5. Click Finish. The schema is extended. To verify the schema extension, use the MMC and the Active Directory Schema Snap-in to verify that the classes and attributes classes and attributes exist. See the Microsoft documentation for details about using the MMC and the Active Directory Schema Snap-in. Classes and attributes Table 22. Class definitions for classes added to the active directory schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.
OID 1.2.840.113556.1.8000.1280.1.1.1.3 dellIsDebugCommandAdmin Table 26. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 27. dellProduct class OID 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived.
Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsVirtualMediaUser TRUE if the user has Virtual Media rights on the device. 1.2.840.113556.1.8000.1280.1.1.2.9 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) TRUE dellIsTestAlertUser TRUE if the user has Test Alert User rights on the device. 1.2.840.113556.1.8000.1280.1.1.2.10 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) TRUE dellIsDebugCommandAdmin 1.2.840.113556.1.8000.1280.1.1.2.
Creating iDRAC device object To create iDRAC device object: 1. In the MMC Console Root window, right-click a container. 2. Select New → Dell Remote Management Object Advanced. The New Object window is displayed. 3. Enter a name for the new object. The name must be identical to iDRAC name that you enter while configuring Active Directory properties using iDRAC Web interface. 4. Select iDRAC Device Object and click OK.
Adding users or user groups To add users or user groups: 1. Right-click the Association Object and select Properties. 2. Select the Users tab and click Add. 3. Enter the user or user group name and click OK. Adding privileges To add privileges: Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC device. Only one privilege object can be added to an Association Object. 1.
Configuring Active Directory with Extended schema using RACADM To configure Active Directory with Extended Schema using the RACADM: 1. Use the following commands: racadm set iDRAC.ActiveDirectory.Enable 1 racadm set iDRAC.ActiveDirectory.Schema 2 racadm set iDRAC.ActiveDirectory.RacName racadm set iDRAC.ActiveDirectory.RacDomain racadm set iDRAC.ActiveDirectory.
3. Enter a test user's name (for example, username@domain.com) and password and click Start Test. A detailed test results and the test log displays. If there is a failure in any step, examine the details in the test log to identify the problem and a possible solution. NOTE: When testing Active Directory settings with Enable Certificate Validation checked, iDRAC requires that the Active Directory server be identified by the FQDN and not an IP address.
NOTE: If you are using Novell eDirectory and if you have used these characters—#(hash), "(double quotes), ;(semi colon), > (greater than), , (comma), or <(lesser than)—for the Group DN name, they must be escaped. The role group settings are saved. The Generic LDAP Configuration and Management Step 3a of 3 page displays the role group settings. 9. If you want to configure additional role groups, repeat steps 7 and 8. 10. Click Finish. The generic LDAP directory service is configured.
8 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
5. Verify that network DNS configuration matches with the Active Directory DNS information. For more information about the options, see the iDRAC Online Help. Generating Kerberos keytab file To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized service on a Windows Kerberos network.
Related links Prerequisites for Active Directory Single Sign-On or smart card login Configuring Active Directory with Standard schema using iDRAC web interface Configuring Active Directory with Standard schema using RACADM Configuring Active Directory with Extended schema using iDRAC web interface Configuring Active Directory with Extended schema using RACADM Configuring iDRAC SSO login for Active Directory users using web interface To configure iDRAC for Active Directory SSO login: NOTE: For information a
Uploading smart card user certificate using RACADM To upload smart card user certificate, use the usercertupload object. For more information, see the iDRACRACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Uploading trusted CA certificate for smart card Before you upload the CA certificate, make sure that you have a CA-signed certificate.
NOTE: If smart card login is enabled, then SSH, Telnet, IPMI Over LAN, Serial Over LAN, and remote RACADM are disabled. Again, if you disable smart card login, the interfaces are not enabled automatically. Related links Obtaining certificates Configuring iDRAC smart card login for Active Directory users Configuring iDRAC smart card login for local users Enabling or disabling smart card login using web interface To enable or disable the Smart Card logon feature: 1.
9 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
Enabling or disabling alerts using RACADM Use the following command: racadm set iDRAC.IPMILan.AlertEnable n=0 — Disabled n=1 — Enabled Enabling or disabling alerts using iDRAC settings utility To enable or disable generating alerts or event actions: 1. In the iDRAC Settings utility, go to Alerts. The iDRAC Settings Alerts page is displayed. 2. Under Platform Events, select Enabled to enable alert generation or event action. Else, select Disabled.
Setting event alerts You can set event alerts such as e-mail alerts, IPMI alerts, SNMP traps, remote system logs, operating system logs, and WS events to be sent to configured destinations. Related links Enabling or disabling alerts Configuring email alert, SNMP trap, or IPMI trap settings Filtering alerts Configuring remote system logging Configuring WS Eventing Configuring Redfish Eventing Setting event alerts using web interface To set an event alert using the web interface: 1.
The Alert Recurrence page is displayed. 2. In the Recurrence column, enter the alert frequency value for the required category, alert, and severity type(s). For more information, see the iDRAC Online help. 3. Click Apply. The alert recurrence settings are saved. Setting alert recurrence events using RACADM To set the alert recurrence event using RACADM, use the eventfilters command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Configuring IP alert destinations You can configure the IPv6 or IPv4 addresses to receive the IPMI alerts or SNMP traps. For information about the iDRAC MIBs required to monitor the servers using SNMP, see the SNMP Reference Guide available at dell.com/support/manuals. Configuring IP alert destinations using web interface To configure alert destination settings using Web interface: 1. Go to Overview → Server → Alerts → SNMP and E-mail Settings. 2.
5. • Set the SNMP trap destination for SNMPv3: racadm set idrac.SNMP.Alert..DestAddr • Set SNMPv3 users for trap destinations: racadm set idrac.SNMP.Alert..SNMPv3Username • Enable SNMPv3 for a user: racadm set idrac.users..SNMPv3Enable Enabled To test the trap, if required: racadm testtrap -i For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Parameter index email-address 3. Description Email destination index. Allowed values are 1 through 4. Destination email address that receives the platform event alerts. To configure a custom message: racadm set iDRAC.EmailAlert.CustomMsg.[index] [custom-message] Parameter index custom-message 4. Description Email destination index. Allowed values are 1 through 4.
Monitoring chassis events On the PowerEdge FX2/FX2s chassis, you can enable the Chassis Management and Monitoring setting in iDRAC to perform chassis management and monitoring tasks such as monitoring chassis components, configuring alerts, using iDRAC RACADM to pass CMC RACADM commands, and updating the chassis management firmware. This setting allows you to manage the servers in the chassis even if the CMC is not on the network. You can set the value to Disabled to forward the chassis events.
