Dell Chassis Management Controller Firmware Version 3.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ____________________ Information in this publication is subject to change without notice. © 2011 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . What’s New For This Release . . . . . . . . . . . . . . 19 . . . . . . . . . . . . . . 20 Security Features . . . . . . . . . . . . . . . . . . . . 21 Chassis Overview . . . . . . . . . . . . . . . . . . . . 22 CMC Management Features . . . . . . . . . . . . . . . . . 23 . . . . . . . . . . . . . . . . . . . . 23 Hardware Specifications TCP/IP Ports Supported Remote Access Connections Supported Platforms . . . . . . .
Daisy-chain CMC Network Connection . . . . . . 31 . . . . . . . . 35 . . . . . . . . . . . 35 Installing Remote Access Software on a Management Station . . . . . . . . . . . Installing RACADM on a Linux Management Station . . . . . Uninstalling RACADM From a Linux Management Station . . . . . . . . . . . . . . . . 36 . . . . . . . . . . . . . . 36 . . . . . . . . . . . . . . . . . . . . 37 Configuring a Web Browser . Proxy Server Microsoft Phishing Filter . . . . . . . . . . . . . .
Understanding the Redundant CMC Environment. About the Standby CMC . . . 53 . . . . . . . . . . . . . . 53 Active CMC Election Process . . . . . . . . . . . Obtaining Health Status of Redundant CMC . 3 54 . . . 54 . . . . . 57 . . . . . 57 Using a Serial, Telnet, or SSH Console . . . . . . . . . 58 Using a Telnet Console With the CMC . . . . . . . . . 58 . . . . . . . . . . . . . . . . 58 Configuring CMC to Use Command Line Consoles . . . . . . . . . . . . . . . .
4 Using the RACADM Command Line Interface . . . . . . . . . . . . . . . . . . . . . 71 . . . . . . . . . 71 Logging in to the CMC . . . . . . . . . . . . . . . 72 Starting a Text Console . . . . . . . . . . . . . . . 72 . . . . . . . . . . . . . . . . . . . . . 72 Using a Serial, Telnet, or SSH Console Using RACADM. RACADM Subcommands . . . . . . . . . . . . . . Accessing RACADM Remotely . . . . . . . . . . . Enabling and Disabling the RACADM Remote Capability . . . . . . . . . . .
Deleting the Public Keys Logging in Using Public Key Authentication . . . . 95 . . . . . . 96 . . . . . . . . . . . . . . . 96 Enabling a CMC User With Permissions Disabling a CMC User Configuring SNMP and E-mail Alerting . . . . . . . . . 98 100 Modifying the CMC IP Address . . . . . . . . . 103 . . . . . . . . . . . . . . . . . . . . . 104 Using the CMC Web Interface . Accessing the CMC Web Interface Logging In . 102 . . . . . . . . . . Using RACADM to Configure Properties on iDRAC . .
Disabling an Individual Member at the Member Chassis . . . . . . . . . . . . . . . . . 115 . . . . . . . . 115 . . . . . . . . . . . . 116 . . . . . . . . . . . . . . . . . 116 . . . . . . . . . . . . . . . . . . 118 Launching a Member Chassis’s or Server’s web page . . . . . . . . Chassis Component Summary . Chassis Graphics Chassis Health Selected Component Information . . . . . . . . . . . 119 Monitoring System Health Status . . . . . . . . . . .
Configuring CMC Network Properties . . . . . . . . . 149 Setting Up Initial Access to CMC . . . . . . . . . . 149 Configuring the Network LAN Settings . . . . . . . 149 . . . . . . . . . . . . . 157 . . . . . . . . . . . . . . . . . . . . 159 Configuring CMC Network Security Settings . . . . . Configuring VLAN . . . . . . . . . . 160 . . . . . . . . . . . . . . . . . . . . . 160 Adding and Configuring CMC Users . User Types Adding and Managing Users . . . . . . . . . . . .
Uploading a Server Certificate . . . . . . . . . . Uploading Webserver Key and Certificate . . . . 186 . . . . . . . . . . . 187 . . . . . . . . . . . . . . . . . . 187 Viewing a Server Certificate Managing Sessions Configuring Services . . . . . . . . . . . . . . . . . . Managing Firmware Updates 197 . . . . . . . . . . . . . 198 . . . . . 198 . . . . . . . . . . . . . . . . 199 Viewing the Current Firmware Versions Updating Firmware Recovering iDRAC Firmware Using CMC . . . . .
6 Using FlexAddress . Activating FlexAddress . . . . . . . . . . . . . . . . Deactivating FlexAddress . . . . . . . . . . 238 . . . . . . . . . . . . . . . 239 Deactivating FlexAddress 240 . . . . . . . . Additional FlexAddress Configuration for Linux . . . . . . . . . . . . . . . . 241 . . . . . . . Viewing FlexAddress Status Using the CLI . . . . . . . 241 . . . . . . . . 242 . . . . . . . . . 242 . . . . . . . . . . . . . . 242 . . . . . . . . . . . . . . . . . .
Standard Schema Versus Extended Schema . . . . . . . . . . . . . . . . . Standard Schema Active Directory Overview. . . . . Configuring Standard Schema Active Directory to Access CMC . . . . . . . . . . . . . . . . . 262 Configuring CMC With Standard Schema Active Directory and Web Interface . . . . . . . 262 Configuring CMC With Standard Schema Active Directory and RACADM . . . . . . . . . . 265 . . . . . . . . . . . . . 266 Active Directory Schema Extensions . . . . . . .
Configuring the Browser For Single Sign-On Login . . . . Logging into CMC Using Single Sign-On . . . . . . 296 . . . . . . . . . . 297 . . . . . . . . . . . . . . . 297 . . . . . . . . . . . . . . . . 297 Configuring Smart Card Two-Factor Authentication . . . . . . . . . . . . System Requirements. Configuring Settings Configuring Active Directory . Configuring CMC . . . . . . . . . . . 298 . . . . . . . . . . . . . . . . . .
No Redundancy Mode . . . . . . . . . . . . . . Power Budgeting for Hardware Modules Server Slot Power Priority Settings. . . . . 313 . . . . . . . 316 Dynamic Power Supply Engagement . . . . . . . 317 Redundancy Policies. . . . . . . . . . . . . . . . . . 319 AC Redundancy . . . . . . . . . . . . . . . . . . 319 Power Supply Redundancy . No Redundancy . . . . . . . . . . . . 319 . . . . . . . . . . . . . . . . . 320 Power Conservation and Power Budget Changes . . . . . . . . . . . . .
10 Using the iKVM Module . Overview . . . . . . . . . . . . . 355 . . . . . . . . . . . . . . . . . . . . . . . . 355 . . . . . . . . . . . . . . . . 355 Security . . . . . . . . . . . . . . . . . . . . . . . 355 Scanning . . . . . . . . . . . . . . . . . . . . . . 355 iKVM User Interface Server Identification Video . . . . . . . . . . . . . . . . 356 . . . . . . . . . . . . . . . . . . . . . . . . 356 Plug and Play . . . . . . . . . . . . . . . . . . . . FLASH Upgradable . . . . . . .
11 I/O Fabric Management . Fabric Management . . . . . . . . . . . . 383 . . . . . . . . . . . . . . . . . . 384 Invalid Configurations . . . . . . . . . . . . . . . . . Invalid Mezzanine Card (MC) Configuration . . . . . . . . . . . . . . . . . . . Invalid IOM-Mezzanine Card (MC) Configuration . . . . . . . . . . . . . . . . . . . 386 386 . . . . . . . . . . . . . . . 386 . . . . . . . . . . . . . . . . 387 Fresh Power-up Scenario Viewing the Health Status of an Individual IOM . . . . . .
Configuring E-mail Alerts . . . . . . . . . . . . . . . . . . 411 . . . . . . . 411 . . . . . . . . . . . 411 First Steps to Troubleshooting a Remote System Monitoring Power and Executing Power Control Commands on the Chassis . . . . Viewing Power Budget Status Executing a Power Control Operation Power Troubleshooting . . . . . . . 411 . . . . . . . . . . . . . . . . . 412 Managing Lifecycle Controller jobs on a remote system . . . . . . . . . . . . . . Viewing Chassis Summaries . . . . . . .
Saving and Restoring Chassis Configuration Settings and Certificates. . . . . . . . . . . . . . . . 441 . . . . . . . . . . . . . . . 442 . . . . . . . . . . . . . . . . . . . . . . 443 Troubleshooting Alerting 13 Diagnostics Using the LCD Panel Interface . . . . . . . . . . . . . 443 LCD Navigation . . . . . . . . . . . . . . . . . . . . . 443 Main Menu . . . . . . . . . . . . . . . . . . . . 444 LCD Setup Menu . . . . . . . . . . . . . . . . .
1 Overview The Dell Chassis Management Controller (CMC) is a hot-pluggable systems management hardware and software solution designed to provide remote management capabilities and power control functions for Dell PowerEdge M1000e chassis systems. You can configure the CMC to send e-mail alerts or SNMP trap alerts for warnings or errors related to temperatures, hardware misconfigurations, power outages, and fan speeds.
CMC Management Features The CMC provides the following management features: 20 • Redundant CMC Environment. • Dynamic Domain Name System (DDNS) registration for IPv4 and IPv6. • Remote system management and monitoring using SNMP, a Web interface, iKVM, Telnet or SSH connection. • Support for Microsoft Active Directory authentication — Centralizes CMC user IDs and passwords in Active Directory using the Standard Schema or an Extended Schema.
• Support for WS-Management. • FlexAddress feature — Replaces the factory-assigned World Wide Name/Media Access Control (WWN/MAC) IDs with chassis-assigned WWN/MAC IDs for a particular slot, an optional upgrade. For more information, see "Using FlexAddress" on page 235. • Graphical display of chassis component status and health. • Support for single and multi-slot servers. • Update multiple iDRAC management consoles firmware at once.
• Limited IP address range for clients connecting to the CMC • Secure Shell (SSH), which uses an encrypted layer for higher security • Single Sign-on, Two-Factor Authentication, and Public Key Authentication Chassis Overview Figure 1-1 shows the facing edge of a CMC (inset) and the locations of the CMC slots in the chassis. Figure 1-1.
Hardware Specifications TCP/IP Ports You must provide port information when opening firewalls for remote access to a CMC. Table 1-1. CMC Server Listening Ports Port Number Function 22* SSH 23* Telnet 80* HTTP 161 SNMP Agent 443* HTTPS * Configurable port Table 1-2.
Supported Remote Access Connections Table 1-3.
Supported Web Browsers The following Web Browsers are supported for CMC 3.2: • Microsoft Internet Explorer 8.0 for Windows 7, Windows Vista, Windows XP, and Windows Server 2003 family. • Microsoft Internet Explorer 7.0 for Windows 7, Windows Vista, Windows XP, and Windows Server 2003 family. • Mozilla Firefox 1.5 (32-bit) – limited functionality. For the latest information on supported Web browsers, see the Dell Systems Software Support Matrix located at support.dell.com/manuals.
Access to WS-Management requires logging in using local user privileges with basic authentication over Secured Socket Layer (SSL) protocol at port 443. For information on setting user accounts, see the Session Management database property section in the RACADM Command Line Reference Guide for iDRAC6 and CMC. The data available through WS-Management is a subset of data provided by the CMC instrumentation interface mapped to the following DMTF profiles version 1.0.
RACADM Command Line Reference Guide for iDRAC6 and CMC. Web services interfaces can be utilized by leveraging client infrastructure, such as Windows WinRM and Powershell CLI, open source utilities like WSMANCLI, and application programming environments like Microsoft .NET. For client connection using Microsoft WinRM, the minimum required version is 2.0. For more information, refer to the Microsoft article, .
• The Dell OpenManage Server Administrator’s User’s Guide provides information about installing and using Server Administrator. • The Dell Update Packages User's Guide provides information about obtaining and using Dell Update Packages as part of your system update strategy. The following system documents provide more information about the system in which CMC is installed: • The safety instructions that came with your system provide important safety and regulatory information.
2 Installing and Setting Up the CMC This section provides information about how to install your CMC hardware, establish access to the CMC, configure your management environment to use the CMC, and guides you through the next steps for configuring the CMC: • Set up initial access to the CMC. • Access the CMC through a network. • Add and configure CMC users. • Update the CMC firmware.
Checklist for Integration of a Chassis The following steps enable you to setup the chassis accurately: 1 Your CMC and the management station where you use your browser must be on the same network, which is called the management network. Cable the CMC Ethernet port labelled GB to management network. NOTE: Do not place a cable in the CMC Ethernet port labelled STK. For more information to cable the STK port, see "Understanding the Redundant CMC Environment" on page 53.
Each CMC has two RJ-45 Ethernet ports, labeled GB (the uplink port) and STK (the stacking or cable consolidation port). With basic cabling, you connect the GB port to the management network and leave the STK port unused. CAUTION: Connecting the STK port to the management network can have unpredictable results. Cabling GB and STK to the same network (broadcast domain) can cause a broadcast storm.
Figure 2-1.
Figure 2-2, Figure 2-3, and Figure 2-4 show examples of incorrect cabling of the CMC. Figure 2-2. Incorrect Cabling for CMC Network Connection - 2 CMCs Figure 2-3.
Figure 2-4. Incorrect Cabling for CMC Network Connection - 2 CMCs To daisy-chain up to four chassis: 1 Connect the GB port of the active CMC in the first chassis to the management network. 2 Connect the GB port of the active CMC in the second chassis to the STK port of the active CMC in the first chassis. 3 If you have a third chassis, connect the GB port of its active CMC to the STK port of the active CMC in the second chassis.
Installing Remote Access Software on a Management Station You can access the CMC from a management station using remote access software, such as the Telnet, Secure Shell (SSH), or serial console utilities provided on your operating system or using the Web interface. To use remote RACADM from your management station, install remote RACADM using the Dell Systems Management Tools and Documentation DVD that is available with your system.
3 To mount the DVD to a required location, use the mount command or a similar command. NOTE: On the Red Hat Enterprise Linux 5 operating system, DVDs are auto-mounted with the -noexec mount option. This option does not allow you to run any executable from the DVD. You need to mount the DVD-ROM manually and then run the executables. 4 Navigate to the SYSMGMT/ManagementStation/linux/rac directory. To install the RAC software, type the following command: rpm -ivh *.
Your CMC and the management station where you use your browser must be on the same network, which is called the management network. Depending on your security requirements, the management network can be an isolated, highly secure network. NOTE: Ensure that security measures on the management network, such as firewalls and proxy servers, do not prevent your Web browser from accessing the CMC.
3 Click Advanced and then click the Network tab. 4 Click Settings. 5 Select the Manual Proxy Configuration. 6 In the No Proxy for field, type the addresses for CMCs and iDRACs on the management network to the comma-separated list. You can use DNS names and wildcards in your entries. Microsoft Phishing Filter If the Microsoft Phishing Filter is enabled in Internet Explorer 7 on your management system, and your CMC does not have Internet access, accessing the CMC may be delayed by a few seconds.
To enable the Do not save encrypted pages to disk option: 1 Start Internet Explorer. 2 Click Tools Internet Options, then click Advanced. 3 Scroll to the Security section and select Do not save encrypted pages to disk. Allow Animations in Internet Explorer When transferring files to and from the Web interface, a file transfer icon spins to show transfer activity. For Internet Explorer, this requires that the browser be configured to play animations, which is the default setting.
NOTE: It is recommended to isolate chassis management from the data network. Dell cannot support or guarantee uptime of a chassis that is improperly integrated into your environment. Due to the potential of traffic on the data network, the management interfaces on the internal management network can be saturated by traffic intended for servers.This results in CMC and iDRAC communication delays.
If you configure initial network settings after the CMC has an IP address, you can use any of the following interfaces: • Command line interfaces (CLIs) such as a serial console, Telnet, SSH, or the Dell CMC Console through iKVM • Remote RACADM • The CMC Web interface Configuring Networking Using the LCD Configuration Wizard NOTE: The option to configure the CMC using the LCD Configuration Wizard is available only until the CMC is deployed or the default password is changed.
The LCD is located on the bottom left corner on the front of the chassis. Figure 2-5 illustrates the LCD panel. Figure 2-5. LCD Display 1 2 3 4 1 LCD screen 2 selection ("check") button 3 scroll buttons (4) 4 status indicator LED The LCD screen displays menus, icons, pictures, and messages.
A status indicator LED on the LCD panel provides an indication of the overall health of the chassis and its components. • Solid blue indicates good health. • Blinking amber indicates that at least one component has a fault condition. • Blinking blue is an ID signal, used to identify one chassis in a group of chassis. Navigating in the LCD Screen The right side of the LCD panel contains five buttons: four arrow buttons (up, down, left, and right) and a center button.
4 Press the center button to continue to the CMC Network Settings screen. 5 Select your network speed (10Mbps, 100Mbps, Auto (1 Gbps)) using the down arrow button. NOTE: The Network Speed setting must match your network configuration for effective network throughput. Setting the Network Speed lower than the speed of your network configuration increases bandwidth consumption and slows network communication. Determine whether your network supports the above network speeds and set it accordingly.
8 Select the mode in which you want the CMC to obtain the NIC IP addresses: Dynamic Host Configuration Protocol (DHCP) The CMC retrieves IP configuration (IP address, mask, and gateway) automatically from a DHCP server on your network. The CMC is assigned a unique IP address allotted over your network. If you have selected the DHCP option, press the center button. The Configure iDRAC? screen appears; go to step 10.
Set the DNS IP Address using the right or left arrow keys to move between positions, and the up and down arrow keys to select a number for each position. When you have finished setting the DNS IP address, press the center button to continue. 10 Indicate whether you want to configure iDRAC: – No: Skip to step 13. – Yes: Press the center button to proceed. You can also configure iDRAC from the CMC GUI. 11 Select the Internet Protocol (IPv4, IPv6, or both) that you want to use for the servers.
a Select whether to Enable or Disable the IPMI LAN channel. Press the center button to continue. b On the iDRAC Configuration screen, to apply all iDRAC network settings to the installed servers, highlight the Accept/Yes icon and press the center button. To not apply the iDRAC network settings to the installed servers, highlight the No icon and press the center button and continue to step c.
Accessing the CMC Through a Network After you have configured the CMC network settings, you can remotely access the CMC using any of the following interfaces: • Web interface • Telnet console • SSH • Remote RACADM NOTE: Since telnet is not as secure as the other interfaces, it is disabled by default. Enable Telnet using web, ssh, or remote RACADM. Table 2-1. CMC Interfaces Interface Description Web interface Provides remote access to the CMC using a graphical user interface.
NOTE: The CMC default user name is root and the default password is calvin. You can access the CMC and iDRAC Web interfaces through the CMC Network Interface using a supported Web browser; you can also launch them from the Dell Server Administrator or Dell OpenManage IT Assistant. For a list of supported Web browsers, see the Supported Browsers section in the Dell Systems Software Support Matrix at support.dell.com/manuals.
NOTE: During updates of CMC firmware, it is normal for some or all of the fan units in the chassis to spin at 100%. NOTE: The firmware update, by default, retains the current CMC settings. During the update process, you have the option to reset the CMC configuration settings back to the factory default settings. NOTE: If you have redundant CMCs installed in the chassis, it is important to update both to the same firmware version.
Configuring CMC Properties You can configure CMC properties such as power budgeting, network settings, users, and SNMP and e-mail alerts using the Web interface or RACADM. For more information about using the Web interface, see "Accessing the CMC Web Interface" on page 107. For more information about using RACADM, see "Using the RACADM Command Line Interface" on page 71. CAUTION: Using more than one CMC configuration tool at the same time may generate unexpected results.
Adding and Configuring Users You can add and configure CMC users using either RACADM or the CMC Web interface. You can also utilize Microsoft Active Directory to manage users. For instructions on adding and configuring public key users for the CMC using RACADM, see "Using RACADM to Configure Public Key Authentication over SSH" on page 91. For instructions on adding and configuring users using the Web interface, see "Adding and Configuring CMC Users" on page 160.
