Dell Chassis Management Controller Firmware Version 4.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ____________________ Information in this publication is subject to change without notice. © 2012 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . What’s New For This Release . . . . . . . . . . . . . . 22 . . . . . . . . . . . . . . 22 Security Features . . . . . . . . . . . . . . . . . . . . 24 Chassis Overview . . . . . . . . . . . . . . . . . . . . 25 CMC Management Features . . . . . . . . . . . . . . . . . 26 . . . . . . . . . . . . . . . . . . . . 26 Hardware Specifications TCP/IP Ports Supported Remote Access Connections Supported Platforms . . . . . . .
Daisy-chain CMC Network Connection . . . . . . 35 . . . . . . . . 39 . . . . . . . . . . . 39 Installing Remote Access Software on a Management Station . . . . . . . . . . . Installing RACADM on a Linux Management Station . . . . . Uninstalling RACADM From a Linux Management Station . . . . . . . . . . . . . . . . 40 . . . . . . . . . . . . . . 41 . . . . . . . . . . . . . . . . . . . . 41 Configuring a Web Browser . Proxy Server Microsoft Phishing Filter . . . . . . . . . . . . . .
Understanding the Redundant CMC Environment . . . . . . . . . . . . . . . . . . . . 57 . . . . . . . . . . . . . . 57 . . . . . . . . . . . . . . . . 58 About the Standby CMC CMC Failsafe Mode . Active CMC Election Process Obtaining Health Status of Redundant CMC . . . . . 3 . . . . . . . . . . . 59 . . . . . . . . . . . . . 59 Configuring CMC to Use Command Line Consoles . . . . . . . . . . . . . . . . . . . . . 61 . . . . . . . 61 . . . . . . . . . 62 . . . . . . . . . . . 62 . . .
4 Using the RACADM Command Line Interface . . . . . . . . . . . . . . . . . . . . . 75 . . . . . . . . . 75 . . . . . . . . . . . . . . . . . 76 Using a Serial, Telnet, or SSH Console Logging in to CMC. Starting a Text Console Using RACADM. . . . . . . . . . . . . . . . 76 . . . . . . . . . . . . . . . . . . . . . 76 RACADM Subcommands . . . . . . . . . . . . . . Accessing RACADM Remotely . . . . . . . . . . . Enabling and Disabling the RACADM Remote Capability . . . . . . . . . . .
Logging in Using Public Key Authentication . . . Enabling a CMC User With Permissions Disabling a CMC User . . . . . . 99 . . . . . . . . . . . . . . . 99 Configuring SNMP and E-mail Alerting . . . . . 100 . . . . . . . . 101 . . . . . . . . . . . . . . . . . . . 103 Creating a CMC Configuration File . Modifying the CMC IP Address . 5 . . 106 . . . . . . . . . . . . . . . . . . . . . 108 Using the CMC Web Interface . Accessing the CMC Web Interface Logging In . 105 . . . . . . . . . .
Disabling an Individual Member at the Member Chassis . . . . . . . . . . . . . . . . . Launching a Member Chassis’s or Server’s web page . . . . . . . . . . . . . . . . . . . . . 120 Synchronizing a New Member With Leader Chassis Properties . . . . . . . . . . . . . . . . 120 . . . . . . . . . 121 Blade Inventory for MCM group Saving the Blade Inventory Report . . . . . . . . 121 . . . . . . . . . . . . 123 . . . . . . . . . . . . . . . . . 123 . . . . . . . . . . . . . . . . . .
Viewing World Wide Name/Media Access Control (WWN/MAC) IDs . . . . . . . . . . Fabric Configuration . . . . . . 156 . . . . . . . . . . . . . . . . 156 WWN/MAC Addresses . . . . . . . . . . . . . . . 156 Configuring CMC Network Properties . . . . . . . . . 157 Setting Up Initial Access to CMC . . . . . . . . . . 157 Configuring the Network LAN Settings . . . . . . . 158 . . . . . . . . . . . . . 165 . . . . . . . . . . . . . . . . . . . . 167 Configuring CMC Network Security Settings .
Certificate Signing Request (CSR) Accessing the SSL Main Menu . . . . . . . . . 189 . . . . . . . . . 190 Generating a New Certificate Signing Request . . . . . . . . . . . . . . . . . . 190 Uploading a Server Certificate . . . . . . . . . . 194 Uploading Webserver Key and Certificate . . . . . . . . . . . . . . . . . . . . . 194 . . . . . . . . . . . 195 . . . . . . . . . . . . . . . . . . 195 Viewing a Server Certificate Managing Sessions Configuring Services . . . . . . . . . . . . .
FlexAddress . . . . . . . . . . . . 236 . . . . . . . . . . . . . . 240 Viewing FlexAddress Status Configuring FlexAddress Chassis-Level Fabric and Slot FlexAddress Configuration . . . . . . . . . . . . . 241 Server-Level Slot FlexAddress Configuration . . . . . . . . . . . . . . . . . . . . 242 . . . . . . . . . . . . . . . . . . 242 Remote File Sharing . Frequently Asked Questions . Troubleshooting CMC 6 236 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Frequently Asked Questions . 7 . . . . . . . . . . . . . Using FlexAddress Plus . Activating FlexAddress Plus . . . . . . . . . . . . . 267 . . . . . . . . . . . . . 267 FlexAddress vs FlexAddress Plus . 8 . . . . . . . . . . 268 Using the CMC Directory Service . . . . . 269 Using CMC with Microsoft Active Directory . . . . . 269 . . . . . . 269 . . . . . . . . . . . . 269 Active Directory Schema Extensions . Standard Schema Versus Extended Schema . . . . . . . . . 270 . . . . . .
Configuring CMC With Extended Schema Active Directory and the Web Interface . . . . . . 292 Configuring CMC With Extended Schema Active Directory and RACADM . . . . . . . . . . . 295 . . . . . . . . . . . . 297 Configuring Single Sign-On . . . . . . . . . . . . . . . 300 System Requirements. . . . . . . . . . . . . . . . 300 . . . . . . . . . . . . . . . . 301 Frequently Asked Questions Configuring Settings Configuring Active Directory . Configuring CMC . . . . . . . . . . . 301 . . . .
Managing LDAP Group Settings . . . . . . 315 Configuring Generic LDAP Directory Service Using RACADM . . . . . . . . . . . . . 316 . . . . . . . . . . . . . . . . . . . . . . . 317 Getting Help . . . . . . . . . . . . . . . . . . . . Power Management . . . . . . . . . . . . . . . . AC Redundancy Mode . . . . . . . . . . . . . . Power Supply Redundancy Mode No Redundancy Mode 319 320 . . . . . . . . 321 322 Server Slot Power Priority Settings. . . . . 323 . . . . . . .
Server Power Reduction to Maintain Power Budget . . 359 . . . . . . . . . . . . Executing Power Control Operations on the Chassis . . . . . . . . . . . . . . . . . . . 360 Executing Power Control Operations on an IOM . . . . . . . . . . . . . . . 361 Executing Power Control Operations on a Server . . . . . . . . . . . . . . . 362 External Power Management . . . . . . . . . . . 365 Using RACADM . . . . . . . . . . . . . . . . . . . 367 Troubleshooting . . . . . . . . . . . . . . . . . . .
Broadcasting to Servers Managing iKVM From CMC . . . . . . . . . . . . . 387 . . . . . . . . . . . . . . 389 . . . . . . 389 . . . . . . . . . 390 Enabling or Disabling the Front Panel Enabling the Dell CMC Console Through iKVM . . . . . . . . . . Viewing the iKVM Status and Properties . . . . . 390 . . . . . . . . . . 392 . . . . . . . . . . . . . . . . . . . . 394 Updating the iKVM Firmware . Troubleshooting 11 I/O Fabric Management . Fabric Management . . . . . . . . . . . . 399 . .
Usage . . . . . . . . . . . . . . . . . . . . . . . . Supported Interfaces . CLI RACDUMP 412 . . . . . . . . . . . . . . . 412 . . . . . . . . . . . . . . . . . . . 413 Remote RACDUMP . . . . . . . . . . . . . . . . . Remote RACDUMP Usage Telnet RACDUMP . 414 . . . . . . . . . . . . . . . . . 415 Configuring LEDs to Identify Components on the Chassis . . . . . . . . . . . . . . Configuring SNMP Alerts . . . . . . 415 . . . . . . . . . . . . .
Troubleshooting Network Time Protocol (NTP) Errors . . . . . . . . . . . . . . . . . Interpreting LED Colors and Blinking Patterns . . . . 447 . . . . . . . 450 . . . . . . . . . . 450 Troubleshooting a Non-responsive CMC Observing the LEDs to Isolate the Problem . . . . . . . . . . Obtain Recovery Information From the DB-9 Serial Port . . . . . . . . . . . . . . . . . . 451 Recovering the Firmware Image . . . . . . . . . 452 Troubleshooting Network Problems . . . . . . . . . . 453 . . .
Diagnostics . . . . . . . . . . . . 465 . . . . . . . . . . . . . . . 468 . . . . . . . . . . . . . . . . . . 468 LCD Hardware Troubleshooting . Front Panel LCD Messages LCD Error Messages . LCD Module and Server Status Information . Index 465 . . . . . . . . . . . . . . . . . . . . . . . 475 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents
1 Overview The Dell Chassis Management Controller (CMC) is a hot-pluggable systems management hardware and software solution designed to provide the following functions for Dell PowerEdge M1000e chassis system: • Remote management capabilities • Power control • Cooling control CMC, which has its own microprocessor and memory, is powered by the modular chassis into which it is plugged. To get started with CMC, see "Installing and Setting Up CMC" on page 33.
• CMC provides a mechanism for centralized configuration of the following: – The M1000e enclosure’s network and security settings – Power redundancy and power ceiling settings – I/O switches and iDRAC network settings – First boot device on the server blades – Checks I/O fabric consistency between the I/O modules and blades and disables components, if necessary, to protect the system hardware – User access security You can configure CMC to send e-mail alerts or SNMP trap alerts for warnings or
• Remote system management and monitoring using SNMP, a Web interface, iKVM, Telnet or SSH connection. • Monitoring — Provides access to system information and status of components. • Access to system event logs — Provides access to the hardware log and CMC log. • Firmware updates for various chassis components — Enables you to update the firmware for CMC, servers, iKVM, and I/O module infrastructure devices.
• iDRAC single sign-on. • Network time protocol (NTP) support. • Enhanced server summary, power reporting, and power control pages. • Forced CMC failover, and virtual reseat of servers. • Multi-chassis management, allows up to 8 other chassis to be visible from the lead chassis. Security Features CMC provides the following security features: • Password-level security management — Prevents unauthorized access to a remote system.
Chassis Overview Figure 1-1 shows the facing edge of a CMC (inset) and the locations of CMC slots in the chassis. Figure 1-1.
Hardware Specifications The following section provides information on the hardware specifications for CMC. TCP/IP Ports You must provide port information when opening firewalls for remote access to a CMC. Table 1-1. CMC Server Listening Ports Port Number Function 22* SSH 23* Telnet 80* HTTP 161 SNMP Agent 443* HTTPS * Configurable port Table 1-2.
Supported Remote Access Connections Table 1-3 lists the supported Remote Access Controllers. Table 1-3. Supported Remote Access Connections Connection Features CMC Network Interface ports • GB port: Dedicated network interface for CMC Web interface.
Supported Web Browsers The following Web Browsers are supported for CMC 4.1: • Microsoft Internet Explorer 8.0 for Windows 7, Windows Vista, Windows XP, and Windows Server 2003 family. • Microsoft Internet Explorer 7.0 for Windows 7, Windows Vista, Windows XP, and Windows Server 2003 family. • Mozilla Firefox 1.5 (32-bit) – limited functionality. For the latest information on supported Web browsers for CMC 4.1, see the Dell Systems Software Support Matrix located at support.dell.com/manuals.
Access to WS-Management requires logging in using local user privileges with basic authentication over Secured Socket Layer (SSL) protocol at port 443. For information on setting user accounts, see the Session Management database property section in the RACADM Command Line Reference Guide for iDRAC6 and CMC. The data available through WS-Management is a subset of data provided by CMC instrumentation interface mapped to the following DMTF profiles version 1.0.
CMC WS-MAN implementation uses SSL on port 443 for transport security, and supports basic authentication. For information on setting user accounts, see the cfgSessionManagement database property section in the RACADM Command Line Reference Guide for iDRAC7 and CMC. Web services interfaces can be utilized by leveraging client infrastructure, such as Windows WinRM and Powershell CLI, open source utilities like WSMANCLI, and application programming environments like Microsoft .NET.
• Documentation specific to your third-party management console application. • The Dell OpenManage Server Administrator’s User’s Guide provides information about installing and using Server Administrator. • The Dell Update Packages User's Guide provides information about obtaining and using Dell Update Packages as part of your system update strategy.
Overview
Installing and Setting Up CMC 2 This section provides information about how to install your CMC hardware, establish access to CMC, configure your management environment to use CMC, and guides you through the next steps for configuring the CMC: • Set up initial access to CMC. • Access CMC through a network. • Add and configure CMC users. • Update CMC firmware.
Checklist for Integration of a Chassis The following steps enable you to setup the chassis accurately: 1 Your CMC and the management station where you use your browser must be on the same network, which is called the management network. Connect an Ethernet network cable from CMC port labelled GB to the management network. NOTE: Do not place a cable in CMC Ethernet port labelled STK. For more information to cable the STK port, see "Understanding the Redundant CMC Environment" on page 57.
Basic CMC Network Connection For the highest degree of redundancy, connect each available CMC to your management network. Each CMC has two RJ-45 Ethernet ports, labeled GB (the uplink port) and STK (the stacking or cable consolidation port). With basic cabling, you connect the GB port to the management network and leave the STK port unused. CAUTION: Connecting the STK port to the management network can have unpredictable results.
Figure 2-1.
Figure 2-2, Figure 2-3, and Figure 2-4 show examples of incorrect cabling of CMC. Figure 2-2. Incorrect Cabling for CMC Network Connection - 2 CMCs Figure 2-3.
Figure 2-4. Incorrect Cabling for CMC Network Connection - 2 CMCs To daisy-chain up to four chassis: 1 Connect the GB port of the active CMC in the first chassis to the management network. 2 Connect the GB port of the active CMC in the second chassis to the STK port of the active CMC in the first chassis. 3 If you have a third chassis, connect the GB port of its active CMC to the STK port of the active CMC in the second chassis.
Installing Remote Access Software on a Management Station You can access CMC from a management station using remote access software, such as the Telnet, Secure Shell (SSH), or serial console utilities provided on your operating system or using the Web interface. To use remote RACADM from your management station, install remote RACADM using the Dell Systems Management Tools and Documentation DVD that is available with your system.
4 Navigate to the SYSMGMT/ManagementStation/linux/rac directory. To install the RAC software, type the following command: rpm -ivh *.rpm 5 For help on the RACADM command, type racadm help after you run the previous commands. For more information about RACADM, see "Using the RACADM Command Line Interface" on page 75.
Configuring a Web Browser You can configure and manage CMC and the servers and modules installed in the chassis through a Web browser. See the Supported Browsers section in the Dell Systems Software Support Matrix at support.dell.com/manuals. Your CMC and the management station where you use your browser must be on the same network, which is called the management network. Depending on your security requirements, the management network can be an isolated, highly secure network.
Mozilla FireFox To edit the exception list in Mozilla Firefox version 3.0: 1 Start Mozilla Firefox. 2 Click Tools Options (for Windows) or click EditPreferences (for Linux). 3 Click Advanced and then click the Network tab. 4 Click Settings. 5 Select the Manual Proxy Configuration. 6 In the No Proxy for field, type the addresses for CMCs and iDRACs on the management network to the comma-separated list. You can use DNS names and wildcards in your entries.
To disable CRL fetching: 1 Start Internet Explorer. 2 Click Tools Internet Options, and then click Advanced. 3 Scroll to the Security section, clear the Check for publisher’s certificate revocation checkbox, and click OK. Downloading Files From CMC With Internet Explorer When you use Internet Explorer to download files from CMC you may experience problems when the Do not save encrypted pages to disk option is not enabled. To enable the Do not save encrypted pages to disk option: 1 Start Internet Explorer.
Setting Up Initial Access to CMC To manage CMC remotely, connect CMC to your management network and then configure CMC network settings. NOTE: To manage the M1000e solution, it must be connected to your management network. For information on how to configure CMC network settings, see "Configuring CMC Network" on page 45. This initial configuration assigns the TCP/IP networking parameters that enable access to CMC.
If you have more than one chassis you can choose between the basic connection, where each CMC is connected to the management network, or a daisy-chained chassis connection, where the chassis are connected in series and only one CMC is connected to the management network. The basic connection type uses more ports on the management network and provides greater redundancy.
Configuring Networking Using the LCD Configuration Wizard NOTE: The option to configure CMC using the LCD Configuration Wizard is available only until CMC is deployed or the default password is changed. If the password is not changed, the LCD can continue to be used to reconfigure the CMC causing a possible security risk. The LCD is located on the bottom left corner on the front of the chassis. Figure 2-5 illustrates the LCD panel. Figure 2-5.