Message ID Description CPU Processor CPUA Proc Absent CTL Storage Contr DH Cert Mgmt DIS Auto-Discovery ENC Storage Enclosr FAN Fan Event FSD Debug HWC Hardware Config IPA DRAC IP Change ITR Intrusion JCP Job Control LC Lifecycle Controller LIC Licensing LNK Link Status LOG Log event MEM Memory NDR NIC OS Driver NIC NIC Config OSD OS Deployment OSE OS Event PCI PCI Device PDR Physical Disk PR Part Exchange PST BIOS POST PSU Power Supply PSUA PSU Absent
Message ID Description STOR Storage SUP FW Update Job SWC Software Config SWU Software Change SYS System Info TMP Temperature TST Test Alert UEFI UEFI Event USR User Tracking VDR Virtual Disk VF vFlash SD card VFL vFlash Event VFLA vFlash Absent VLT Voltage VME Virtual Media VRM Virtual Console WRK Work Note 153
10 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WS-MAN interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utility, go to System Event Log. The iDRAC Settings.System Event Log displays the Total Number of Records. 2. To clear the records, select Yes. Else, select No. 3. To view the system events, click Display System Event Log. 4. Click Back, click Finish, and then click Yes.
To filter the lifecycle logs: 1. 2. In the Lifecycle Log page, under the Log Filter section, do any or all of the following: • Select the Log Type from the drop-down list. • Select the severity level from the Severity drop-down list. • Enter a keyword. • Specify the date range. Click Apply. The filtered log entries are displayed in Log Results. Adding comments to Lifecycle logs To add comments to the Lifecycle logs: 1. In the Lifecycle Log page, click the + icon for the required log entry.
NOTE: You cannot delete a work note. To add a work note: 1. In the iDRAC Web interface, go to Overview → Server → Properties → Summary. The System Summary page is displayed. 2. Under Work Notes, enter the text in the blank text box. NOTE: It is recommended not to use too many special characters. 3. Click Add. The work note is added to the log. For more information, see the iDRAC Online Help. Configuring remote system logging You can send lifecycle logs to a remote system.
11 Monitoring and managing power You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: • Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
Setting warning threshold for power consumption You can set the warning threshold value for the power consumption sensor in the rack and tower systems. The warning/critical power threshold for rack and tower systems may change on system power cycle based on PSU capacity and redundancy policy. However, the warning threshold must not exceed the critical threshold even if Power Supply Unit capacity of the redundancy policy is changed.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Power capping You can view the power threshold limits that covers the range of AC and DC power consumption that a system under heavy workload presents to the datacenter. This is a licensed feature. Power capping in Blade servers Before a blade server in a PowerEdge M1000e or PowerEdge VRTX chassis powers up, iDRAC provides CMC with its power requirements.
Configuring power cap policy using RACADM To view and configure the current power cap values, use the following objects with the set command: • System.Power.Cap.Enable • System.Power.Cap.Watts • System.Power.Cap.Btuhr • System.Power.Cap.Percent For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Configuring power cap policy using iDRAC settings utility To view and configure power policies: 1.
• System.Power.RedundancyPolicy • System.Power.Hotspare.Enable • System.Power.Hotspare.PrimaryPSU • System.Power.PFC.Enable For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Configuring power supply options using iDRAC settings utility To configure the power supply options: 1. In iDRAC Settings utility, go to Power Configuration.
12 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: • Network Interface Cards (NICs) • Converged Network Adapters (CNAs) • LAN On Motherboards (LOMs) • Network Daughter Cards (NDCs) • Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and p
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Additional properties may be displayed when using RACADM or WS-MAN in addition to the properties displayed in the iDRAC web interface. Inventorying and monitoring FC HBA devices You can remotely monitor the health and view the inventory of the Fibre Channel Host Bus Adapters (FC HBA) devices in the managed system. The Emulex and QLogic FC HBAs are supported.
The values configured for virtual addresses, initiator and storage targets may change based on the way the main power is handled during system reset and whether the NIC, CNA, or FC HBA device has auxiliary power. The persistence of IO identity settings can be achieved based on the policy setting made using iDRAC. Only if the I/O identity feature is enabled, the persistence policies take effect. Each time the system resets or powers on, the values are persisted or cleared based on the policy settings.
Manufacturer Type Emulex • • QLE2660 PCIe FC16 QLE2662 PCIe FC16 • • • • • • • • • • • • • • • • • • • LPM16002 Mezz FC16 LPe16000 PCIe FC16 LPe16002 PCIe FC16 LPM16002 Mezz FC16 LPM15002 LPe15000 LPe15002 OCm14104B-UX-D OCm14102B-U4-D OCm14102B-U5-D OCe14102B-UX-D OCm14104B-UX-D OCm14102B-U4-D OCm14102B-U5-D OCe14102B-UX-D OCm14104-UX-D rNDC 10Gb OCm14102-U2-D bNDC 10Gb OCm14102-U3-D Mezz 10Gb OCe14102-UX-D PCIe 10Gb Supported NIC firmware versions for I/O Identity Optimization In 13th generation De
Flex Address Feature State in CMC Mode set in iDRAC IO Identity Feature XML Configuration Persistence Policy State in iDRAC Clear Persistence Policy — Virtual Address Flex Address disabled Flex Address Mode Enabled VAM configured Configured VAM persists Persistence only — clear is not possible Flex Address disabled Flex Address Mode Enabled VAM not configured Set to hardware MAC address No persistence supported.
Server with VAM Persistence Policy Feature FlexAddress Feature State in CMC IO Identity Feature Availability of State in iDRAC Remote Agent VA for the Reboot Cycle VA Programming Source Reboot Cycle VA Persistence Behavior Enabled Disabled FlexAddress from CMC Per FlexAddress spec Enabled Enabled Yes — New or Persisted Remote Agent Virtual Address Per Remote Agent Policy Setting No FlexAddress from CMC Per FlexAddress spec Yes — New or Persisted Remote Agent Virtual Address Per Remote Age
Configuring persistence policy settings Using IO identity, you can configure policies specifying the system reset and power cycle behaviors that determine the persistence or clearance of the virtual address, initiator, and storage target settings. Each individual persistence policy attribute applies to all ports and partitions of all applicable devices in the system. The device behavior changes between auxiliary powered devices and non-auxiliary powered devices.
Configuring persistence policy settings using iDRAC web interface To configure the persistence policy: 1. In the iDRAC Web interface, go to Overview → Hardware → Network Devices. The Network Devices page is displayed. 2. Click I/O Identity Optimization tab. 3. In the Persistence Policy section, select one or more of the following for each persistence policy: 4. • A/C Power Loss - The virtual address or target settings persist when AC power loss conditions occur.