Understanding the Redundant CMC Environment You can install a standby CMC that takes over if your active CMC fails. Your redundant CMC may be pre-installed or can be added at a later date. It is important that the CMC network is properly cabled to ensure full redundancy or best performance. Failovers can occur when you: • Run the RACADM cmcchangeover command. (See the cmcchangeover command section in the RACADM Command Line Reference Guide for iDRAC6 and CMC.
Active CMC Election Process There is no difference between the two CMC slots; that is, slot does not dictate precedence. Instead, the CMC that is installed or booted first assumes the role of the active CMC. If AC power is applied with two CMCs installed, the CMC installed in CMC chassis slot 1 (the left) normally assumes the active role. The active CMC is indicated by the blue LED.
Installing and Setting Up the CMC 55
Installing and Setting Up the CMC
3 Configuring CMC to Use Command Line Consoles This section provides information about the CMC command line console (or serial/Telnet/Secure Shell console) features, and explains how to set up your system so you can perform systems management actions through the console. For information on using the RACADM commands in CMC through the command line console, see "Using the RACADM Command Line Interface" on page 71.
Using a Serial, Telnet, or SSH Console When you connect to the CMC command line, you can enter these commands: Table 3-1. CMC Command Line Commands Command Description racadm RACADM commands begin with the keyword racadm and are followed by a subcommand, such as getconfig, serveraction, or getsensorinfo. See "Using the RACADM Command Line Interface" on page 71 for details on using RACADM. connect Connects to the serial console of a server or I/O module.
When an error occurs during the login procedure, the SSH client issues an error message. The message text is dependent on the client and is not controlled by the CMC. Review the RACLog messages to determine the cause of the failure. NOTE: OpenSSH should be run from a VT100 or ANSI terminal emulator on Windows. You can also run OpenSSH using Putty.exe. Running OpenSSH at the Windows command prompt does not provide full functionality (that is, some keys do not respond and no graphics are displayed).
For more information about cfgSerialSshEnable and cfgRacTuneSshPort properties, see the database property chapter of the RACADM Command Line Reference Guide for iDRAC6 and CMC. The CMC SSH implementation supports multiple cryptography schemes, as shown in Table 3-2. Table 3-2.
Configuring Terminal Emulation Software Your CMC supports a serial text console from a management station running one of the following types of terminal emulation software: • Linux Minicom. • Hilgraeve’s HyperTerminal Private Edition (version 6.3). Perform the steps in the following subsections to configure the required type of terminal software. Configuring Linux Minicom Minicom is a serial port access utility for Linux. The following steps are valid for configuring Minicom version 2.0.
8 In the Modem Dialing and Parameter Setup menu, press to clear the init, reset, connect, and hangup settings so that they are blank, and then press to save each blank value. 9 When all specified fields are clear, press to exit the Modem Dialing and Parameter Setup menu. 10 Select Save setup as config_name and press . 11 Select Exit From Minicom and press . 12 At the command shell prompt, type minicom .
Connecting to Servers or I/O Modules With the Connect Command The CMC can establish a connection to redirect the serial console of server or I/O modules. For servers, serial console redirection can be accomplished in several ways: • Using the CMC command line and the connect, or racadm connect command. For more information about connect, see the racadm connect command in the RACADM Command Line Reference Guide for iDRAC6 and CMC. • Using the iDRAC Web interface serial console redirection feature.
Table 3-4. Mapping I/O Modules to Switches I/O Module Label Switch A1 switch-a1 A2 switch-a2 B1 switch-b1 B2 switch-b2 C1 switch-c1 C2 switch-c2 NOTE: There can only be one IOM connection per chassis at a time. NOTE: You cannot connect to pass-throughs from the serial console. To connect to a managed server serial console, use the command connect server-n, where -n is the slot number of the server; you can also use the racadm connect server-n command.
Serial communication in the BIOS is OFF by default. To redirect host text console data to Serial over LAN, you must enable console redirection through COM1. To change the BIOS setting: 1 Boot the managed server. 2 Press to enter the BIOS setup utility during POST. 3 Scroll down to Serial Communication and press .
Edit the /etc/grub.conf file as follows: 1 Locate the general setting sections in the file and add the following two new lines: serial --unit=1 --speed=57600 terminal --timeout=10 serial 2 Append two options to the kernel line: kernel console=ttyS1,57600 3 If the /etc/grub.conf contains a splashimage directive, comment it out. The following example shows the changes described in this procedure. # grub.
initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 initrd /boot/initrd-2.4.9-e.3.img When you edit the /etc/grub.conf file, follow these guidelines: • Disable GRUB's graphical interface and use the text-based interface; otherwise, the GRUB screen is not displayed in console redirection. To disable the graphical interface, comment out the line starting with splashimage.
# 2 - Multiuser, without NFS (The same as 3, if you # do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:3:initdefault: # System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc l1:1:wait:/etc/rc.d/rc l2:2:wait:/etc/rc.d/rc l3:3:wait:/etc/rc.d/rc l4:4:wait:/etc/rc.d/rc l5:5:wait:/etc/rc.d/rc l6:6:wait:/etc/rc.d/rc 0 1 2 3 4 5 6 # Things to run in every runlevel.
# Run gettys in standard runlevels co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 # Run xdm in runlevel 5 # xdm is now a separate service x:5:respawn:/etc/X11/prefdm -nodaemon Edit the file /etc/securetty, as follows: • Add a new line, with the name of the serial tty for COM2: ttyS1 The followi
Configuring CMC to Use Command Line Consoles
Using the RACADM Command Line Interface 4 RACADM provides a set of commands that allow you to configure and manage the CMC through a text-based interface. RACADM can be accessed using a Telnet/SSH or serial connection, using the Dell CMC console on the iKVM, or remotely using the RACADM command line interface installed on a management station.
Logging in to the CMC After you have configured your management station terminal emulator software and managed node BIOS, perform the following steps to log in to the CMC: 1 Connect to the CMC using your management station terminal emulation software. 2 Type your CMC user name and password, and then press . You are logged in to the CMC. Starting a Text Console You can log in to the CMC using Telnet or SSH through a network, serial port, or a Dell CMC console through the iKVM.
RACADM Subcommands Table 4-1 provides a brief list of common subcommands used in RACADM. For a complete list of RACADM subcommands, including syntax and valid entries, see the RACADM Subcommands chapter in the RACADM Command Line Reference Guide for iDRAC6 and CMC. NOTE: The connect command is available as both—RACADM command and builtin CMC command. The exit, quit, and logout commands are built-in CMC commands, not RACADM commands. None of these commands can be used with remote RACADM.
Table 4-1. RACADM Subcommands (continued) Command Description feature Displays active features and feature deactivation. featurecard Displays feature card status information. fwupdate Performs system component firmware updates, and displays firmware update status. getassettag Displays the asset tag for the chassis. getchassisname Displays the name of the chassis. getconfig Displays the current CMC configuration properties.
Table 4-1. RACADM Subcommands (continued) Command Description getsvctag Displays service tags. getsysinfo Displays general CMC and system information. gettracelog Displays the CMCtrace log. If used with the -i option, the command displays the number of entries in the CMC trace log. getversion Displays the current software version, model information, and whether or not the device can be updated. ifconfig Displays the current CMC IP configuration.
Table 4-1. RACADM Subcommands (continued) Command Description setractime Sets the CMC time. setslotname Sets the name of a slot in the chassis. setsysinfo Sets the name and location of the chassis. sshpkauth Uploads up to 6 different SSH public keys, deletes existing keys, and views the keys already in the CMC. sslcertdownload Downloads a certificate authority-signed certificate. sslcertupload Uploads a certificate authority-signed certificate or server certificate to the CMC.
Accessing RACADM Remotely Table 4-2. Remote RACADM Subcommand Options Option Description -r Specifies the controller’s remote IP address. -r : Use if the CMC port number is not the default port (443). -i Instructs RACADM to interactively query the user for user name and password. -u Specifies the user name that is used to authenticate the command transaction.
For example: racadm -r 192.168.0.120 -u root -p calvin getsysinfo racadm -i -r 192.168.0.
Before you try to access RACADM remotely, confirm that you have permissions to do so. To display your user privileges, type: racadm getconfig -g cfguseradmin -i n where n is your user ID (1–16). If you do not know your user ID, try different values for n. NOTE: The RACADM remote capability is supported only on management stations through a supported browser. For more information, see the Supported Browsers section in the Dell Systems Software Support Matrix at support.dell.com/manuals.
Using RACADM to Configure the CMC NOTE: In order to configure CMC the first time, you must be logged in as user root to execute RACADM commands on a remote system. Another user can be created with privileges to configure the CMC. The CMC Web interface is the quickest way to configure the CMC (see "Using the CMC Web Interface" on page 107).
Viewing Current IPv4 Network Settings To view a summary of NIC, DHCP, network speed, and duplex settings, type: racadm getniccfg or racadm getconfig -g cfgCurrentLanNetworking Viewing Current IPv6 Network Settings To view a summary of the network settings, type: racadm getconfig -g cfgIpv6LanNetworking To view IPv4 and IPv6 addressing information for the chassis type: racadm getsysinfo By default, the CMC requests and obtains a CMC IP address from the Dynamic Host Configuration Protocol (DHCP) server auto
To view IP address and DHCP, MAC address, and DNS information for the chassis, type: racadm getsysinfo Configuring the Network LAN Settings NOTE: To perform the following steps, you must have Chassis Configuration Administrator privilege. NOTE: The LAN settings, such as community string and SMTP server IP address, affect both the CMC and the external settings of the chassis.
To enable/disable the CMC IPv6 addressing, type: racadm config -g cfgIpv6LanNetworking -o cfgIPv6Enable 1 racadm config -g cfgIpv6LanNetworking -o cfgIPv6Enable 0 NOTE: The CMC IPv6 addressing is disabled by default. By default, for IPv4, the CMC requests and obtains a CMC IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. You can disable the DHCP feature and specify static CMC IP address, gateway, and subnet mask.
Enabling or Disabling DHCP for the CMC Network Interface Address When enabled, the CMC’s DHCP for NIC address feature requests and obtains an IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. This feature is enabled by default. You can disable the DHCP for NIC address feature and specify a static IP address, subnet mask, and gateway. For more information, see "Setting Up Initial Access to the CMC" on page 80.
For IPv6, to set the preferred and secondary DNS IP Server addresses, type: racadm config -g cfgIPv6LanNetworking -o cfgIPv6DNSServer1 racadm config -g cfgIPv6LanNetworking -o cfgIPv6DNSServer2 Configuring DNS Settings (IPv4 and IPv6) • CMC Registration — To register the CMC on the DNS server, type: racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1 NOTE: Some DNS servers only register names of 31 characters or fewer.
You can disable auto negotiation and specify the duplex mode and network speed by typing: racadm config -g cfgNetTuning -o cfgNetTuningNicAutoneg 0 racadm config -g cfgNetTuning -o cfgNetTuningNicFullDuplex where: is 0 (half duplex) or 1 (full duplex, default) racadm config -g cfgNetTuning -o cfgNetTuningNicSpeed where: is 10 or 100(default).
You can also specify both the VLAN ID and the VLAN priority with a single command: racadm setniccfg -v For example: racadm setniccfg -v 1 7 Removing the CMC VLAN To remove the CMC VLAN, disable the VLAN capabilities of the external chassis management network: racadm config -g cfgLanNetworking -o cfgNicVLanEnable 0 You can also remove the CMC VLAN using the following command: racadm setniccfg -v Setting up a Server VLAN Specify the VLAN ID and priority of a particular server with
Removing a Server VLAN To remove a server VLAN, disable the VLAN capabilities of the specified server's network: racadm setniccfg -m server- -v The valid values for are 1-16. For example: racadm setniccfg -m server-1 -v Setting the Maximum Transmission Unit (MTU) (IPv4 and IPv6) The MTU property allows you to set a limit for the largest packet that can be passed through the interface.
Enabling IP Range Checking (IPv4 Only) IP filtering compares the IP address of an incoming login to the IP address range that is specified in the following cfgRacTuning properties: • cfgRacTuneIpRangeAddr • cfgRacTuneIpRangeMask A login from the incoming IP address is allowed only if both the following are identical: • cfgRacTuneIpRangeMask bit-wise and with incoming IP address • cfgRacTuneIpRangeMask bit-wise and with cfgRacTuneIpRangeAddr Using RACADM to Configure Users Before You Begin You can c
Several parameters and object IDs are displayed with their current values. Two objects of interest are: # cfgUserAdminIndex=XX cfgUserAdminUserName= If the cfgUserAdminUserName object has no value, that index number, which is indicated by the cfgUserAdminIndex object, is available for use. If a name appears after the "=," that index is taken by that user name. NOTE: When you manually enable or disable a user with the RACADM config subcommand, you must specify the index with the -i option.
Example The following example describes how to add a new user named "John" with a "123456" password and LOGIN privilege to the CMC. NOTE: See Table 3-1 in the database property chapter of the RACADM Command Line Reference Guide for iDRAC6 and CMC for a list of valid bit mask values for specific user privileges. The default privilege value is 0, which indicates the user has no privileges enabled.
When getting ready to set up this functionality, be aware of the following: • There is no GUI support for managing this feature; you can only use RACADM. • When adding new public keys, ensure that the existing keys are not already at the index where the new key is added. CMC does not perform checks to ensure previous keys are deleted before a new one is added. As soon as a new key is added, it is automatically in effect as long as the SSH interface is enabled.
To use the PuTTY Key Generator for Windows clients to create the basic key: 1 Start the application and select SSH-2 RSA or SSH-2 DSA for the type of key to generate (SSH-1 is not supported). 2 Enter the number of bits for the key. The number should be between 768 and 4096. NOTE: The CMC may not display a message if you add keys less than 768 or greater than 4096, but when you try to log in, these keys it fails. 3 Click Generate and move the mouse in the window as directed.
RACADM Syntax Notes for CMC When using the racadm sshpkauth command, ensure the following: • For the –i option, the parameter must be svcacct. All other parameters for -i fail in CMC. The svcacct is a special account for public key authentication over SSH in CMC. • To log in to the CMC, the user must be service. Users of the other categories do have access to the public keys entered using the sshpkauth command.
Deleting the Public Keys To delete a public key type: racadm sshpkauth –i svcacct –k 1 –d To delete all public keys type: racadm sshpkauth –i svcacct –k all –d Logging in Using Public Key Authentication After the public keys are uploaded, you should be able to log into the CMC over SSH without having to enter a password. You also have the option of sending a single RACADM command as a command line argument to the SSH application.
Enabling a CMC User With Permissions To enable a user with specific administrative permissions (role-based authority), first locate an available user index by performing the steps in "Before You Begin" on page 89. Next, type the following command lines with the new user name and password.
Configuring Multiple CMCs in Multiple Chassis Using RACADM, you can configure one or more CMCs with identical properties. When you query a specific CMC card using its group ID and object ID, RACADM creates the racadm.cfg configuration file from the retrieved information. By exporting the file to one or more CMCs, you can configure your controllers with identical properties in a minimal amount of time.
You can use the getconfig command to perform the following actions: • Display all configuration properties in a group (specified by group name and index) • Display all configuration properties for a user by user name The config subcommand loads the information into other CMCs. The Server Administrator uses the config command to synchronize the user and password database. Creating a CMC Configuration File The CMC configuration file, .cfg, is used with the racadm config -f .
Follow these guidelines when you create a .cfg file: • If the parser encounters an indexed group, it is the value of the anchored object that differentiates the various indexes. The parser reads in all of the indexes from the CMC for that group. Any objects within that group are modifications when the CMC is configured. If a modified object represents a new index, the index is created on the CMC during configuration. • You cannot specify a desired index in a .cfg file. Indexes may be created and deleted.
Parsing Rules • Lines that start with a hash character (#) are treated as comments. A comment line must start in column one. A "#" character in any other column is treated as a # character. Some modem parameters may include # characters in their strings. An escape character is not required. You may want to generate a .cfg from a racadm getconfig -f .cfg command, and then perform a racadm config -f .cfg command to a different CMC, without adding escape characters.
• The .cfg parser ignores an index object entry. You cannot specify which index is used. If the index already exists, it is either used or the new entry is created in the first available index for that group. The racadm getconfig -f .cfg command places a comment in front of index objects, allowing you to see the included comments.
Modifying the CMC IP Address When you modify the CMC IP address in the configuration file, remove all unnecessary = entries. Only the actual variable group’s label with [ and ] remains, including the two = entries pertaining to the IP address change. Example: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.
Using RACADM to Configure Properties on iDRAC RACADM config/getconfig commands support the -m option for the following configuration groups: • cfgLanNetworking • cfgIPv6LanNetworking • cfgRacTuning • cfgRemoteHosts • cfgSerial • cfgSessionManagement NOTE: For more information on the property default values and ranges, see the Integrated Dell Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers User Guide.
Troubleshooting Table 4-3 lists common problems related to remote RACADM. Table 4-3. Using Serial/ RACADM Commands: Frequently Asked Questions Question Answer After performing a CMC reset (using the RACADM racreset subcommand), I enter a command and the following message is displayed: You must wait until the CMC completes the reset before issuing another command.
Table 4-3. Using Serial/ RACADM Commands: Frequently Asked Questions (continued) Question Answer While I was using remote RACADM, the prompt changed to a ">" and I cannot get the "$" prompt to return. If you type a non-matched double quotation mark (") or a non-matched single quotation (’) in the command, the CLI changes to the ">" prompt and queue all commands.
Using the RACADM Command Line Interface
Using the CMC Web Interface 5 CMC provides a Web interface that enables you to configure CMC properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday chassis management, use the CMC Web interface. This chapter provides information about how to perform common chassis management tasks using the CMC Web interface.
To access the CMC Web interface over IPv6: 1 Open a supported Web browser window. For the latest information on supported Web browsers, see the Dell Systems Software Support Matrix located at support.dell.com/manuals. 2 Type the following URL in the Address field, and then press : https://[] NOTE: While using IPv6, you must enclose the in square brackets ([ ]). Specifying the HTTPS port number in the URL is optional if you are still using the default value (443).
You can log in as either a CMC user or as a Directory user. To log in: 1 In the Username field, type your user name: • CMC user name: • Active Directory user name: \, / or @. • LDAP user name: NOTE: This field is case sensitive. 2 In the Password field, type your CMC user password or Active Directory user password. NOTE: This field is case-sensitive. 3 Optionally, select a session timeout.
To set the chassis name: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. 2 Click the Setup tab. The General Chassis Settings page is displayed. 3 Type the new name in the Chassis Name field, and then click Apply. Setting the Date and Time on CMC You can set the date and time manually, or you can synchronize the date and time with a Network Time Protocol (NTP) server. To set the date and time on CMC: 1 Log in to the CMC Web interface. The Chassis Health page is displayed.
To enable or repair the Removable Flash Media: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. 2 Click Chassis Controller in the treelist. The Chassis Controller Status page is displayed. 3 Click the Flash Media tab. The Removable Flash Media page is displayed. 4 To begin using the media, select Use flash media for storing chassis data in the dropdown list.
The Chassis Component Summary section (also entitled "Chassis Health" when the overall chassis information is shown) displays the graphics and their associated information. You can hide this entire section by clicking the Close icon. The left half of the Chassis Component Summary section displays the graphics and Chassis Quick Links. The right half of this section displays information, links, and actions related to the selected component.
Setting up a Chassis Group A Chassis Group may contain a maximum of eight members. Also, a leader or member can only participate in one group. You cannot join a chassis, either as a leader or member, that is part of a group to another group. You can delete the chassis from a group and add it later to a different group. To set up the Chassis Group through the GUI: 1 Log in with chassis administrator privileges to the chassis planned as the leader. 2 Click Setup Group Administration.
The status of the new member is displayed by selecting the Group in the tree. Details are available by clicking on the chassis image or the details button. NOTE: The credentials entered for a member are passed securely to the member chassis, to establish a trust relationship between the member and lead chassis. The credentials are not persisted on either chassis, and are never exchanged again after the initial trust relationship is established.