A status indicator LED on the LCD panel provides an indication of the overall health of the chassis and its components. • Solid blue indicates good health. • Blinking amber indicates that at least one component has a fault condition. • Blinking blue is an ID signal, used to identify one chassis in a group of chassis. Navigating in the LCD Screen The right side of the LCD panel contains five buttons: four arrow buttons (up, down, left, and right) and a center button.
4 Press the center button to continue to CMC Network Settings screen. 5 Select your network speed (10Mbps, 100Mbps, Auto (1 Gbps)) using the down arrow button. NOTE: The Network Speed setting must match your network configuration for effective network throughput. Setting the Network Speed lower than the speed of your network configuration increases bandwidth consumption and slows network communication. Determine whether your network supports the above network speeds and set it accordingly.
Static You manually enter the IP address, gateway, and subnet mask in the screens immediately following. If you have selected the Static option, press the center button to continue to the next CMC Network Settings screen, then: a Set the Static IP Address by using the right or left arrow keys to move between positions, and the up and down arrow keys to select a number for each position. When you have finished setting the Static IP Address, press the center button to continue.
You can also configure iDRAC from the CMC GUI. 11 Select the Internet Protocol (IPv4, IPv6, or both) that you want to use for the servers. Dynamic Host Configuration Protocol (DHCP) iDRAC retrieves IP configuration (IP address, mask, and gateway) automatically from a DHCP server on your network. The iDRAC is assigned a unique IP address allotted over your network.Press the center button. Static You manually enter the IP address, gateway, and subnet mask in the screens immediately following.
a Select whether to Enable or Disable the IPMI LAN channel. Press the center button to continue. b On the iDRAC Configuration screen, to apply all iDRAC network settings to the installed servers, highlight the Accept/Yes icon and press the center button. To not apply the iDRAC network settings to the installed servers, highlight the No icon and press the center button and continue to step c.
Accessing CMC Through a Network After you have configured CMC network settings, you can remotely access CMC using various interfaces. Table 2-1 lists the interfaces that you can use to remotely access CMC. NOTE: Since telnet is not as secure as the other interfaces, it is disabled by default. Enable Telnet using web, ssh, or remote RACADM. Table 2-1. CMC Interfaces Interface Description Web interface Provides remote access to CMC using a graphical user interface.
For a list of supported Web browsers, see the Supported Browsers section in the Dell Systems Software Support Matrix at support.dell.com/manuals. To access CMC using a supported Web browser, see "Accessing the CMC Web Interface" on page 111. To access CMC interface using Dell Server Administrator, launch Server Administrator on your management station. From the system tree on the left pane of the Server Administrator home page, click System Main System Chassis Remote Access Controller.
NOTE: If you have redundant CMCs installed in the chassis, it is important to update both to the same firmware version. If CMCs have different firmware and a failover occurs, unexpected results may occur. You can use the RACADM getsysinfo command (see the getsysinfo command section in the RACADM Command Line Reference Guide for iDRAC7 and CMC) or the Chassis Summary page (see "Viewing the Current Firmware Versions" on page 207) to view the current firmware versions for CMCs installed in your chassis.
Configuring CMC Properties You can configure CMC properties such as power budgeting, network settings, users, and SNMP and e-mail alerts using the Web interface or RACADM. For more information about using the Web interface, see "Accessing the CMC Web Interface" on page 111. For more information about using RACADM, see "Using the RACADM Command Line Interface" on page 75. CAUTION: Using more than one CMC configuration tool at the same time may generate unexpected results.
For instructions on adding and configuring public key users for CMC using RACADM, see "Using RACADM to Configure Public Key Authentication over SSH" on page 95. For instructions on adding and configuring users using the Web interface, see "Adding and Configuring CMC Users" on page 168. For instructions on using Active Directory with your CMC, see "Using the CMC Directory Service" on page 269.
Understanding the Redundant CMC Environment You can install a standby CMC that takes over if your active CMC fails. Your redundant CMC may be pre-installed or can be added at a later date. It is important that CMC network is properly cabled to ensure full redundancy or best performance. Failovers can occur when you: • Run the RACADM cmcchangeover command. (See the cmcchangeover command section in the RACADM Command Line Reference Guide for iDRAC7 and CMC.
CMC Failsafe Mode In the failsafe mode, similar to the failover protection offered by the redundant CMC, the M1000e enclosure enables the fail-safe mode to protect the blades and I/O modules from failures. The fail-safe mode is enabled when no CMC is in control of the chassis. During the CMC failover period or during a single CMC management loss: • You cannot turn on newly installed blades. • You cannot access existing blades remotely.
Active CMC Election Process There is no difference between the two CMC slots; that is, slot does not dictate precedence. Instead, CMC that is installed or booted first assumes the role of the active CMC. If AC power is applied with two CMCs installed, CMC installed in CMC chassis slot 1 (the left) normally assumes the active role. The active CMC is indicated by the blue LED. If two CMCs are inserted into a chassis that is already powered on, automatic active/standby negotiation can take up to two minutes.
Installing and Setting Up CMC
3 Configuring CMC to Use Command Line Consoles This section provides information about the CMC command line console (or serial/Telnet/Secure Shell console) features, and explains how to set up your system so you can perform systems management actions through the console. For information on using the RACADM commands in CMC through the command line console, see "Using the RACADM Command Line Interface" on page 75.
Using a Serial, Telnet, or SSH Console When you connect to the CMC command line, you can enter these commands: Table 3-1. CMC Command Line Commands Command Description racadm RACADM commands begin with the keyword racadm and are followed by a subcommand, such as getconfig, serveraction, or getsensorinfo. For details on using RACADM, see "Using the RACADM Command Line Interface" on page 75. connect Connects to the serial console of a server or I/O module.
Using SSH With CMC SSH is a command line session that includes the same capabilities as a Telnet session, but with session negotiation and encryption to improve security. CMC supports SSH version 2 with password authentication. SSH is enabled on CMC by default. NOTE: CMC does not support SSH version 1. When an error occurs during the login procedure, the SSH client issues an error message. The message text is dependent on the client and is not controlled by CMC.
Changing the SSH Port To change the SSH port, run the following command: racadm config -g cfgRacTuning -o cfgRacTuneSshPort For more information about cfgSerialSshEnable and cfgRacTuneSshPort properties, see the database property chapter of the RACADM Command Line Reference Guide for iDRAC6 and CMC. The CMC SSH implementation supports multiple cryptography schemes, as shown in Table 3-2. Table 3-2.
Enabling the Front Panel to iKVM Connection For information and instructions on using the iKVM front panel ports, see "Enabling or Disabling the Front Panel" on page 389. Configuring Terminal Emulation Software Your CMC supports a serial text console from a management station running one of the following types of terminal emulation software: • Linux Minicom. • Hilgraeve’s HyperTerminal Private Edition (version 6.3).
6 Press , and then set Hardware Flow Control to Yes and set Software Flow Control to No. To exit the Serial Port Setup menu, press . 7 Select Modem and Dialing and press . 8 In the Modem Dialing and Parameter Setup menu, press to clear the init, reset, connect, and hangup settings so that they are blank, and then press to save each blank value. 9 When all specified fields are clear, press to exit the Modem Dialing and Parameter Setup menu.
Connecting to Servers or I/O Modules With the Connect Command CMC can establish a connection to redirect the serial console of server or I/O modules. For servers, serial console redirection can be accomplished in several ways: • Using the CMC command line and the connect, or racadm connect command. For more information about connect, see the racadm connect command in the RACADM Command Line Reference Guide for iDRAC6 and CMC. • Using the iDRAC Web interface serial console redirection feature.
(For an illustration of the placement of IOMs in the chassis, see Figure 11-1.) When you reference the IOMs in the connect command, the IOMs are mapped to switches as shown in Table 3-4. Table 3-4. Mapping I/O Modules to Switches I/O Module Label Switch A1 switch-a1 or switch- 1 A2 switch-a2 or switch-2 B1 switch-b1 or switch-3 B2 switch-b2 or switch-4 C1 switch-c1 or switch-5 C2 switch-c2 or switch-6 NOTE: There can only be one IOM connection per chassis at a time.
Configuring the Managed Server BIOS for Serial Console Redirection It is necessary to connect to the managed server using the iKVM (see "Managing Servers With iKVM" on page 376), or establish a Remote Console session from the iDRAC web GUI (see the iDRAC User’s Guide on support.dell.com/manuals). Serial communication in the BIOS is OFF by default. To redirect host text console data to Serial over LAN, you must enable console redirection through COM1. To change the BIOS setting: 1 Boot the managed server.
Configuring Linux for Server Serial Console Redirection During Boot The following steps are specific to the Linux GRand Unified Bootloader (GRUB). Similar changes are necessary for using a different boot loader. NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected console to 25 rows x 80 columns to ensure proper text display; otherwise, some text screens may be garbled. Edit the /etc/grub.
terminal --timeout=10 serial title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.3smp ro root= /dev/sda1 hda=ide-scsi console=ttyS0 console= ttyS1,57600 initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 initrd /boot/initrd-2.4.9-e.3.img When you edit the /etc/grub.
# Modified for RHS Linux by Marc Ewing and # Donnie Barnes # # Default runlevel. The runlevels used by RHS are: # 0 - halt (Do NOT set initdefault to this) # 1 - Single user mode # 2 - Multiuser, without NFS (The same as 3, if you # do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:3:initdefault: # System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc l1:1:wait:/etc/rc.d/rc l2:2:wait:/etc/rc.
pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" # If power was restored before the shutdown kicked in, cancel it.
tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1 74 Configuring CMC to Use Command Line Consoles
Using the RACADM Command Line Interface 4 RACADM provides a set of commands that allow you to configure and manage the CMC through a text-based interface. RACADM can be accessed using a Telnet/SSH or serial connection, using the Dell CMC console on the iKVM, or remotely using the RACADM command line interface installed on a management station.
Logging in to CMC After you have configured your management station terminal emulator software and managed node BIOS, perform the following steps to log in to CMC: 1 Connect to the CMC using your management station terminal emulation software. 2 Type your CMC user name and password, and then press . You are logged in to the CMC. Starting a Text Console You can log in to the CMC using Telnet or SSH through a network, serial port, or a Dell CMC console through the iKVM.
RACADM Subcommands Table 4-1 provides a brief list of common subcommands used in RACADM. For a complete list of RACADM subcommands, including syntax and valid entries, see the RACADM Subcommands chapter in the RACADM Command Line Reference Guide for iDRAC6 and CMC. NOTE: The connect command is available as both—RACADM command and builtin CMC command. The exit, quit, and logout commands are built-in CMC commands, not RACADM commands. None of these commands can be used with remote RACADM.
Table 4-1. RACADM Subcommands (continued) Command Description feature Displays active features and feature deactivation. featurecard Displays feature card status information. fwupdate Performs system component firmware updates, and displays firmware update status. getassettag Displays the asset tag for the chassis. getchassisname Displays the name of the chassis. getconfig Displays the current CMC configuration properties.
Table 4-1. RACADM Subcommands (continued) Command Description getsvctag Displays service tags. getsysinfo Displays general CMC and system information. gettracelog Displays the CMC trace log. If used with the -i option, the command displays the number of entries in the CMC trace log. getversion Displays the current software version, model information, and whether or not the device can be updated. ifconfig Displays the current CMC IP configuration.
Table 4-1. RACADM Subcommands (continued) Command Description setractime Sets the CMC time. setslotname Sets the name of a slot in the chassis. setsysinfo Sets the name and location of the chassis. sshpkauth Uploads up to 6 different SSH public keys, deletes existing keys, and views the keys already in the CMC. sslcertdownload Downloads a certificate authority-signed certificate. sslcertupload Uploads a certificate authority-signed certificate or server certificate to the CMC.
Accessing RACADM Remotely Table 4-2. Remote RACADM Subcommand Options Option Description -r Specifies the controller’s remote IP address. -r : Use if the CMC port number is not the default port (443). -i Instructs RACADM to interactively query the user for user name and password. -u Specifies the user name that is used to authenticate the command transaction.
Enabling and Disabling the RACADM Remote Capability NOTE: Dell recommends that you run these commands at the chassis. The RACADM remote capability on CMC is enabled by default. In the following commands, -g specifies the configuration group the object belongs to, and -o specifies the configuration object to configure.
When using remote RACADM to capture the configuration groups into a file, if a key property within a group is not set, the configuration group is not saved as part of the configuration file. If these configuration groups are needed to be cloned onto other CMCs, the key property must be set before executing the getconfig -f command. Alternatively, you can manually enter the missing properties into the configuration file after running the getconfig -f command. This is true for all the racadm indexed groups.
Setting Up Initial Access to CMC This section explains how to perform the initial CMC network configuration using RACADM commands. All of the configuration described in this section can be performed using the front panel LCD. See "Configuring Networking Using the LCD Configuration Wizard" on page 44. CAUTION: Changing settings on the CMC Network Settings screen may disconnect your current network connection.
To disable DHCP and specify static CMC IP address, gateway, and subnet mask, type: racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgNicIpAddress racadm config -g cfgLanNetworking -o cfgNicGateway racadm config -g cfgLanNetworking -o cfgNicNetmask Viewing Current Network Settings To view a summary of NIC, DHCP, network speed, and duplex settings, type: racadm getniccfg or racadm getconfig -g cfgCurrentLanNe
Enabling the CMC Network Interface To enable/disable the CMC Network Interface for both IPv4 and IPv6, type: racadm config -g cfgLanNetworking -o cfgNicEnable 1 racadm config -g cfgLanNetworking -o cfgNicEnable 0 NOTE: The CMC NIC is enabled by default. To enable/disable the CMC IPv4 addressing, type: racadm config -g cfgLanNetworking -o cfgNicIPv4Enable 1 racadm config -g cfgLanNetworking -o cfgNicIPv4Enable 0 NOTE: The CMC IPv4 addressing is enabled by default.
For an IPv6 network, to disable the Autoconfiguration feature and specify a static CMC IPv6 address, gateway, and prefix length, type: racadm config -g cfgIPv6LanNetworking -o cfgIPv6AutoConfig 0 racadm config -g cfgIPv6LanNetworking -o cfgIPv6Address racadm config -g cfgIPv6LanNetworking -o cfgIPv6PrefixLength 64 racadm config -g cfgIPv6LanNetworking -o cfgIPv6Gateway Enabling or Disabling DHCP for the CMC Network Interface Address When enabled, the CMC’s DHCP for NIC address
Setting Static DNS IP addresses NOTE: The Static DNS IP addresses settings are not valid unless the DCHP for DNS address feature is disabled.
• DNS Domain Name. The default DNS domain name is a single blank character. To set a DNS domain name, type: racadm config -g cfgLanNetworking -o cfgDNSDomainName where is a string of up to 254 alphanumeric characters and hyphens. For example: p45, a-tz-1, r-id-001.
Setting up the CMC VLAN (IPv4 and IPv6) 1 Enable the VLAN capabilities of the external chassis management network: racadm config -g cfgLanNetworking -o cfgNicVLanEnable 1 2 Specify the VLAN ID for the external chassis management network: racadm config -g cfgLanNetworking -o cfgNicVlanID The valid values for are 1– 4000 and 4021– 4094. Default is 1.
Removing the CMC VLAN To remove the CMC VLAN, disable the VLAN capabilities of the external chassis management network: racadm config -g cfgLanNetworking -o cfgNicVLanEnable 0 You can also remove the CMC VLAN using the following command: racadm setniccfg -v Setting up a Server VLAN Specify the VLAN ID and priority of a particular server with the following command: racadm setniccfg -m server- -v The valid values for are 1 – 16.
Setting the Maximum Transmission Unit (MTU) (IPv4 and IPv6) The MTU property allows you to set a limit for the largest packet that can be passed through the interface. To set the MTU, type: racadm config -g cfgNetTuning -o cfgNetTuningMtu where is a value between 576–1500 (inclusive; default is 1500). NOTE: IPv6 requires a minimum MTU of 1280. If IPv6 is enabled, and cfgNetTuningMtu is set to a lower value, the CMC uses an MTU of 1280.
Using RACADM to Configure Users You can configure up to 16 users in the CMC property database. Before you manually enable a CMC user, verify if any current users exist. If you are configuring a new CMC or you ran the RACADM racresetcfg command, the only current user is root with the password calvin. The racresetcfg subcommand resets the CMC back to the original defaults. CAUTION: Use caution when using the racresetcfg command, because it resets all configuration parameters to the original defaults.
Adding a CMC User To add a new user to the CMC configuration, you can use a few basic commands. Perform the following procedures: 1 Set the user name. 2 Set the password. 3 Set user privileges. For information about user privileges, see Table 5-42, and Table 5-43. 4 Enable the user. Example The following example describes how to add a new user named "John" with a "123456" password and LOGIN privilege to the CMC.
Using RACADM to Configure Public Key Authentication over SSH You can configure up to 6 public keys that can be used with the service username over SSH interface. Before adding or deleting public keys, be sure to use the view command to see what keys are already set up so a key is not accidentally overwritten or deleted. The service username is a special user account that can be used when accessing the CMC through SSH.