Table 33. Iscsi storage target attributes — default values iSCSI Storage Target Attributes Default Values in IPv4 mode Default Values in IPv6 mode ConnectFirstTgt Disabled Disabled FirstTgtIpAddress 0.0.0.0 :: FirstTgtTcpPort 3260 3260 FirstTgtBootLun 0 0 FirstTgtIscsiName Value Cleared Value Cleared FirstTgtChapId Value Cleared Value Cleared FirstTgtChapPwd Value Cleared Value Cleared FirstTgtIpVer Ipv4 ConnectSecondTgt Disabled Disabled SecondTgtIpAddress 0.0.0.
13 Managing storage devices Beginning with iDRAC 2.00.00.00 release, iDRAC expands its agent-free management to include direct configuration of the new PERC9 controllers. It enables you to remotely configure the storage components attached to your system at run-time. These components include RAID and non-RAID controllers and the channels, ports, enclosures, and disks attached to them.
PERC Capability CEM configuration Capable Controller (PERC 9.1 or later) CEM configuration Non-capable Controller (PERC 9.0 and lower) If there are pending or scheduled jobs for and you cannot create real-time jobs using that controller, then the jobs have to be Web interface. cleared or you must wait for the jobs to be completed before applying the configuration at run-time. Run-time or real-time means, a reboot is not required.
in the configuration of RAID volumes. For example, you can mirror a pair of hardware RAID 5 volumes across two RAID controllers to provide RAID controller redundancy. RAID concepts RAID uses particular techniques for writing data to disks. These techniques enable RAID to provide data redundancy or better performance. These techniques include: • Mirroring — Duplicating data from one physical disk to another physical disk.
from these volumes for creation of new virtual disks or Online Capacity Expansion (OCE) of existing virtual disks, provided free space is available. Choosing RAID levels You can use RAID to control data storage on multiple disks. Each RAID level or concatenation has different performance and data protection characteristics. NOTE: The H3xx PERC controllers do not support RAID levels 6 and 60.
RAID 1 characteristics: • Groups n + n disks as one virtual disk with the capacity of n disks. The controllers currently supported by Storage Management allow the selection of two disks when creating a RAID 1. Because these disks are mirrored, the total storage capacity is equal to one disk. • Data is replicated on both the disks. • When a disk fails, the virtual disk still works. The data is read from the mirror of the failed disk. • Better read performance, but slightly slower write performance.
RAID 5 characteristics: • Groups n disks as one large virtual disk with a capacity of (n-1) disks. • Redundant information (parity) is alternately stored on all disks. • When a disk fails, the virtual disk still works, but it is operating in a degraded state. The data is reconstructed from the surviving disks. • Better read performance, but slower write performance. • Redundancy for protection of data.
RAID 50 characteristics: • Groups n*s disks as one large virtual disk with a capacity of s*(n-1) disks, where s is the number of spans and n is the number of disks within each span. • Redundant information (parity) is alternately stored on all disks of each RAID 5 span. • Better read performance, but slower write performance. • Requires as much parity information as standard RAID 5. • Data is striped across all spans. RAID 50 is more expensive in terms of disk space.
RAID 60 characteristics: • Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. • Redundant information (parity) is alternately stored on all disks of each RAID 6 span. • Better read performance, but slower write performance. • Increased redundancy provides greater data protection than a RAID 50. • Requires proportionally as much parity information as RAID 6.
RAID 10 characteristics: • Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. • Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. • When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. • Improved read performance and write performance. • Redundancy for protection of data.
RAID Level Data Availability Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses RAID 10 Excellent Very Good Fair Good 2N x X Data intensive environments (large records). RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential Fair, unless using Poor reads: good. writeback cache Transactional reads: Very good N + 2 (N = at least two disks) Critical information.
Supported non-RAID controllers The iDRAC interface supports 12 Gbps SAS HBA external controller, HBA330 internal controller, and supports SATA drives only for HBA330 internal controller. Supported enclosures iDRAC supports MD1200, MD1220, MD1400, and MD1420 enclosures. NOTE: Redundant Array of Inexpensive Disks (RBODS) that are connected to HBA controllers are not supported.
Feature Name PERC 9 Controllers PERC 8 Controllers PCIe SSD H830 H730 P H730 H330 FD33x S FD33x D H810 H710P H710 H310 Delete virtual disks Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Set Patrol Read Mode Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Patrol Read Unconfigured Areas Realtime (only in web interf ace) Realtime (only in web interf ace) Realtime (only i
Feature Name PERC 9 Controllers PERC 8 Controllers PCIe SSD H830 H730 P H730 H330 FD33x S FD33x D H810 H710P H710 H310 Reset controller configuration Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Create or change security keys Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Inventory and remotely monitor the health of PCIe SSD devices Not Not applic applic able able No
• Go to Overview → Storage → Summary to view the summary of the storage components and the recently logged events. This page is automatically refreshed every 30 seconds. • Go to Overview → Storage → Topology to view the hierarchical physical containment view of the key storage components. • Go to Overview → Storage → Physical Disks → Properties to view physical disk information. The Physical Disks Properties page is displayed.
NOTE: From iDRAC v2.30.30.30 or later, you can add global hot spares when virtual disks are not created. You can change the hot spare assignment by unassigning a disk and choosing another disk as needed. You can also assign more than one physical disk as a global hot spare. Global hot spares must be assigned and unassigned manually. They are not assigned to specific virtual disks.
• Using iDRAC interfaces such as iDRAC web interface, RACADM, or WS-MAN. • Pressing Ctrl+R while restarting the server and selecting the required controller. NOTE: Converting the mode is not supported on PERC hardware controllers running in HBA mode. NOTE: Converting to non-RAID mode for PERC 8 controllers is supported only for PERC H310 and H330 controllers.
Related links Creating virtual disks Editing virtual disk cache policies Deleting virtual disks Checking virtual disk consistency Initializing virtual disks Encrypting virtual disks Assigning or unassigning dedicated hot spares Managing virtual disks using web interface Managing virtual disks using RACADM Creating virtual disks To implement RAID functions, you must create a virtual disk. A virtual disk refers to storage created by a RAID controller from one or more physical disks.
Creating virtual disks using web interface To create virtual disk: 1. In the iDRAC Web interface, go to Overview → Storage → Virtual Disks → Create. The Create Virtual Disk page is displayed. 2. In the Settings section, do the following: a. Enter the name for the virtual disk. b. From the Controller drop-down menu, select the controller for which you want to create the virtual disk. c. From the Layout drop-down menu, select the RAID level for the Virtual Disk.
• • Write Back — The controller sends a write-request completion signal as soon as the data is in the controller cache but has not yet been written to disk. Write back caching may provide improved performance since subsequent read requests can retrieve data quickly from the cache then from the disk. However, data loss may occur in the event of a system failure which prevents that data from being written on a disk.
information on the physical disks is not erased, although future write operations overwrite any information that remains on the physical disks. Fast initialization only deletes the boot sector and stripe information. Perform a fast initialize only if you are constrained for time or the hard drives are new or unused. Fast Initialization takes less time to complete (usually 30-60 seconds). CAUTION: Performing a fast initialize causes existing data to be inaccessible.