The member chassis may not receive the message, if a network issue prevents contact between the leader and the member. In this case, disable the member from the member chassis to complete the removal. See the sub-section “Disabling an Individual Member at the Member Chassis” for the procedure. Disabling an Individual Member at the Member Chassis Sometimes a member cannot be removed from a group by the lead chassis. This can happen if network connectivity to the member is lost.
Chassis Component Summary Chassis Graphics The chassis is represented by front and back views (the upper and lower images, respectively). Servers and the LCD are shown in the front view and the remaining components are shown in the back view. Component selection is indicated by a blue cast and is controlled by clicking the image of the required component.
Table 5-1. Server Icon States (continued) Icon Description Server is reporting a non-critical error. Server is reporting a critical error. No server is present. The Chassis Quick Links are displayed below the Chassis Graphics. Table 5-2.
Chassis Health When the page is first displayed, the right side of the page contains the chassis level information and alerts. All active critical and non-critical alerts are displayed. When a component is clicked, the chassis level information is replaced with information for the selected component. To return to the chassis level information, click Return to Chassis Health in the upper right corner. Table 5-3. Chassis Page Information Field Description Model Displays the model of the Chassis LCD panel.
Selected Component Information Information for the selected component is displayed in three independent sections: • Health and Performance and Properties The Active Critical and Non-Critical events as shown by the hardware logs are displayed here, if there are any. Performance data which vary with time are also shown here. • Properties Component properties which do not vary with time or change only infrequently are displayed here.
Table 5-5. Server Properties (continued) Item Description Service Tag The service tag of the server. The service tag is a unique identifier that the manufacturer provides for support and maintenance. If the server is absent, this field is empty. OS Operating system on the server. Host Name Name of the server as established by the operating system. iDRAC Version of iDRAC firmware on the server. BIOS Server BIOS version.
Table 5-7. IOM Health and Performance Item Description Power State Displays the power status of the I/O module: On, Off, or Unknown (Absent). Role Displays the I/O Module stacking membership while linking I/O modules together. Member indicates that the module is part of a stack set. Master indicates that the module is a primary access point. Table 5-8. IOM Properties Item Description Model Displays the I/O module product name. Service Tag Displays the service tag of the I/O module.
Table 5-10. Active CMC Health and Performance Item Description Redundancy Mode Displays failover readiness of the standby CMC. If CMC firmware does not match, or CMC is not cabled properly to the management network, redundancy appears as not available. MAC Address Displays the MAC address for the CMC Network Interface Card (NIC). The MAC address is a unique identifier for the CMC over the network. IPv4 Displays the current IPv4 address for the CMC Network Interface.
Table 5-13. iKVM Health and Performance Item Description OSCAR Console Displays whether the rear panel VGA connector is enabled (Yes or No) for access to CMC. Table 5-14. iKVM Properties Item Description Name Displays the name of the iKVM. Part Number Displays the part number for the iKVM. The part number is a unique identifier provided by the vendor. Part number naming conventions differ from vendor to vendor. Firmware Displays the firmware version of the iKVM.
Table 5-17. Fan Properties Item Description Lower Critical Threshold Speed below which the fan is considered to have failed. Upper Critical Threshold Speed above which the fan is considered to have failed. Table 5-18. Quick Links - Fan Item Description Fan Status Navigate to Fans Properties Status Table 5-19.
Table 5-22. LCD Health and Performance Item Description LCD Health Displays the presence and health of the LCD panel. Chassis Health Displays the text description of Chassis Health. There are no Quick Links for the LCD. Monitoring System Health Status Viewing Chassis and Component Summaries CMC displays a graphical representation of the chassis on the Chassis Health page that provides a visual overview of installed component status.
The Chassis Health page provides an overall health status for the chassis, active and standby CMCs, sever modules, IO Modules (IOMs), fans, iKVM, power supplies (PSUs), and LCD assembly. More detailed information for each component is displayed by clicking on that component. For instructions on viewing chassis and components summaries, see "Viewing Chassis Summaries" on page 416.
To view health status for all servers using Chassis Graphics: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. The left section of Chassis Graphics depicts the front view of the chassis and contains the health status of all servers. Server health status is indicated by the overlay of the server subgraphic: • No overlay - server is present, powered on and communicating with CMC; there is no indication of an adverse condition.
Table 5-23. All Servers Status Information (continued) Item Health Description OK Displays that the server is present and communicating with CMC. In the event of a communication failure between CMC and the server, CMC cannot obtain or display health status for the server. Informational Displays information about the server when no change in health status (OK, Warning, Critical) has occurred.
Table 5-23. Item All Servers Status Information (continued) Description Launch Left click the button to launch the iDRAC management console for iDRAC GUI a server in a new browser window or tab. This icon is only displayed for a server where all of the following conditions are met: • The server is present. • The chassis power is on. • The LAN interface on the server is enabled.
Editing Slot Names The Slot Names page allows you to update slot names in the chassis. Slot names are used to identify individual servers. When choosing slot names, the following rules apply: • Names may contain a maximum of 15 non-extended ASCII characters (ASCII codes 32 through 126). • Slot names must be unique within the chassis. No two slots may have the same name. • Strings are not case-sensitive. Server-1, server-1, and SERVER-1 are equivalent names.
To edit a slot name: 1 Log in to the CMC Web interface. 2 Select Server Overview in the Chassis menu in the system tree. 3 Click Setup Slot Names. The Slot Names page is displayed. 4 Type the updated or new name for a slot in the Slot Name field. Repeat this action for each slot you want to rename and click Apply. 5 To restore the default slot name (SLOT-01 to SLOT-16, based on the server's slot position) to the server, press Restore Default Value.
Table 5-24. Boot Devices Boot Device Description PXE Boot from a Preboot Execution Environment (PXE) protocol on the network interface card. Hard Drive Boot from the hard drive on the server. Local CD/DVD Boot from a CD/DVD drive on the server. Virtual Floppy Boot from the virtual floppy drive. The floppy drive (or a floppy disk image) is on another computer on the management network, and is attached using the iDRAC GUI console viewer.
Viewing the Health Status of an Individual Server The health status for an individual server can be viewed in two ways— from the Chassis Graphics section on the Chassis Health page or the Server Status page. The Chassis Health page provides a graphical overview of an individual server installed in the chassis. To view health status for individual servers using Chassis Graphics: 1 Log in to the CMC Web interface. The Chassis Health page is displayed.
The Server Status page (separate from the Servers Status page) provides an overview of the server and a launch point to the Web interface for the Integrated Dell Remote Access Controller (iDRAC), which is the firmware used to manage the server. NOTE: To use the iDRAC user interface, you must have an iDRAC user name and password. For more information about iDRAC and the using the iDRAC Web interface, see the Integrated Dell Remote Access Controller Firmware User’s Guide.
Table 5-25. Individual Server Status - Properties (continued) Item Health Description OK Displays that the server is present and communicating with CMC. In the event of a communication failure between CMC and the server, CMC cannot obtain or display health status for the server. Informational Displays information about the server when no change in health status (OK, Warning, Critical) has occurred. Warning Displays that only warning alerts have been issued, and corrective action must be taken.
Table 5-26. Individual Server Status - iDRAC System Event Log Item Description Severity OK Indicates a normal event that does not require corrective actions. Informational Indicates an informational entry on an event in which the Severity status has not changed. Unknown Indicates an unknown/uncategorized event. Warning Indicates a non-critical event for which corrective actions must be taken soon to avoid system failures.
Table 5-28. Individual Server Status - IPv4 iDRAC Network Settings Item Description Enabled Indicates if the IPv4 protocol is used on the LAN (Yes). If the server does not support IPv6, the IPv4 protocol is always enabled and this setting is not displayed. DHCP Enabled Indicates whether Dynamic Host Configuration Protocol (DHCP) is enabled (Yes) or disabled (No).
Table 5-30. Individual Server Status - WWN/MAC Address Item Description Slot Displays the slot(s) occupied by the server on the chassis. Location Displays the location occupied by the Input/Output modules. The six locations are identified by a combination of the group name (A, B, or C) and slot number (1 or 2). Location names are: A1, A2, B1, B2, C1, or C2. Fabric Displays the type of the I/O fabric.
To view health status of the IOMs using Chassis Graphics: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. The lower section of Chassis Graphics depicts the rear view of the chassis and contains the health status for the IOMs. IOM health status is indicated by the overlay of the IOM subgraphic: • No overlay - IOM is present, powered on and communicating with CMC; there is no indication of an adverse condition.
To view health status for all fans using Chassis Graphics: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. The lower section of Chassis Graphics depicts the rear view of the chassis and contains the health status of all fans. Fan health status is indicated by the overlay of the fan subgraphic: • No overlay - the fan is present and running; there is no indication of an adverse condition.
You can also view the Fan Status page by clicking the status link in the fan information Quick Links on the right side of the page. Table 5-31. Fans Health Status Information Item Description Name Displays the fan name in the format FAN-n, where n is the fan number. Present Indicates whether the fan unit is present (Yes or No). Health OK Indicates that the fan unit is present and communicating with CMC.
To view health status for the iKVM using Chassis Graphics: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. The lower section of Chassis Graphics depicts the rear view of the chassis and contains the health status of the iKVM. iKVM health status is indicated by the overlay of the iKVM subgraphic: • No overlay - iKVM is present, powered on and communicating with CMC; there is no indication of an adverse condition.
Viewing the Health Status of the PSUs The health status of the PSUs associated with the chassis can be viewed in two ways: from the Chassis Component Summary section on the Chassis Health page or the Power Supply Status page. The Chassis Health page provides a graphical overview of all PSUs installed in the chassis. To view health status for all PSUs using Chassis Graphics: 1 Log in to the CMC Web interface. The Chassis Health page is displayed.
You can also view the PSU Status page by clicking the status link in the PSU Quick Links on the right side of the chassis graphics. Table 5-32. Power Supply Health Status Information Item Description Name Displays the name of the PSU: PS-n, where n is the power supply number. Present Indicates whether the power supply is present (Yes or No). Health OK Indicates that the PSU is present and communicating with CMC. Indicates that the health of the PSU is OK.
Table 5-33. System Power Status Item Description Overall Power Health Displays the health status (OK, Non-Critical, Critical, Non-Recoverable, Other, Unknown) of the power management for the entire chassis. System Power Status Displays the power status (On, Off, Powering On, Powering Off) of the chassis. Redundancy Displays the power supply redundancy status. Values include: No: Power Supplies are not redundant. Yes: Full Redundancy in effect.
Table 5-34. Temperature Sensors Health Status Information (continued) Item Description Health OK Indicates that the module is present and communicating with CMC. In the event of a communication failure between CMC and the server, CMC cannot obtain or display the health status for the server. Warning Indicates that only warning alerts have been issued, and corrective action must be taken.
Viewing the LCD Status You can view the health status of the LCD using the chassis graphics associated with the chassis on the Chassis Health page. To view the health status for the LCD: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. The top section of Chassis Graphics depicts the front view of the chassis. LCD health status is indicated by the overlay of the LCD subgraphic: • No overlay - LCD is present, powered on, and communicating with CMC. There is no adverse condition.
Viewing World Wide Name/Media Access Control (WWN/MAC) IDs The WWN/MAC Summary page allows you to view the WWN configuration and MAC address of a slot in the chassis. Fabric Configuration The Fabric Configuration section displays the type of Input/Output fabric that is installed for Fabric A, Fabric B, and Fabric C. A green check mark indicates that the fabric is enabled for FlexAddress.
Configuring CMC Network Properties NOTE: Network configuration changes can result in the loss of connectivity on current network login. Setting Up Initial Access to CMC Before you can begin configuring CMC, you must first configure the CMC network settings to allow the CMC to be managed remotely. This initial configuration assigns the TCP/IP networking parameters that enable access to CMC. NOTE: You must have Chassis Configuration Administrator privilege to set up CMC network settings.
To configure the Network LAN settings: 1 Log in to the Web interface. 2 Click the Network tab. 3 Configure the CMC network settings described in Table 5-35 through Table 5-37 and click Apply Changes. To configure IP range and IP blocking settings, click the Advanced Settings button (see "Configuring CMC Network Security Settings" on page 157.) To refresh the contents of the Network Configuration page, click Refresh. To print the contents of the Network Configuration page, click Print. Table 5-35.
Table 5-35. Network Settings (continued) Setting Description Register CMC on DNS This property registers the CMC name on the DNS Server. Default: Unchecked (disabled) by default. NOTE: Some DNS Servers only register names of 31 characters or fewer. Make sure the designated name is within the DNS required limit. DNS CMC Name Displays the CMC name only when Register CMC on DNS is selected.
Table 5-35. Network Settings (continued) Setting Description Network Speed Set the network speed to 100 Mbps or 10 Mbps to match your network environment. NOTE: The Network Speed setting must match your network configuration for effective network throughput. Setting the Network Speed lower than the speed of your network configuration increases bandwidth consumption and slows network communication. Determine whether your network supports the above network speeds and set it accordingly.
Table 5-36. IPv4 Settings Setting Description Enable IPv4 Allow CMC to use the IPv4 protocol to communicate on the network. Clearing this box does not prevent IPv6 networking from occurring. Default: Checked (enabled) DHCP Enable Enables CMC to request and obtain an IP address from the IPv4 Dynamic Host Configuration Protocol (DHCP) server automatically.
Table 5-36. IPv4 Settings (continued) Setting Description Static Gateway Specifies the IPv4 gateway for the CMC Network Interface. NOTE: The Static IP Address, Static Subnet Mask, and Static Gateway fields are active only if DHCP Enable (the property field preceding these fields) is disabled (unchecked). In that case, you must manually type the Static IP Address, Static Subnet Mask, and Static Gateway for CMC to use over the network.
Table 5-36. IPv4 Settings (continued) Setting Description Static Preferred DNS Server Specifies the static IP address for the preferred DNS Server. The Static Preferred DNS Server is implemented only when Use DHCP to Obtain DNS Server Addresses is disabled. Static Alternate DNS Server Specifies the static IP address for the alternate DNS Server. The Static Alternate DNS Server is implemented only when Use DHCP to obtain DNS Server addresses is disabled.
Table 5-37. IPv6 Settings Setting Description Enable IPv6 Allows CMC to use the IPv6 protocol to communicate on the network. Unchecking this box does not prevent IPv4 networking from occurring. Default: Checked (enabled) AutoConfiguration Enable Allows CMC to use the IPv6 protocol to obtain IPv6 related address and gateway settings from an IPv6 router configured to provide this information. CMC then has a unique IPv6 address on your network.
Table 5-37. IPv6 Settings (continued) Setting Description Static Preferred DNS Server Specifies the static IPv6 Address for the preferred DNS Server. The entry for Static Preferred DNS Server is considered only when Use DHCP to Obtain DNS Server Addresses is disabled or unchecked. There is an entry for this Server in both IPv4 and IPv6 configuration areas. Static Alternate DNS Specifies the static IPv6 Address for the alternate DNS Server Server.
Table 5-38. Network Security Page Settings (continued) Settings Description IP Range Mask Defines a specific range of IP addresses that can access the CMC, a process called IP range checking. IP range checking allows access to CMC only from clients or management stations whose IP addresses are within the user-specified range. All other logins are denied. For example: IP range mask: 255.255.255.0 (11111111.11111111.11111111.00000000) IP range address:192.168.0.255 (11000000.10101000.00000000.
Configuring VLAN VLANs are used to allow multiple virtual LANs to co-exist on the same physical network cable and to segregate the network traffic for security or load management purposes. When you enable the VLAN functionality, each network packet is assigned a VLAN tag. To configure VLAN: 1 Log in to the Web interface. 2 Click the Network tabVLAN subtab. The VLAN Tag Settings page displays. VLAN tags are chassis properties. They remain with the chassis even when a component is removed.
Adding and Configuring CMC Users To manage your system with CMC and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs. User Types There are two types of users: CMC users and iDRAC users. CMC users are also known as "chassis users." Since iDRAC resides on the server, iDRAC users are also known as "server users.
Table 5-40. User Types (continued) Privilege Description Chassis Configuration Administrator User can add or change data that: • Identifies the chassis, such as chassis name and chassis location • Is assigned specifically to the chassis, such as IP mode (static or DHCP), static IP address, static gateway, and static subnet mask • Provides services to the chassis, such as date and time, firmware update, and CMC reset. • Is associated with the chassis, such as slot name and slot priority.
Table 5-40. User Types (continued) Privilege Description Server Administrator This is a blanket privilege, granting a CMC user all rights to perform any operation on any servers present in the chassis. When a user with Server Administrator privilege issues an action to be performed on a server, the CMC firmware sends the command to the targeted server without checking the user's privileges on the server.
Table 5-40. User Types (continued) Privilege Description Server Administrator (continued) Server Configuration Administrator: • Set IP address • Set gateway • Set subnet mask • Set first boot device Configure Users: • Set iDRAC root password • iDRAC reset Server Control Administrator: • Power on • Power off • Power cycle • Graceful shutdown • Server Reboot Test Alert User User can send test alert messages. Debug Command Administrator User can execute system diagnostic commands.
The CMC user groups provide a series of user groups that have pre-assigned user privileges. NOTE: If you select Administrator, Power User, or Guest User, and then add or remove a privilege from the pre-defined set, the CMC Group automatically changes to Custom. . Table 5-41.
Table 5-41. CMC Group Privileges (continued) User Group Privileges Granted Custom Select any combination of the following permissions: • CMC Login User • Chassis Configuration Administrator • User Configuration Administrator • Clear Logs Administrator • Chassis Control Administrator (Power Commands) • Super User • Server Administrator • Test Alert User • Debug Command Administrator • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator None Table 5-42.
Table 5-42.
Users can be logged in through Web interface, Telnet serial, SSH, and iKVM sessions. A maximum of 22 active sessions (Web interface, Telnet serial, SSH, and iKVM, in any combination) can be divided among users. NOTE: For added security, it is strongly recommended that you change the default password of the root (User 1) account. The root account is the default administrative account that ships with CMC. To change the default password for the root account, click User ID 1 to open the User Configuration page.
Table 5-43. General User Settings for Configuring a New or Existing CMC Username and Password (continued) Property Description User Name Sets or displays the unique CMC user name associated with the user. The user name can contain up to 16 characters. CMC user names cannot include forward slash (/) or period (.) characters. NOTE: If you change the user name, the new name does not appear in the user interface until your next login.
Configuring and Managing Microsoft Active Directory Certificates NOTE: To configure Active Directory settings for CMC, you must have Chassis Configuration Administrator privilege. NOTE: For more information about Active Directory configuration and how to configure Active Directory with Standard Schema or Extended Schema, see "Using the CMC Directory Service" on page 259. You can use the Microsoft Active Directory service to configure your software to provide access to CMC.
Table 5-44. Common Settings (continued) Field Description Enable Smart Card Enables Active Directory inter-operation based on the Kerberos Login Authentication supported by a Dell-supplied, auto-installed browser plug-in and Smart Card usage. To enable Smart Card, select the check box. To disable Smart Card, clear the check box. If you enable Smart Card, you must also configure your Microsoft Windows Client Workstation to correctly operate with Smart Card Reader functionality.
Table 5-44. Common Settings (continued) Field Description Enable SSL Certificate Validation Enables SSL certificate validation for CMC's Active Directory SSL connection. To disable the SSL certificate validation, clear the check box. CAUTION: Disabling this feature may expose the authentication to a man-in-the-middle attack. The browser operation requires that CMC be accessed through a HTTP URL which contains a fully qualified domain address for CMC, that is http://cmc-6g2wxf1.dom.net.
Table 5-44. Common Settings (continued) Field Description Enabling Smart Card enforces a Smart Card Only policy for browser authentication. All other methods of browser authentication such as Local or Active Directory username/password authentication are restricted. If the Smart Card Only usage enforcement policy is to be adopted, it is important that the Smart Card operation be fully validated before all other access methods to CMC are disabled.