Generating Public Keys for Windows Before adding an account, a public key is required from the system that accesses the CMC over SSH. There are two ways to generate the public/private key pair: using PuTTY Key Generator application for clients running Windows or ssh-keygen CLI for clients running Linux. This section describes simple instructions to generate a public/private key pair for both applications. For additional or advanced usage of these tools, see the application Help.
Generating Public Keys for Linux The ssh-keygen application for Linux clients is a command line tool with no graphical user interface. Open a terminal window and at the shell prompt type: ssh-keygen –t rsa –b 1024 –C testing where, –t option must be dsa or rsa. –b option specifies the bit encryption size between 768 and 4096. –c option allows modifying the public key comment and is optional. The is optional.
Adding the Public Keys To add a public key to the CMC using the file upload -f option, type: racadm sshpkauth –i svcacct –k 1 –p 0xfff –f NOTE: You can only use the file upload option with remote RACADM. For more information, see "Accessing RACADM Remotely" on page 79 and subsequent sections. For public key privileges, see Table 3-1 in the Database Property chapter of RACADM Command Line Reference Guide for iDRAC6 and CMC.
When you log in using the service account, if a passphrase was set up when creating the public/private key pair, you may be prompted to enter that passphrase again. If a passphrase is used with the keys, both Windows and Linux clients provide methods to automate that as well. For Windows clients, you can use the Pageant application. It runs in the background and makes entering the passphrase transparent. For Linux clients, you can use the sshagent.
Configuring SNMP and E-mail Alerting You can configure the CMC to send SNMP event traps and/or e-mail alerts when certain events occur on the chassis. For more information and instructions, see "Configuring SNMP Alerts" on page 414 and "Configuring Email Alerts" on page 421. You can specify the trap destinations as appropriately-formatted numeric addresses (IPv6 or IPv4), or Fully-qualified domain names (FQDNs). Choose a format that is consistent with your networking technology/infrastructure.
3 Modify the configuration file using a plain-text editor (optional). Any special formatting characters in the configuration file may corrupt the RACADM database. 4 Use the newly created configuration file to modify a target CMC. At the command prompt, type: racadm config -f myfile.cfg 5 Reset the target CMC that was configured. At the command prompt, type: racadm reset The getconfig -f myfile.cfg subcommand (step 1) requests the CMC configuration for the active CMC and generates the myfile.cfg file.
RACADM parses the .cfg file when it is first loaded onto the CMC to verify that valid group and object names are present and that some simple syntax rules are being followed. Errors are flagged with the line number that detected the error, and a message explains the problem. The entire file is parsed for correctness, and all errors display. Write commands are not transmitted to the CMC if an error is found in the .cfg file. You must correct all errors before any configuration can take place.
• Use the racresetcfg subcommand to configure both CMCs with identical properties. Use the racresetcfg subcommand to reset the CMC to original defaults, and then run the racadm config -f .cfg command. Ensure that the .cfg file includes all desired objects, users, indexes, and other parameters. For a complete list of objects and groups, see the database property chapter of the RACADM Command Line Reference Guide for iDRAC6 and CMC.
• All group entries must be surrounded by open- and close-brackets ([ and ]). The starting [ character that denotes a group name must be in column one. This group name must be specified before any of the objects in that group. Objects that do not include an associated group name generate an error. The configuration data is organized into groups as defined in the database property chapter of the RACADM Command Line Reference Guide for iDRAC6 and CMC.
• The line for an indexed group cannot be deleted from a .cfg file. If you do delete the line with a text editor, RACADM stops when it parses the configuration file and alert you of the error. You must remove an indexed object manually using the following command: racadm config -g -o -i "" NOTE: A NULL string (identified by two " characters) directs the CMC to delete the index for the specified group.
This file is updated as follows: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.9.143 # comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 The command racadm config -f .cfg parses the file and identifies any errors by line number. A correct file updates the proper entries. Additionally, you can use the same getconfig command from the previous example to confirm the update.
If the firmware on the server does not support a feature, configuring a property related to that feature displays an error. For example, using RACADM to enable remote syslog on an unsupported iDRAC displays an error message. Similarly, when displaying the iDRAC properties using the RACADM getconfig command, the property values are displayed as N/A for an unsupported feature on the server.
Troubleshooting Table 4-3 lists common problems related to remote RACADM. Table 4-3. Using Serial/ RACADM Commands: Frequently Asked Questions Question Answer After performing a CMC reset (using the RACADM racreset subcommand), I enter a command and the following message is displayed: You must wait until the CMC completes the reset before issuing another command.
Table 4-3. Using Serial/ RACADM Commands: Frequently Asked Questions (continued) Question Answer While I was using remote RACADM, the prompt changed to a ">" and I cannot get the "$" prompt to return. If you type a non-matched double quotation mark (") or a non-matched single quotation (’) in the command, the CLI changes to the ">" prompt and queue all commands.
108 Using the RACADM Command Line Interface
Using the CMC Web Interface 5 CMC provides a Web interface that enables you to configure CMC properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday chassis management, use the CMC Web interface. This chapter provides information about how to perform common chassis management tasks using the CMC Web interface.
To access the CMC Web interface over IPv6: 1 Open a supported Web browser window. For the latest information on supported Web browsers, see the Dell Systems Software Support Matrix located at support.dell.com/manuals. 2 Type the following URL in the Address field, and then press : https://[] NOTE: While using IPv6, you must enclose the in square brackets ([ ]). Specifying the HTTPS port number in the URL is optional if you are still using the default value (443).
You can log in as either a CMC user or as a Directory user. To log in: 1 In the Username field, type your user name: • CMC user name: • Active Directory user name: \, / or @. • LDAP user name: NOTE: This field is case sensitive. 2 In the Password field, type your CMC user password or Active Directory user password. NOTE: This field is case-sensitive. 3 Optionally, select a session timeout.
To set the chassis location and chassis name: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. 2 Click the Setup tab. The General Chassis Settings page is displayed. 3 Type the location properties in the Data Center, Aisle, Rack, and Rack Slot fields. NOTE: The Chassis Location field is optional. It is recommended to use the Data Center, Aisle, Rack, and Rack Slot fields to indicate the physical location of the chassis.
Enabling Removable Flash Media You can enable or repair the optional Removable Flash Media for use as an extended non-volatile storage. Some CMC features depend on extended nonvolatile storage for their operation. To enable or repair the Removable Flash Media: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. 2 Click Chassis Controller in the treelist. The Chassis Controller Status page is displayed. 3 Click the Flash Media tab. The Removable Flash Media page is displayed.
All information on the Chassis Health page is dynamically updated. This page contains two major sections: Chassis Component Summary at the top followed by the Recent CMC Hardware Log Events listing. The Chassis Component Summary section (also entitled "Chassis Health" when the overall chassis information is shown) displays the graphics and their associated information. You can hide this entire section by clicking the Close icon.
• A blade and Input/Output inventory is available for a group. • A selectable option is available to synchronize a new member’s properties to the leader’s properties when the new member is added to the group. Setting up a Chassis Group A Chassis Group may contain a maximum of eight members. Also, a leader or member can only participate in one group. You cannot join a chassis, either as a leader or member, that is part of a group to another group.
7 Optionally, select Sync New Member with Leader Properties to push leader properties to the member. For more information, see the subsection "Synchronizing a New Member With Leader Chassis Properties" on page 120. 8 Select the Apply button. 9 Repeat step 4 through step 8 to add a maximum of eight members. The new members’ Chassis Names appear in the Members dialog box. The status of the new member is displayed by selecting the Group in the tree.
Disbanding a Chassis Group To disband a chassis group from the lead chassis: 1 Login with administrator privileges to the leader chassis. 2 Select the Lead chassis in the tree. 3 Click Setup Group Administration. 4 In the Chassis Group page, under Role, select None, and then click Apply. The lead chassis then communicates to all the members that they have been removed from the group. Finally the lead chassis discontinues its role. It can now be assigned as a member or a leader of another group.
Launching a Member Chassis’s or Server’s web page Links to a member chassis’s web page, a server’s Remote Console or the Server iDRAC’s web page within the group are available through the lead chassis’s group page. You can use the same user name and password that was used to log in to the lead Chassis, to log in to the member device. If the member device has the same login credentials then no additional login is required. Otherwise, the user is directed to the member device’s login page.
The following configuration service properties of several systems within the chassis are affected after synchronization: Table 5-1. Configuration Service Properties Property Navigation SNMP Configuration Click Chassis Overview Network Services SNMP for details. Chassis remote logging Click Chassis Overview Network Services Remote Syslog for details. User authentication using LDAP and Active Directory services Click Chassis Overview User Authentication Directory Services for details.
Exported Data The blade inventory report contains data that was most recently returned by each Chassis Group member during the Chassis Group leader’s normal polling (once every 30s.
Table 5-2. Blade Inventory Field Descriptions Data Field Example Total System Memory 4.0 GB NOTE: Requires CMC 4.0 (or higher) on member; otherwise shown as blank. # of CPUs 2 NOTE: Requires CMC 4.0 (or higher) on member; otherwise shown as blank. CPU Info Intel (R) Xeon (R) CPU E5502 @1.87GHzn NOTE: Requires CMC 4.0 (or higher) on member; otherwise shown as blank. Data Format The inventory report is generated in a .
Icons for servers and IOMs span multiple slots when a double size component is installed. Hovering over a component displays a tooltip with additional information about that component. Table 5-3. Server Icon States Icon Description Server is powered on and is operating normally. Server is off. Server is reporting a non-critical error. Server is reporting a critical error.
Table 5-3. Server Icon States (continued) Icon Description No server is present. Table 5-4 displays the Chassis Quick Links. Table 5-4.
Table 5-5. Chassis Page Information Field Description Model Displays the model of the Chassis LCD panel. NOTE: When a server is inserted while the chassis is powered off, the model number is not displayed until the chassis is powered on again. Firmware Displays the firmware version of the active CMC. Service Tag Displays the service tag of the chassis. The service tag is a unique identifier that the manufacturer provides for support and maintenance.
actions. Only links applicable to the selected component are displayed in this section. Table 5-6. Health and Performance Information - Servers Item Description Power State On/Off state of the server. For details on the various types of power states, see Table 5-25. Health Displays the text equivalent of the health icon. Power Consumption Amount of power that the server consumes at present. Power Allocated Amount of power budgeted for the server.
Table 5-8. Quick Links - Servers Item Description Server Status Navigate to Server Overview Properties Status Launch Remote Invokes a Keyboard-Video-Mouse (KVM) session on the server if Console the server supports this operation. Launch iDRAC GUI Invokes an iDRAC management console for the server. Power On Server Apply power to a server that is in the "Off" state. Power Off Server Remove power from a server that is in the "On" state.
Table 5-11. Quick Links - I/O Modules Item Description IOM Status Navigate to I/O Modules Properties Status Launch IOM GUI If the Launch IOM GUI link is present for a particular I/O module, clicking it launches the IOM management console for that I/O module in a new browser window or tab. Table 5-12. Active CMC Health and Performance Item Description Redundancy Mode Displays failover readiness of the standby CMC.
Table 5-14. Quick Links - CMC Item Description CMC Status Navigate to Chassis Controller Properties Status Networking Navigate to Chassis Overview Network Network Firmware Update Navigate to Chassis Overview Update Firmware Update Table 5-15. iKVM Health and Performance Item Description OSCAR Console Displays whether the rear panel VGA connector is enabled (Yes or No) for access to CMC. Table 5-16. iKVM Properties Item Description Name Displays the name of the iKVM.
Table 5-19. Fan Properties Item Description Lower Critical Threshold Speed below which the fan is considered to have failed. Upper Critical Threshold Speed above which the fan is considered to have failed. Table 5-20. Quick Links - Fan Item Description Fan Status Navigate to Fans Properties Status Table 5-21.
Table 5-24. LCD Health and Performance Item Description LCD Health Displays the presence and health of the LCD panel. Chassis Health Displays the text description of Chassis Health. There are no Quick Links for the LCD. Monitoring System Health Status Viewing Chassis and Component Summaries CMC displays a graphical representation of the chassis on the Chassis Health page that provides a visual overview of installed component status.
The Chassis Health page provides an overall health status for the chassis, active and standby CMCs, sever modules, IO Modules (IOMs), fans, iKVM, power supplies (PSUs), and LCD assembly. Detailed information for each component is displayed by clicking on that component. For instructions on viewing chassis and components summaries, see "Viewing Chassis Summaries" on page 432.
To view health status for all servers using Chassis Graphics: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. The left section of Chassis Graphics depicts the front view of the chassis and contains the health status of all servers. Server health status is indicated by the overlay of the server subgraphic: • No overlay - server is present, powered on and communicating with CMC; there is no indication of an adverse condition.
Table 5-25. Item Health All Servers Status Information (continued) Description OK Displays that the server is present and communicating with CMC. In the event of a communication failure between CMC and the server, CMC cannot obtain or display health status for the server. Informational Displays information about the server when no change in health status (OK, Warning, Critical) has occurred.
Table 5-25. All Servers Status Information (continued) Item Description Launch Left click the button to launch the iDRAC management console for iDRAC GUI a server in a new browser window or tab. This icon is only displayed for a server where all of the following conditions are met: • The server is present. • The chassis power is on. • The LAN interface on the server is enabled.
Editing Slot Names The Slot Names page allows you to update slot names in the chassis. Slot names are used to identify individual servers. When choosing slot names, the following rules apply: • Names may contain a maximum of 15 non-extended ASCII characters (ASCII codes 32 through 126). • Slot names must be unique within the chassis. No two slots may have the same name. • Strings are not case-sensitive. Server-1, server-1, and SERVER-1 are equivalent names.
To edit a slot name: 1 Log in to the CMC Web interface. 2 Select Server Overview in the Chassis menu in the system tree. 3 Click Setup Slot Names. The Slot Names page is displayed. 4 Type the updated or new name for a slot in the Slot Name field. Repeat this action for each slot you want to rename and click Apply. 5 To restore the default slot name (SLOT-01 to SLOT-16, based on the server's slot position) to the server, press Restore Default Value.
Table 5-26. Boot Devices Boot Device Description PXE Boot from a Preboot Execution Environment (PXE) protocol on the network interface card. Hard Drive Boot from the hard drive on the server. Local CD/DVD Boot from a CD/DVD drive on the server. Virtual Floppy Boot from the virtual floppy drive. The floppy drive (or a floppy disk image) is on another computer on the management network, and is attached using the iDRAC GUI console viewer.
To set the first boot device for some or all servers in the chassis: 1 Log in to the CMC Web interface. 2 Click Server Overview in the system tree and then click Setup First Boot Device. A list of servers is displayed. 3 Select the boot device you want to use for each server from the list box. 4 If you want the server to boot from the selected device every time it boots, clear the Boot Once check box for the server.
• Red X - indicates at least one failure condition is present. This means that CMC can still communicate with the component and that the health status is reported as critical. • Grayed out - indicates that the component is present and not powered on. It is not communicating with CMC and there is no indication of an adverse condition. 2 Move the cursor to hover over an individual server subgraphic. A corresponding text hint or screen tip is displayed.
You can also view the server status page by clicking the status link in the server Quick Links on the right side of the page. Table 5-27. Individual Server Status - Properties Item Description Slot Displays the slot occupied by the server on the chassis. Slot numbers are sequential IDs, from 1 through 16 (there are 16 slots available on the chassis), that help identify the location of the server in the chassis. Slot Name Displays the name of the slot where the server resides.
Table 5-27. Individual Server Status - Properties (continued) Item Description Service Tag Displays the service tag for the server. The service tag a unique identifier provided by the manufacturer for support and maintenance. If the server is absent, this field is empty. iDRAC Firmware Displays the iDRAC version currently installed on the server. CPLD Version Displays the version number of Complex Programmable Logic Device (CPLD) of the server.
Table 5-28. Individual Server Status - iDRAC System Event Log Item Description Severity OK Indicates a normal event that does not require corrective actions. Informational Indicates an informational entry on an event in which the Severity status has not changed. Unknown Indicates an unknown/uncategorized event. Warning Indicates a non-critical event for which corrective actions must be taken soon to avoid system failures.
Table 5-30. Individual Server Status - IPv4 iDRAC Network Settings Item Description Enabled Indicates if the IPv4 protocol is used on the LAN (Yes). If the server does not support IPv6, the IPv4 protocol is always enabled and this setting is not displayed. DHCP Enabled Indicates whether Dynamic Host Configuration Protocol (DHCP) is enabled (Yes) or disabled (No).
Table 5-32. Individual Server Status - WWN/MAC Address Item Description Slot Displays the slot(s) occupied by the server on the chassis. Location Displays the location occupied by the Input/Output modules. The six locations are identified by a combination of the group name (A, B, or C) and slot number (1 or 2). Location names are: A1, A2, B1, B2, C1, or C2. Fabric Displays the type of the I/O fabric.
Viewing the Health Status of IOMs The health status for the IOMs can be viewed in two ways: from the Chassis Component Summary section on the Chassis Health page or the I/O Modules Status page. The Chassis Health page provides a graphical overview of the IOMs installed in the chassis. To view health status of the IOMs using Chassis Graphics: 1 Log in to the CMC Web interface. The Chassis Health page is displayed.