Managing virtual disks using web interface 1. In the iDRAC web interface, go to Overview → Storage → Virtual Disks → Manage. The Manage Virtual Disks page is displayed. 2. From the Controller drop-down menu, select the controller for which you want to manage the virtual disks. 3. For one or more Virtual Disks, from each Action drop-down menu, select an action. You can specify more than one action for a virtual drive. When you select an action, an additional Action drop-down menu is displayed.
Managing virtual disks using RACADM Use the following commands to manage virtual disks: • To delete virtual disk: racadm storage deletevd: • To initialize virtual disk: racadm storage init: -speed {fast|full} • To check consistency of virtual disks (not supported on RAID0): racadm storage ccheck: To cancel the consistency check: racadm storage cancelcheck: • To encrypt virtual disks: racadm storage encryptvd: • To assign or unassign dedicated hot
• Check consistency rate • Rebuild rate • BGI rate • Reconstruct rate • Enhanced auto import foreign configuration • Create or change security keys You must have Login and Server Control privilege to configure the controller properties. Patrol read mode considerations Patrol read identifies disk errors to avoid disk failures, data loss, or corruption.
The check consistency rate, configurable between 0% and 100%, represents the percentage of the system resources dedicated to running the check consistency task. At 0%, the check consistency has the lowest priority for the controller, takes the most time to complete, and is the setting with the least impact to system performance. A check consistency rate of 0% does not mean that the check consistency is stopped or paused. At 100%, the check consistency is the highest priority for the controller.
• To create, modify, or delete security key to encrypt virtual drives: racadm storage createsecuritykey: -key -passwd racadm storage modifysecuritykey: -key -oldpasswd -newpasswd racadm storage deletesecuritykey: Importing or auto importing foreign configuration A foreign configuration is data residing on physical disks that have been moved from one controller to another.
Importing foreign configuration using web interface To import foreign configuration: 1. In the iDRAC Web interface, go to Overview → Storage → Controllers → Setup. The Setup Controllers page is displayed. 2. In the Foreign Configuration section, from the Controller drop-down menu, select the controller that you want to configure. 3. From the Apply Operation Mode drop-down menu, select when you want to import. 4. Click Import Foreign Configuration.
NOTE: Resetting the controller configuration does not remove a foreign configuration. To remove a foreign configuration, perform clear configuration operation. Resetting controller configuration using web interface To reset the controller configuration: 1. In the iDRAC Web interface, go to Overview → Storage → Controllers → Troubleshooting. The Controllers Troubleshooting page is displayed. 2. From the Actions drop-down menu, select Reset Configuration for one or more controllers. 3.
• Server Configuration Profile feature allows you to configure multiple RAID operations along with setting the controller mode. For example, if the PERC controller is in HBA mode, you can edit the export xml to change the controller mode to RAID, convert drives to ready and create a virtual disk. • While changing the mode from RAID to HBA, the RAIDaction pseudo attribute is set to update (default behavior). The attribute runs and creates a virtual disk which fails.
Related links Inventorying and monitoring storage devices Viewing system inventory Updating device firmware Monitoring predictive failure analysis on drives Blinking or unblinking component LEDs Monitoring predictive failure analysis on drives Storage management supports Self Monitoring Analysis and Reporting Technology (SMART) on physical disks that are SMARTenabled. SMART performs predictive failure analysis on each disk and sends alerts if a disk failure is predicted.
Managing PCIe SSDs Peripheral Component Interconnect Express (PCIe) solid-state device (SSD) is a high-performance storage device designed for solutions requiring low latency, high Input Output Operations per Second (IOPS), and enterprise class storage reliability and serviceability. The PCIe SSD is designed based on Single Level Cell (SLC) and Multi-Level Cell (MLC) NAND flash technology with a high-speed PCIe 2.0 or PCIe 3.0 compliant interface. iDRAC 2.20.20.
Inventorying and monitoring PCIe SSDs using RACADM Use the racadm storage get controllers: command to inventory and monitor PCIe SSDs. To view all PCIe SSD drives: racadm storage get pdisks To view PCIe extender cards: racadm storage get controllers To view PCIe SSD backplane information: racadm storage get enclosures NOTE: For all the mentioned commands, PERC devices are also displayed. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.
NOTE: For PCIe SSD devices, only the Apply Now option is available. This operation is not supported in staged mode. 5. Click Apply. If the job is not created, a message indicating that the job creation was not successful is displayed. Also, the message ID and the recommended response action is displayed. If the job is created successfully, a message indicating that the job ID is created for the selected controller is displayed. Click Job Queue to view the progress of the job in the Job Queue page.
– Start Time and End Time — Click the calendar icons and select the days. From the drop-down menus, select the time. The action is applied between the start time and end time. – From the drop-down menu, select the type of reboot: * No Reboot (Manually Reboot System) * Graceful Shutdown * Force Shutdown * Power Cycle System (cold boot) NOTE: For PERC 8 or earlier controllers, Graceful Shutdown is the default option. For PERC 9 controllers, No Reboot (Manually Reboot System) is the default option. 5.
• Unified mode —This is the default mode. The primary PERC controller has access to all the drives connected to the backplane even if a second PERC controller is installed. • Split mode — One controller has access to the first 12 drives and the second controller has access to the last 12 drives. The drives connected to the first controller are numbered 0-11 while the drives connected to the second controller are numbered 12-23.
5. Go to the Job Queue page and verify that it displays the status as Completed for the job. 6. Power cycle the system for the setting to take effect. Configuring enclosure using RACADM To configure the enclosure or backplane, use the set command with the objects in BackplaneMode. For example, to set the BackplaneMode attribute to split mode: 1. Run the following command to view the current backplane mode: racadm get storage.enclosure.1.
12. Run the following command and verify that only 0–11 drives are displayed: racadm storage get pdisks For more information about the RACADM commands, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Viewing universal slots Some 13th generation PowerEdge server backplanes supports both SAS/SATA and PCIe SSD drives in the same slot. These slots are called universal slots and are wired to the primary storage controller (PERC) and a PCIe extender card.
• As a pending operation to be applied as a batch as part of a single job. Choosing operation mode using web interface To select the operation mode to apply the settings: 1. 2. You can select the operation mode on when you are on any of the following pages: • Overview → Storage → Physical Disks → Setup.
Configuration jobs are created only on controller. In case of PCIe SSD, job is created on PCIe SSD disk and not on the PCIe Extender. Viewing, applying, or deleting pending operations using web interface 1. In the iDRAC web interface, go to Overview → Storage → Pending Operations. 2. From the Component drop-down menu, select the controller for which you want to view, commit, or delete the pending operations. The Pending Operations page is displayed.