Standard Schema Settings The Standard Schema settings are displayed when Microsoft Active Directory (Standard Schema) is selected. This section describes the role groups with associated names, domains, and privileges for any role groups that have already been configured. To change the settings for a role group, click the role group button in the Role Groups list. NOTE: If you click a role group link prior to applying any new settings you have made, you lose those settings.
Extended Schema Settings These Extended Schema settings with the following properties are displayed when Microsoft Active Directory (Extended Schema) is selected: • CMC Device Name - Displays the name of the RAC Device Object you created for CMC. The CMC Device Name uniquely identifies the CMC card in Active Directory. The CMC Device Name must be the same as the common name of the new RAC Device Object you created in your domain controller.
The following controls enable you to upload and download this certificate: • Upload - Initiates the upload process for the certificate. This certificate, which you obtain from Active Directory, grants access to CMC. • Download - Initiates the download process. You are prompted for the location to save the file. When you select this option and click Next, a File Download dialog box appears. Use this dialog box to specify a location on your management station or shared network for the server certificate.
Configuring and Managing Generic Lightweight Directory Access Protocol Services You can use the Generic Lightweight Directory Access Protocol (LDAP) Service to configure your software to provide access to CMC. LDAP allows you to add and control the CMC user privileges of your existing users. NOTE: To configure LDAP settings for CMC, you must have Chassis Configuration Administrator privilege. To view and configure LDAP: 1 Log in to the Web interface.
Table 5-45. Common Settings (continued) Setting Description Attribute of User Login Specifies the attribute to search for. If not configured, the default is to use uid. It is recommended to be unique within the chosen base DN, otherwise a search filter must be configured to ensure the uniqueness of the login user.If the user DN cannot be uniquely identified by searching the combination of attribute and search filter, login fails with an error.
Selecting Your LDAP Servers You can configure the server to use with Generic LDAP in two ways. Static Servers allows the administrator to place a FQDN or IP address within the field. Alternatively, a list of LDAP servers can be retrieved by looking up their SRV record within the DNS. The following are the properties in the LDAP Servers section: • Use Static LDAP Servers - Selecting this option causes the LDAP service to use the specified servers with the port number provided (see details below).
Managing LDAP Group Settings The table in the Group Settings section lists role groups, displaying associated names, domains, and privileges for any role groups that are already configured. • To configure a new role group, click a role group name that does not have a name, domain, and privilege listed. • To change the settings for an existing role group, click the role group name. When you click a role group name, the Configure Role Group page appears.
The following controls enable you to upload and download this certificate: • Upload - Initiates the upload process for the certificate. This certificate, which you obtain from your LDAP server, grants access to CMC. • Download - Initiates the download process. You are prompted for the location to save the file. When you select this option and click Next, a File Download dialog box appears. Use this dialog box to specify a location on your management station or shared network for the server certificate.
This encryption process provides a high level of data protection. CMC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America. The CMC Web server includes a Dell self-signed SSL digital certificate (Server ID). To ensure high security over the Internet, replace the Web server SSL certificate by submitting a request to CMC to generate a new Certificate Signing Request (CSR).
To access the SSL main menu: 1 Log in to the Web interface. 2 Click the Network tab, and then click the SSL subtab. The SSL Main Menu page appears. Use the SSL Main Menu page options to generate a CSR to send to a certificate authority. The CSR information is stored on the CMC firmware. Generating a New Certificate Signing Request To ensure security, it is strongly recommended that you obtain and upload a secure server certificate to CMC.
Table 5-46. SSL Main Menu Options (continued) Field Description Upload Webserver key and Certificate Select this option and click Next to open the Webserver Key and Certificate Upload page, where you can upload an existing Web server key and server certificate that your company holds title to and uses to control access to CMC. NOTE: Only X.509, Base64 encoded certificates are accepted by CMC. Binary DER-encoded certificates are not accepted.
To generate a CSR: 1 From the SSL Main Menu page, select Generate a New Certificate Signing Request (CSR), and then click Next. The Generate Certificate Signing Request (CSR) page displays. 2 Type a value for each CSR attribute value. 3 Click Generate. A File Download dialog box appears. 4 Save the csr.txt file to your management station or shared network. (You may also open the file at this time and save it later.) You must later submit this file to a certificate authority. Table 5-47.
Table 5-47. Generate Certificate Signing Request (CSR) Page Options (continued) Field Description Locality The city or other location of your organization (examples: Atlanta, Hong Kong). Valid: Alphanumeric characters (A–Z, a–z, 0–9) and spaces. Not Valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). State The state, province, or territory where the entity that is applying for a certification is located (examples: Texas, New South Wales, Andhra Pradesh).
Uploading a Server Certificate To upload a server certificate: 1 From the SSL Main Menu page, select Upload Server Certificate Based on Generated CSR, and then click Next. The Certificate Upload page displays. 2 Type the file path in the text field, or click Browse to select the file. 3 Click Apply. If the certificate is invalid, an error message displays. NOTE: The File Path value displays the relative file path of the certificate you are uploading.
Viewing a Server Certificate From the SSL Main Menu page, select View Server Certificate, and then click Next. The View Server Certificate page displays. Table 5-48 describes the fields and associated descriptions listed in the Certificate window. Table 5-48. Certificate Information Field Description Serial Certificate serial number. Subject Certificate attributes entered by the subject. Issuer Certificate attributes returned by the issuer. notBefore Issue date of the certificate.
To manage or terminate a session: 1 Log in to CMC through the Web. 2 Click the Network tab then click the Sessions subtab. 3 On the Sessions page, locate the session you want to terminate and click the appropriate button. Table 5-49 displays the Sessions properties. Table 5-49. Sessions Properties Property Description Session ID Displays the sequentially generated ID number for each instance of a login. Username Displays the user's login name (local user or Active Directory user).
Configuring Services CMC includes a Web server that is configured to use the industry-standard SSL security protocol to accept and transfer encrypted data from and to clients over the Internet. The Web server includes a Dell self-signed SSL digital certificate (Server ID) and is responsible for accepting and responding to secure HTTP requests from clients. This service is required by the Web interface and remote CLI tool for communicating to CMC.
Table 5-50. CMC Serial Console Settings Setting Description Enabled Enables Telnet console interface on CMC. Default: Unchecked (disabled) Redirect Enabled Enables the serial/text console redirection to the server through your serial/Telnet/SSH client from CMC. The CMC connects to iDRAC that internally connects to the server COM2 port.
Table 5-50. CMC Serial Console Settings (continued) Setting Description Escape Key Allows you to specify the Escape key combination that terminates serial/text console redirection when using the connect or racadm connect command. Default: ^\ (Hold and type a backslash (\) character) NOTE: The caret character ^ represents the key.
Table 5-51. Web Server Settings Setting Description Enabled Enables Web Server services (access through remote RACADM and the Web interface) for CMC. Default: Checked (enabled) Max Sessions Displays the maximum number of simultaneous Web user interface sessions allowed for the chassis. A change to the Max Sessions property takes effect at the next login; it does not affect current Active Sessions (including your own). The remote RACADM is not affected by the Max Sessions property for the Web Server.
Table 5-51. Web Server Settings (continued) Setting Description HTTP Port Number Displays the default port used by CMC that listens for a server connection. NOTE: When you provide the HTTP address on the browser, the Web server automatically redirects and uses HTTPS.
Table 5-52. SSH Settings Setting Description Enabled Enables the SSH on CMC. Default: Checked (enabled) Max Sessions The maximum number of simultaneous SSH sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-53. Telnet Settings Setting Description Enabled Enables Telnet console interface on CMC. Default: Unchecked (disabled) Max Sessions Displays the maximum number of simultaneous Telnet sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-54. Remote RACADM Settings Setting Description Enabled Enables the remote RACADM utility access to CMC. Default: Checked (enabled) Max Sessions Displays the maximum number of simultaneous RACADM sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-56. Remote Syslog Configuration Setting Description Enabled Enables the transmission and remote capture of CMC log and Hardware log entries to the specified server(s). Valid values: Checked (enabled), unchecked (disabled) Default: unchecked (disabled) Syslog Server 1 The first of three possible servers to host a copy of the CMC and hardware log entries. Specified as a Host Name, an IPv6 address, or an IPv4 address.
Managing Firmware Updates This section describes how to use the Web interface to update firmware.
To open an update page for selected devices: 1 Click on the device name or select the Select/Deselect All option. 2 Click Apply Update. An update page for the selected devices displays. If the chassis contains an earlier generation server whose iDRAC is in recovery mode or if CMC detects that iDRAC has corrupted firmware, then the earlier generation iDRAC is also listed on the Firmware Update page. For the steps to recover iDRAC firmware using CMC, see "Recovering iDRAC Firmware Using CMC" on page 205.
The basic steps involved in updating device firmware are: 1 Select the devices to update. 2 Click the Apply button below the grouping. 3 Click Browse to select the firmware image. 4 Click Begin Firmware Update to start the update process. A message that states Transferring file image is displayed, followed by a status progress page. NOTE: Be sure you have the latest firmware version. You can download the latest firmware image file from the Dell Support website at support.dell.com.
To update the CMC firmware: 1 On the Firmware Update page, select CMC or CMCs to update by selecting the Update Targets check box for CMC(s). Both CMCs can be updated at the same time. 2 Click the Apply CMC Update button below the CMC component list. NOTE: The default CMC firmware image name is firmimg.cmc. CMC firmware should be updated first, before updating IOM infrastructure device firmware.
Updating the iKVM Firmware NOTE: The iKVM resets and becomes temporarily unavailable after the firmware has been uploaded successfully. 1 Log back in to CMC Web interface. 2 Select Chassis Overview in the system tree. 3 Click the Update tab. The Firmware Update page appears. 4 Select the iKVM to update by selecting the Update Targets check box for that iKVM. 5 Click the Apply iKVM Update button below the iKVM component list.
Updating the IOM Infrastructure Device Firmware By performing this update, the firmware for a component of the IOM device is updated, but not the firmware of the IOM device itself; the component is the interface circuitry between the IOM device and CMC. The update image for the component resides in the CMC file system, and the component displays as an updatable device on the CMC Web GUI only if the current revision on the component and the component image on CMC do not match.
NOTE: No file transfer timer is displayed when updating IOMINF firmware. The update process may cause a brief loss of connectivity to the IOM device since the device performs a restart when the update is complete. When the update is complete, the new firmware is displayed and the updated system is no longer present on the Firmware Update page. Updating the Server iDRAC Firmware NOTE: The iDRAC (on a Server) resets and become temporarily unavailable after firmware updates have been uploaded successfully.
Recovering iDRAC Firmware Using CMC iDRAC firmware is typically updated using iDRAC facilities such as the iDRAC Web interface, the SM-CLP command line interface, or operating system specific update packages downloaded from support.dell.com. See the iDRAC Firmware User’s Guide for instructions for updating the iDRAC firmware. Early generations of servers can have corrupted firmware recovered using the new update iDRAC firmware process.
Updating Server Component Firmware Using Lifecycle Controller The Lifecycle Controller is a service available on each of the servers and is facilitated by iDRAC. The Server Component Update page enables you to manage the firmware of the components and devices on the servers using the Lifecycle Controller service. Before using the Lifecycle Controller based update feature, server firmware versions must be updated.
Normally, the USC firmware is installed through an appropriate installation package that has to be executed on the server OS. A special repair or installation package with file extension .usc is available on the native iDRAC Web-Browser interface. This package enables to install the USC firmware through the usual firmware update facility. For more information, see the Dell Lifecycle Controller USC/USC-LCE User's Guide. The Server Component Update page enables you to update firmwares on your system.
Examples Following are some examples where the filtering mechanisms are applied: • If the BIOS filter is selected, only the BIOS inventory for all servers is presented. If the set of servers consists of a number of server models, and a server is selected for BIOS update, the automatic filtering logic automatically removes all the other servers that do not match with the model of the selected server.
if a BIOS component on one of the servers is selected for update, the filter is set to the BIOS automatically and the inventory section displays the servers that match the model name of the selected server. Enabling the filter allows the associated component or device to be filtered on the Firmware Inventory section. After a filter is enabled, only the associated components or devices can be viewed across all servers present in the chassis.
If the inventory of components and devices does not reflect what is physically installed on the server, you must invoke the Unified Server Configurator Console (USC) when the server is in the boot process. This helps to refresh the internal components and devices information and provides another means to verify the currently installed components and devices. This situation occurs when: • The server iDRAC firmware is updated to newly introduce the Lifecycle Controller functionality to the server management.
Table 5-57. Component and Devices Information (continued) Field Description Component/Device Displays a description of the component or device on the server. If the column width is too narrow the mouse-over tool provides a view of the description. Current Version Displays the current version of component or device on the server.
Table 5-57. Component and Devices Information (continued) Field Description Update Selects the component or device for firmware update on the server. Use the CRTL key shortcut to select a type of component or device for update across all the applicable servers. Pressing and holding the CRTL key highlights all the components in yellow. While the CRTL key is pressed down, select the required component or device by enabling the associated check box in the Update column.
enables the firmware image file for the associated component or device to be specified. A specific selector is displayed for each type of component/device that is selected for update. NOTE: Only one selector per component or device category is displayed. This is more noticeable for the Network Interface Controller (NIC) devices and the RAID Controller devices. These devices can contain many types and models.
includes a firmware verification stage. Progress of this process can be observed by viewing the server console. If there are several components or devices that need to be updated on a server, you can consolidate all the updates into one scheduled operation thus minimizing the number of reboots required. Table 5-58 describes the buttons available and the actions that can be performed on the Server Component Update page: Table 5-58.
iDRAC QuickDeploy The iDRAC QuickDeploy section of the Deploy iDRAC page contains network configuration settings that are applied to newly inserted servers. You may use these settings to automatically populate the iDRAC Network Settings table that is below the QuickDeploy section. Once QuickDeploy is enabled, the QuickDeploy settings are applied to servers when that server is installed.
Table 5-59. QuickDeploy Settings (continued) Setting Description Enable iDRAC LAN Enables/disables the iDRAC LAN channel. Default: Unchecked (disabled) Enable iDRAC IPv4 Enables/disables IPv4 on iDRAC. Default setting is enabled. Enable iDRAC IPMI over LAN Enables/disables the IPMI over LAN channel for each iDRAC present in the chassis. Default: Unchecked (disabled) Enable iDRAC DHCP Enables/disables DHCP for each iDRAC present in the chassis.
Table 5-59. QuickDeploy Settings (continued) Setting Description Enable iDRAC IPv6 Enables IPv6 addressing for each iDRAC present in the chassis that is IPv6 capable. Enable iDRAC IPv6 Autoconfiguration Enables the iDRAC to obtain IPv6 settings (Address and prefix length) from a DHCPv6 server and also enables stateless address auto configuration. Default setting is enabled. iDRAC IPv6 Gateway Specifies the default IPv6 gateway to be assigned to the iDRACs. Default setting is "::".
To copy the QuickDeploy settings into the iDRAC Network Settings section, click Auto-Populate Using QuickDeploy Settings. The QuickDeploy network configurations settings are copied into the corresponding fields in the iDRAC Network Configuration Settings table. NOTE: Changes made to QuickDeploy fields are immediate, but changes made to one or more iDRAC server network configuration settings may require a couple of minutes to propagate from CMC to iDRAC.
Table 5-60. iDRAC Network Settings (continued) Setting Description Name Displays the server name of the server in each slot. By default, the slots are named SLOT-01 to SLOT-16. NOTE: The slot name cannot be blank or NULL. Enable LAN Enables (checked) or disables (unchecked) the LAN channel. NOTE: When LAN is not selected (disabled), all other network configuration settings, (IPMI over LAN, DHCP, IP Address Subnet Mask and Gateway) are not used. These fields are not accessible.
Table 5-60. iDRAC Network Settings (continued) Setting Description Autoconfiguration Enables the iDRAC to obtain IPv6 settings (Address and prefix length) from a DHCPv6 server and also enables stateless address auto configuration. NOTE: This option is available only if the server is IPv6 capable. Prefix Length Specifies the length, in bits, of the IPv6 subnet to which this iDRAC belongs. 6 To deploy the setting to iDRAC, click Apply iDRAC Network Settings button.
To launch a server remote console from the Servers Status page: 1 On System tree, select Server Overview. 2 Click Launch Remote Console in the table for the specified server. To launch a server Remote Console for an individual: 1 Expand Server Overview in the system tree. All servers (1–16) appear in the expanded servers list. 2 In the system tree, click the server you want to view. The Server Status page appears. 3 Click Launch Remote Console.
To launch the iDRAC management console for an individual server: 1 Log in to the CMC Web interface. 2 Expand Server Overview in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server you want to view. The Server Status page displays. 4 Click the Launch iDRAC GUI button. A user may be able to launch iDRAC GUI without having to login a second time, as this feature utilizes single sign-on. Single sign-on policies are described below.
FlexAddress This section describes the FlexAddress Web interface screens. FlexAddress is an optional upgrade that allows server modules to replace the factoryassigned WWN/MAC ID with a WWN/MAC ID provided by the chassis. NOTE: You must purchase and install the FlexAddress upgrade to have access to the configuration screens. If the upgrade has not been purchased and installed, the following text is displayed on the Web interface: Optional feature not installed.
To view whether FlexAddress is active for the chassis: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 107). 2 Click Chassis Overview in the system tree. 3 Click the Setup tab. The General Setup page appears. The FlexAddress entry has a value of Active or Not Active; a value of active means that the feature is installed on the chassis. A value of not active means that the feature is not installed and not in use on the chassis.
Viewing Server FlexAddress Status FlexAddress status information can also be displayed for each individual server. The server level information displays a FlexAddress status overview for that server. To view FlexAddress server information: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 107). 2 Expand Server Overview in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server you want to view. The Server Status page displays.
Table 5-61. Status Page Information Health OK Indicates that FlexAddress is present and providing status to CMC. In the event of a communication failure between CMC and FlexAddress, CMC cannot obtain or display health status for FlexAddress. Informational Displays information about FlexAddress when no change in health status (OK, Warning, Critical) has occurred. Warning Indicates that only warning alerts have been issued, and corrective action must be taken.
Configuring FlexAddress If you purchase FlexAddress with your chassis, is installed and active when you power up your system. If you purchase FlexAddress separately, you must install the SD feature card using the instructions in the Chassis Management Controller (CMC) Secure Digital (SD) Card Technical Specification document. See support.dell.com/manuals for this document. The server must be off before you begin configuration. You can enable or disable FlexAddress on a per fabric basis.
5 Click the check box for each fabric you want to enable FlexAddress on. To disable a fabric, click the check box to clear the selection. slots. NOTE: If no fabrics are selected, FlexAddress is not enabled for the selected The Select Slots for Chassis-Assigned WWN/MACs page displays an Enabled check box for each slot in the chassis (1 - 16). 6 Click the Enabled check box for each slot you want to enable FlexAddress on. If you want to select all slots, use the Select/Deselect All check box.
Remote File Sharing The Remote Virtual Media File Share option maps a file from a share drive on the network to one or more servers through CMC to deploy or update an operating system. When connected, the remote file is accessible as if it is on the local system. Two types of media are supported: floppy drives and CD/DVD drives. 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 107). 2 Click Server Overview in the system tree.
Table 5-62. Remote File Sharing Settings (continued) Setting Description Slot Identifies the location of the slot. Slot numbers are sequential from 1 to 16 (for the 16 available slots in the chassis). Name Displays the name of the slot. Slots are named depending on their position in the chassis. Model Displays the model name of the server. Power State Displays the power status of the server: N/A – CMC has not yet determined the power state of the server.
Frequently Asked Questions Table 5-63 lists the frequently asked questions while managing or recovering a remote system. . Table 5-63. Managing and Recovering a Remote System Question Answer When accessing the CMC Web interface, I get a security warning stating the host name of the SSL certificate does not match the host name of CMC. CMC includes a default CMC server certificate to ensure network security for the Web interface and remote RACADM features.