Viewing the Health Status of the Fans NOTE: During updates of CMC or iDRAC firmware on a server, some or all of the fan units in the chassis spin at 100%. This is normal. The health status of the fans can be viewed in two ways: from the Chassis Component Summary section on the Chassis Health page or the Fans Status page. The Chassis Health page provides a graphical overview of all fans installed in the chassis. To view health status for all fans using Chassis Graphics: 1 Log in to the CMC Web interface.
CMC, which controls fan speeds, automatically increases or decreases fan speeds based on system wide events. CMC generates an alert and increases the fan speeds when the following events occur: • CMC ambient temperature threshold is exceeded. • A fan fails. • A fan is removed from the chassis. To view the health status of the fan units: 1 Log in to the CMC Web interface. 2 Select Fans in the system tree. The Fans Status page is displayed.
Viewing the iKVM Status The local access KVM module for your Dell M1000e server chassis is called the Avocent Integrated KVM Switch Module, or iKVM. The health status of the iKVM associated with the chassis can be viewed on the Chassis Health page. To view health status for the iKVM using Chassis Graphics: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. The lower section of Chassis Graphics depicts the rear view of the chassis and contains the health status of the iKVM.
For additional instructions on viewing iKVM status and setting properties for the iKVM, see: • "Viewing the iKVM Status and Properties" on page 390 • "Enabling or Disabling the Front Panel" on page 389 • "Enabling the Dell CMC Console Through iKVM" on page 390 • "Updating the iKVM Firmware" on page 392 For more information about iKVM, see "Using the iKVM Module" on page 369.
2 Use the cursor to hover over an individual PSU subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that PSU. 3 Clicking on the PSU subgraphic selects that PSU's information and Quick Links for display to the right of the chassis graphics. The Power Supply Status page displays the status and readings of the PSUs associated with the chassis. For more information about CMC power management, see "Power Management" on page 319.
Table 5-34. Power Supply Health Status Information (continued) Item Description Power Status Indicates the power state of the PSU: Online, Off, or Slot Empty. Capacity Displays the power capacity in watts. Table 5-35. System Power Status Item Description Overall Power Health Displays the health status (OK, Non-Critical, Critical, NonRecoverable, Other, Unknown) of the power management for the entire chassis.
Table 5-36. Temperature Sensors Health Status Information Item Description ID Displays the location of the temperature probe. Name Displays the name of each temperature probe for the chassis and servers. Present Indicates whether the module is present (Yes) or absent (No) in the chassis. Health OK Indicates that the module is present and communicating with CMC. In the event of a communication failure between CMC and the server, CMC cannot obtain or display the health status for the server.
Viewing the LCD Status You can view the health status of the LCD using the chassis graphics associated with the chassis on the Chassis Health page. To view the health status for the LCD: 1 Log in to the CMC Web interface. The Chassis Health page is displayed. The top section of Chassis Graphics depicts the front view of the chassis. LCD health status is indicated by the overlay of the LCD subgraphic: • No overlay - LCD is present, powered on, and communicating with CMC. There is no adverse condition.
Viewing World Wide Name/Media Access Control (WWN/MAC) IDs The WWN/MAC Summary page allows you to view the WWN configuration and MAC address of a slot in the chassis. Fabric Configuration The Fabric Configuration section displays the type of Input/Output fabric that is installed for Fabric A, Fabric B, and Fabric C. A green check mark indicates that the fabric is enabled for FlexAddress.
Configuring CMC Network Properties NOTE: Network configuration changes can result in the loss of connectivity on current network login. Setting Up Initial Access to CMC Before you can begin configuring CMC, you must first configure the CMC network settings to allow the CMC to be managed remotely. This initial configuration assigns the TCP/IP networking parameters that enable access to CMC. NOTE: You must have Chassis Configuration Administrator privilege to set up CMC network settings.
Configuring the Network LAN Settings NOTE: You must have Chassis Configuration Administrator privilege to set up CMC network settings. NOTE: The settings on the Network Configuration page, such as community string and SMTP server IP address, affect both CMC and the external settings of the chassis. NOTE: If you have two CMCs (active and standby) on the chassis, and they are both connected to the network, the standby CMC automatically assumes the network settings in the event of failover of the active CMC.
Table 5-37. Network Settings Setting Description CMC MAC Address Displays the chassis’ MAC address, which is a unique identifier for the chassis over the computer network. Enable CMC Network Interface Enables the Network Interface of CMC. Default: Enabled. If this option is checked: • CMC communicates with and is accessible over the computer network. • The Web interface, CLI (remote RACADM), WSMAN, Telnet, and SSH associated with CMC are available.
Table 5-37. Network Settings (continued) Setting Description Use DHCP for DNS Uses the default DNS domain name. This check box is active Domain Name only when Use DHCP (For CMC Network Interface IP Address) is selected. Default: Enabled DNS Domain Name The default DNS Domain Name is a blank character. This field can be edited only when the Use DHCP for DNS Domain Name check box is selected.
Table 5-37. Network Settings (continued) Setting Description Duplex Mode Set the duplex mode to full or half to match your network environment. Implications: If Auto Negotiation is turned On for one device but not the other, then the device using auto negotiation can determine the network speed of the other device, but not the duplex mode. In this case, duplex mode defaults to the half duplex setting during auto negotiation. such a duplex mismatch results in a slow network connection.
Table 5-38. IPv4 Settings (continued) Setting Description DHCP Enable Enables CMC to request and obtain an IP address from the IPv4 Dynamic Host Configuration Protocol (DHCP) server automatically. Default: Checked (enabled) If this option is checked, CMC retrieves IPv4 configuration (IP Address, subnet mask, and gateway) automatically from a DHCP server on your network. CMC always has a unique IP Address allotted over your network.
Table 5-38. IPv4 Settings (continued) Setting Description Use DHCP to Obtain DNS Server Addresses Obtains the primary and secondary DNS server addresses from the DHCP server instead of the static settings. Default: Checked (enabled) by default NOTE: If Use DHCP (For CMC Network Interface IP Address) is enabled, then enable the Use DHCP to Obtain DNS Server Addresses property. If this option is checked, CMC retrieves its DNS IP address automatically from a DHCP server on your network.
Table 5-39. IPv6 Settings Setting Description Enable IPv6 Allows CMC to use the IPv6 protocol to communicate on the network. Unchecking this box does not prevent IPv4 networking from occurring. Default: Checked (enabled) AutoConfiguration Enable Allows CMC to use the IPv6 protocol to obtain IPv6 related address and gateway settings from an IPv6 router configured to provide this information. CMC then has a unique IPv6 address on your network.
Table 5-39. IPv6 Settings (continued) Setting Description Static Preferred DNS Server Specifies the static IPv6 Address for the preferred DNS Server. The entry for Static Preferred DNS Server is considered only when Use DHCP to Obtain DNS Server Addresses is disabled or unchecked. There is an entry for this Server in both IPv4 and IPv6 configuration areas. Static Alternate DNS Specifies the static IPv6 Address for the alternate DNS Server Server.
Table 5-40. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a specific range of IP addresses that can access CMC. IP Range Address Determines the base IP address for range checking. IP Range Mask Defines a specific range of IP addresses that can access the CMC, a process called IP range checking.
5 Click Apply to save your settings. To refresh the contents of the Network Security page, click Refresh. To print the contents of the Network Security page, click Print. Configuring VLAN VLANs are used to allow multiple virtual LANs to co-exist on the same physical network cable and to segregate the network traffic for security or load management purposes. When you enable the VLAN functionality, each network packet is assigned a VLAN tag. To configure VLAN: 1 Log in to the Web interface.
Adding and Configuring CMC Users To manage your system with CMC and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs. User Types There are two types of users: CMC users and iDRAC users. CMC users are also known as "chassis users." Since iDRAC resides on the server, iDRAC users are also known as "server users.
Table 5-42. User Types Privilege Description CMC Login User User can log in to CMC and view all the CMC data, but cannot add or modify data or execute commands. It is possible for a user to have other privileges without the CMC Login User privilege. This feature is useful when a user is temporarily not allowed to login. When that user’s CMC Login User privilege is restored, the user retains all the other privileges previously granted.
Table 5-42. User Types (continued) Privilege Description Clear Logs Administrator User can clear the hardware log and CMC log. Chassis Control Administrator CMC users with the Chassis Power Administrator privilege can perform all power-related operations. They can control chassis power operations, including power on, power off, and power cycle. (Power Commands) Server Administrator NOTE: To configure power settings, the Chassis Configuration Administrator privilege is needed.
Table 5-42. User Types (continued) Privilege Description Listed below are the privileges and the actions on the server to which the Server Administrator is entitled. These rights are applied only when the chassis user does not have the Server Administrative privilege on the chassis.
Table 5-42. User Types (continued) Privilege Description Super User User has root access to CMC and has User Configuration Administrator and Login to CMC User privileges. Only users with Super User privileges can grant new or existing users Debug Command Administrator and Super User privileges. The CMC user groups provide a series of user groups that have pre-assigned user privileges.
Table 5-43.
Table 5-44.
Adding and Managing Users From the Users and User Configuration pages in the Web interface, you can view information about CMC users, add a new user, and change settings for an existing user. You can configure up to 16 local users. If additional users are required and your company uses Microsoft Active Directory or generic Lightweight Directory Access Protocol (LDAP) services, you can configure it to provide access to CMC.
Table 5-45. General User Settings for Configuring a New or Existing CMC Username and Password Property Description User ID (Read only) Identifies a user by one of 16 preset, sequential numbers used for CLI scripting purposes. The User ID identifies the particular user when configuring the user through the CLI tool (RACADM). You cannot edit the User ID. If you are editing information for user root, this field is static. You cannot edit the user name for root.
5 Assign the user to a CMC user group. Table 5-42 describes CMC user privileges. When you select a user privilege setting from the CMC Group drop-down menu, the enabled privileges (shown as checked boxes in the list) display according to the pre-defined settings for that group. You can customize the privileges settings for the user by checking or un-checking boxes. After you have selected a CMC Group or made Custom user privilege selections, click Apply Changes to keep the settings.
Common Settings This section allows you to configure and view common Active Directory settings for CMC. Table 5-46. Common Settings Field Description Enable Active Directory Enables Active Directory login on CMC. You must install SSL certificates for the Active Directory servers signed by the same certificate authority and upload it to CMC.
Table 5-46. Common Settings (continued) Field Description Enable SSL Certificate Validation Enables SSL certificate validation for CMC's Active Directory SSL connection. To disable the SSL certificate validation, clear the check box. CAUTION: Disabling this feature may expose the authentication to a man-in-the-middle attack. The browser operation requires that CMC be accessed through a HTTP URL which contains a fully qualified domain address for CMC, that is http://cmc-6g2wxf1.dom.net.
Table 5-46. Common Settings (continued) Field Description Enabling Smart Card enforces a Smart Card Only policy for browser authentication. All other methods of browser authentication such as Local or Active Directory username/password authentication are restricted. If the Smart Card Only usage enforcement policy is to be adopted, it is important that the Smart Card operation be fully validated before all other access methods to CMC are disabled.
Standard Schema Settings The Standard Schema settings are displayed when Microsoft Active Directory (Standard Schema) is selected. This section describes the role groups with associated names, domains, and privileges for any role groups that have already been configured. To change the settings for a role group, click the role group button in the Role Groups list. NOTE: If you click a role group link prior to applying any new settings you have made, you lose those settings.
Extended Schema Settings These Extended Schema settings with the following properties are displayed when Microsoft Active Directory (Extended Schema) is selected: • CMC Device Name - Displays the name of the RAC Device Object you created for CMC. The CMC Device Name uniquely identifies the CMC card in Active Directory. The CMC Device Name must be the same as the common name of the new RAC Device Object you created in your domain controller.
The following controls enable you to upload and download this certificate: • Upload - Initiates the upload process for the certificate. This certificate, which you obtain from Active Directory, grants access to CMC. • Download - Initiates the download process. You are prompted for the location to save the file. When you select this option and click Next, a File Download dialog box appears. Use this dialog box to specify a location on your management station or shared network for the server certificate.
Configuring and Managing Generic Lightweight Directory Access Protocol Services You can use the Generic Lightweight Directory Access Protocol (LDAP) Service to configure your software to provide access to CMC. LDAP allows you to add and control the CMC user privileges of your existing users. NOTE: To configure LDAP settings for CMC, you must have Chassis Configuration Administrator privilege. To view and configure LDAP: 1 Log in to the Web interface.
Table 5-47. Common Settings (continued) Setting Description Attribute of User Login Specifies the attribute to search for. If not configured, the default is to use uid. It is recommended to be unique within the chosen base DN, otherwise a search filter must be configured to ensure the uniqueness of the login user.If the user DN cannot be uniquely identified by searching the combination of attribute and search filter, login fails with an error.
Selecting Your LDAP Servers You can configure the server to use with Generic LDAP in two ways. Static Servers allows the administrator to place a FQDN or IP address within the field. Alternatively, a list of LDAP servers can be retrieved by looking up their SRV record within the DNS. The following are the properties in the LDAP Servers section: • Use Static LDAP Servers - Selecting this option causes the LDAP service to use the specified servers with the port number provided (see details below).
Managing LDAP Group Settings The table in the Group Settings section lists role groups, displaying associated names, domains, and privileges for any role groups that are already configured. • To configure a new role group, click a role group name that does not have a name, domain, and privilege listed. • To change the settings for an existing role group, click the role group name. When you click a role group name, the Configure Role Group page appears.
The following controls enable you to upload and download this certificate: • Upload - Initiates the upload process for the certificate. This certificate, which you obtain from your LDAP server, grants access to CMC. • Download - Initiates the download process. You are prompted for the location to save the file. When you select this option and click Next, a File Download dialog box appears. Use this dialog box to specify a location on your management station or shared network for the server certificate.
This encryption process provides a high level of data protection. CMC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America. The CMC Web server includes a Dell self-signed SSL digital certificate (Server ID). To ensure high security over the Internet, replace the Web server SSL certificate by submitting a request to CMC to generate a new Certificate Signing Request (CSR).
Accessing the SSL Main Menu NOTE: To configure SSL settings for CMC, you must have Chassis Configuration Administrator privilege. NOTE: Any server certificate you upload must be current (not expired) and signed by a certificate authority. To access the SSL main menu: 1 Log in to the Web interface. 2 Click the Network tab, and then click the SSL subtab. The SSL Main Menu page appears. Use the SSL Main Menu page options to generate a CSR to send to a certificate authority.
Table 5-48. SSL Main Menu Options (continued) Field Description Upload Server Certificate Based on Generated CSR Select this option and click Next to display the Certificate Upload page, where you can upload an existing certificate that your company holds title to and uses to control access to CMC. NOTE: Only X509, Base 64-encoded certificates are accepted by CMC. DER-encoded certificates are not accepted. Uploading a new certificate replaces the default certificate you received with your CMC.
When a CSR is generated from the Generate Certificate Signing Request (CSR) page, you are prompted to save a copy to your management station or shared network, and the unique information used to generate the CSR is stored on CMC. This information is used later to authenticate the server certificate you receive from the certificate authority. After you receive the server certificate from the certificate authority, you must then upload it to CMC.
Table 5-49. Field Generate Certificate Signing Request (CSR) Page Options (continued) Description Organization Name The name associated with your organization (example: XYZ Corporation). Valid: Alphanumeric characters (A–Z, a–z, 0–9); hyphens, underscores, periods, and spaces. Not valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). Organization Unit The name associated with an organizational unit, such as a department (example: Enterprise Group).
Uploading a Server Certificate To upload a server certificate: 1 From the SSL Main Menu page, select Upload Server Certificate Based on Generated CSR, and then click Next. The Certificate Upload page displays. 2 Type the file path in the text field, or click Browse to select the file. 3 Click Apply. If the certificate is invalid, an error message displays. NOTE: The File Path value displays the relative file path of the certificate you are uploading.
Viewing a Server Certificate From the SSL Main Menu page, select View Server Certificate, and then click Next. The View Server Certificate page displays. Table 5-50 describes the fields and associated descriptions listed in the Certificate window. Table 5-50. Certificate Information Field Description Serial Certificate serial number. Subject Certificate attributes entered by the subject. Issuer Certificate attributes returned by the issuer. notBefore Issue date of the certificate.
To manage or terminate a session: 1 Log in to CMC through the Web. 2 Click the Network tab then click the Sessions subtab. 3 On the Sessions page, locate the session you want to terminate and click the appropriate button. Table 5-51 displays the Sessions properties. Table 5-51. Sessions Properties Property Description Session ID Displays the sequentially generated ID number for each instance of a login. Username Displays the user's login name (local user or Active Directory user).
Configuring Services CMC includes a Web server that is configured to use the industry-standard SSL security protocol to accept and transfer encrypted data from and to clients over the Internet. The Web server includes a Dell self-signed SSL digital certificate (Server ID) and is responsible for accepting and responding to secure HTTP requests from clients. This service is required by the Web interface and remote CLI tool for communicating to CMC.