Storage devices — apply operation scenarios Case 1: selected an apply operation (apply now, at next reboot, or at scheduled time) and there are no existing pending operations If you have selected Apply Now, At Next Reboot, or At Scheduled Time and then clicked Apply, first the pending operation is created for the selected storage configuration operation. • If the pending operation is successful and there are no prior existing pending operations, then the job is created.
– Click OK to remain on the page to perform more storage configuration operations. – Click Pending Operations to view the pending operations for the device. • If the pending operation is not created successfully and if there are existing pending operations, then an error message is displayed. – Click OK to remain on the page to perform more storage configuration operations. – Click Pending Operations to view the pending operations for the device.
Blinking or unblinking component LEDs using RACADM To blink or unblink component LEDs, use the following commands: racadm storage blink: racadm storage unblink: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
14 Configuring and using virtual console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: • A maximum of six simultaneous Virtual Console sessions are supported. All the sessions view the same managed server console simultaneously.
Configuring virtual console Before configuring the Virtual Console, make sure that the management station is configured. You can configure the virtual console using iDRAC Web interface or RACADM command line interface. Related links Configuring web browsers to use virtual console Launching virtual console Configuring virtual console using web interface To configure Virtual Console using iDRAC Web interface: 1. Go to Overview → Server → Virtual Console. The Virtual Console page is displayed. 2.
Related links Launching virtual console using a URL Configuring Internet Explorer to use HTML5-based plug-in Configuring the web browser to use Java plug-in Configuring IE to use ActiveX plug-in Launching virtual console using web interface Disabling warning messages while launching virtual console or virtual media using Java or ActiveX plug-in Synchronizing mouse pointers Launching virtual console using web interface You can launch the virtual console in the following ways: • Go to Overview → Server → Vi
NOTE: The Virtual Media viewer is launched if Virtual Console is disabled. 3. From the Tools menu, click Session Options and then Certificate tab. 4. Click Browse Path, specify the location to store the user’s certificate, click Apply, click OK, and exit from the viewer. 5. Launch Virtual Console again. 6. In the certificate warning message, select the Always trust this certificate option, and then click Continue. 7. Exit from the viewer. 8.
The Pass all keystrokes to server option is not supported on HTML5 virtual console. Use keyboard and keyboard macros for all the functional keys. • Console control — This has the following configuration options: – Keyboard – Keyboard Macros – Aspect Ratio – Touch Mode – Mouse Acceleration • Keyboard — This keyboard uses open source code. The difference from physical keyboard is that the number keys are switched to special character when you the Caps Lock key is enabled.
• Virtual Media — Click Connect Virtual Media option to start the virtual media session. The virtual media menu displays the Browse option to browse and map the ISO and IMG files. NOTE: You cannot map physical media such USB-based drives, CD, or DVD by using the HTML5 based virtual console. Supported Browsers The HTML5 virtual console is supported on the following browsers: • Internet Explorer 11 • Chrome 36 • Firefox 30 • Safari 7.
• Plug-in type (Java or ActiveX) based on which Virtual Console session is launched. For the Java client, the native library must be loaded for Pass all keystrokes to server and Single Cursor mode to function. If the native libraries are not loaded, the Pass all keystrokes to server and Single Cursor options are deselected. If you attempt to select either of these options, an error message is displayed indicating that the selected options are not supported.
• When Pass All Keys is disabled, the behavior depends on the key combinations pressed and the special combinations interpreted by the operating system on the management station. Java based virtual console session running on Linux operating system The behavior mentioned for Windows operating system is also applicable for Linux operating system with the following exceptions: • When Pass all keystrokes to server is enabled, is passed to the operating system on the managed system.
ActiveX based virtual console session running on Windows operating system The behavior of the pass all keystrokes to server feature in ActiveX based Virtual Console session running on Windows operating system is similar to the behavior explained for Java based Virtual Console session running on the Windows management station with the following exceptions: • When Pass All Keys is disabled, pressing F1 launches the application Help on both management station and managed system, and the following message is d
15 Managing virtual media Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: • Remotely access media connected to a remote system over the network • Install applications • Update drivers • Install an operating system on the managed system This is a licensed feature for rack and tower servers.
Table 36. Supported drives and devices Drive Virtual Optical Drives Virtual floppy drives USB flash drives Supported Storage Media • • • • • Legacy 1.44 floppy drive with a 1.
Table 37. Attached media state and system response Attached Media State System Response Detach Cannot map an image to the system. Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed. Server settings for viewing virtual devices in virtual media You must configure the following settings in the management station to allow visibility of empty drives.
• • Virtual Media is in Attach state. System is configured to unhide empty drives. To do this, in Windows Explorer, navigate to Folder Options, clear the Hide empty drives in the Computer folder option, and click OK. To launch Virtual Media when Virtual Console is disabled: 1. In the iDRAC web Interface, go to Overview → Server → Virtual Console. The Virtual Console page is displayed. 2. Click Launch Virtual Console. The following message is displayed: Virtual Console has been disabled.
If the Virtual Media is launched without using the Virtual Console, then the Virtual Media section is displayed as a dialog box. It provides information about the mapped devices. Resetting USB To reset the USB device: 1. In the Virtual Console viewer, click Tools → Stats. The Stats window is displayed. 2. Under Virtual Media, click USB Reset.
NOTE: The ISO and IMG files map as read-only files if you map these files by using the HTML5 virtual console. 5. Click Map Device to map the device to the host server. After the device/file is mapped, the name of its Virtual Media menu item changes to indicate the device name. For example, if the CD/DVD device is mapped to an image file named foo.iso, then the CD/DVD menu item on the Virtual Media menu is named foo.iso mapped to CD/DVD. A check mark for that menu item indicates that it is mapped.
The managed system attempts to boot from a bootable device based on the boot order. If the virtual device is connected and a bootable media is present, the system boots to the virtual device. Otherwise, the system overlooks the device—similar to a physical device without bootable media. Enabling boot once for virtual media You can change the boot order only once when you boot after attaching remote Virtual Media device.
16 Installing and using VMCLI utility The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network. NOTE: VMCLI supports only the TLS 1.0 security protocol.
To ensure security, it is recommended to use the following VMCLI parameters: • vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users. • vmcli -r -S -u -p -c {< device-name > | < image-file >} — Indicates whether the iDRAC CA certificate is valid.
When multiple VMCLI sessions are started, use the operating system-specific facilities for listing and terminating processes.
17 Managing vFlash SD card The vFlash SD card is a Secure Digital (SD) card that plugs into the vFlash SD card slot in the system. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. If the card is not available in the system's vFlash SD card slot, the following error message is displayed in the iDRAC Web interface at Overview → Server → vFlash: SD card not detected.
• iDRAC.vflashsd.AvailableSize • iDRAC.vflashsd.Health • iDRAC.vflashsd.Licensed • iDRAC.vflashsd.Size • iDRAC.vflashsd.WriteProtect For more information about these objects, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Viewing vFlash SD card properties using iDRAC settings utility To view the vFlash SD card properties, in the iDRAC Settings Utility, go to Media and USB Port Settings. The Media and USB Port Settings page displays the properties.