Table 5-63. Managing and Recovering a Remote System (continued) Question Answer Why are the remote RACADM and Web-based services unavailable after a property change? It may take a minute for the remote RACADM services and the Web interface to become available after the CMC Web server resets. The CMC Web server is reset after the following occurrences: • When changing the network configuration or network security properties using the CMC Web user interface.
Table 5-63. Managing and Recovering a Remote System (continued) Question Answer The following message is displayed for unknown reasons: As part of discovery, IT Assistant attempts to verify the device’s get and set community names. In IT Assistant, you have the get community name = public and the set community name = private. By default, the community name for the CMC agent is public.
Using the CMC Web Interface
6 Using FlexAddress The FlexAddress feature is an optional upgrade that allows server modules to replace the factory-assigned World Wide Name and Media Access Control (WWN/MAC) network IDs with WWN/MAC IDs provided by the chassis. Every server module is assigned unique WWN and/or MAC IDs as part of the manufacturing process.
Activating FlexAddress FlexAddress is delivered on a Secure Digital (SD) card that must be inserted into CMC to activate the feature. To activate the FlexAddress feature, software updates may be required; if you are not activating FlexAddress these updates are not required. The updates, which are listed in the table below, include server module BIOS, I/O mezzanine BIOS or firmware, and CMC firmware. You must apply these updates before you enable FlexAddress.
To ensure proper deployment of the FlexAddress feature, update the BIOS and the firmware in the following order: 1 Update all mezzanine card firmware and BIOS. 2 Update server module BIOS. 3 Update iDRAC firmware on the server module. 4 Update all CMC firmware in the chassis; if redundant CMCs are present, ensure both are updated. 5 Insert the SD card into the passive module for a redundant CMC module system or into the single CMC module for a non-redundant system.
Verifying FlexAddress Activation To ensure proper activation of FlexAddress, RACADM commands can be used to verify the SD feature card and FlexAddress activation. Use the following RACADM command to verify the SD feature card and its status: racadm featurecard -s Table 6-1. Status Messages Returned by featurecard -s Command Status Message Actions No feature card inserted. Check CMC to verify that the SD card was properly inserted.
The command returns the following status message: Feature = FlexAddress Date Activated = 8 April 2008 - 10:39:40 Feature installed from SD-card SN = 01122334455 If there are no active features on the chassis, the command returns a message: racadm feature -s No features active on the chassis. Dell Feature Cards may contain more than one feature.
Deactivating FlexAddress Use the following RACADM command to deactivate the FlexAddress feature and restore the SD card: racadm feature -d -c flexaddress The command returns the following status message upon successful deactivation: feature FlexAddress is deactivated on the chassis successfully.
Use the following RACADM command to enable or disable fabrics: racadm setflexaddr [-f ] = = A, B, C, or iDRAC 0 or 1 Where 0 is disable and 1 is enable. Use the following RACADM command to enable or disable slots: racadm setflexaddr [-i ] = 1 to 16 = 0 or 1 Where 0 is disable and 1 is enable.
• Slot number and name • Chassis-assigned and server-assigned addresses • Addresses in use Use the following RACADM command to display FlexAddress status for the entire chassis: racadm getflexaddr To display FlexAddress status for a particular slot: racadm getflexaddr [-i ] = 1 to 16 See "Configuring FlexAddress Using the CLI" on page 240 for additional details on FlexAddress configuration.
The Web interface displays an error that states: This feature card was activated with a different chassis. It must be removed before accessing the FlexAddress feature.
The original feature card is no longer eligible for deactivation on that or any other chassis, unless Dell Service re-programs the original chassis service tag back into a chassis, and CMC that has the original feature card is made active on that chassis. • The FlexAddress feature remains activated on the originally bound chassis. The binding of that chassis feature is updated to reflect the new service tag.
9 What happens if a chassis with a single CMC is downgraded with firmware prior to 1.10? • The FlexAddress feature and configuration is removed from the chassis. • The feature card used to activate the feature on this chassis is unchanged, and remains bound to the chassis. When this chassis’s CMC firmware is subsequently upgraded to 1.
12 I have the SD card properly installed and all the firmware/software updates installed. I see that FlexAddress is active, but I can’t see anything on the server deployment screen to deploy it? What is wrong? This is a browser caching issue; shut down the browser and relaunch. 13 What happens to FlexAddress if I need to reset my chassis configuration using the RACADM command, racresetcfg? The FlexAddress feature is still be activated and ready to use. All fabrics and slots is selected as default.
Table 6-2. FlexAddress Commands and Output (continued) Situation Command SD card in the active $racadm featurecard -s CMC module that is bound to the same service tag. Output The feature card inserted is valid and contains the following feature(s) FlexAddress: The feature card is bound to this chassis SD card in the active $racadm featurecard -s CMC module that is not bound to any service tag.
Table 6-2. FlexAddress Commands and Output (continued) Situation Command Output Deactivating $racadm feature -d FlexAddress feature -c flexaddress with chassis powered ON. ERROR: Unable to deactivate the feature because the chassis is powered ON Guest user tries to deactivate the feature on the chassis.
FlexAddress DELL SOFTWARE LICENSE AGREEMENT This is a legal agreement between you, the user, and Dell Products L.P. or Dell Global B.V. ("Dell"). This agreement covers all software that is distributed with the Dell product, for which there is no separate license agreement between you and the manufacturer or owner of the software (collectively the "Software"). This agreement is not for the sale of Software or any other intellectual property.
The Software is protected by United States copyright laws and international treaties. You may make one copy of the Software solely for backup or archival purposes or transfer it to a single hard disk provided you keep the original solely for backup or archival purposes.
AND ALL ACCOMPANYING WRITTEN MATERIALS. This limited warranty gives you specific legal rights; you may have others, which vary from jurisdiction to jurisdiction. IN NO EVENT SHALL DELL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR OTHER PECUNIARY LOSS) ARISING OUT OF USE OR INABILITY TO USE THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
documentation with only those rights set forth herein. Contractor/manufacturer is Dell Products, L.P., One Dell Way, Round Rock, Texas 78682. GENERAL This license is effective until terminated. It terminates upon the conditions set forth above or if you fail to comply with any of its terms. Upon termination, you agree that the Software and accompanying materials, and all copies thereof, is destroyed. This agreement is governed by the laws of the State of Texas. Each provision of this agreement is severable.
Using FlexAddress Plus 7 The FlexAddress Plus is a new feature added to the feature card version 2.0. It is an upgrade from FlexAddress feature card version 1.0. FlexAddress Plus contains more MAC addresses than the FlexAddress feature. Both features allow the chassis to assign WWN/MAC (World Wide Name/Media Access Control) addresses to Fibre Channel and Ethernet devices. Chassis assigned WWN/MAC addresses are globally unique and specific to a server slot.
FlexAddress vs FlexAddress Plus FlexAddress has 208 addresses divided into 16 server slots, thus each slot is allocated with 13 MACs. FlexAddress Plus has 2928 addresses divided into 16 server slots, thus each slot is allocated with 183 MACs. The table below shows the provision of the MAC addresses in both the features. Fabric A Fabric B Fabric C iDRAC Management Total MACs FlexAddress 4 4 4 1 13 FlexAddress 60 Plus 60 60 3 183 Figure 7-1.
Scheme 1 and Scheme 2 MAC Address Allocation For backward compatibility with FA, the addresses in FA+ are divided into two groups: the first group has 208 addresses and the second group has 2928 addresses. In the first group, 13 MACs are allocated to each of the 16 slots in the same way FA does. In the second group, 183 MACs are allocated for each slot. The allocation of the 13 MAC addresses of the first group for each server is divided as: one for iDRAC and four for each fabric, A, B, and C.
If a chassis currently has FA activated, FA does not need to be deactivated in order to add FA+. In this case, the MAC address allocations are applied as follows: • The MAC addresses of scheme 1 are allocated from FA of the feature card 1.0. There is no change in the previous WWN/MAC configuration. • The additional MAC addresses of scheme 2 are allocated from the scheme 2 addresses of FA+.
Fabric A port 2: 00:FA:AE:58:59:2E (from FA) 00:FA:AE:58:59:2F (from FA) 00:FB:AE:58:5A:00 (from FA+) 00:FB:AE:58:5A:01 (from FA+) Fabric B port 1: 00:FA:AE:58:59:30 (from FA) 00:FA:AE:58:59:31 (from FA) Fabric B port 2: 00:FA:AE:58:59:32 (from FA) 00:FA:AE:58:59:33 (from FA) Fabric C port 1: 00:FA:AE:58:59:34 (from FA) 00:FA:AE:58:59:35 (from FA) Fabric C port 2: 00:FA:AE:58:59:36 (from FA) 00:FA:AE:58:59:37 (from FA) When a chassis with no previous FA—either it has never been activated or it was
Fabric B port 2: 00:FB:AE:58:59:32 (FA) 00:FB:AE:58:59:33 (FA) Fabric C port 1: 00:FB:AE:58:59:34 (FA) 00:FB:AE:58:59:35 (FA) Fabric C port 2: 00:FB:AE:58:59:36 (FA) 00:FB:AE:58:59:37 (FA) 258 Using FlexAddress Plus
8 Using the CMC Directory Service A directory service maintains a common database of all information needed for controlling network users, computers, printers, and so on. If your company uses the Microsoft Active Directory service software or the LDAP Directory Service software, you can configure CMC to use directory based user authentication.
Standard Schema Active Directory Overview Using standard schema for Active Directory integration requires configuration on both Active Directory and CMC. On the Active Directory side, a standard group object is used as a role group. A user who has CMC access is a member of the role group. In order to give this user access to a specific CMC card, the role group name and its domain name need to be configured on the specific CMC card.
Table 8-1.
NOTE: The bit mask values are used only when setting Standard Schema with the RACADM. NOTE: For more information about user privileges, see "User Types" on page 160. There are two ways to enable Standard Schema Active Directory: • With the CMC Web interface. See "Configuring CMC With Standard Schema Active Directory and Web Interface" on page 262. • With the RACADM CLI tool. See "Configuring CMC With Standard Schema Active Directory and RACADM" on page 265.
5 In the Common Settings section: a Select the Enable Active Directory check box. b Type the Root Domain Name. NOTE: The Root domain name must be a valid domain name using the x.y naming convention, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. c Type the Timeout in seconds. Timeout range is 15–300 seconds. Default timeout period is 90 seconds.
14 Upload your domain forest Root certificate authority-signed certificate into CMC. In the Certificate Management section, type the file path of the certificate or browse to the certificate file. Click the Upload button to transfer the file to CMC. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension.
Configuring CMC With Standard Schema Active Directory and RACADM To configure the CMC Active Directory Feature with Standard Schema using the RACADM CLI, use the following commands: 1 Open a serial/Telnet/SSH text console to the CMC, and type: racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g cfgActiveDirectory -o cfgADType 2 racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupName
2 Specify a DNS server using one of the following options: • If DHCP is enabled on CMC and you want to use the DNS address obtained automatically by the DHCP server, type the following command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 • If DHCP is disabled on CMC or you want manually to input your DNS IP address, type the following commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm c
You can extend the Active Directory database by adding your own unique Attributes and Classes to address your company’s environment-specific needs. Dell has extended the schema to include the necessary changes to support remote management Authentication and Authorization. Each Attribute or Class that is added to an existing Active Directory Schema must be defined with a unique ID. To maintain unique IDs across the industry, Microsoft maintains a database of Active Directory Object Identifiers (OIDs).
The RAC Device object is the link to the RAC firmware for querying Active Directory for authentication and authorization. When a RAC is added to the network, the Administrator must configure the RAC and its device object with its Active Directory name so users can perform authentication and authorization with Active Directory. Additionally, the Administrator must add the RAC to at least one Association Object in order for users to authenticate.
The Association Object allows for as many or as few users and/or groups as well as RAC Device Objects. However, the Association Object only includes one Privilege Object per Association Object. The Association Object connects the "Users" who have "Privileges" on the RACs (CMCs). Additionally, you can configure Active Directory objects in a single domain or in multiple domains. For example, you have two CMCs (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3).
To configure the objects for the single domain scenario: 1 Create two Association Objects. 2 Create two RAC Device Objects, RAC1 and RAC2, to represent the two CMCs. 3 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privilege. 4 Group user1 and user2 into Group1. 5 Add Group1 as Members in Association Object 1 (A01), Priv1 as Privilege Objects in A01, and RAC1, RAC2 as RAC Devices in A01.
Figure 8-4. Setting Up Active Directory Objects in Multiple Domains Domain1 Domain2 AO1 Group1 User1 User2 AO2 Priv1 User3 Priv2 RAC1 RAC2 To configure the objects for the multiple domain scenario: 1 Ensure that the domain forest function is in Native or Windows 2003 mode. 2 Create two Association Objects, A01 (of Universal scope) and A02, in any domain. Figure 8-4 shows the objects in Domain2. 3 Create two RAC Device Objects, RAC1 and RAC2, to represent the two CMCs.
6 Add Group1 as Members in Association Object 1 (A01), Priv1 as Privilege Objects in A01, and RAC1, RAC2 as RAC Devices in A01. 7 Add User3 as Members in Association Object 2 (A02), Priv2 as Privilege Objects in A02, and RAC2 as RAC Devices in A02. Configuring Extended Schema Active Directory to Access Your CMC Before using Active Directory to access your CMC, configure the Active Directory software and CMC: 1 Extend the Active Directory schema (see "Extending the Active Directory Schema" on page 272).
You can extend your schema using one of the following methods: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit is not be added to the schema.
4 Click Next to run the Dell Schema Extender. 5 Click Finish. The schema is extended. To verify the schema extension, use the Microsoft Management Console (MMC) and the Active Directory Schema Snap-In to verify that the following exist: • Classes — see Table 8-2 through Table 8-7 • Attributes — see Table 8-8 See your Microsoft documentation for more information on how to enable and use the Active Directory Schema Snap-In the MMC. Table 8-2.
Table 8-4. dellAssociationObject Class OID 1.2.840.113556.1.8000.1280.1.1.1.2 Description Represents the Dell Association Object. The Association Object provides the connection between the users and the devices. Class Type Structural Class SuperClasses Group Attributes dellProductMembers dellPrivilegeMember Table 8-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines Authorization Rights (privileges) for the CMC device.
Table 8-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 8-7. dellProduct Class OID 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived. Class Type Structural Class SuperClasses Computer Attributes dellAssociationMembers Table 8-8.
Table 8-8. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellIsCardConfigAdmin Description: TRUE if the user has Card Configuration rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.4 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsLoginUser Description: TRUE if the user has Login rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.3 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.
Table 8-8. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellIsTestAlertUser Description: TRUE if the user has Test Alert User rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsDebugCommandAdmin Description: TRUE if the user has Debug Command Admin rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.
Table 8-8. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued OID: 1.2.840.113556.1.8000.1280.1.6.2.1 Integer (LDAPTYPE_INTEGER) Attribute: dellPermissionsMask2 OID: 1.2.840.113556.1.8000.1280.1.6.2.
2 In the Console 1 window, click File (or Console on systems running Windows 2000). 3 Click Add/Remove Snap-in. 4 Select the Active Directory Users and Computers Snap-In and click Add. 5 Click Close. Adding CMC Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-In, you can add CMC users and privileges by creating RAC, Association, and Privilege objects. To add each object type: 1 Create a RAC device Object. 2 Create a Privilege Object.
3 Type a name for the new object. 4 Select Privilege Object and click OK. 5 Right-click the privilege object that you created, and select Properties. 6 Click the RAC Privileges tab and select the privileges that you want the user to have. For more information about CMC user privileges, see "User Types" on page 160. Creating an Association Object The Association Object is derived from a Group and must contain a Group Type. The Association Scope specifies the Security Group Type for the Association Object.
Adding Users or User Groups To add users or users groups: 1 Right-click the Association Object and select Properties. 2 Select the Users tab and click Add. 3 Type the user or User Group name and click OK. Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to a RAC device. Only one privilege object can be added to an Association Object.
Configuring CMC With Extended Schema Active Directory and the Web Interface To configure CMC with Extended Schema Active Directory and the Web Interface: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click User Authentication Directory Services. The Directory Services page is displayed. 4 Select Microsoft Active Directory (Extended Schema). 5 In the Common Settings section: a Verify that the Enable Active Directory check box is checked. b Type the Root Domain Name.
NOTE: Domain controller and global catalog servers that are not correctly configured for all domains and applications may produce unexpected results during the functioning of the existing applications/domains. 7 In the Extended Schema Settings section: a Type the CMC Device Name. The CMC Name uniquely identifies the CMC card in Active Directory. The CMC Name must be the same as the common name of the new CMC object you created in your Domain Controller.
To turn off SSL certificate validation: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0 The SSL certificates for the domain controller must be signed by the root certificate authority. The root certificate authority-signed certificate must be available on the management station accessing CMC. 10 Click Apply. The CMC Web server automatically restarts after you click Apply. 11 Log back in to the CMC Web interface.
Configuring CMC With Extended Schema Active Directory and RACADM Use the following commands to configure the CMC Active Directory Feature with Extended Schema using the RACADM CLI tool instead of the Web interface.
To specify an LDAP server, type: racadm config -g cfgActiveDirectory -o cfgADDomainController To specify a Global Catalog server, type: racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog NOTE: Setting the IP address as 0.0.0.0 disables CMC from searching for a server. NOTE: You can specify a list of LDAP or global catalog servers separated by commas. CMC allows you to specify up to three IP addresses or host names.
Frequently Asked Questions Table 8-9. Using CMC With Active Directory: Frequently Asked Questions Question Answer Can I log into CMC using Active Directory across multiple trees? Yes. The CMC’s Active Directory querying algorithm supports multiple trees in a single forest. Does the login to CMC using Active Directory work in mixed mode (that is, the domain controllers in the forest run different operating systems, such as Microsoft Windows 2000 or Windows Server 2003)? Yes.
Table 8-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question Answer I created and uploaded a new RAC certificate and now the Web interface does not launch. If you use Microsoft Certificate Services to generate the RAC certificate, you may have inadvertently chose User Certificate instead of Web Certificate when creating the certificate.
Table 8-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question Answer What can I do if I cannot log into CMC using Active Directory authentication? How do I troubleshoot the issue? 1 Ensure that you use the correct user domain name during a login and not the NetBIOS name. 2 If you have a local CMC user account, log into CMC using your local credentials.
Configuring Single Sign-On Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008 can use Kerberos, a network authentication protocol, as an authentication method allowing users who have signed in to the domain an automatic or single sign-on to subsequent applications such as Exchange. Starting with CMC version 2.10, CMC can use Kerberos to support two additional types of login mechanisms—single sign-on and Smart Card login.
Client Systems • For only Smart Card login, the client system must have the Microsoft Visual C++ 2005 redistributable. For more information see www.microsoft.com/downloads/details.aspx?FamilyID= 32BC1BEEA3F9-4C13-9C99-220B62A191EE&displaylang=en • For Single Sign-On and Smart Card login, the client system must be a part of the Active Directory domain and Kerberos Realm. CMC • CMC must have firmware version 2.
Run the ktpass utility—part of Microsoft Windows—on the domain controller (Active Directory server) where you want to map CMC to a user account in Active Directory. For example, C:\>ktpass -princ HTTP/cmcname.domain_name.com@REALM_NAME.COM -mapuser dracname -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out c:\krbkeytab NOTE: The cmcname.domainname.com must be lower case as required by RFC and the REALM name, @REALM_NAME must be uppercase.
To upload the keytab file: 1 Navigate to the User Authentication tab Directory Services subtab. Ensure that Microsoft Active Directory Standard or Extended Schema is selected. If not, select your preference and click Apply. 2 Click Browse on the Kerberos Keytab Upload section, navigate to the folder where the keytab file is saved and click Upload. When the upload is complete, a message box is displayed indicating a successful or failed upload.