Table 5-52. CMC Serial Console Settings Setting Description Enabled Enables Telnet console interface on CMC. Default: Unchecked (disabled) Redirect Enabled Enables the serial/text console redirection to the server through your serial/Telnet/SSH client from CMC. The CMC connects to iDRAC that internally connects to the server COM2 port.
Table 5-52. CMC Serial Console Settings (continued) Setting Description Escape Key Allows you to specify the Escape key combination that terminates serial/text console redirection when using the connect or racadm connect command. Default: ^\ (Hold and type a backslash (\) character) NOTE: The caret character ^ represents the key.
Table 5-53. Web Server Settings Setting Description Enabled Enables Web Server services (access through remote RACADM and the Web interface) for CMC. Default: Checked (enabled) Max Sessions Displays the maximum number of simultaneous Web user interface sessions allowed for the chassis. A change to the Max Sessions property takes effect at the next login; it does not affect current Active Sessions (including your own). The remote RACADM is not affected by the Max Sessions property for the Web Server.
Table 5-53. Web Server Settings (continued) Setting Description HTTP Port Number Displays the default port used by CMC that listens for a server connection. NOTE: When you provide the HTTP address on the browser, the Web server automatically redirects and uses HTTPS.
Table 5-54. SSH Settings Setting Description Enabled Enables the SSH on CMC. Default: Checked (enabled) Max Sessions The maximum number of simultaneous SSH sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-55. Telnet Settings Setting Description Enabled Enables Telnet console interface on CMC. Default: Unchecked (disabled) Max Sessions Displays the maximum number of simultaneous Telnet sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-56. Remote RACADM Settings Setting Description Enabled Enables the remote RACADM utility access to CMC. Default: Checked (enabled) Max Sessions Displays the maximum number of simultaneous RACADM sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-58. Remote Syslog Configuration Setting Description Enabled Enables the transmission and remote capture of CMC log and Hardware log entries to the specified server(s). Valid values: Checked (enabled), unchecked (disabled) Default: unchecked (disabled) Syslog Server 1 The first of three possible servers to host a copy of the CMC and hardware log entries. Specified as a Host Name, an IPv6 address, or an IPv4 address.
Managing Firmware Updates This section describes how to update firmware on the Chassis and Server components using the GUI and RACADM utility. The following components can be updated using RACADM or the GUI. In the GUI, you can perform the update using the Chassis Overview Update or the Chassis Controller Update pages: • CMC — active and standby • iKVM • iDRAC — The iDRAC Firmware iDRACs earlier than iDRAC6 must be updated using the recovery interface.
Viewing the Current Firmware Versions The Update page displays the current version of all the updatable components in the chassis. These may include the iKVM firmware, active CMC firmware, (if applicable) the standby CMC firmware, the iDRAC firmware, and the IOM infrastructure device firmware. For more information, see "Updating the IOM Infrastructure Device Firmware" on page 211.
Updating Firmware NOTE: To update firmware on CMC, you must have Chassis Configuration Administrator privilege. NOTE: The firmware update retains the current CMC and iKVM settings. NOTE: If a web user interface session is used to update system component firmware, the Idle Timeout setting must be set high enough to accommodate the file transfer time. In some cases, the firmware file transfer time may be as high as 30 minutes. To set the Idle Timeout value, see "Configuring Services" on page 197.
NOTE: To avoid disconnecting other users during a reset, notify authorized users who might log in to CMC and check for active sessions in the Sessions page. To open the Sessions page, select Chassis in the tree, click the Network tab, and then click the Sessions subtab. Help for that page is available through the Help link at the top right corner of the page. NOTE: When transferring files to and from CMC, the file transfer icon spins during the transfer.
4 Click Begin Firmware Update. The Firmware Update Progress section provides firmware update status information. A status indicator displays on the page while the image file uploads. File transfer time can vary greatly based on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays. Additional instructions to follow: • Do not use the Refresh button or navigate to another page during the file transfer.
6 In the Firmware Image field, enter the path to the firmware image file on your management station or shared network, or click Browse to navigate to the file location. NOTE: The default iKVM firmware image name is ikvm.bin; however, the iKVM firmware image name can be changed by the user to avoid confusion with previous images. 7 Click Begin Firmware Update. 8 Click Yes to continue. The Firmware Update Progress section provides firmware update status information.
4 Select the IOM device to update by selecting the Update Targets check box for that IOM device. 5 Click the Apply IOM Update button below the IOM component list. NOTE: The Firmware Image field does not display for an IOM infrastructure device (IOMINF) target because the required image resides on CMC. CMC firmware should be updated first, before updating IOMINF firmware. IOMINF updates are allowed by CMC if it detects that the IOMINF firmware is out-of-date with the image contained in CMC file system.
3 Click the Update tab. The Firmware Update page appears. 4 Select the iDRAC or iDRACs to update by selecting the Update Targets check box those devices. 5 Click the Apply iDRAC Update button below the iDRAC component list. 6 In the Firmware Image field, enter the path to the firmware image file on your management station or shared network, or click Browse to navigate to the file location. 7 Click Begin Firmware Update. The Firmware Update Progress section provides firmware update status information.
To update the iDRAC firmware. 1 Download the latest iDRAC firmware to your management computer from support.dell.com. 2 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 111). 3 Click Chassis Overview in the system tree. 4 Click the Update tab. The Firmware Update page appears. 5 Select the iDRAC or iDRACs of the same model to update by selecting the Update Targets check box those devices. 6 Click the Apply iDRAC Update button below the iDRAC component list.
Before using the Lifecycle Controller based update feature, server firmware versions should be updated. NOTE: You should update the CMC firmware before updating the server component firmware modules. You should update the server component firmware modules in the following order: • BIOS • Lifecycle Controller • iDRAC See the "Recommended Module Firmware Versions" section in the CMC Readme at support.dell.com/manuals. The Lifecycle Controller provides module update support for iDRAC6 and later servers.
Normally, the USC firmware is installed through an appropriate installation package that has to be executed on the server OS. A special repair or installation package with file extension .usc is available on the native iDRAC Web-Browser interface. This package enables you to install the USC firmware through the usual firmware update facility. For more information, see the Dell Lifecycle Controller USC/USC-LCE User's Guide. The Lifecycle Controller service can be enabled during the server boot process.
Filtering Mechanisms Information for all the components and devices across all servers is retrieved at one time. To manage this large amount of information, the Lifecycle Controller provides various filtering mechanisms. These filters enable you to: • Select one or more categories of components or devices for easy viewing. • Compare firmware versions of components and devices across the server.
The Server Component Update page provides the following sections: • Component/Device Update Filter: This section is used to control the viewing of components and/or devices in the Firmware Inventory section. By enabling the filter for a component or device type, the Firmware Inventory section is modified to display only the enabled component or device across all servers.
• Component/Device Firmware Inventory: This section summarizes the status of the firmware versions of all the components and devices across all the servers currently present in the chassis. Options to perform the various Lifecycle Controller Operations such as Update, Rollback, Reinstall, and Job Deletion are available. Only one type of operation can be performed at a time.
Table 5-59 displays the component and devices information on the server: Table 5-59. Component and Devices Information Field Description Slot Displays the slot occupied by the server in the chassis. Slot numbers are sequential IDs, from 1 to 16 (for the 16 available slots in the chassis), that help to identify the location of the server in the chassis. When there are less than 16 servers occupying slots, only those slots populated by servers are displayed.
Table 5-59. Component and Devices Information (continued) Field Description Job Status Displays the job status of any operations that are scheduled on the server. The job status is continuously updated dynamically. If a job completion with state completed is detected, then the firmware versions for the components and devices on that server are automatically refreshed in case there has been a change of firmware version on any of the components or devices.
Table 5-59. Component and Devices Information (continued) Field Description Update Selects the component or device for firmware update on the server. Use the CRTL key shortcut to select a type of component or device for update across all the applicable servers. Pressing and holding the CRTL key highlights all the components in yellow. While the CRTL key is pressed down, select the required component or device by enabling the associated check box in the Update column.
When a Component or Device is selected for update, the Dell Update Package (DUP) needs to be specified. A secondary table identifying the component/device and a selector for the firmware image file is displayed. This enables the firmware image file for the associated component or device to be specified. A specific selector is displayed for each type of component/device that is selected for update. NOTE: Only one selector per component or device category is displayed.
is acknowledged. A Lifecycle Controller operation once scheduled on a server may take 10 to 15 minutes to complete. The process involves several reboots of the server during which the firmware installation is executed, which also includes a firmware verification stage. Progress of this process can be observed by viewing the server console.
Managing iDRAC CMC provides the Deploy iDRAC page to allow the user to configure installed and newly inserted server's iDRAC network configuration settings. A user can configure one or more installed iDRAC devices from this page. The user can also configure the default iDRAC network configuration settings and root password for severs that are installed later; these default settings are the iDRAC QuickDeploy settings. For more information on the behaviour of iDRAC, see the iDRAC User’s Guides at support.
Table 5-61. QuickDeploy Settings (continued) Setting Description Set iDRAC Root Password on Server Insertion Specifies whether a server’s iDRAC root password should be changed to the value provided in the iDRAC Root Password text box when the server is inserted. iDRAC Root Password When Set iDRAC Root Password on Server Insertion and QuickDeploy Enabled are checked, this password value is assigned to a server's iDRAC root user password when the server is inserted into chassis.
Table 5-61. QuickDeploy Settings (continued) Setting Description Starting iDRAC IPv4 Address (Slot 1) Specifies the static IP address of the iDRAC of the server in slot 1 of the enclosure. The IP address of each subsequent iDRAC is incremented by 1 for each slot from slot 1's static IP address. In the case where the IP address plus the slot number is greater than the subnet mask, an error message is displayed. NOTE: The subnet mask and the gateway are not incremented like the IP address.
5 To save the selections click the Save QuickDeploy Settings button. If you made changes to the iDRAC network setting, click the Apply iDRAC Network Settings button to deploy the settings to the iDRAC. 6 To update the table to the last saved QuickDeploy settings, and restore the iDRAC Network settings to the current values for each installed server, click Refresh. NOTE: Clicking the Refresh button deletes all iDRAC QuickDeploy and iDRAC Network configuration settings that have not been saved.
To enable and set the iDRAC Network Settings: 1 Log in to the CMC Web interface. 2 Select Server Overview in the system tree. 3 Click the Setup tab. The Deploy iDRAC page appears. 4 Select the check box for QuickDeploy Enabled to enable the QuickDeploy settings. 5 Set the remaining iDRAC Network Settings accordingly. Table 5-62. iDRAC Network Settings Setting Description Slot Displays the slot occupied by the server in the chassis.
Table 5-62. iDRAC Network Settings (continued) Setting Description IPMI over LAN Enables (checked) or disables (unchecked) the IPMI LAN channel. LAN must be enabled to set this field. IP Address The static IPv4 or IPv6 address assigned to the iDRAC located in this slot. Subnet Mask Specifies the subnet mask assigned to the iDRAC installed in this slot. Gateway Specifies the default gateway assigned to the iDRAC which is installed in this slot.
The iDRAC Network Settings table reflects future network configuration settings; the values shown for installed servers may or may not be the same as the currently installed iDRAC network configuration settings. Press the Refresh button to update the iDRAC Deploy page with each installed iDRAC network configuration settings after changes are made.
The remote console feature is supported only when all of the following conditions are met: • The chassis power is on. • Servers that support iDRAC6 and iDRAC7. • The LAN interface on the server is enabled. • The iDRAC version is 2.20 or later. • The host system is installed with JRE (Java Runtime Environment) 6 Update 16 or later. • The browser on host system allows pop-up windows (pop-up blocking is disabled). NOTE: Remote Console can also be launched from the iDRAC GUI.
A user may be able to launch iDRAC GUI without having to login a second time, as this feature utilizes single sign-on. Single sign-on policies are described below. • A CMC user who has server administrative privilege, is automatically logged into iDRAC using single sign-on. Once on the iDRAC site, this user is automatically granted Administrator privileges. This is true even if the same user does not have an account on iDRAC, or if the account does not have the Administrator’s privileges.
Server Cloning The server cloning feature allows the user to apply all cloneable BIOS settings from a specified server to one or more servers. Cloneable BIOS settings are those BIOS settings, which can be modified and are intended to be replicated across servers. The server cloning feature supports iDRAC6 and iDRAC7 Servers. Earlier generation iDRAC Servers are listed, but are greyed out on the main page, and are not enabled to use this feature.
Apply Profile When Stored Profiles are available in the non-volatile media on the CMC, to initiate a server cloning operation, apply a Stored Profile to one or more servers. The operation status, slot number, slot name, and model name is displayed for each server in the Apply Profile table. After applying a Stored Profile to a server, the server gets rebooted immediately.
Completion Status and Troubleshooting To check the completion status of a requested BIOS profile applied: 1 Capture the job id (JID) of the submitted job of interest from the Recent Profile Log table on the server cloning main page. 2 Look up the same JID in the Jobs table on the Lifecycle Controller Jobs page (Server Overview Troubleshooting Lifecycle Controller Jobs). FlexAddress This section describes the FlexAddress Web interface screens.
Viewing Chassis FlexAddress Status FlexAddress status information can be displayed for the entire chassis. The status information includes whether the feature is active and an overview of the FlexAddress status for each server. To view whether FlexAddress is active for the chassis: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 111). 2 Click Chassis Overview in the system tree. 3 Click the Setup tab. The General Setup page appears.
WWN/MAC Addresses Displays FlexAddress configuration for each slot in the chassis. Information displayed includes: • iDRAC management controller is not a fabric but its FlexAddress is treated like one. • Slot number and location • FlexAddress active/not active status • Fabric type • Server-assigned and chassis-assigned WWN/MAC addresses in use A green check mark indicates the active address type, either serverassigned or chassis-assigned. 4 For additional information, click Help.
The status page presents the following information: Table 5-63. Status Page Information FlexAddress Enabled Displays whether the FlexAddress feature is active or not active for the particular slot. Current State Displays the current FlexAddress configuration: • Chassis-Assigned - selected slot address is chassis assigned using the FlexAddress. The slot-based WWN/MAC addresses remain the same even if a new server is installed.
Table 5-63. Status Page Information (continued) BIOS Version Displays the current BIOS version of the server module. Slot Slot number of the server associated with the fabric location. Location Displays the location of the Input/Output (I/O) module in the chassis by group number (A, B, or C) and slot number (1 or 2). Slot names: A1, A2, B1, B2, C1, or C2. Fabric Displays the type of fabric.
Chassis-Level Fabric and Slot FlexAddress Configuration At the chassis level, you can enable or disable the FlexAddress feature for fabrics and slots. FlexAddress is enabled on a per-fabric basis and then slots are selected for participation in the feature. Both fabrics and slots must be enabled to successfully configure FlexAddress.
Server-Level Slot FlexAddress Configuration At the server level, you can enable or disable the FlexAddress feature for individual slots. To enable or disable an individual slot to use the FlexAddress feature: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 111). 2 Expand Server Overview in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server you want to view. The Server Status page displays.
Table 5-64. Setting Remote File Sharing Settings Description Image File Path Image File Path is only needed for connect and deploy operations. It does not apply to disconnect operations. The path name of the network drive is mounted to the server through a Windows SMB or Linux/Unix NFS protocol. For example, to connect to CIFS: //// To connect to NFS: //:// File names that end with .
Table 5-64. Remote File Sharing Settings (continued) Setting Description Connect Status Displays the remote file share connection status. Select/Deselect Select this option before initiating a remote file share operation. All Remote file share operations are: Connect, Disconnect, and Deploy. 5 Click Connect to connect to a remote file share. To connect a remote file share, you must provide the path, user name, and password. A successful operation allows access to the media.
Frequently Asked Questions Table 5-65 lists the frequently asked questions while managing or recovering a remote system. . Table 5-65. Managing and Recovering a Remote System Question Answer When accessing the CMC Web interface, I get a security warning stating the host name of the SSL certificate does not match the host name of CMC. CMC includes a default CMC server certificate to ensure network security for the Web interface and remote RACADM features.
Table 5-65. Managing and Recovering a Remote System (continued) Question Answer Why are the remote RACADM and Web-based services unavailable after a property change? It may take a minute for the remote RACADM services and the Web interface to become available after the CMC Web server resets. The CMC Web server is reset after the following occurrences: • When changing the network configuration or network security properties using the CMC Web user interface.
Table 5-65. Managing and Recovering a Remote System (continued) Question Answer The following message is displayed for unknown reasons: As part of discovery, IT Assistant attempts to verify the device’s get and set community names. In IT Assistant, you have the get community name = public and the set community name = private. By default, the community name for the CMC agent is public.
Using the CMC Web Interface
6 Using FlexAddress The FlexAddress feature is an optional upgrade that allows server modules to replace the factory-assigned World Wide Name and Media Access Control (WWN/MAC) network IDs with WWN/MAC IDs provided by the chassis. Every server module is assigned unique WWN and/or MAC IDs as part of the manufacturing process.
Activating FlexAddress FlexAddress is delivered on a Secure Digital (SD) card that must be inserted into CMC to activate the feature. To activate the FlexAddress feature, software updates may be required; if you are not activating FlexAddress these updates are not required. The updates, which are listed in the table below, include server module BIOS, I/O mezzanine BIOS or firmware, and CMC firmware. You must apply these updates before you enable FlexAddress.