The SD Card Properties page is displayed. 2. Enable vFLASH and click Initialize. All existing contents are removed and the card is reformatted with the new vFlash system information. If any vFlash partition is attached, the initialize operation fails and an error message is displayed. Initializing vFlash SD card using RACADM To initialize the vFlash SD card using RACADM: racadm set iDRAC.vflashsd.Initialized 1 All existing partitions are deleted and the card is reformatted.
vFlash is capable of performing fast partition creation when there is no other on-going vFlash operation such as formatting, attaching partitions, and so on. Therefore, it is recommended to first create all partitions before performing other individual partition operations. Creating an empty partition An empty partition, when attached to the system, is similar to an empty USB flash drive. You can create empty partitions on a vFlash SD card. You can create partitions of type Floppy or Hard Disk.
• Image file size is less than or equal to the available space on the card. • Image file size is less than or equal to 4 GB as the maximum partition size supported is 4 GB. However, while creating a partition using a Web browser, the image file size must be less than 2 GB. NOTE: The vFlash partition is an image file on a FAT32 file system. Thus, the image file has the 4 GB limitation. Creating a partition using an image file using web interface To create a vFlash partition from an image file: 1.
The selected partition is formatted to the specified file system type. An error message is displayed if: • The card is write-protected. • An initialize operation is already being performed on the card. Viewing available partitions Make sure that the vFlash functionality is enabled to view the list of available partitions. Viewing available partitions using web interface To view the available vFlash partitions, in the iDRAC Web interface, go to Overview → Server → vFlash → Manage.
• Using set command to change the read-write state of the partition: – To change a read-only partition to read-write: racadm set iDRAC.vflashpartition..AccessType 1 – To change a read-write partition to read-only: racadm set iDRAC.vflashpartition..AccessType 0 • Using set command to specify the Emulation type: racadm set iDRAC.vflashpartition..
• The vFlash partition label is different from the volume name of the file system on the emulated USB device. You can change the volume name of the emulated USB device from the operating system. However, it does not change the partition label name stored in iDRAC. Deleting existing partitions Before deleting existing partition(s), make sure that: • The vFlash functionality is enabled. • The card is not write-protected. • The partition is not attached.
NOTE: If only the folder location is specified, then the partition label is used as the file name, along with the extension .iso for CD and Hard Disk type partitions, and .img for Floppy and Hard Disk type partitions. Booting to a partition You can set an attached vFlash partition as the boot device for the next boot operation. Before booting a partition, make sure that: • The vFlash partition contains a bootable image (in the .img or .iso format) to boot from the device.
18 Using SMCLP The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation.
Target Definitions admin1/system1/sp1 Service Processor admin1/system1/sp1/timesvc1 Service Processor time service admin1/system1/sp1/capabilities1 Service processor capabilities SMASH collection admin1/system1/sp1/capabilities1/clpcap1 CLP service capabilities admin1/system1/sp1/capabilities1/pwrmgtcap1 Power state management service capabilities on the system admin1/system1/sp1/capabilities1/acctmgtcap* Account management service capabilities admin1/system1/sp1/capabilities1/rolemgtcap* Loc
Target Definitions admin1/system1/sp1/rolesvc2/Role4 IPMI Serial Over LAN (SOL) role admin1/system1/sp1/rolesvc3 CLP RBA Service admin1/system1/sp1/rolesvc3/Role1-3 CLP role admin1/system1/sp1/rolesvc3/Role1-3/ privilege1 CLP role privilege Related links Running SMCLP commands Usage examples Navigating the map address space Objects that can be managed with SM-CLP are represented by targets arranged in a hierarchical space called the Manageability Access Point (MAP) address space.
clpxml format is an XML document containing a response XML element. The DMTF has specified the clpcsv and clpxml formats and their specifications can be found on the DMTF website at dmtf.org.
EnabledState = 2 OperationalState = 2 HealthState = 2 Caption = IPMI SEL Description = IPMI SEL ElementName = IPMI SEL Commands: cd show help exit version • To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.
• To display current target: type cd . • To move up one level: type cd ..
19 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, RACADM, and WSMAN. You can configure the features monitored by the iDRAC Service Module to control the CPU and memory consumed on the server’s operating system.
• Prepare to Remove NVMe PCIe SSD. For more information, see Idracug_preparing to remove nvme pcie ssd. NOTE: The features such as Windows Management Instrumentation Providers, Prepare to Remove NVMe PCIe SDD through iDRAC, Automating SupportAssist Collection OS collection are supported only on Dell PowerEdge servers with minimum firmware version 2.00.00.00 or later. Redfish profile support for network attributes iDRAC Service Module v2.
Server hardware, operating systems and applications. WMI Providers helps to integrate with Systems Management Consoles such as Microsoft System Center and enables scripting to manage Microsoft Windows Servers. You can enable or disable the WMI option in iDRAC. iDRAC exposes the WMI classes through the iDRAC Service Module providing the server’s health information. By default, WMI information feature is enabled. The iDRAC Service Module exposes the WSMAN monitored classes in iDRAC through WMI.
OS. By default, the remote iDRAC hard reset feature is enabled. You can perform a remote iDRAC hard reset using iDRAC Web interface, RACADM, and WS-MAN. NOTE: This feature is not supported on Dell PowerEdge R930 server and is supported only on Dell’s 13th generation of PowerEdge servers and later. Command usage This section provides the command usages for Windows, Linux, and ESXi operating systems to perform iDRAC hard reset.
Table 41. Error Handling Result Description 0 Success 1 Unsupported BIOS version for iDRAC reset 2 Unsupported platform 3 Access denied 4 iDRAC reset failed In-band Support for iDRAC SNMP Alerts By using iDRAC Service Module v2.3, you can receive SNMP alerts from the host operating system, which is similar to the alerts that are generated by iDRAC.
NOTE: The --force option configures the Net-SNMP to forward the traps. However, you must configure the trap destination. • VMware ESXi operating system On all iSM supported ESXi operating systems, the iSM v2.3 supports a Common Management Programming Interface (CMPI) method provider to enable this feature remotely by using the WinRM remote commands. winrm i EnableInBandSNMPTraps http://schemas.dell.
• Status — This parameter is mandatory. The values are not case sensitive and the value can be true, false, or get. • Port — This is the listening port number. If you do not provide a port number, the default port number (1266) is used. If the Status parameter value is FALSE, then you can ignore rest of the parameters. You must enter a new port number that is not already configured for this feature.