Configuring the Browser For Single Sign-On Login Single Sign-on is supported on Internet Explorer versions 6.0 and later and Firefox versions 3.0 and later. NOTE: The following instructions are applicable only if CMC uses Single Sign-On with Kerberos authentication. Internet Explorer To configure Internet Explorer for Single Sign-On: 1 In the Internet Explorer, select ToolsInternet Options. 2 On the Security tab, under Select a zone to view or change security settings, select Local Intranet.
Logging into CMC Using Single Sign-On NOTE: You cannot use the IP address to log into the Single Sign-On or Smart Card login. Kerberos validates your credentials against the Fully Qualified Domain Name (FQDN). To log in to CMC using Single Sign-on: 1 Log into the client system using your network account. 2 Access the CMC Web page using https:// For example, cmc-6G2WXF1.cmcad.lab where cmc-6G2WXF1 is the cmc-name cmcad.lab is the domain-name.
Configuring Smart Card Two-Factor Authentication Traditional authentication schemes use user name and password to authenticate users. Two-factor-authentication, on the other hand, provides a higher-level of security by requiring users to have a password or PIN and a physical card containing a private key or digital certificate. Kerberos, a network authentication protocol, uses this two-factor authentication mechanism allowing systems to prove their authenticity.
Configuring Active Directory To configure Active Directory: 1 Set up Kerberos realm & Key Distribution Center (KDC) for Active Directory, if not already configured (ksetup). NOTE: Ensure a robust NTP and DNS infrastructure to avoid issues with clock drift & reverse lookup. 2 Create Active Directory users for each CMC, configured to use Kerberos DES encryption but not pre-authentication. 3 Register the CMC users to the Key Distribution Center with Ktpass (this also outputs a key to upload to CMC).
Enabling Smart Card Authentication To enable Smart Card authentication: 1 Navigate to the User Authentication tab Directory Services subtab. Ensure that Microsoft Active Directory Standard or Extended Schema is selected. 2 In the Common Settings Section, select: • Smart Card — this option requires that you insert a Smart Card into reader and enter the PIN number. NOTE: All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM remain unchanged for this option.
Logging into CMC Using Smart Card NOTE: You cannot use the IP address to log into the Single Sign-On or Smart Card login. Kerberos validates your credentials against the Fully Qualified Domain Name (FQDN). To log in to CMC using Smart Card: 1 Log into the client system using your network account. 2 Access the CMC Web page using https:// For example, cmc-6G2WXF1.cmcad.lab where cmc-6G2WXF1 is the cmc-name cmcad.lab is the domain-name.
Troubleshooting the Smart Card Login The following tips help you to debug an inaccessible Smart Card: ActiveX plug-in is unable to detect the Smart Card reader Ensure that the Smart Card is supported on the Microsoft Windows operating system. Windows supports a limited number of Smart Card cryptographic service providers (CSPs).
To enable the LDAP user to access a specific CMC card, the role group name and its domain name must be configured on the specific CMC card. You can configure a maximum of five role groups in each CMC. Table 5-41shows the privileges level of the role groups and Table 8-1 shows the default role group settings. Figure 8-5 illustrates configuration of CMC with Generic LDAP. Figure 8-5.
Authentication and Authorization of the LDAP Users Some directory servers require a bind before any searches can be performed against a specific LDAP server. The steps for authentication are: 1 Optionally bind to the Directory Service. The default is an anonymous bind. 2 Search for the user based upon their user login. The default attribute is uid. 3 If more than one object is found, then the process returns an error. 4 Unbind and perform a bind with the user's DN and password.
To view and configure LDAP: 1 Log in to the Web interface. 2 Click the User Authentication tab, and then click the Directory Services subtab. The Directory Services page appears. 3 Click the radio button associated with Generic LDAP. 4 Configure the options shown and click Apply. Table 8-10 displays the available options: Table 8-10. Common Settings Setting Description Generic LDAP Enabled Enables the generic LDAP service on CMC.
Table 8-10. Common Settings (continued) Setting Description Search Filter Specifies a valid LDAP search filter. This is used if the user attribute cannot uniquely identify the login user within the chosen base DN. If not provided, defaults to (objectClass=*), which searches for all objects in the tree. The maximum length of this property is 1024 characters. Network Timeout (seconds) Sets the time in seconds after which an idle LDAP session is automatically closed.
• LDAP Server Port — Port of LDAP over SSL, default to 636 if not configured. Non-SSL port is not supported in CMC version 3.0 as the password cannot be transported without SSL. • Use DNS to find LDAP Servers — Selecting this option causes LDAP to use the search domain and the service name through DNS. You must select Static or DNS. The following DNS query is performed for SRV records: _._tcp.
The following properties for the certificate are displayed: • Serial Number - The certificate's serial number. • Subject Information - The certificate's subject (name of the person or company certified). • Issuer Information - The certificate's issuer (name of the Certificate Authority. • Valid From - The starting date of the certificate. • Valid To - The expiry date of the certificate.
CMC can be configured to optionally query a DNS server for SRV records. If the cfgLDAPSRVLookupEnable property is enabled the cfgLDAPServer property is ignored. The following query is used to search the DNS for SRV records: _ldap._tcp.domainname.com ldap in the above query is the cfgLDAPSRVLookupServiceName property. cfgLDAPSRVLookupDomainName is configured to be domainname.com. Usage To login to CMC using an LDAP user, use the username at the login prompt and the user's password at the password prompt.
9 Power Management Overview The Dell PowerEdge M1000e server enclosure is the most power-efficient modular server enclosure in the market. It is designed to include highlyefficient power supplies and fans, has an optimized layout so that air flows more easily through the system, and contains power-optimized components throughout the enclosure.
When you configure a system for AC redundancy, the PSUs are divided into grids: PSUs in slots 1, 2, and 3 are in the first grid while PSUs in slots 4, 5, and 6 are in the second grid. CMC manages power so that if there is a failure of either grid the system continues to operate without any degradation. AC redundancy also tolerates failures of individual PSUs.
Figure 9-1. 2 PSUs per grid and a power failure on grid 1 AC Power Grid #1 AC Power Grid #2 Power Supply #1 Power Supply #2 Empty Slot #3 Power Supply #4 Power Supply #5 Empty Slot #6 Chassis DC Power Bus NOTE: In the event of a single PSU failure in this configuration, the remaining PSUs in the failing grid are marked as Online. In this state, any of the remaining PSUs can fail without interrupting operation of the system. If a PSU fails, the chassis health is marked non-critical.
Figure 9-2. Power Supply Redundancy: Totally 4 PSUs with a failure of one PSU. Power Supply #1 Power Supply #2 Power Supply #3 Power Supply #4 Empty Slot #5 Empty Slot #6 Chassis DC Power Bus Dual or Single Power Grid: Power Supply Redundancy protects against failure of a single power supply. No Redundancy Mode The no redundancy mode is the factory default setting for 3 PSU configuration and indicates that the chassis does not have any power redundancy configured.
Figure 9-3. No Redundancy with three PSUs in the chassis AC Power Grid #1 Power Supply #1 Power Supply #2 Power Supply #3 Empty Slot #4 Empty Slot #5 Empty Slot #6 Chassis DC Power Bus Single Power Grid: No protection against grid or power supply failure A PSU failure brings other PSUs out of Standby mode, as needed, to support the chassis power allocations. If you have 4 PSUs, and require only three, then in the event that one fails, the fourth PSU is brought online.
Figure 9-4. Chassis With Six-PSU Configuration PSU1 PSU2 PSU3 PSU4 PSU5 PSU6 CMC maintains a power budget for the enclosure that reserves the necessary wattage for all installed servers and components. CMC allocates power to the CMC infrastructure and the servers in the chassis. CMC infrastructure consists of components in the chassis, such as fans, I/O modules, and iKVM (if present). The chassis may have up to 16 servers that communicate to the chassis through the iDRAC.
CMC grants the requested power to the server, and the allocated wattage is subtracted from the available budget. Once the server is granted a power request, the server's iDRAC software continuously monitors the actual power consumption. Depending on the actual power requirements, the iDRAC power envelope may change over time. iDRAC requests a power step-up only if the servers are fully consuming the allocated power.
Additional servers can be powered up in the modular enclosure only if sufficient power is available. The System Input Power Cap can be increased any time up to a maximum value of 11637 watts to allow the power up of additional servers. Changes in the modular enclosure that reduce the power allocation are: • Server power off • Server • I/O module • iKVM removal • Transition of the chassis to a powered off state You can reconfigure the System Input Power Cap when chassis is either ON or OFF.
If an administrator manually powers on the low priority server modules before the higher priority ones, then the low priority server modules are the first modules to have their power allocation lowered down to the minimum value, in order to accommodate the higher priority servers. So after the available power for allocation is exhausted, then CMC reclaims power from lower or equal priority servers until they are at their minimum power level.
DPSE can be enabled for all three power supply redundancy configurations explained above — No Redundancy, Power Supply Redundancy, and AC Redundancy. • In a No Redundancy configuration with DPSE, the M1000e can have up to five power supply units in Standby state. In a six PSU configuration, some PSU units are placed in Standby and stay unutilized to improve power efficiency.
Redundancy Policies Redundancy policy is a configurable set of properties that determine how CMC manages power to the chassis. The following redundancy policies are configurable with or without dynamic PSU engagement: • AC Redundancy • Power Supply Redundancy • No Redundancy The default redundancy configuration for a chassis depends on how many PSUs it contains, as shown in Table 9-1. Table 9-1.
No Redundancy Power in excess of what is necessary to power the chassis is available, even on a failure, to continue to power the chassis. CAUTION: The No Redundancy mode uses optimum PSUs when DPSE is enabled for the requirements of the chassis. Failure of a single PSU could cause servers to lose power and data in this mode. Power Conservation and Power Budget Changes CMC performs power conservation when the user-configured maximum power limit is reached.
In maximum power conservation mode, all servers start functioning at their minimum power levels, and all subsequent server power allocation requests are denied. In this mode, the performance of powered on servers may be degraded. Additional servers cannot be powered on, regardless of server priority. The system is restored to full performance when the user or an automated command line script clears the maximum conservation mode.
Using the Web Interface Verify that the 110 V circuit is rated for the current expected, and then perform the following steps: 1 Click Chassis Overview in the system tree. 2 Click Power Configuration. 3 Select Allow 110 VAC Operation and click Apply. Using RACADM Verify that your 110 V circuit is rated for the expected current, and then perform the following steps: 1 Open a serial/Telnet/SSH text console to CMC and log in.
To disable Server Performance Over Power Redundancy, perform the following steps: 1 Click Chassis Overview in the system tree. 2 Click Power Configuration. 3 Clear Server Performance Over Power Redundancy and click Apply. Using RACADM To enable Server Performance Over Power Redundancy, perform the following steps: 1 Open a serial/Telnet/SSH text console to CMC and log in.
3 Select Power Remote Logging, to enable you to log power events to a remote host. 4 Specify the required logging interval (1–1440 minutes). 5 Click Apply to save changes.
PSU Failure With Degraded or No Redundancy Policy CMC decreases power to servers when an insufficient power event occurs, such as a PSU failure. After decreasing power on servers, CMC re-evaluates the power needs of the chassis. If power requirements are still not met, CMC powers off lower priority servers. Power for higher priority servers is restored incrementally while power needs remain within the power budget.
Table 9-2 describes the actions taken by CMC when a new server is powered on in the scenario described above. Table 9-2.
Table 9-3. Chassis Impact from PSU Failure or Removal (continued) PSU Configuration Dynamic PSU Engagement Firmware Response Power Supply Redundancy Enabled CMC alerts you of loss of Power Supply Redundancy. PSUs in standby mode (if any) are turned on to compensate for power budget lost from PSU failure or removal. No Redundancy Enabled Decrease power to low priority servers, if needed.
Table 9-4 lists the SEL entries that are related to power supply changes. Table 9-4.
Redundancy Status and Overall Power Health The redundancy status is a factor in determining the overall power health. When the power redundancy policy is set, for example, to AC Redundancy and the redundancy status indicates that the system is operating with redundancy, the overall power health is typically OK. However, if the conditions for operating with AC redundancy cannot be met, the redundancy status is No, and the overall power health is Critical.
To view health status for all PSUs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The lower section of Chassis Graphics depicts the rear view of the chassis and contains the health status of all PSUs. PSU health status is indicated by the color of the PSU subgraphic: • Green — PSU is present, powered on and communicating with CMC; there is no indication of an adverse condition. • Amber — Indicates a PSU failure.
Table 9-6. Power Supplies (continued) Item Health Description OK Indicates that the PSU is present and communicating with CMC. In the event of a communication failure between CMC and the power supply, CMC cannot obtain or display health status for the PSU. Warning Indicates that only Warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken, it could lead to critical or severe power failures that can affect the integrity of the chassis.
Using RACADM Open a serial/Telnet/SSH text console to CMC, log in, and type: racadm getpminfo For more information about getpminfo, including output details, see the RACADM Command Line Reference Guide for iDRAC6 and CMC on the Dell Support website at support.dell.com/manuals. Viewing Power Consumption Status CMC provides the actual input power consumption for the entire system on the Power Consumption Status page.
Table 9-8 through Table 9-11 describe the information displayed on the Power Consumption page. Table 9-8. Real-Time Power Statistics Item Description System Input Power Displays the current cumulative power consumption of all modules in the chassis measured from the input side of the PSUs. The value for system input power is indicated in both watts and BTU/h units. Peak System Power Displays the maximum system level input power consumption since the value was last cleared.
Table 9-8. Real-Time Power Statistics (continued) Item Description Minimum System Displays the date and time recorded when the minimum system Power Start Time power consumption value was last cleared. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year. This value is reset with the Reset Peak/Min Power Statistics button and also when CMC resets or fails over.
Table 9-9. Real-Time Energy Statistics Status Item Description System Energy Consumption Displays the current cumulative energy consumption for all modules in the chassis measured from the input side of the power supplies. The value is displayed in KWh and it is a cumulative value. System Energy Consumption Start Time Displays the date and time recorded when the system energy consumption value was last cleared, and the new measurement cycle began.
Table 9-11. Server Modules Item Description Slot Displays the location of the server module. The Slot is a sequential number (1–16) that identifies the server module by its location within the chassis. Name Displays the server name. The server name can be redefined by the user. Present Displays whether the server is present in the slot (Yes or No). If this field displays Extension of # (where the # is 1-8), then number that follows it is the main slot of a multi-slot server.
See "Configuring Power Budget and Redundancy" on page 341 for information about configuring the settings for this information. Using RACADM Open a serial/Telnet/SSH text console to CMC, log in, and type: racadm getpbinfo For more information about getpbinfo, including output details, see the getpbinfo command section in the RACADM Command Line Reference Guide for iDRAC6 and CMC. Table 9-12.
Table 9-12. System Power Policy Configuration (continued) Item Description Redundancy Policy Displays the current redundancy configuration: AC Redundancy, Power Supply Redundancy, and No Redundancy. AC Redundancy — Power input is load-balanced across all PSUs. Half of them should be cabled to one AC grid and the other half should be cabled to another grid. When the system is running optimally in AC Redundancy mode, power is load-balanced across all active supplies.
Table 9-13. Power Budgeting Item Description System Input Max Power Capacity Maximum input power that the available power supplies can supply to the system (in watts). Input Redundancy Reserve Displays the amount of redundant power (in watts) in reserve that can be utilized in the event of an AC grid or power supply unit (PSU) failure.
Table 9-14. Server Modules Item Description Slot Displays the location of the server module. The Slot is a sequential number (1–16) that identifies the server module by its location within the chassis. Name Displays the server name. The server name is defined by the user. Type Displays the type of the server. Priority Displays the priority level allotted to the server slot in the chassis for power budgeting.
Table 9-15. Chassis Power Supplies Item Description Name Displays the name of the PSU in the format PS-n, where n, is the PSU number. Power State Displays the power state of the PSU — Initializing, Online, Stand By, In Diagnostics, Failed, Unknown, or Absent (missing). Input Volts Displays the present input voltage of the power supply. Input Current Displays the present input current of the power supply. Output Rated Power Displays the maximum output power rating of the power supply.
Table 9-16. Configurable Power Budget/Redundancy Properties Item Description System Input Power Cap System Input Power Cap is the maximum AC power that the system is allowed to allocate to servers and chassis infrastructure. It can be configured by the user to any value that exceeds the minimum power needed for servers that are powered on and the chassis infrastructure; configuring a value that falls below the minimum power needed for servers and the chassis infrastructure fails.
Table 9-16. Configurable Power Budget/Redundancy Properties (continued) Item Description Redundancy Policy This option allows you to select one the following options: • No Redundancy: Power from the power supplies is used to power the entire chassis, including the chassis, servers, I/O modules, iKVM, and CMC. No power supplies must be kept in reserve. NOTE: The No Redundancy mode uses only the minimum required number of power supplies at a time.
Table 9-16. Configurable Power Budget/Redundancy Properties (continued) Item Description Enable Dynamic Power Supply Engagement On selection, enables dynamic power management. In Dynamic Engagement mode, the power supplies are turned ON (online) or OFF (standby) based on power consumption, optimizing the energy consumption of the entire chassis. For example, your power budget is 5000 watts, your redundancy policy is set to AC redundancy mode, and you have six power supply units.
Using RACADM To enable and set the redundancy policy: NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. 1 Open a serial/Telnet/SSH text console to CMC and log in. 2 Set properties as needed: • To select a redundancy policy, type: racadm config -g cfgChassisPower -o cfgChassisRedundancyPolicy where is 0 (No Redundancy), 1 (AC Redundancy), 2 (Power Supply Redundancy). The default is 0.
Assigning Priority Levels to Servers Server priority levels determine which servers the CMC draws power from when additional power is required. NOTE: The priority you assign to a server is linked to its slot and not to the server itself. If you move the server to a new slot, you must reconfigure the priority for the new slot location. NOTE: To perform power management actions, you must have Chassis Configuration Administrator privilege.
Setting the Power Budget NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. Using the Web Interface To set the power budget using teh CMC Web interface: 1 Log in to the CMC Web interface. 2 Click Chassis Overview in the system tree. The Chassis Health page appears. 3 Click the Power tab. The Power Consumption Status page appears. 4 Click the Configuration subtab. The Budget/Redundancy Configuration page appears.
Using RACADM Open a serial/Telnet/SSH text console to CMC, log in, and type: racadm config -g cfgChassisPower -o cfgChassisPowerCap where is a number between 2715–11637 representing the maximum power limit in watts. The default is 11637. For example, the following command: racadm config -g cfgChassisPower -o cfgChassisPowerCap 5400 sets the maximum power budget to 5400 watts. NOTE: The power budget is limited to 11637 Watts.
Executing Power Control Operations on the Chassis NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. NOTE: Power control operations affect the entire chassis. For power control operations on an IOM, see "Executing Power Control Operations on an IOM" on page 350. For power control operations on servers, see "Executing Power Control Operations on a Server" on page 352.
• Power Cycle System (cold boot) — Powers off and then reboots the system (cold boot). This option is disabled if the chassis is already powered OFF. NOTE: This action powers off and then reboots the entire chassis (chassis, servers which are configured to always power on, IOMs, iKVM, and power supplies). • Reset CMC — Resets CMC without powering off (warm reboot). (This option is disabled if CMC is already powered off).
Using the Web Interface To execute power control operations on an IOM using the CMC Web interface: 1 Log in to the CMC Web interface. 2 Select I/O Modules Overview. The I/O Modules Status page displays. 3 Click the Power tab. The Power Control page displays. 4 Select the operation you want to execute (reset or power cycle) from the drop-down menu beside the IOM in the list. 5 Click Apply. A dialog box appears requesting confirmation.
Executing Power Control Operations on a Server NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. CMC enables you to remotely perform several power management actions, for example, an orderly shutdown, on an individual server in the chassis. Using the Web Interface To execute power control operations on a server using the Web interface: 1 Log in to the CMC Web interface.
• Reset Server (warm boot) — Reboots the server without powering off. This option is disabled if the server is powered off. • Power Cycle Server (cold boot) — Powers off and then reboots the server. This option is disabled if the server is powered off. 6 Click Apply. A dialog box appears requesting confirmation. 7 Click OK to perform the power management action (for example, cause the server to reset).