To ensure proper deployment of the FlexAddress feature, update the BIOS and the firmware in the following order: 1 Update all mezzanine card firmware and BIOS. 2 Update server module BIOS. 3 Update iDRAC firmware on the server module. 4 Update all CMC firmware in the chassis; if redundant CMCs are present, ensure both are updated. 5 Insert the SD card into the passive module for a redundant CMC module system or into the single CMC module for a non-redundant system.
Verifying FlexAddress Activation To ensure proper activation of FlexAddress, RACADM commands can be used to verify the SD feature card and FlexAddress activation. Use the following RACADM command to verify the SD feature card and its status: racadm featurecard -s Table 6-1. Status Messages Returned by featurecard -s Command Status Message Actions No feature card inserted. Check CMC to verify that the SD card was properly inserted.
The command returns the following status message: Feature = FlexAddress Date Activated = 8 April 2008 - 10:39:40 Feature installed from SD-card SN = 01122334455 If there are no active features on the chassis, the command returns a message: racadm feature -s No features active on the chassis. Dell Feature Cards may contain more than one feature.
Deactivating FlexAddress Use the following RACADM command to deactivate the FlexAddress feature and restore the SD card: racadm feature -d -c flexaddress The command returns the following status message upon successful deactivation: feature FlexAddress is deactivated on the chassis successfully.
Use the following RACADM command to enable or disable fabrics: racadm setflexaddr [-f ] = = A, B, C, or iDRAC 0 or 1 Where 0 is disable and 1 is enable. Use the following RACADM command to enable or disable slots: racadm setflexaddr [-i ] = 1 to 16 = 0 or 1 Where 0 is disable and 1 is enable.
Viewing FlexAddress Status Using the CLI You can use the command line interface to view FlexAddress status information. You can view status information for the entire chassis or for a particular slot.
Troubleshooting FlexAddress This section contains troubleshooting information for FlexAddress. 1 What happens if a feature card is removed? Nothing happens. Feature cards can be removed and stored or may be left in place. 2 What happens if a feature card that was used in one chassis is removed and put into another chassis? The Web interface displays an error that states: This feature card was activated with a different chassis. It must be removed before accessing the FlexAddress feature.
Current Chassis Service Tag = XXXXXXXX Feature Card Chassis Service Tag = YYYYYYYY The original feature card is no longer eligible for deactivation on that or any other chassis, unless Dell Service re-programs the original chassis service tag back into a chassis, and CMC that has the original feature card is made active on that chassis. • The FlexAddress feature remains activated on the originally bound chassis. The binding of that chassis feature is updated to reflect the new service tag.
9 What happens if a chassis with a single CMC is downgraded with firmware prior to 1.10? • The FlexAddress feature and configuration is removed from the chassis. • The feature card used to activate the feature on this chassis is unchanged, and remains bound to the chassis. When this chassis’s CMC firmware is subsequently upgraded to 1.
12 I have the SD card properly installed and all the firmware/software updates installed. I see that FlexAddress is active, but I can’t see anything on the server deployment screen to deploy it? What is wrong? This is a browser caching issue; shut down the browser and relaunch. 13 What happens to FlexAddress if I need to reset my chassis configuration using the RACADM command, racresetcfg? The FlexAddress feature is still be activated and ready to use. All fabrics and slots is selected as default.
Table 6-2. FlexAddress Commands and Output (continued) Situation Command SD card in the active $racadm featurecard -s CMC module that is bound to the same service tag. Output The feature card inserted is valid and contains the following feature(s) FlexAddress: The feature card is bound to this chassis SD card in the active $racadm featurecard -s CMC module that is not bound to any service tag.
Table 6-2. FlexAddress Commands and Output (continued) Situation Command Output Deactivating $racadm feature -d FlexAddress feature -c flexaddress with chassis powered ON. ERROR: Unable to deactivate the feature because the chassis is powered ON Guest user tries to deactivate the feature on the chassis.
FlexAddress DELL SOFTWARE LICENSE AGREEMENT This is a legal agreement between you, the user, and Dell Products L.P. or Dell Global B.V. ("Dell"). This agreement covers all software that is distributed with the Dell product, for which there is no separate license agreement between you and the manufacturer or owner of the software (collectively the "Software"). This agreement is not for the sale of Software or any other intellectual property.
The Software is protected by United States copyright laws and international treaties. You may make one copy of the Software solely for backup or archival purposes or transfer it to a single hard disk provided you keep the original solely for backup or archival purposes.
AND ALL ACCOMPANYING WRITTEN MATERIALS. This limited warranty gives you specific legal rights; you may have others, which vary from jurisdiction to jurisdiction. IN NO EVENT SHALL DELL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR OTHER PECUNIARY LOSS) ARISING OUT OF USE OR INABILITY TO USE THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
documentation with only those rights set forth herein. Contractor/manufacturer is Dell Products, L.P., One Dell Way, Round Rock, Texas 78682. GENERAL This license is effective until terminated. It terminates upon the conditions set forth above or if you fail to comply with any of its terms. Upon termination, you agree that the Software and accompanying materials, and all copies thereof, is destroyed. This agreement is governed by the laws of the State of Texas. Each provision of this agreement is severable.
Using FlexAddress Plus 7 The FlexAddress Plus is a new feature added to the feature card version 2.0. It is an upgrade from FlexAddress feature card version 1.0. FlexAddress Plus contains more MAC addresses than the FlexAddress feature. Both features allow the chassis to assign WWN/MAC (World Wide Name/Media Access Control) addresses to Fibre Channel and Ethernet devices. Chassis assigned WWN/MAC addresses are globally unique and specific to a server slot.
FlexAddress vs FlexAddress Plus FlexAddress has 208 addresses divided into 16 server slots, thus each slot is allocated with 13 MACs. FlexAddress Plus has 2928 addresses divided into 16 server slots, thus each slot is allocated with 183 MACs. The table below shows the provision of the MAC addresses in both the features. Fabric A Fabric B Fabric C iDRAC Management Total MACs FlexAddress 4 4 4 1 13 FlexAddress 60 Plus 60 60 3 183 Figure 7-1.
8 Using the CMC Directory Service A directory service maintains a common database of all information needed for controlling network users, computers, printers, and so on. If your company uses the Microsoft Active Directory service software or the LDAP Directory Service software, you can configure CMC to use directory based user authentication.
Standard Schema Active Directory Overview Using standard schema for Active Directory integration requires configuration on both Active Directory and CMC. On the Active Directory side, a standard group object is used as a role group. A user who has CMC access is a member of the role group. In order to give this user access to a specific CMC card, the role group name and its domain name need to be configured on the specific CMC card.
Table 8-1.
NOTE: The bit mask values are used only when setting Standard Schema with the RACADM. NOTE: For more information about user privileges, see "User Types" on page 168. There are two ways to enable Standard Schema Active Directory: • With the CMC Web interface. See "Configuring CMC With Standard Schema Active Directory and Web Interface" on page 272. • With the RACADM CLI tool. See "Configuring CMC With Standard Schema Active Directory and RACADM" on page 275.
5 In the Common Settings section: a Select the Enable Active Directory check box. b Type the Root Domain Name. NOTE: The Root domain name must be a valid domain name using the x.y naming convention, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. c Type the Timeout in seconds. Timeout range is 15–300 seconds. Default timeout period is 90 seconds.
14 Upload your domain forest Root certificate authority-signed certificate into CMC. In the Certificate Management section, type the file path of the certificate or browse to the certificate file. Click the Upload button to transfer the file to CMC. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension.
Configuring CMC With Standard Schema Active Directory and RACADM To configure the CMC Active Directory Feature with Standard Schema using the RACADM CLI, use the following commands: 1 Open a serial/Telnet/SSH text console to the CMC, and type: racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g cfgActiveDirectory -o cfgADType 2 racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupName
2 Specify a DNS server using one of the following options: • If DHCP is enabled on CMC and you want to use the DNS address obtained automatically by the DHCP server, type the following command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 • If DHCP is disabled on CMC or you want manually to input your DNS IP address, type the following commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm c
You can extend the Active Directory database by adding your own unique Attributes and Classes to address your company’s environment-specific needs. Dell has extended the schema to include the necessary changes to support remote management Authentication and Authorization. Each Attribute or Class that is added to an existing Active Directory Schema must be defined with a unique ID. To maintain unique IDs across the industry, Microsoft maintains a database of Active Directory Object Identifiers (OIDs).
The RAC Device object is the link to the RAC firmware for querying Active Directory for authentication and authorization. When a RAC is added to the network, the Administrator must configure the RAC and its device object with its Active Directory name so users can perform authentication and authorization with Active Directory. Additionally, the Administrator must add the RAC to at least one Association Object in order for users to authenticate.
The Association Object allows for as many or as few users and/or groups as well as RAC Device Objects. However, the Association Object only includes one Privilege Object per Association Object. The Association Object connects the "Users" who have "Privileges" on the RACs (CMCs). Additionally, you can configure Active Directory objects in a single domain or in multiple domains. For example, you have two CMCs (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3).
To configure the objects for the single domain scenario: 1 Create two Association Objects. 2 Create two RAC Device Objects, RAC1 and RAC2, to represent the two CMCs. 3 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privilege. 4 Group user1 and user2 into Group1. 5 Add Group1 as Members in Association Object 1 (A01), Priv1 as Privilege Objects in A01, and RAC1, RAC2 as RAC Devices in A01.
Figure 8-4. Setting Up Active Directory Objects in Multiple Domains Domain1 Domain2 AO1 Group1 User1 User2 AO2 Priv1 User3 Priv2 RAC1 RAC2 To configure the objects for the multiple domain scenario: 1 Ensure that the domain forest function is in Native or Windows 2003 mode. 2 Create two Association Objects, A01 (of Universal scope) and A02, in any domain. Figure 8-4 shows the objects in Domain2. 3 Create two RAC Device Objects, RAC1 and RAC2, to represent the two CMCs.
Configuring Extended Schema Active Directory to Access Your CMC Before using Active Directory to access your CMC, configure the Active Directory software and CMC: 1 Extend the Active Directory schema (see "Extending the Active Directory Schema" on page 282). 2 Extend the Active Directory Users and Computers Snap-In (see "Installing the Dell Extension to the Active Directory Users and Computers Snap-In" on page 289).
The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: • :\SYSMGMT\ManagementStation\support\ OMActiveDirectory_Tools\\LDIF Files • :\SYSMGMT\ManagementStation\support\ OMActiveDirectory_ Tools\\Schema Extender To use the LDIF files, see the instructions in the readme included in the LDIF_Files directory.
Table 8-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) dellRacDevice 1.2.840.113556.1.8000.1280.1.1.1.1 dellAssociationObject 1.2.840.113556.1.8000.1280.1.1.1.2 dellRACPrivileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 8-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 8-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines Authorization Rights (privileges) for the CMC device. Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsTestAlertUser dellIsDebugCommandAdmin dellPermissionMask1 dellPermissionMask2 Table 8-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 8-8. List of Attributes Added to the Active Directory Schema Assigned OID/Syntax Object Identifier Single Valued Attribute: dellPrivilegeMember Description: List of dellPrivilege objects that belong to this attribute. OID: 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE Distinguished Name: (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) Attribute: dellProductMembers Description: List of dellRacDevices objects that belong to this role.
Table 8-8. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellIsUserConfigAdmin Description: TRUE if the user has User Configuration Administrator rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.5 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: delIsLogClearAdmin Description: TRUE if the user has Clear Logs Administrator rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.
Table 8-8. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellRacType Description: This attribute is the Current Rac Type for the dellRacDevice object and the backward link to the dellAssociationObjectMembers forward link. OID: 1.2.840.113556.1.8000.1280.1.1.2.13 TRUE Case Ignore String(LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.
Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-In so the administrator can manage RAC (CMC) devices, Users and User Groups, RAC Associations, and RAC Privileges.
Adding CMC Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-In, you can add CMC users and privileges by creating RAC, Association, and Privilege objects. To add each object type: 1 Create a RAC device Object. 2 Create a Privilege Object. 3 Create an Association Object. 4 Add objects to an Association Object. Creating a RAC Device Object To create a RAC Device object: 1 In the MMC Console Root window, right-click a container.
Creating an Association Object The Association Object is derived from a Group and must contain a Group Type. The Association Scope specifies the Security Group Type for the Association Object. When you create an Association Object, choose the Association Scope that applies to the type of objects you intend to add. For example, if you select Universal, the association objects are only available when the Active Directory Domain is functioning in Native Mode or above.
Adding Privileges To add privileges: 1 Select the Privileges Object tab and click Add. 2 Type the Privilege Object name and click OK. Click the Products tab to add one or more RAC devices to the association. The associated devices specify the RAC devices connected to the network that are available for the defined users or user groups. Multiple RAC devices can be added to an Association Object.
c Type the Timeout time in seconds. Configuration range: 15–300 seconds. Default: 90 seconds 6 Optional: If you want the directed call to search the domain controller and global catalog, select the Search AD Server to search (Optional) check box, then: a In the Domain Controller text field, type the server where your Active Directory service is installed. b In the Global Catalog text field, type the location of the global catalog on the Active Directory domain controller.
9 In the Manage Certificates section, type the file path of the certificate in the text field, or click Browse to select the certificate file. Click the Upload button to transfer the file to CMC. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. SSL certificate validation is required by default.
13 If Use DHCP for CMC Network Interface IP Address, is enabled, do one of the following: • Select Use DHCP to Obtain DNS Server Addresses to enable the DNS server addresses to be obtained automatically by the DHCP server. • Manually configure a DNS server IP address by leaving the Use DHCP to Obtain DNS Server Addresses check box unchecked and then typing your primary and alternate DNS server IP addresses in the fields provided. 14 Click Apply Changes.
Optional: If you want to specify an LDAP or Global Catalog server instead of using the servers returned by the DNS server to search for a user name, type the following command to enable the Specify Server option: racadm config -g cfgActiveDirectory -o cfgADSpecifyServerEnable 1 NOTE: When you use the Specify Server option, the host name in the certificate authority-signed certificate is not matched against the name of the specified server.
• If DHCP is disabled on CMC, or if DHCP is enabled but you want to specify your DNS IP address manually, type following commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 The Extended Schema feature configuration is complete. Frequently Asked Questions Table 8-9.
Table 8-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question Answer Can these Dell-extended objects (Dell Association Object, Dell RAC Device, and Dell Privilege Object) be in different domains? The Association Object and the Privilege Object must be in the same domain. The Dell-extended Active Directory Users and Computers Snap-In forces you to create these two objects in the same domain. Other objects can be in different domains.
Table 8-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question What can I do if I cannot log into CMC using Active Directory authentication? How do I troubleshoot the issue? Answer 1 Ensure that you use the correct user domain name during a login and not the NetBIOS name. 2 If you have a local CMC user account, log into CMC using your local credentials.
Configuring Single Sign-On Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008 can use Kerberos, a network authentication protocol, as an authentication method allowing users who have signed in to the domain an automatic or single sign-on to subsequent applications such as Exchange. Starting with CMC version 2.10, CMC can use Kerberos to support two additional types of login mechanisms—single sign-on and Smart Card login.
Client Systems • For only Smart Card login, the client system must have the Microsoft Visual C++ 2005 redistributable. For more information see www.microsoft.com/downloads/details.aspx?FamilyID= 32BC1BEEA3F9-4C13-9C99-220B62A191EE&displaylang=en • For Single Sign-On and Smart Card login, the client system must be a part of the Active Directory domain and Kerberos Realm. CMC • CMC must have firmware version 2.
Run the ktpass utility—part of Microsoft Windows—on the domain controller (Active Directory server) where you want to map CMC to a user account in Active Directory. For example, C:\>ktpass -princ HTTP/cmcname.domain_name.com@REALM_NAME.COM -mapuser dracname -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out c:\krbkeytab NOTE: The cmcname.domainname.com must be lower case as required by RFC and the REALM name, @REALM_NAME must be uppercase.
To upload the keytab file: 1 Navigate to the User Authentication tab Directory Services subtab. Ensure that Microsoft Active Directory Standard or Extended Schema is selected. If not, select your preference and click Apply. 2 Click Browse on the Kerberos Keytab Upload section, navigate to the folder where the keytab file is saved and click Upload. When the upload is complete, a message box is displayed indicating a successful or failed upload.
Configuring the Browser For Single Sign-On Login Single Sign-on is supported on Internet Explorer versions 6.0 and later and Firefox versions 3.0 and later. NOTE: The following instructions are applicable only if CMC uses Single Sign-On with Kerberos authentication. Internet Explorer To configure Internet Explorer for Single Sign-On: 1 In the Internet Explorer, select ToolsInternet Options. 2 On the Security tab, under Select a zone to view or change security settings, select Local Intranet.
Logging into CMC Using Single Sign-On NOTE: You cannot use the IP address to log into the Single Sign-On or Smart Card login. Kerberos validates your credentials against the Fully Qualified Domain Name (FQDN). To log in to CMC using Single Sign-on: 1 Log into the client system using your network account. 2 Access the CMC Web page using https:// For example, cmc-6G2WXF1.cmcad.lab where cmc-6G2WXF1 is the cmc-name cmcad.lab is the domain-name.