• WMI Information — Include WMI information. • Auto System Recovery Action — Perform auto recovery operations on the system after a specified time (in seconds): – Reboot – Power Off System – Power Cycle System This option is disabled if OpenManage Server Administrator is installed on the system. Using iDRAC Service Module from RACADM To use the iDRAC Service Module from RACADM, use the objects in the ServiceModule group.
20 Using USB port for server management In Dell PowerEdge 12th generation servers, all USB ports are dedicated to the server. With the 13th generation of servers, one of the front panel USB port is used by iDRAC for management purposes such as pre-provisioning and troubleshooting. The port has an icon to indicate that it is a management port. All 13th generation servers with LCD panel support this feature. This port is not available in a few of the 200-500 model variations without the LCD panel.
Configuring iDRAC using server configuration profile on USB device With the new iDRAC Direct feature, you can configure iDRAC at-the-server. First configure the USB Management port settings in iDRAC, insert the USB device that has the server configuration profile, and then import the server configuration profile from the USB device to iDRAC. NOTE: You can set the USB Management port settings using the iDRAC interfaces only if there is no USB device connected to the server.
• A USB device is in use by iDRAC and you remove the device. Configuring USB management port using web interface To configure the USB port: 1. In the iDRAC Web interface, go to Overview → Hardware → USB Management Port. The Configure USB Management Port page is displayed. 2. From the USB Management Port Mode drop-down menu, select any of the following options: • Automatic — USB Port is used by iDRAC or the server’s operating system. • Standard OS Use — USB port is used by the server OS.
4. Click Back, click Finish and then click Yes to apply the settings. Importing server configuration profile from USB device Make sure to create a directory in root of the USB device called System_Configuration_XML which contains both the config.xml and control.xml files: • Server Configuration Profile is in the System_Configuration_XML sub-directory under the USB device root directory. This file includes all the attribute-value pairs of the server.
7. After the import job is complete, the LCD/LED indicates that the job is complete. If a reboot is required, LCD displays the job status as “Paused waiting on reboot”. 8. If the USB device is left inserted on the server, the result of the import operation is recorded in the results.xml file in the USB device. LCD messages If the LCD panel is available, it displays the following messages in a sequence: 1. Importing – When the server configuration profile is being copied from the USB device. 2.
21 Using iDRAC Quick Sync A few Dell 13th generation PowerEdge servers have the Quick Sync bezel that supports the Quick Sync feature. This feature enables at-the-server management with a mobile device. This allows you to view inventory and monitoring information and configure basic iDRAC settings (such as root credential setup and configuration of the first boot device) using the mobile device. You can configure iDRAC Quick Sync access for your mobile device (example, OpenManage Mobile) in iDRAC.
• Time-out Limit — Allows you specify the time after which the Quick Sync mode is disabled. The default value is 30 seconds. You must have Server Control privilege to configure the settings. A server reboot is not required for the settings to take effect. An entry is logged to the Lifecycle Controller log when the configuration is modified. Configuring iDRAC Quick Sync settings using web interface To configure iDRAC Quick Sync: 1. In the iDRAC web interface, go to Overview → Hardware → Front Panel. 2.
22 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: • Remote File Share • Virtual Media Console Related links Deploying operating system using remote file share Deploying operating system using virtual media Deploying operating system using remote file share Before you deploy the operating system using Remote File Share (RFS), make sure that: • Configure User and Access Virtual Media privileges for iDRAC are enabled for the user.
• If the Virtual Media client is not active, and you attempt to establish an RFS connection, the connection is established and the remote image is available to the host operating system. • If the Virtual Media client is active, and you attempt to establish an RFS connection, the following error message is displayed: Virtual Media is detached or redirected for the selected virtual drive. The connection status for RFS is available in iDRAC log.
This displays the text that identifies the device (example, SCSI device sdc). This procedure also applies to Virtual Media when you are using Linux distributions in runlevel init 3. By default, the virtual media is not auto-mounted in init 3.
Deploying embedded operating system on SD card To install an embedded hypervisor on an SD card: 1. Insert the two SD cards in the Internal Dual SD Module (IDSDM) slots on the system. 2. Enable SD module and redundancy (if required) in BIOS. 3. Verify if the SD card is available on one of the drives when you during boot. 4. Deploy the embedded operating system and follow the operating system installation instructions.
23 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: • Diagnostic console • Post code • Boot and crash capture videos • Last system crash screen • System event logs • Lifecycle logs • Front panel status • Trouble indicators • System health Related links Using diagnostic console Scheduling remote automated diagnostics Viewing post codes Viewing boot and crash capture videos Viewing logs Viewing last system crash screen Viewing front
For the schedule, you can specify the following: • Start time – Run the diagnostic at a future day and time. If you specify TIME NOW, the diagnostic is run on the next reboot. • End time - Run the diagnostic until a date and time after the Start time. If it is not started by End time, it is marked as failed with End time expired. If you specify TIME NA, then the wait time is not applicable.
• Last crash video — A crash video logs the sequence of events leading to the failure. This is a licensed feature. iDRAC records fifty frames during boot time. Playback of the boot screens occur at a rate of 1 frame per second. If iDRAC is reset, the boot capture video is not available as it is stored in RAM and is deleted. NOTE: • You must have Access Virtual Console or administrator privileges to playback the Boot Capture and Crash Capture videos.
• Power Supplies • Removable Flash Media • Temperatures • Voltages You can view the status of the front panel of the managed system: • For rack and tower servers: LCD front panel and system ID LED status or LED front panel and system ID LED status. • For blade servers: Only system ID LEDs. Viewing system front panel LCD status To view the LCD front panel status for applicable rack and tower servers, in iDRAC Web interface, go to Overview → Hardware → Front Panel.
• In case of a blade server, insert the module into a different bay in the chassis • Replace hard drives or USB flash drives • Reconnect or replace the power and network cables If problem persists, see the Hardware Owner’s Manual for specific troubleshooting information about the hardware device. CAUTION: You should only perform troubleshooting and simple repairs as authorized in your product documentation, or as directed by online or telephone service and support team.
• Operating system and application information • Active Lifecycle Controller logs (archived entries are not included) • PCIe SSD logs • Storage controller logs NOTE: TTYLog collection for PCIe SSDs using the SupportAssist feature is not supported on Dell 12th generation PowerEdge servers. After the data is generated, you can view the data. It contains a bunch of XML files and log files. The data must be shared with tech support to troubleshoot the issue.
3. Select the I agree to allow SupportAssist to use this data option and click Export. 4. After the iDRAC Service Module has completed transferring the OS and application data to iDRAC, it is packaged along with the hardware data and the final report is generated. A message appears to save the report. 5. Specify the location to save the SupportAssist collection.
NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters. • Click Advanced Export Options to select the following additional options: – RAID Controller Log – Enable Report Filtering under OS and Application Data Based on the options selected, the time taken to collect the data is displayed next to these options.