The overall power health is at least in Non-Critical state when the chassis is operating in 110V mode and the user has not acknowledged the 110V operation. The "Warning" icon is displayed on the GUI main page when in Non-Critical state. Mixed 110V and 220V operation is not supported. If CMC detects that both voltages are in use then one voltage is selected and those power supplies connected to the other voltage are powered off and marked as failed.
Using the iKVM Module 10 Overview The local access KVM module for your Dell M1000e server chassis is called the Avocent Integrated KVM Switch Module, or iKVM. The iKVM is an analog keyboard, video, and mouse switch that plugs into your chassis. It is an optional, hot-pluggable module to the chassis that provides local keyboard, mouse, and video access to the servers in the chassis, and to the active CMC’s command line.
Server Identification CMC assigns slots names for all servers in the chassis. Although you can assign names to the servers using the OSCAR interface from a tiered connection, CMC assigned names take precedence, and any new names you assign to servers using OSCAR is overwritten. CMC identifies a slot by assigning it a unique name. To change slot names using the CMC Web interface, see "Editing Slot Names.
iKVM Connection Precedences Only one iKVM connection is available at a time. The iKVM assigns an order of precedence to each type of connection so that when there are multiple connections, only one connection is available while others are disabled. The order of precedence for iKVM connections is as follows: 1 Front panel 2 ACI 3 Rear Panel For example, if you have iKVM connections in the front panel and ACI, the front panel connection remains active while the ACI connection is disabled.
Using OSCAR This section provides an overview of the OSCAR interface. Navigation Basics . Table 10-1. OSCAR Keyboard and Mouse Navigation Key or Key Sequence Result • Any of these key sequences can open OSCAR, depending on your Invoke OSCAR settings. You can enable two, three, or all of these key sequences by selecting boxes in the Invoke • - OSCAR section of the Main dialog box, and then clicking • - OK.
Table 10-1. OSCAR Keyboard and Mouse Navigation (continued) Key or Key Sequence Result , +<0> Immediately disconnects a user from a server; no server is selected. Status flag displays Free. (This action only applies to the =<0> on the keyboard and not the keypad.) , Immediately turns on screen saver mode and prevents access to that specific console, if it is password protected. Up/Down Arrow keys Moves the cursor from line to line in lists.
Changing the Display Behavior Use the Menu dialog box to change the display order of servers and set a Screen Delay Time for OSCAR. To access the Menu dialog box: 1 Press to launch OSCAR. The Main dialog box appears. 2 Click Setup and then Menu. The Menu dialog box appears. To choose the default display order of servers in the Main dialog box: 1 Select Name to display servers alphabetically by name. or Select Slot to display servers numerically by slot number. 2 Click OK.
Table 10-3. Flag OSCAR Status Flags Description Flag type by name Flag indicating that the user has been disconnected from all systems Flag indicating that Broadcast mode is enabled To access the Flag dialog box: 1 Press . The Main dialog box appears. 2 Click Setup and then Flag. The Flag dialog box appears. To specify how the status flag displays: 1 Select Displayed to show the flag all the time or Displayed and Timed to display the flag for only five seconds after switching.
Managing Servers With iKVM The iKVM is an analog switch matrix supporting up to 16 servers. The iKVM switch uses the OSCAR user interface to select and configure your servers. In addition, the iKVM includes a system input to establish a CMC command line console connection to CMC. Peripherals Compatibility and Support The iKVM is compatible with the following peripherals: • Standard PC USB keyboards with QWERTY, QWERTZ, AZERTY, and Japanese 109 layouts. • VGA monitors with DDC support.
To access the Main dialog box: Press to launch the OSCAR interface. The Main dialog box appears. or If a password has been assigned, the Password dialog box appears. Type your password and click OK. The Main dialog box appears. For more information about setting a password, see "Setting Console Security" on page 366. NOTE: There are four options for invoking OSCAR.
Selecting Servers Use the Main dialog box to select servers. When you select a server, the iKVM reconfigures the keyboard and mouse to the proper settings for that server. • To select servers: Double-click the server name or the slot number. or If the display order of your server list is by slot (that is, the Slot button is depressed), type the slot number and press .
To configure OSCAR for soft switching: 1 Press to launch the OSCAR interface. The Main dialog box appears. 2 Click Setup and then Menu. The Menu dialog box appears. 3 Select Name or Slot for the Display/Sort Key. 4 Type the desired delay time in seconds in the Screen Delay Time field. 5 Click OK. To soft switch to a server: • To select a server, press .
Preemption Warning Normally, a user connected to a server console through the iKVM and another user connected to the same server console through the iDRAC GUI console redirection feature both have access to the console and are able to type simultaneously. To prevent this scenario, the remote user, before starting the iDRAC GUI console redirection, can disable the local console in the iDRAC Web interface.
Setting or Changing the Password To set or change the password: 1 Single-click and press or double-click in the New field. 2 Type the new password in the New field and then press . Passwords are case sensitive and require 5–12 characters. They must include at least one letter and one number. Legal characters are: A–Z, a–z, 0–9, space, and hyphen. 3 In the Repeat field, type the password again, and then press .
Logging In To launch Oscar: 1 Press to launch OSCAR. The Password dialog box appears. 2 Type your password and then click OK. The Main dialog box appears. Setting Automatic Logout You can set OSCAR to automatically log out of a server after a period of inactivity. 1 In the Main dialog box, click Setup and then Security. 2 In the Inactivity Time field, enter the length of time you want to stay connected to a server before it automatically disconnects you. 3 Click OK.
3 Select Energy if your monitor is ENERGY STAR compliant; otherwise select Screen. CAUTION: Monitor damage may result from the use of Energy mode with monitors not compliant with Energy Star. 4 Optional: To activate the screen saver test, click Test. The Screen Saver Test dialog box displays. Click OK to start the test. The test takes 10 seconds. When it concludes, you are returned to the Security dialog box. NOTE: Enabling screen saver mode disconnects the user from a server; no server is selected.
To reset a lost or forgotten password using RACADM, open a serial/Telnet/SSH text console to CMC, log in, and type: racadm racresetcfg -m kvm NOTE: Using the racresetcfg command resets the Front Panel Enable and Dell CMC Console Enable settings, if they are different from the default values. For more information about the racresetcfg subcommand, see the racresetcfg section in the RACADM Command Line Reference Guide for iDRAC6 and CMC.
To add servers to the scan list: 1 Press . The Main dialog box appears. 2 Click Setup and then Scan. The Scan dialog box appears, listing of all servers in the chassis. 3 Select the box next to the servers you wish to scan. or Double-click the server name or slot. or Press and the number of the server you wish to scan. You can select up to 16 servers.
To cancel scan mode: 1 If OSCAR is open and the Main dialog box is displayed, select a server in the list. or If OSCAR is not open, move the mouse or press any key on the keyboard. Scanning stops at the currently selected server. or Press . The Main dialog box appears; select a server in the list. 2 Click the Commands button. The Commands dialog box appears. 3 Clear the Scan Enable box.
3 Enable mouse and/or keyboard for the servers that are to receive the broadcast commands by selecting the boxes. or Press the up or down arrow keys to move the cursor to a target server. Then press to select the keyboard box and/or to select the mouse box. Repeat for additional servers. 4 Click OK to save the settings and return to the Setup dialog box. Click or press to return to the Main dialog box. 5 Click Commands. The Commands dialog box appears.
To enable or disable access to the iKVM from the front panel using the Web interface: 1 Log in to the CMC Web interface. 2 Select iKVM in the system tree. The iKVM Status page displays. 3 Click the Setup tab. The iKVM Configuration page displays. 4 To enable, select the Front Panel USB/Video Enabled check box. To disable, clear the Front Panel USB/Video Enabled check box. 5 Click Apply to save the setting.
• Green - iKVM is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - iKVM is present, but may or may not be powered on, or may or may not be communicating with CMC; an adverse condition may exist. • Gray - iKVM is present and not powered on. It is not communicating with CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over the iKVM subgraphic and a corresponding text hint or screen tip is displayed.
Table 10-5. iKVM Status Information (continued) Item Description Rear Panel Connected Indicates whether the monitor is connected to the rear panel VGA connector (Yes or No). This information is provided to CMC so it can determine whether a local user has rear-panel access to the chassis. Tiering Port Connected The iKVM supports seamless tiering with external KVM appliances from Dell and Avocent using built-in hardware.
based on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays. Additional instructions to follow: • Do not use the Refresh button or navigate to another page during the file transfer. • To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process.
Table 10-6. Troubleshooting iKVM Problem Likely Cause and Solution The message "User has been disabled by CMC control" appears on the monitor connected to the front panel. The front panel connection has been disabled by CMC. You can enable the front panel using either the CMC Web interface or RACADM. To enable the front panel using the Web interface: 1 Log in to the CMC Web interface. 2 Select iKVM in the system tree. 3 Click the Setup tab. 4 Select the Front Panel USB/Video Enabled check box.
Table 10-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution The message "User has been disabled as another appliance is currently tiered" appears on the monitor connected to the rear panel. A network cable is connected to the iKVM ACI port connector and to a secondary KVM appliance. The iKVM’s amber LED is blinking. There are three possible causes: Only one connection is allowed at a time. The ACI tiering connection has precedence over the rear panel monitor connection.
Table 10-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution My iKVM is tiered through the ACI port to an external KVM switch, but all of the entries for the ACI connections are unavailable. The front panel connection is enabled and has a monitor connected. Because the front panel has precedence over all other iKVM connections, the ACI and rear panel connectors are disabled. All of the states are showing a yellow dot in the OSCAR interface.
Table 10-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution In the OSCAR menu, the Dell CMC connection is displaying a red X, and I cannot connect to CMC. There are two possible causes: The Dell CMC console has been disabled. In this case, you can enable it using either the CMC Web interface or RACADM. To enable the Dell CMC console using the Web interface: 1 Log in to the CMC Web interface. 2 Select iKVM in the system tree. 3 Click the Setup tab.
Using the iKVM Module
I/O Fabric Management 11 The chassis can hold up to six I/O modules (IOMs), each of which can be pass-through or switch modules. The IOMs are classified into three groups—A, B, and C. Each group has two slots—Slot 1 and Slot 2. The slots are designated with letters, from left to right, across the back of the chassis: A1 | B1 | C1 | C2 | B2 | A2. Each server has slots for two mezzanine cards (MCs) to connect to the IOMs. The MC and the corresponding IOM must have the same fabric.
Fabric Management Fabric management helps avoid electrical, configuration, or connectivity related problems due to installation of an IOM or MC that has an incompatible fabric type from the chassis' established fabric type. Invalid hardware configurations could cause electric or functional problems to the chassis or its components. Fabric management prevents invalid configurations from powering on. Figure 11-1 shows the location of IOMs in the chassis.
CMC creates entries in both the hardware log and CMC logs for invalid hardware configurations. For example: • An Ethernet MC connected to a Fibre Channel IOM is an invalid configuration. However, an Ethernet MC connected to both an Ethernet switch and an Ethernet pass-through IOM installed in the same IOM group is a valid connection. • A Fibre Channel pass-through IOM and a fibre channel switch IOM in slots B1 and B2 is a valid configuration if the first MCs on all of the servers are also fibre channel.
Invalid Mezzanine Card (MC) Configuration An invalid MC configuration occurs when a single server’s LOM or MC is not supported by its corresponding IOM. In this case, all the other servers in the chassis can be running, but the server with the mismatched MC card does not be allowed to power on. The power button on the server flashes Amber to alert a fabric mismatch. For information about CMC and hardware logs, see "Viewing the Event Logs" on page 422.
Monitoring IOM Health The health status for the IOMs can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the I/O Modules Status page. The Chassis Graphics page provides a graphical overview of the IOMs installed in the chassis. To view health status of the IOMs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed.
Table 11-1. I/O Modules Status Information Item Description Slot Displays the location of the I/O module in the chassis by group number (A, B, or C) and Bank (1 or 2). IOM Enumeration: A1, A2, B1, B2, C1, or C2. Present Displays whether the IOM is present (Yes or No). Health OK Indicates that the IOM is present and communicating with CMC. In the event of a communication failure between CMC and the server, CMC cannot obtain or display health status for the IOM.
Table 11-1. I/O Modules Status Information (continued) Item Description Fabric Displays the type of fabric for the IOM: Gigabit Ethernet, 10GE XAUI, 10GE KR, 10GE XAUI KR, FC 4 Gbps, FC 8 Gbps, SAS 3 Gbps, SAS 6 Gbps, Infiniband SDR, Infiniband DDR, Infiniband QDR, PCIe Bypass Generation 1, PCIe Bypass Generation 2. NOTE: Knowing the fabric types of the IOMs in your chassis is critical in preventing IOM mismatches within the same group.
Viewing the Health Status of an Individual IOM The I/O Module Status page (separate from the I/O Modules Status page) provides an overview of an individual IOM. To view the health status of an individual IOM: 1 Log in to the CMC Web interface. 2 Expand I/O Modules in the system tree. All of the IOMs (1–6) appear in the expanded I/O Modules list. 3 Click the IOM you want to view in the I/O Modules list in the system tree. 4 Click the Status subtab. The I/O Modules Status page displays. Table 11-2.
Table 11-2. I/O Module Health Status Information (continued) Item Description Warning Indicates that warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken, it could lead to critical or severe failures that can affect the integrity of the IOM. Examples of conditions causing Warnings: IOM fabric mismatch with the server's mezzanine card fabric; invalid IOM configuration, where the newly installed IOM does not match the existing IOM on the same group.
Table 11-2. I/O Module Health Status Information (continued) Item Description MAC Address Displays the MAC address for the IOM. The MAC address is a unique address assigned to a device by the hardware vendor as a means for identification. NOTE: Pass-throughs do not have MAC addresses. Only switches have MAC addresses. Role Displays the I/O module stacking membership when modules are linked together: • Member - the module is part of a stack set • Master - the module is a primary access point.
To configure the network settings for an individual IOM: 1 Log in to the CMC Web interface. 2 Click I/O Modules in the system tree. Click the Setup subtab. The Configure I/O Modules Network Settings page displays. 3 To configure network settings for I/O modules, type/select values for the following properties, and then click Apply. NOTE: Only IOMs that are powered on can be configured. NOTE: The IP address set on the IOMs from CMC is not saved to the switch's permanent startup configuration.
Table 11-3. Configure I/O Module Network Settings (continued) Item Description DHCP Enabled Enables the IOM on the chassis to request and obtain an IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. Default: Checked (enabled). If this option is checked, the IOM retrieves IP configuration (IP address, subnet mask, and gateway) automatically from a DHCP server on your network.
Troubleshooting IOM Network Settings The following list contains troubleshooting items for IOM network settings: • CMC can read the IP address setting too quickly after a configuration change; it displays 0.0.0.0 after clicking Apply. You must hit the refresh button in order to see if the IP address is set correctly on the switch. • If an error is made in setting the IP/mask/gateway, the switch does not set the IP address and returns a 0.0.0.0 in all fields.
I/O Fabric Management
12 Troubleshooting and Recovery Overview This section explains how to perform tasks related to recovering and troubleshooting problems on the remote system using the CMC Web interface. • Gathering Configuration information, error status and error logs. • Managing power on a remote system. • Managing Lifecycle Controller jobs on a remote system. • Viewing chassis information. • Viewing the event logs. • Using the Diagnostic Console. • Reset Components.
Usage racadm racdump The racdump subcommand displays the following information: • General system/RAC information • CMC information • Chassis information • Session information • Sensor information • Firmware build information Supported Interfaces • CLI RACADM • Remote RACADM • Telnet RACADM RACDUMP command can be run remotely from the serial, Telnet, or SSH console command prompt or through a normal command prompt.
Subsystems and RACADM Commands (continued) Table 12-1.
Remote RACDUMP Usage To use the RACDUMP subcommand remotely, type the following commands: racadm -r -u -p racadm -i -r NOTE: The -i option instructs RACADM to interactively prompt for user name and password. Without the -i option, you must provide the user name and password in the command using the -u and -p options. For example: racadm -r 192.168.0.
Configuring LEDs to Identify Components on the Chassis You can set component LEDs for all or individual components (chassis, servers, and IOMs) to blink as a means of identifying the component on the chassis. NOTE: To modify these settings, you must have Chassis Configuration Administrator privilege. Using the Web Interface To enable blinking for one, multiple, or all component LEDs: 1 Log in to the CMC Web interface. 2 Click Chassis in the system tree. 3 Click the Troubleshooting tab.
Configuring SNMP Alerts Simple network management protocol (SNMP) traps, or event traps, are similar to e-mail event alerts. They are used by a management station to receive unsolicited data from CMC. You can configure CMC to generate event traps. Table 12-2 provides an overview of the events that trigger SNMP and e-mail alerts. For information on e-mail alerts, see "Configuring E-mail Alerts" on page 407. NOTE: Starting with CMC version 2.10, SNMP is now IPv6 enabled.
Table 12-2. Chassis Events That Can Generate SNMP and Email Alerts (continued) Event Description IOM Absent An expected IOM is not present. IOM Failure The IOM is not functioning. Firmware Version Mismatch There is a firmware mismatch for the chassis or server firmware. Chassis Power Threshold Error Power consumption within the chassis reached the System Input Power Cap. SDCARD Absent There is no media in the CMC’s Secure Digital (SD) card slot, and a configured CMC feature requires it.
5 Click the Traps Settings subtab.The Chassis Event Alert Destinations page displays. 6 Type a valid address in an empty Destination field. NOTE: A valid address is an address that receives the trap alerts. Use the "quad-dot" IPv4 format, standard IPv6 address notation, or FQDN. For example: 123.123.123.123 or 2001:db8:85a3::8a2e:370:7334 or dell.com 7 Type the SNMP Community String to which the destination management station belongs.
Using RACADM 1 Open a serial/Telnet/SSH text console to CMC and log in. NOTE: Only one filter mask may be set for both SNMP and e-mail alerting. You may skip step 2 if you have already selected filter mask. 2 Enable alerting by typing: racadm config -g cfgAlerting -o cfgAlertingEnable 1 3 Specify the events for which you want CMC to generate by typing: racadm config -g cfgAlerting -o cfgAlertingFilterMask where is a hex value between 0x0 and 0xffffffff.
Table 12-3.
5 Specify a destination IP address to receive the traps alert by typing: racadm config -g cfgTraps -o cfgTrapsAlertDestIPAddr -i where is a valid destination, and is the index value you specified in step 4. 6 Specify the community name by typing: racadm config -g cfgTraps -o cfgTrapsCommunityName -i where is the SNMP community to which the chassis belongs, and is the index value you specified in steps 4 and 5.
Using the Web Interface NOTE: To add or configure e-mail alerts, you must have Chassis Configuration Administrator privilege. 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Alerts tab. The Chassis Events page appears. 4 Enable alerting: a Select the check boxes of the events for which you want to enable alerting. To enable all events for alerting, select the Select All check box. b Click Apply to save your settings. 5 Click the Email Alert Settings subtab.
a Type a valid e-mail address in an empty Destination Email Address field. b Enter an optional Name. This is the name of the entity receiving the e-mail. If a name is entered for an invalid e-mail address, it is ignored. c Click Apply to save your settings. To send a test e-mail to an e-mail alert destination using the CMC Web interface: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Alerts tab. The Chassis Events page appears.
4 Enable e-mail alerting by typing: racadm config -g cfgEmailAlert -o cfgEmailAlertEnable 1 -i where is a value 1–4. The index number is used by CMC to distinguish up to four configurable destination e-mail addresses. 5 Specify a destination e-mail address to receive the e-mail alerts by typing: racadm config -g cfgEmailAlert -o cfgEmailAlertAddress -i where is a valid e-mail address, and is the index value you specified in step 4.