Configuring Smart Card Two-Factor Authentication Traditional authentication schemes use user name and password to authenticate users. Two-factor-authentication, on the other hand, provides a higher-level of security by requiring users to have a password or PIN and a physical card containing a private key or digital certificate. Kerberos, a network authentication protocol, uses this two-factor authentication mechanism allowing systems to prove their authenticity.
Configuring CMC NOTE: The configuration steps described in this section apply only to the CMC's Web access. Configure CMC to use the Standard Schema role group(s) set up in Active Directory. For more information, see "Configuring Standard Schema Active Directory to Access CMC" on page 272. Uploading the Kerberos Keytab File The Kerberos keytab file serves as the CMC's user name and password credentials to the Kerberos Data Center (KDC), which in turns allows access to the Active Directory.
Enabling Smart Card Authentication To enable Smart Card authentication: 1 Navigate to the User Authentication tab Directory Services subtab. Ensure that Microsoft Active Directory Standard or Extended Schema is selected. 2 In the Common Settings Section, select: • Smart Card — this option requires that you insert a Smart Card into reader and enter the PIN number. NOTE: All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM remain unchanged for this option.
Logging into CMC Using Smart Card NOTE: You cannot use the IP address to log into the Single Sign-On or Smart Card login. Kerberos validates your credentials against the Fully Qualified Domain Name (FQDN). To log in to CMC using Smart Card: 1 Log into the client system using your network account. 2 Access the CMC Web page using https:// For example, cmc-6G2WXF1.cmcad.lab where cmc-6G2WXF1 is the cmc-name cmcad.lab is the domain-name.
Troubleshooting the Smart Card Login The following tips help you to debug an inaccessible Smart Card: ActiveX plug-in is unable to detect the Smart Card reader Ensure that the Smart Card is supported on the Microsoft Windows operating system. Windows supports a limited number of Smart Card cryptographic service providers (CSPs).
To enable the LDAP user to access a specific CMC card, the role group name and its domain name must be configured on the specific CMC card. You can configure a maximum of five role groups in each CMC. Table 5-43shows the privileges level of the role groups and Table 8-1 shows the default role group settings. Figure 8-5 illustrates configuration of CMC with Generic LDAP. Figure 8-5.
Authentication and Authorization of the LDAP Users Some directory servers require a bind before any searches can be performed against a specific LDAP server. The steps for authentication are: 1 Optionally bind to the Directory Service. The default is an anonymous bind. 2 Search for the user based upon their user login. The default attribute is uid. 3 If more than one object is found, then the process returns an error. 4 Unbind and perform a bind with the user's DN and password.
To view and configure LDAP: 1 Log in to the Web interface. 2 Click the User Authentication tab, and then click the Directory Services subtab. The Directory Services page appears. 3 Click the radio button associated with Generic LDAP. 4 Configure the options shown and click Apply. Table 8-10 displays the available options: Table 8-10. Common Settings Setting Description Generic LDAP Enabled Enables the generic LDAP service on CMC.
Table 8-10. Common Settings (continued) Setting Description Search Filter Specifies a valid LDAP search filter. This is used if the user attribute cannot uniquely identify the login user within the chosen base DN. If not provided, defaults to (objectClass=*), which searches for all objects in the tree. The maximum length of this property is 1024 characters. Network Timeout (seconds) Sets the time in seconds after which an idle LDAP session is automatically closed.
• LDAP Server Port — Port of LDAP over SSL, default to 636 if not configured. Non-SSL port is not supported in CMC version 3.0 as the password cannot be transported without SSL. • Use DNS to find LDAP Servers — Selecting this option causes LDAP to use the search domain and the service name through DNS. You must select Static or DNS. The following DNS query is performed for SRV records: _._tcp.
The following properties for the certificate are displayed: • Serial Number - The certificate's serial number. • Subject Information - The certificate's subject (name of the person or company certified). • Issuer Information - The certificate's issuer (name of the Certificate Authority. • Valid From - The starting date of the certificate. • Valid To - The expiry date of the certificate.
CMC can be configured to optionally query a DNS server for SRV records. If the cfgLDAPSRVLookupEnable property is enabled the cfgLDAPServer property is ignored. The following query is used to search the DNS for SRV records: _ldap._tcp.domainname.com ldap in the above query is the cfgLDAPSRVLookupServiceName property. cfgLDAPSRVLookupDomainName is configured to be domainname.com. Usage To login to CMC using an LDAP user, use the username at the login prompt and the user's password at the password prompt.
Using the CMC Directory Service
9 Power Management The Dell PowerEdge M1000e server enclosure is the most power-efficient modular server enclosure in the market. It is designed to include highlyefficient power supplies and fans, has an optimized layout so that air flows more easily through the system, and contains power-optimized components throughout the enclosure.
The Power Management features of the M1000e help administrators configure the enclosure to reduce power consumption and to tailor power management to their unique requirements and environments. The PowerEdge M1000e enclosure can be configured for any of three redundancy policies that affect PSU behavior and determine how chassis Redundancy state is reported to administrators.
Figure 9-1. 2 PSUs per grid and a power failure on grid 1 AC Power Grid #1 AC Power Grid #2 Power Supply #1 Power Supply #2 Empty Slot #3 Power Supply #4 Power Supply #5 Empty Slot #6 Chassis DC Power Bus NOTE: In the event of a single PSU failure in this configuration, the remaining PSUs in the failing grid are marked as Online. In this state, any of the remaining PSUs can fail without interrupting operation of the system. If a PSU fails, the chassis health is marked non-critical.
Figure 9-2. Power Supply Redundancy: Totally 4 PSUs with a failure of one PSU. Power Supply #1 Power Supply #2 Power Supply #3 Power Supply #4 Empty Slot #5 Empty Slot #6 Chassis DC Power Bus Dual or Single Power Grid: Power Supply Redundancy protects against failure of a single power supply. No Redundancy Mode The no redundancy mode is the factory default setting for 3 PSU configuration and indicates that the chassis does not have any power redundancy configured.
Figure 9-3. No Redundancy with three PSUs in the chassis AC Power Grid #1 Power Supply #1 Power Supply #2 Power Supply #3 Empty Slot #4 Empty Slot #5 Empty Slot #6 Chassis DC Power Bus Single Power Grid: No protection against grid or power supply failure A PSU failure brings other PSUs out of Standby mode, as needed, to support the chassis power allocations. If you have 4 PSUs, and require only three, then in the event that one fails, the fourth PSU is brought online.
Figure 9-4. Chassis With Six-PSU Configuration PSU1 PSU2 PSU3 PSU4 PSU5 PSU6 CMC maintains a power budget for the enclosure that reserves the necessary wattage for all installed servers and components. CMC allocates power to the CMC infrastructure and the servers in the chassis. CMC infrastructure consists of components in the chassis, such as fans, I/O modules, and iKVM (if present). The chassis may have up to 16 servers that communicate to the chassis through the iDRAC.
CMC grants the requested power to the server, and the allocated wattage is subtracted from the available budget. Once the server is granted a power request, the server's iDRAC software continuously monitors the actual power consumption. Depending on the actual power requirements, the iDRAC power envelope may change over time. iDRAC requests a power step-up only if the servers are fully consuming the allocated power.
Additional servers can be powered up in the modular enclosure only if sufficient power is available. The System Input Power Cap can be increased any time up to a maximum value of 16685 watts to allow the power up of additional servers. Changes in the modular enclosure that reduce the power allocation are: • Server power off • Server • I/O module • iKVM removal • Transition of the chassis to a powered off state You can reconfigure the System Input Power Cap when chassis is either ON or OFF.
If an administrator manually powers on the low priority server modules before the higher priority ones, then the low priority server modules are the first modules to have their power allocation lowered down to the minimum value, in order to accommodate the higher priority servers. So after the available power for allocation is exhausted, then CMC reclaims power from lower or equal priority servers until they are at their minimum power level.
DPSE can be enabled for all three power supply redundancy configurations explained above — No Redundancy, Power Supply Redundancy, and AC Redundancy. • In a No Redundancy configuration with DPSE, the M1000e can have up to five power supply units in Standby state. In a six PSU configuration, some PSU units are placed in Standby and stay unutilized to improve power efficiency.
Redundancy Policies Redundancy policy is a configurable set of properties that determine how CMC manages power to the chassis. The following redundancy policies are configurable with or without dynamic PSU engagement: • AC Redundancy • Power Supply Redundancy • No Redundancy The default redundancy configuration for a chassis depends on how many PSUs it contains, as shown in Table 9-1. Table 9-1.
No Redundancy Power in excess of what is necessary to power the chassis is available, even on a failure, to continue to power the chassis. CAUTION: The No Redundancy mode uses optimum PSUs when DPSE is enabled for the requirements of the chassis. Failure of a single PSU could cause servers to lose power and data in this mode. Power Conservation and Power Budget Changes CMC performs power conservation when the user-configured maximum power limit is reached.
In maximum power conservation mode, all servers start functioning at their minimum power levels, and all subsequent server power allocation requests are denied. In this mode, the performance of powered on servers may be degraded. Additional servers cannot be powered on, regardless of server priority. The system is restored to full performance when the user or an automated command line script clears the maximum conservation mode.
Using the Web Interface Verify that the 110 V circuit is rated for the current expected, and then perform the following steps: 1 Click Chassis Overview in the system tree. 2 Click Power Configuration. 3 Select Allow 110 VAC Operation and click Apply. Using RACADM Verify that your 110 V circuit is rated for the expected current, and then perform the following steps: 1 Open a serial/Telnet/SSH text console to CMC and log in.
To disable Server Performance Over Power Redundancy, perform the following steps: 1 Click Chassis Overview in the system tree. 2 Click Power Configuration. 3 Clear Server Performance Over Power Redundancy and click Apply. Using RACADM To enable Server Performance Over Power Redundancy, perform the following steps: 1 Open a serial/Telnet/SSH text console to CMC and log in.
Using the Web Interface You can enable power remote logging using the GUI. To do so, log in to the GUI, and do the following: 1 Click Chassis Overview in the system tree. 2 Click Power Configuration. 3 Select Power Remote Logging, to enable you to log power events to a remote host. 4 Specify the required logging interval (1–1440 minutes). 5 Click Apply to save changes.
PSU Failure With Degraded or No Redundancy Policy CMC decreases power to servers when an insufficient power event occurs, such as a PSU failure. After decreasing power on servers, CMC re-evaluates the power needs of the chassis. If power requirements are still not met, CMC powers off lower priority servers. Power for higher priority servers is restored incrementally while power needs remain within the power budget.
Table 9-2 describes the actions taken by CMC when a new server is powered on in the scenario described above. Table 9-2.
Table 9-3. Chassis Impact from PSU Failure or Removal (continued) PSU Configuration Dynamic PSU Engagement Firmware Response Power Supply Redundancy Enabled CMC alerts you of loss of Power Supply Redundancy. PSUs in standby mode (if any) are turned on to compensate for power budget lost from PSU failure or removal. No Redundancy Enabled Decrease power to low priority servers, if needed.
Table 9-4 lists the SEL entries that are related to power supply changes. Table 9-4.
Redundancy Status and Overall Power Health The redundancy status is a factor in determining the overall power health. When the power redundancy policy is set, for example, to AC Redundancy and the redundancy status indicates that the system is operating with redundancy, the overall power health is typically OK. However, if the conditions for operating with AC redundancy cannot be met, the redundancy status is No, and the overall power health is Critical.
To view health status for all PSUs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The lower section of Chassis Graphics depicts the rear view of the chassis and contains the health status of all PSUs. PSU health status is indicated by the color of the PSU subgraphic: • Green — PSU is present, powered on and communicating with CMC; there is no indication of an adverse condition. • Amber — Indicates a PSU failure.
Table 9-6. Power Supplies (continued) Item Health Description OK Indicates that the PSU is present and communicating with CMC. In the event of a communication failure between CMC and the power supply, CMC cannot obtain or display health status for the PSU. Warning Indicates that only Warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken, it could lead to critical or severe power failures that can affect the integrity of the chassis.
Using RACADM Open a serial/Telnet/SSH text console to CMC, log in, and type: racadm getpminfo For more information about getpminfo, including output details, see the RACADM Command Line Reference Guide for iDRAC6 and CMC on the Dell Support website at support.dell.com/manuals. Viewing Power Consumption Status CMC provides the actual input power consumption for the entire system on the Power Consumption Status page.
Table 9-8 through Table 9-11 describe the information displayed on the Power Consumption page. Table 9-8. Real-Time Power Statistics Item Description System Input Power Displays the current cumulative power consumption of all modules in the chassis measured from the input side of the PSUs. The value for system input power is indicated in both watts and BTU/h units. Peak System Power Displays the maximum system level input power consumption since the value was last cleared.
Table 9-8. Real-Time Power Statistics (continued) Item Description Minimum System Displays the date and time recorded when the minimum system Power Start Time power consumption value was last cleared. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year. This value is reset with the Reset Peak/Min Power Statistics button and also when CMC resets or fails over.
Table 9-9. Real-Time Energy Statistics Status Item Description System Energy Consumption Displays the current cumulative energy consumption for all modules in the chassis measured from the input side of the power supplies. The value is displayed in KWh and it is a cumulative value. System Energy Consumption Start Time Displays the date and time recorded when the system energy consumption value was last cleared, and the new measurement cycle began.
Table 9-11. Server Modules Item Description Slot Displays the location of the server module. The Slot is a sequential number (1–16) that identifies the server module by its location within the chassis. Name Displays the server name. The server name can be redefined by the user. Present Displays whether the server is present in the slot (Yes or No). If this field displays Extension of # (where the # is 1-8), then number that follows it is the main slot of a multi-slot server.
Using the Web Interface NOTE: To perform power management actions, you must have Chassis Configuration Administrator privilege. To view power budget status using Web interface: 1 Log in to the CMC Web interface. 2 Select Chassis Overview in the system tree. 3 Click Power Budget Status. The Power Budget Status page displays. Table 9-12 through Table 9-15 describe the information displayed on the Power Budget Status page.
Table 9-12. System Power Policy Configuration Item Description System Input Power Cap Displays the user configured maximum power consumption limit for the entire system (chassis, CMC, servers, I/O modules, power supply units, iKVM, and fans). CMC enforces this limit via reduced server power allocations, or by powering off lower priority server modules. The value for system input power cap is displayed in watts, BTU/h and percent units.
Table 9-12. System Power Policy Configuration (continued) Item Description Redundancy Policy Displays the current redundancy configuration: AC Redundancy, Power Supply Redundancy, and No Redundancy. AC Redundancy — Power input is load-balanced across all PSUs. Half of them should be cabled to one AC grid and the other half should be cabled to another grid. When the system is running optimally in AC Redundancy mode, power is load-balanced across all active supplies.
Table 9-13. Power Budgeting Item Description System Input Max Power Capacity Maximum input power that the available power supplies can supply to the system (in watts). Input Redundancy Reserve Displays the amount of redundant power (in watts) in reserve that can be utilized in the event of an AC grid or power supply unit (PSU) failure.
Table 9-14. Server Modules Item Description Slot Displays the location of the server module. The Slot is a sequential number (1–16) that identifies the server module by its location within the chassis. Name Displays the server name. The server name is defined by the user. Type Displays the type of the server. Priority Displays the priority level allotted to the server slot in the chassis for power budgeting.
Table 9-15. Chassis Power Supplies Item Description Name Displays the name of the PSU in the format PS-n, where n, is the PSU number. Power State Displays the power state of the PSU — Initializing, Online, Stand By, In Diagnostics, Failed, Unknown, or Absent (missing). Input Volts Displays the present input voltage of the power supply. Input Current Displays the present input current of the power supply. Output Rated Power Displays the maximum output power rating of the power supply.
Table 9-16. Configurable Power Budget/Redundancy Properties Item Description System Input Power Cap System Input Power Cap is the maximum AC power that the system is allowed to allocate to servers and chassis infrastructure. It can be configured by the user to any value that exceeds the minimum power needed for servers that are powered on and the chassis infrastructure; configuring a value that falls below the minimum power needed for servers and the chassis infrastructure fails.
Table 9-16. Configurable Power Budget/Redundancy Properties (continued) Item Description Redundancy Policy This option allows you to select one the following options: • No Redundancy: Power from the power supplies is used to power the entire chassis, including the chassis, servers, I/O modules, iKVM, and CMC. No power supplies must be kept in reserve. NOTE: The No Redundancy mode uses only the minimum required number of power supplies at a time.
Table 9-16. Configurable Power Budget/Redundancy Properties (continued) Item Description Enable Dynamic Power Supply Engagement On selection, enables dynamic power management. In Dynamic Engagement mode, the power supplies are turned ON (online) or OFF (standby) based on power consumption, optimizing the energy consumption of the entire chassis. For example, your power budget is 5000 watts, your redundancy policy is set to AC redundancy mode, and you have six power supply units.