Erasing system and user data You can erase system component(s) and user data for those components. The system components include: • Lifecycle Controller Data • Embedded Diagnostics • Embedded OS Driver Pack • BIOS reset to default • iDRAC reset to default Before performing system erase, ensure that: • You have iDRAC Server Control privilege. • Lifecycle Controller is enabled.
Resetting iDRAC to factory default settings using iDRAC settings utility To reset iDRAC to factory default values using the iDRAC Settings utility: 1. Go to Reset iDRAC configurations to defaults. The iDRAC Settings Reset iDRAC configurations to defaults page is displayed. 2. Click Yes. iDRAC reset starts. 3. 276 Click Back and navigate to the same Reset iDRAC configurations to defaults page to view the success message.
24 Frequently asked questions This section lists the frequently asked questions for the following: • System Event Log • Network security • Active Directory • Single Sign On • Smart card login • Virtual console • Virtual media • vFlash SD card • SNMP authentication • Storage devices • iDRAC Service Module • RACADM • Miscellaneous System Event Log While using iDRAC Web interface through Internet Explorer, why does SEL not save using the Save As option? This is due to a browser settin
iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. When this certificate is used, the Web browser displays a security warning because the default certificate that is issued to iDRAC does not match the iDRAC host name (for example, the IP address). To resolve this, upload an iDRAC server certificate issued to the IP address or the iDRAC host name.
• Configure the host name (FQDN) of the domain controller as the domain controller address(es) on iDRAC to match the Subject or Subject Alternative Name of the server certificate. • Reissue the server certificate to use an IP address in the Subject or Subject Alternative Name field, so that it matches the IP address configured in iDRAC. • Disable certificate validation if you choose to trust this domain controller without certificate validation during the SSL handshake.
2. Configure the computers to use the DES-CBC-MD5 cipher suite. These settings may affect compatibility with client computers or services and applications in your environment. The Configure encryption types allowed for Kerberos policy setting is located at Computer Configuration → Security Settings → Local Policies → Security Options. 3. Make sure that the domain clients have the updated GPO. 4. At the command line, type gpupdate /force and delete the old key tab with klist purge command. 5.
Incorrect Smart Card PIN. Check if the smart card is locked due to too many attempts with an incorrect PIN. In such cases, contact the smart card issuer in the organization to get a new smart card. Virtual console Virtual Console session is active even if you have logged out of iDRAC web interface. Is this the expected behavior? Yes. Close the Virtual Console Viewer window to log out of the corresponding session.
No. When you remotely install a supported Microsoft operating system on a system with Virtual Console enabled in the BIOS, an EMS Connection Message is sent that requires that you select OK remotely. You must either select OK on the local system or restart the remotely managed server, reinstall, and then turn off the Virtual Console in BIOS. This message is generated by Microsoft to alert the user that Virtual Console is enabled.
When iDRAC web interface is launched from the CMC web interface soon after Virtual Console is launched, why does GUI session time-out? When launching the Virtual Console to iDRAC from the CMC web interface a popup is opened to launch the Virtual Console. The popup closes shortly after the Virtual Console opens. When launching both the GUI and Virtual Console to the same iDRAC system on a management station, a session time-out for the iDRAC GUI occurs if the GUI is launched before the popup closes.
• • • • ISO 9660 image 1.44 Floppy disk or floppy image A USB key that is recognized by the operating system as a removable disk A USB key image How to make the USB key a bootable device? You can also boot with a Windows 98 startup disk and copy system files from the startup disk to the USB key. For example, from the DOS prompt, type the following command: sys a: x: /s where, x: is the USB key that is required to be set as a bootable device.
What does the USB Reset do? It resets the remote and local USB devices connected to the server. How to maximize Virtual Media performance? To maximize Virtual Media performance, launch the Virtual Media with the Virtual Console disabled or do one of the following: • Change the performance slider to Maximum Speed. • Disable encryption for both Virtual Media and Virtual Console. NOTE: In this case, the data transfer between managed server and iDRAC for Virtual Media and Virtual Console will not be secured.
How to check whether iDRAC Service Module is installed in the host operating system? To know if the iDRAC Service Module is installed on the system, • On systems running Windows: Open the Control Panel, verify if iDRAC Service Module is listed in the list of installed programs displayed. • On systems running Linux: Run the command rpm —qi dcism. If the iDRAC Service Module is installed, the status displayed is installed.
• Go to vSphere Client Configuration wizard and delete the entries. • Go to the Esxcli and type the following commands: – To remove port group: esxcfg-vmknic -d -p "iDRAC Network" – To remove vSwitch: esxcfg-vswitch -d vSwitchiDRACvusb NOTE: You can reinstall iDRAC Service Module on the VMware ESXi server as this is not a functional issue for the server.
For example: rpm -ivh --force openssl-0.9.8h-30.22.21.1.x86_64.rpm rpm -ivh --force libopenssl0_9_8-0.9.8h-30.22.21.1.x86_64.rpm Why are the remote RACADM and web-based services unavailable after a property change? It may take a while for the remote RACADM services and the Web-based interface to become available after the iDRAC web server resets. The iDRAC Web server is reset when: • • The network configuration or network security properties are changed using the iDRAC web user interface. The iDRAC.
Current Gateway Speed Duplex = 10.35.155.1 = Autonegotiate = Autonegotiate NOTE: You can also perform this using remote RACADM. For more information on CMC RACADM commands, see the CMC RACADM Command Line Interface Reference Guide available at dell.com/esmmanuals. For more information on iDRAC RACADM commands, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Check CMC web interface to see if iDRAC is displayed as an upgradable component. If it does, follow the instructions in Updating firmware using CMC web interface. If the problem persists, contact technical support. When attempting to boot the managed server, the power indicator is green, but there is no POST or no video. This happens due to any of the following conditions: • Memory is not installed or is inaccessible.
25 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios. Troubleshooting an inaccessible managed system After receiving alerts from OpenManage Essentials, Dell Management Console, or a local trap collector, five servers in a data center are not accessible with issues such as hanging operating system or server. Need to identify the cause to troubleshoot and bring up the server using iDRAC.
• You can also configure the chassis locator LED and based on the color, assess the system health. • If iDRAC Service Module is installed, the operating system host information is displayed. Related links Viewing system health Using iDRAC Service Module Generating SupportAssist Collection Setting up alerts and configuring email alerts To set up alerts and configure email alerts: 1. Enable alerts. 2. Configure the email alert and check the ports. 3.
Creating new administrator user account You can modify the default local administrator user account or create a new administrator user account. To modify the local administrator user account, see Modifying local administrator account settings.
Applying I/O Identity configuration settings for multiple network cards in single host system reboot If you have multiple network cards in a server that is part of a Storage Area Network (SAN) environment and you want to apply different virtual addresses, initiator and target configuration settings to those cards, use the I/O Identity Optimization feature to reduce the time in configuring the settings. To do this: 1.