First Steps to Troubleshooting a Remote System The following questions are commonly used to troubleshoot high-level problems in the managed system: 1 Is the system powered on or off? 2 If powered on, is the operating system functioning, crashed, or just frozen? 3 If powered off, did the power turn off unexpectedly? Monitoring Power and Executing Power Control Commands on the Chassis You can use the Web interface or RACADM to: • View the system’s current power status.
Power Troubleshooting The following information helps you to troubleshoot power supply and power-related issues: • • • Problem: Configured the Power Redundancy Policy to AC Redundancy, and a Power Supply Redundancy Lost event was raised. – Resolution A: This configuration requires at least one power supply in side 1 (the left three slots) and one power supply in side 2 (the right three slots) to be present and functional in the modular enclosure.
– • • Problem: Inserted a new server into the enclosure with sufficient power supplies, but the server does not power on. – Resolution A: Check the system input power cap setting - it might be configured too low to allow any additional servers to be powered up. – Resolution B: Check for 110V operation. If any power supplies are connected to 110V branch circuits, you must acknowledge this as a valid configuration before servers are allowed to power on.
– • Problem: The least priority servers lost power after a PSU failure. – • Resolution: This is expected behavior if the enclosure power policy was configured to No Redundancy. To avoid a future power supply failure causing servers to power off, ensure that the chassis has at least four power supplies and is configured for the Power Supply Redundancy policy to prevent PSU failure from impacting server operation.
Managing Lifecycle Controller jobs on a remote system The Lifecycle Controller service is available on each of the servers and is facilated by iDRAC. CMC provides a listing of all Lifecycle Controller jobs on the server(s) and enables you to delete or purge existing jobs using the web interface. For information on enabling the Lifecycle Controller, see "Updating Server Component Firmware Using Lifecycle Controller" on page 206.
Deleting jobs The Delete operation is the default operation and enables you to delete all or individual jobs on the server(s). The delete operation removes the selected jobs from the Lifecycle Controller job queue. The checkbox following the Model field enables selection of all the jobs on a server. Individual jobs can be selected by using the checkboxes following the job status field.
Table 12-5, Table 12-6, Table 12-7, and Table 12-8 describe the information displayed on the Chassis Summary page. Table 12-5. Chassis Summary Item Description Name Displays the name of the chassis. The name identifies the chassis on the network. For information on setting the name of the chassis, see "Editing Slot Names" on page 130. Model Displays the chassis model or manufacturer. For example, PowerEdge 2900. Service Tag Displays the service tag of the chassis.
Table 12-6. CMC Summary (continued) Item Description Hardware Version Displays the hardware version of the active CMC. MAC Address Displays the MAC address for the CMC Network Interface. The MAC address is a unique identifier for CMC over the network. IP Address Displays the IP address of the CMC Network Interface. Gateway Displays the gateway of the CMC Network Interface. Subnet Mask Displays the subnet mask of the CMC Network Interface.
Table 12-6. CMC Summary (continued) Item Description Standby CMC Information Present Displays (Yes, No) whether a second (standby) CMC is installed. Standby Firmware Version Displays the CMC firmware version installed on the standby CMC. Table 12-7. iKVM Summary Item Description Present Displays whether the iKVM module is present (Yes or No). Name Displays the name of the iKVM. The name identifies the iKVM on the network. Manufacturer Displays the iKVM model or manufacturer.
Table 12-8. IOM Summary Item Description Location Displays the slot occupied by the IOMs. Six slots are identified by group name (A, B, or C) and slot number (1 or 2). Slot names: A-1, A-2, B-1, B-2, C-1, or C-2. Present Displays whether the IOM is present (Yes or No). Name Displays the name of the IOM. Fabric Displays the type of fabric. Power Status Displays the power status of the IOM: On, Off, or N/A (Absent). Service Tag Displays the service tag of the IOM.
Viewing Chassis and Component Health Status Using the Web Interface To view chassis and component health summaries: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. The Chassis Health page displays. The Chassis Graphics section provides a graphical view of the front and rear of the chassis. This graphical representation provides a visual overview of the components installed within the chassis and its corresponding status.
Using RACADM Open a serial/Telnet/SSH text console to CMC, log in, and type: racadm getmodinfo Viewing the Event Logs The Hardware Log and CMC Log pages display system-critical events that occur on the managed system. Viewing the Hardware Log CMC generates a hardware log of events that occur on the chassis. You can view the hardware log using the Web interface and remote RACADM. NOTE: To clear the hardware log, you must have Clear Logs Administrator privilege.
To view the hardware log: 1 Log in to the CMC Web interface. 2 Click Chassis in the system tree. 3 Click the Logs tab. 4 Click the Hardware Log subtab. The Hardware Log page displays. To save a copy of the hardware log to your managed station or network: 1 Click Save Log. A dialog box opens. 2 Select a location for a text file of the log. NOTE: Because the log is saved as a text file, the graphical images used to indicate severity in the user interface do not appear.
Table 12-9. Hardware Log Information (continued) Item Description Date/Time Displays the exact date and time the event occurred (for example, Wed May 02 16:26:55 2007). If no date/time appears, then the event occurred at System Boot. Description Provides a brief description, generated by CMC, of the event (for example, Redundancy lost, Server inserted). Using RACADM To view the hardware log using RACADM: 1 Open a serial/Telnet/SSH text console to CMC and log in.
3 Click the Logs tab. 4 Click the CMC Log subtab. The CMC Log page displays. 5 To save a copy of the CMC log to your managed station or network, click Save Log. A dialog box opens; select a location for a text file of the log. Table 12-10. CMC Log Information Command Result Source Displays the interface (such as CMC) that caused the event. Date/Time Displays the exact date and time the event occurred (for example, Wed May 02 16:26:55 2007).
3 Click the Troubleshooting tab. 4 Click the Diagnostics subtab. The Diagnostic Console page displays. To execute a diagnostic CLI command, type the command into the Enter RACADM Command field, and then click Submit to execute the diagnostic command. A diagnostic results page appears. To return to the Diagnostic Console page, click Go Back to Diagnostic Console Page or Refresh. The Diagnostic Console supports the commands listed in Table 12-11 as well as the RACADM commands. Table 12-11.
Resetting Components The Reset Components page allows users to reset the active CMC, or to virtually reseat servers causing them to behave as if they were removed and reinserted. If the chassis has a standby CMC, resetting the active CMC causes a failover and the standby CMC becomes active. NOTE: To reset components, you must have Debug Command Administrator privilege. To access the Diagnostic Console page: 1 Log in to the CMC Web interface. 2 Click Chassis in the system tree.
Table 12-12. CMC Summary Attribute Description Active CMC Location Redundancy Mode Displays the location of the active CMC. Displays Redundant if a standby CMC is present in the chassis, and No Redundancy if no standby CMC is present in the chassis. 5 The Virtual Reseat Server section of the Reset Components page displays the following information: Table 12-13. Virtual Reseat Server Attribute Description Slot Displays the slot occupied by the server in the chassis.
Table 12-13. Virtual Reseat Server Attribute Description iDRAC Status Displays the status of the server iDRAC embedded management controller: • N/A - Server is not present, or the chassis is not powered on. • Ready - iDRAC is ready and operating normally. • Corrupted - iDRAC firmware is corrupted. Use the iDRAC firmware update utility to repair the firmware. • Failed - Unable to communicate with iDRAC. Use the Virtual Reseat check box to clear the error.
Troubleshooting Network Time Protocol (NTP) Errors After configuring CMC to synchronize its clock with a remote time server over the network, it may take 2-3 minutes before a change in the date and time occurs. If after this time there is still no change, it may be necessary to troubleshoot a problem. CMC may not be able to synchronize its clock for a number of reasons: • There could be a problem with the NTP Server 1, NTP Server 2, and NTP Server 3 settings.
If an ‘*’ is not displayed against one of the configured servers, something may not be set up properly. The output of the above command also contains detailed NTP statistics that may be useful in debugging why the server does not synchronize. If you attempt to configure an NTP server that is Windows based, it may help to increase the MaxDist parameter for ntpd.
Interpreting LED Colors and Blinking Patterns The LEDs on the chassis provide information by color and blinking/not blinking: • Steadily glowing, green LEDs indicate that the component is powered on. If the green LED is blinking, it indicates a critical but routine event, such as a firmware upload, during which the unit is not operational. It does not indicate a fault. • A blinking amber LED on a module indicates a fault on that module.
Table 12-14.
Table 12-14.
Observing the LEDs to Isolate the Problem Facing the front of CMC as it is installed in the chassis, you see two LEDs on the left side of the card. Top LED — The top green LED indicates power. If it is NOT on: 1 Verify that you have AC present to at least one power supply. 2 Verify that the CMC card is seated properly. You can release/pull on the ejector handle, remove CMC, reinstall CMC making sure the board is inserted all the way and the latch closes correctly.
Obtain Recovery Information From the DB-9 Serial Port If the bottom LED is amber, recovery information should be available from the DB-9 serial port located on the front of CMC. To obtain recovery information: 1 Install a NULL modem cable between CMC and a client machine. 2 Open a terminal emulator of your choice (such as HyperTerminal or Minicom). Set up: 8 bits, no parity, no flow control, baud rate 115200. A core memory failure displays an error message every 5 seconds. 3 Press .
When you type recover and then press at the recovery prompt, the recover reason and available sub-commands display. An example recover sequence may be: recover getniccfg recover setniccfg 192.168.0.120 192.168.0.1 255.255.255.0 recover ping 192.168.0.100 recover fwupdate -g -a 192.168.0.100 NOTE: Connect the network cable to the left most RJ45 NOTE: In recover mode, you cannot ping CMC normally because there is no active network stack.
Resetting Forgotten Administrator Password CAUTION: Many repairs may only be done by a certified service technician. You should only perform troubleshooting and simple repairs as authorized in your product documentation, or as directed by the online or telephone service and support team. Damage due to servicing that is not authorized by Dell is not covered by your warranty. Read and follow the safety instructions that came with the product.
The administrator account is temporarily reset regardless if the administrator account was removed, or if the password was changed.
Figure 12-1. Password Reset Jumper Location PASSWORD_RSET Table 12-15. CMC Password Jumper Settings PASSWORD_RSET (default) The password reset feature is disabled. The password reset feature is enabled. 3 Slide the CMC module into the enclosure. Reattach any cables that were disconnected. NOTE: Ensure that the CMC module becomes the active CMC, and remains the active CMC until the remaining steps are completed.
4 If the jumpered CMC module is the only CMC, then simply wait for it to finish rebooting. If you have redundant CMCs in your chassis, then initiate a changeover to make the jumpered CMC module active. On the GUI interface: a Navigate to the Chassis page, click the Power tab Control subtab. b Select the Reset CMC (warm boot) button and click Apply. CMC automatically fails over to the redundant module, and that module now becomes active.
To restore the Chassis configuration: 1 On the Chassis Backup screen, click Browse. 2 Type or navigate to the backup file, then click Open to select it. 3 Click Restore. NOTE: CMC does not reset upon restoring configuration, however CMC services may take some time to effectively impose any changed/new configuration. After successful completion, all current sessions are closed. Troubleshooting Alerting Use the CMC log and the trace log to troubleshoot CMC alerts.
Diagnostics 13 The LCD panel helps you to diagnose problems with any server or module in the chassis. If there is a problem or fault with the chassis or any server or other module in the chassis, the LCD panel status indicator blinks amber. On the Main Menu an icon with an amber background displays next to the menu item—Server or Enclosure—that leads to the faulty server or module.
Table 13-1. LCD Panel Navigational Icons Icon Normal Icon Icon Name and Description Highlighted Back. Highlight and press the center button to return to the previous screen. Accept/Yes. Highlight and press the center button to accept a change and return to the previous screen. Skip/Next. Highlight and press the center button to skip any changes and go to the next screen. No. Highlight and press the center button to answer "No" to a question and go to the next screen. Rotate.
LCD Setup Menu The LCD Setup menu displays a menu of items that can be configured: • Language Setup — choose the language you want to use for LCD screen text and messages. • Default Screen — choose the screen that displays when there is no activity on the LCD panel. 1 Use the up and down arrow buttons to highlight an item in the menu or highlight the Back icon if you want to return to the Main menu. 2 Press the center button to activate your selection.
The currently active default screen is highlighted in light blue. 1 Use the up and down arrow buttons to highlight the screen you want to set to the default. 2 Press the center button. The Accept icon is highlighted. 3 Press the center button again to confirm the change. The Default Screen is displayed. Graphical Server Status Screen The Graphical Server Status screen displays icons for each server installed in the chassis and indicates the general health status for each server.
Graphical Module Status Screen The Graphical Module Status screen displays all modules installed in the rear of the chassis and provides summary health information for each module.
Module Status Screen The Module Status screen displays information and error messages about a module. See "LCD Module and Server Status Information" on page 459 and "LCD Error Messages" on page 452 for messages that can appear on this screen. Use the up and down arrow keys to move through messages. Use the left and right arrow keys to scroll messages that do not fit on the screen. Highlight the Back icon and press the center button to return to the Graphical Module Status screen.
Diagnostics The LCD panel helps you to diagnose problems with any server or module in the chassis. If there is a problem or fault with the chassis or any server or other module in the chassis, the LCD panel status indicator blinks amber. On the Main Menu a blinking icon with an amber background displays next to the menu item—Server or Enclosure—that leads to the faulty server or module.
Figure 13-1.
Table 13-2. LCD Hardware Trouble Shooting Items Symptom Issue Recovery Action Alert screen message CMC Not Responding and Loss of communication from CMC to the LCD front panel. Check that CMC is booting; then, reset CMC using GUI or RACADM commands. Alert screen message CMC Not Responding and LCD module communications is stuck during a CMC fail-over or reboots. Review the hardware log using the GUI or RACADM commands. Look for a message that states: Can LED is blinking amber.
Front Panel LCD Messages This section contains two subsections that list error and status information that is displayed on the front panel LCD. Error messages on the LCD have a format that is similar to the System Event Log (SEL) viewed from the CLI or Web interface. The tables in the error section list the error and warning messages that are displayed on the various LCD screens and the possible cause of the message. Text enclosed in angled brackets (< >) indicates that the text may vary.
Table 13-4. Enclosure/Chassis Status Screen Severity Message Cause Critical Fan is removed. This fan is required for proper cooling of the enclosure/chassis. Warning Power supply redundancy is degraded. One or more PSU have failed or removed and the system can no longer support full PSU redundancy. Critical Power supply redundancy is lost. One or more PSU have failed or removed and the system is no longer redundant. Critical The power supplies are not redundant.
Table 13-5. Fan Status Screens Severity Message Cause Critical Fan RPM is operating The speed of the specified fan is less than the lower critical not sufficient to provide enough threshold. cooling to the system. Critical Fan RPM is operating The speed of the specified fan is greater than the upper critical too high, usually due to a broken threshold. fan blade. Table 13-6.
Table 13-8. PSU Status Screens Severity Message Cause Critical Power supply failed. The PSU has failed. Critical The power input for power supply Loss of AC power or AC cord is lost. unplugged. Warning Power supply is operating at 110 volts, and could cause a circuit breaker fault. Table 13-9. Power supply is plug into a 110 volt source. Server Status Screen Severity Message Cause Warning The system board ambient Server temperature is getting cool.
Table 13-9. Server Status Screen (continued) Severity Message Critical The CPU voltage is outside of the allowable range. Critical The system board voltage is outside of the allowable range. Critical The mezzanine card voltage is outside of the allowable range. Critical The storage voltage is outside of the allowable range. Critical CPU has an internal error (IERR). CPU failure.
Table 13-9. Server Status Screen (continued) Severity Message Cause Critical The system board fail-safe voltage This event is generated when the is outside of the allowable range. system board voltages are not at normal levels. Critical The watchdog timer expired. The iDRAC watchdog timer expires and no action is set. Critical The watchdog timer reset the system.
Table 13-9. Server Status Screen (continued) Severity Message Cause Critical An I/O channel check NMI was detected on a component at bus device function . A critical interrupt is generated in the I/O Channel. Critical An I/O channel check NMI wa detected on a component at slot . A critical interrupt is generated in the I/O Channel. Critical A PCI parity error was detected on Parity error was detected on the a component at bus PCI bus.
Table 13-9. Server Status Screen (continued) Severity Message Cause Critical Memory redundancy is lost. Critical A bus fatal error was detected on a Fatal error is detected on the PCIe component at bus bus. device function . Critical A software NMI was detected on a Chip error is detected. component at bus device function . Critical Failed to program virtual MAC address on a component at bus device function .
Table 13-10. CMC Status (continued) Item Description Firmware Version Only displays on an active CMC. Displays Standby for the standby CMC. IP4 Displays current IPv4 enabled state only on an active CMC. IP4 Address: Only displays if IPv4 is enabled only on an active CMC. IP6 Displays current IPv6 enabled state only on an active CMC. IP6 Local Address: Only displays if IPv6 is enabled only on an active CMC.
Table 13-12. Fan Status Item Description Name/Location Example: Fan1, Fan2, etc. Error Messages If no error then "No Errors" is shown; otherwise error messages are listed, critical errors first, then warnings. RPM Current fan speed in RPM. Table 13-13. PSU Status Item Description Name/Location Example: PSU1, PSU2, etc. Error Messages If no error then "No Errors" is shown; otherwise error messages are listed, critical errors first, then warnings. Status Offline, Online, or Standby.
Table 13-15. iKVM Status Item Description Name iKVM. No Error If there are no errors, then No Errors is displayed; otherwise error messages are listed. The critical errors are listed first, and then the warnings. For more information see "LCD Error Messages". Status Off or On. Model/Manufacture A description of the iKVM model. Service Tag The factory-assigned service tag. Part Number The Manufacturer part number. Firmware Version iKVM firmware version.
Table 13-16. Server Status (continued) Item Description Service Tag Displays if iDRAC finished booting. BIOS Version Server BIOS firmware version. Last POST Code Displays the last server BIOS POST code messages string. iDRAC Firmware Version Displays if iDRAC finished booting. NOTE: iDRAC version 1.01 is displayed as 1.1. There is no iDRAC version 1.10. IP4 Displays the current IPv4 enabled state. IP4 Address: Only displays if IPv4 is enabled.
Diagnostics
Index A ACI, 357 Activating FlexAddress Plus, 253 Active Directory, 259 adding CMC users, 280 configuring access to the CMC, 272 configuring and managing certificates, 169 extending schemas, 272 objects, 267 schema extensions, 266 using with standard schema, 260 viewing a server certificate, 187 CMC configuring, 283 creating a configuration file, 98 downloading firmware, 49 feature sets, 20 installing, 29 log, 424 redundant environment, 53 setting up, 29 CMC VLAN, 86 command line console features, 57 addi
E H Enabling or Disabling DCHP, 84 hardware log, 422 hardware specifications, 23 F fabric management, 383 I feature sets of CMC, 20 I/O fabric, 383 featurecard, 238 iDRAC recovering firmware, 205 firmware downloading, 49 managing, 198 updating, CMC, 200 updating, iKVM, 202 updating, IOM infrastructure device, 203 updating, Server iDRAC, 204 FlexAddress, 235 activating, 236 activation verification, 238 configuring using CLI, 240 deactivating, 239 license agreement, 249 Linux configuration, 241 trou
N Network LAN Settings, 82 network properties configuring manually, 80 configuring using racadm, 80 parsing rules, 100 Red Hat Enterprise Linux configuring for serial console redirection, 65 redundant environment, 53 remote access connection (RAC), 24 O OSCAR, 355 remote RACADM configuring, 48 P S parsing rules, 100 Secure Sockets Layer (SSL) about, 180 password disabling, 438 reset jumper location, 440 power budgeting configuring, 49 power conservation, 320 proxy server, 37 R RAC see Remote Access
SNMP alerts adding and configuring, 402 specifications hardware, 23 standard schema using with Active Directory, 260 T telnet console using, 58 U Using FlexAddress Plus, 254 V Viewing Current IPv4 Network Settings, 81 Viewing Current IPv6 Network Settings, 81 W web browser configuring, 36 supported browsers, 25 web interface accessing, 107 configuring email alerts, 407 WS-Management, 25 468 Index