Using RACADM To enable and set the redundancy policy: NOTE: To perform power management actions, you must have Chassis Configuration Administrator privilege. 1 Open a serial/Telnet/SSH text console to CMC and log in. 2 Set properties as needed: • To select a redundancy policy, type: racadm config -g cfgChassisPower -o cfgChassisRedundancyPolicy where is 0 (No Redundancy), 1 (AC Redundancy), 2 (Power Supply Redundancy). The default is 0.
Assigning Priority Levels to Servers Server priority levels determine which servers the CMC draws power from when additional power is required. NOTE: The priority you assign to a server is linked to its slot and not to the server itself. If you move the server to a new slot, you must reconfigure the priority for the new slot location. NOTE: To perform power management actions, you must have Chassis Configuration Administrator privilege.
Setting the Power Budget NOTE: To perform power management actions, you must have Chassis Configuration Administrator privilege. Using the Web Interface To set the power budget using the CMC Web interface: 1 Log in to the CMC Web interface. 2 Click Chassis Overview in the system tree. The Chassis Health page appears. 3 Click the Power tab. The Power Consumption Status page appears. 4 Click the Configuration subtab. The Budget/Redundancy Configuration page appears.
Using RACADM Open a serial/Telnet/SSH text console to CMC, log in, and type: racadm config -g cfgChassisPower -o cfgChassisPowerCap where is a number between 2715–16685 representing the maximum power limit in watts. The default is 16685. For example, the following command: racadm config -g cfgChassisPower -o cfgChassisPowerCap 5400 sets the maximum power budget to 5400 watts. NOTE: The power budget is limited to 16685 Watts.
Executing Power Control Operations on the Chassis NOTE: To perform power management actions, you must have Chassis Configuration Administrator privilege. NOTE: Power control operations affect the entire chassis. For power control operations on an IOM, see "Executing Power Control Operations on an IOM" on page 361. For power control operations on servers, see "Executing Power Control Operations on a Server" on page 362.
• Power Cycle System (cold boot) — Powers off and then reboots the system (cold boot). This option is disabled if the chassis is already powered OFF. NOTE: This action powers off and then reboots the entire chassis (chassis, servers which are configured to always power on, IOMs, iKVM, and power supplies). • Reset CMC — Resets CMC without powering off (warm reboot). (This option is disabled if CMC is already powered off).
The I/O Modules Status page displays. 3 Click the Power tab. The Power Control page displays. 4 Select the operation you want to execute (reset or power cycle) from the drop-down menu beside the IOM in the list. 5 Click Apply. A dialog box appears requesting confirmation. 6 Click OK to perform the power management action (for example, cause the IOM to power cycle).
4 Power Status displays the power status of the server (one of the following): • N/A - CMC has not yet determined the power state of the server. • Off - Either the server is off or the chassis is off. • On - Both chassis and server are on. • Powering On - Temporary state between Off and On. When the action completes successfully, the Power State is On. • Powering Off - Temporary state between On and Off. When the action completes successfully, the Power State is Off.
Using RACADM To execute power control operations on a server using RACADM: Open a serial/Telnet/SSH text console to CMC, log in, and type: racadm serveraction -m where specifies the server by its slot number (server-1 through server-16) in the chassis, and indicates the operation you want to execute: powerup, powerdown, powercycle, graceshutdown, or hardreset.
External Power Management CMC Power management is optionally controlled by the “Power Measure, Mitigate, and Manage Console” (PM3). For more information, see the PM3 User’s Guide.
Using the Web Interface To enable PM3 external management: 1 Login with Chassis Configuration Administrator privileges to the chassis. 2 Select Chassis Overview in the system tree. 3 Click Power Configuration. The Budget/Redundancy Configuration page is displayed. 4 Set Server Based Power Management Mode. 5 Click Apply. After the Server Based Power Management Mode is enabled, the chassis is prepared for PM3 management. All 12th generation server priorities are set to 1 (High).
Using RACADM Open a serial/Telnet/SSH text console to the CMC with Chassis Configuration Administrator privileges. To enable remote power management by PM3, type: Racadm config -g cfgChassisPower -o cfgChassisServerBasedPowerMgmtMode 1 To restore CMC power management, type: Racadm config -g cfgChassisPower -o cfgChassisServerBasedPowerMgmtMode 0 When PM3 management of power is disabled, the CMC reverts to the server priority settings before the external management was enabled.
Power Management
Using the iKVM Module 10 The local access KVM module for your Dell M1000e server chassis is called the Avocent Integrated KVM Switch Module, or iKVM. The iKVM is an analog keyboard, video, and mouse switch that plugs into your chassis. It is an optional, hot-pluggable module to the chassis that provides local keyboard, mouse, and video access to the servers in the chassis, and to the active CMC’s command line.
Server Identification CMC assigns slots names for all servers in the chassis. Although you can assign names to the servers using the OSCAR interface from a tiered connection, CMC assigned names take precedence, and any new names you assign to servers using OSCAR is overwritten. CMC identifies a slot by assigning it a unique name. To change slot names using the CMC Web interface, see "Editing Slot Names.
iKVM Connection Precedences Only one iKVM connection is available at a time. The iKVM assigns an order of precedence to each type of connection so that when there are multiple connections, only one connection is available while others are disabled. The order of precedence for iKVM connections is as follows: 1 Front panel 2 ACI 3 Rear Panel For example, if you have iKVM connections in the front panel and ACI, the front panel connection remains active while the ACI connection is disabled.
Using OSCAR This section provides an overview of the OSCAR interface. Navigation Basics The following table lists the OSCAR keyboard and mouse navigation details.. Table 10-1. OSCAR Keyboard and Mouse Navigation Key or Key Sequence Result • Any of these key sequences can open OSCAR, depending on your Invoke OSCAR settings.
Table 10-1. OSCAR Keyboard and Mouse Navigation (continued) Key or Key Sequence Result , +<0> Immediately disconnects a user from a server; no server is selected. Status flag displays Free. (This action only applies to the =<0> on the keyboard and not the keypad.) , Immediately turns on screen saver mode and prevents access to that specific console, if it is password protected. Up/Down Arrow keys Moves the cursor from line to line in lists.
1 Press to launch the OSCAR interface. The Main dialog box appears. 2 Click Setup. The Setup dialog box appears. Changing the Display Behavior Use the Menu dialog box to change the display order of servers and set a Screen Delay Time for OSCAR. To access the Menu dialog box: 1 Press to launch OSCAR. The Main dialog box appears. 2 Click Setup and then Menu. The Menu dialog box appears.
Table 10-3. Flag OSCAR Status Flags Description Flag type by name Flag indicating that the user has been disconnected from all systems Flag indicating that Broadcast mode is enabled To access the Flag dialog box: 1 Press . The Main dialog box appears. 2 Click Setup and then Flag. The Flag dialog box appears. To specify how the status flag displays: 1 Select Displayed to show the flag all the time or Displayed and Timed to display the flag for only five seconds after switching.
Managing Servers With iKVM The iKVM is an analog switch matrix supporting up to 16 servers. The iKVM switch uses the OSCAR user interface to select and configure your servers. In addition, the iKVM includes a system input to establish a CMC command line console connection to CMC. Peripherals Compatibility and Support The iKVM is compatible with the following peripherals: • Standard PC USB keyboards with QWERTY, QWERTZ, AZERTY, and Japanese 109 layouts. • VGA monitors with DDC support.
To access the Main dialog box: Press to launch the OSCAR interface. The Main dialog box appears. or If a password has been assigned, the Password dialog box appears. Type your password and click OK. The Main dialog box appears. For more information about setting a password, see "Setting Console Security" on page 380. NOTE: There are four options for invoking OSCAR.
Selecting Servers Use the Main dialog box to select servers. When you select a server, the iKVM reconfigures the keyboard and mouse to the proper settings for that server. • To select servers: Double-click the server name or the slot number. or If the display order of your server list is by slot (that is, the Slot button is depressed), type the slot number and press .
To configure OSCAR for soft switching: 1 Press to launch the OSCAR interface. The Main dialog box appears. 2 Click Setup and then Menu. The Menu dialog box appears. 3 Select Name or Slot for the Display/Sort Key. 4 Type the desired delay time in seconds in the Screen Delay Time field. 5 Click OK. To soft switch to a server: • To select a server, press .
Preemption Warning Normally, a user connected to a server console through the iKVM and another user connected to the same server console through the iDRAC GUI console redirection feature both have access to the console and are able to type simultaneously. To prevent this scenario, the remote user, before starting the iDRAC GUI console redirection, can disable the local console in the iDRAC Web interface.
Accessing the Security Dialog Box To access the Security dialog box: 1 Press . The Main dialog box appears. 2 Click Setup and the Security. The Security dialog box appears. Setting or Changing the Password To set or change the password: 1 Single-click and press or double-click in the New field. 2 Type the new password in the New field and then press . Passwords are case sensitive and require 5–12 characters. They must include at least one letter and one number.
4 For Mode: If your monitor is ENERGY STAR compliant, select Energy; otherwise select Screen. NOTE: If the mode is set to Energy, the appliance puts the monitor into sleep mode. This is normally indicated by the monitor powering off and the amber light replacing the green power LED. If the mode is set to Screen, the OSCAR flag bounces around the screen for the duration of the test.
Removing Password Protection From Your Console To remove password protection from your console: 1 From the Main dialog box, click Setup and then Security. 2 In the Security dialog box, single-click and press , or double-click in the New field. 3 Leaving the New field empty, press . 4 Single-click and press , or double-click in the Repeat field. 5 Leaving the Repeat field empty, press . 6 Click OK if you only want to eliminate your password.
Exiting Screen Saver Mode To exit screen saver mode and return to the Main dialog box, press any key or move your mouse. To turn off the screen saver: In the Security dialog box, clear the Enable Screen Saver box and click OK. To immediately turn on the screen saver, press , then press . Clearing a Lost or Forgotten Password When the iKVM password is lost or forgotten, you can reset it to the iKVM factory default, and then change the password.
Changing the Language Use the Language dialog box to change the OSCAR text to display in any of the supported languages. The text immediately changes to the selected language on all of the OSCAR screens. To change the OSCAR language: 1 Press . The Main dialog box appears. 2 Click Setup and then Language. The Language dialog box appears. 3 Click the radio button for the desired language, and then click OK.
Scanning Your System In scan mode, the iKVM automatically scans from slot to slot (server to server). You can scan up to 16 servers by specifying which servers you want to scan and the number of seconds that each server is displayed. To add servers to the scan list: 1 Press . The Main dialog box appears. 2 Click Setup and then Scan. The Scan dialog box appears, listing of all servers in the chassis. 3 Select the box next to the servers you wish to scan. or Double-click the server name or slot.
To start Scan mode: 1 Press . The Main dialog box appears. 2 Click Commands. The Command dialog box appears. 3 Select the Scan Enable box. 4 Click OK. A message appears indicating that the mouse and keyboard have been reset. 5 Click to close the message box. To cancel scan mode: 1 If OSCAR is open and the Main dialog box is displayed, select a server in the list. or If OSCAR is not open, move the mouse or press any key on the keyboard. Scanning stops at the currently selected server.
To broadcast to servers: 1 Press . The Main dialog box appears. 2 Click Setup and then Broadcast. The Broadcast dialog box appears. NOTE: Broadcasting keystrokes: When using keystrokes, the keyboard state must be identical for all servers receiving a broadcast for the keystrokes to be interpreted identically. Specifically, the and modes must be the same on all keyboards.
Managing iKVM From CMC Enabling or Disabling the Front Panel To enable or disable access to the iKVM from the front panel using RACADM, open a serial/Telnet/SSH text console to CMC, log in, and type: racadm config -g cfgKVMInfo -o cfgKVMFrontPanelEnable where is 1 (enable) or 0 (disable). For more information about the config subcommand, see the config command section in the RACADM Command Line Reference Guide for iDRAC6 and CMC.
Enabling the Dell CMC Console Through iKVM To enable the iKVM to access the Dell CMC console using RACADM, open a serial/Telnet/SSH text console to CMC, log in, and type: racadm config -g cfgKVMInfo -o cfgKVMAccessToCMCEnable 1 To enable the Dell CMC console using the Web interface: 1 Log in to the CMC Web interface. 2 Select iKVM in the system tree. The iKVM Status page displays. 3 Click the Setup tab. The iKVM Configuration page displays. 4 Select the Allow access to CMC CLI from iKVM check box.
3 Use the cursor to hover over the iKVM subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that iKVM. 4 The iKVM subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the iKVM Status page. For more information about iKVM, see "Using the iKVM Module." To view the status of the iKVM using the iKVM Status page: 1 Log in to the CMC Web interface. 2 Select iKVM in the system tree.
Table 10-5. iKVM Status Information (continued) Item Description Front Panel USB/Video Enabled Displays whether the front panel VGA connector is enabled (Yes or No). Allow access to CMC Indicates whether the CMC command console through iKVM from iKVM is enabled (Yes or No). Updating the iKVM Firmware You can update the iKVM firmware using the CMC Web interface or RACADM. To update the iKVM firmware using the CMC Web interface: 1 Log in to the CMC Web interface. 2 Click Chassis in the system tree.
7 Click Yes to continue. The Firmware Update Progress section provides firmware update status information. A status indicator displays on the page while the image file uploads. File transfer time can vary greatly based on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays. Additional instructions to follow: • Do not use the Refresh button or navigate to another page during the file transfer.
Troubleshooting NOTE: If you have an active console redirection session and a lower resolution monitor is connected to the iKVM, the server console resolution may reset if the server is selected on the local console. If the server is running a Linux operating system, an X11 console may not be viewable on the local monitor. Pressing at the iKVM switches Linux to a text console. Table 10-6.
Table 10-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution The message "User has been disabled as another appliance is currently tiered" appears on the monitor connected to the rear panel. A network cable is connected to the iKVM ACI port connector and to a secondary KVM appliance. The iKVM’s amber LED is blinking. There are three possible causes: Only one connection is allowed at a time. The ACI tiering connection has precedence over the rear panel monitor connection.
Table 10-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution My iKVM is tiered through the ACI port to an external KVM switch, but all of the entries for the ACI connections are unavailable. The front panel connection is enabled and has a monitor connected. Because the front panel has precedence over all other iKVM connections, the ACI and rear panel connectors are disabled. All of the states are showing a yellow dot in the OSCAR interface.
Table 10-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution In the OSCAR menu, the Dell CMC connection is displaying a red X, and I cannot connect to CMC. There are two possible causes: The Dell CMC console has been disabled. In this case, you can enable it using either the CMC Web interface or RACADM. To enable the Dell CMC console using the Web interface: 1 Log in to the CMC Web interface. 2 Select iKVM in the system tree. 3 Click the Setup tab.
Using the iKVM Module
I/O Fabric Management 11 The chassis can hold up to six I/O modules (IOMs), each of which can be pass-through or switch modules. The IOMs are classified into three groups—A, B, and C. Each group has two slots—Slot 1 and Slot 2. The slots are designated with letters, from left to right, across the back of the chassis: A1 | B1 | C1 | C2 | B2 | A2. Each server has slots for two mezzanine cards (MCs) to connect to the IOMs. The MC and the corresponding IOM must have the same fabric.
Fabric Management Fabric management helps avoid electrical, configuration, or connectivity related problems due to installation of an IOM or MC that has an incompatible fabric type from the chassis' established fabric type. Invalid hardware configurations could cause electric or functional problems to the chassis or its components. Fabric management prevents invalid configurations from powering on. Figure 11-1 shows the location of IOMs in the chassis.
CMC creates entries in both the hardware log and CMC logs for invalid hardware configurations. For example: • An Ethernet MC connected to a Fibre Channel IOM is an invalid configuration. However, an Ethernet MC connected to both an Ethernet switch and an Ethernet pass-through IOM installed in the same IOM group is a valid connection. • A Fibre Channel pass-through IOM and a fibre channel switch IOM in slots B1 and B2 is a valid configuration if the first MCs on all of the servers are also fibre channel.
Invalid Mezzanine Card (MC) Configuration An invalid MC configuration occurs when a single server’s LOM or MC is not supported by its corresponding IOM. In this case, all the other servers in the chassis can be running, but the server with the mismatched MC card does not be allowed to power on. The power button on the server flashes Amber to alert a fabric mismatch. For information about CMC and hardware logs, see "Viewing the Event Logs" on page 437.
Monitoring IOM Health The health status for the IOMs can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the I/O Modules Status page. The Chassis Graphics page provides a graphical overview of the IOMs installed in the chassis. To view health status of the IOMs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed.
Table 11-1. I/O Modules Status Information Item Description Slot Displays the location of the I/O module in the chassis by group number (A, B, or C) and Bank (1 or 2). IOM Enumeration: A1, A2, B1, B2, C1, or C2. Present Displays whether the IOM is present (Yes or No). Health OK Indicates that the IOM is present and communicating with CMC. In the event of a communication failure between CMC and the server, CMC cannot obtain or display health status for the IOM.
Table 11-1. I/O Modules Status Information (continued) Item Description Fabric Displays the type of fabric for the IOM: Gigabit Ethernet, 10GE XAUI, 10GE KR, 10GE XAUI KR, FC 4 Gbps, FC 8 Gbps, SAS 3 Gbps, SAS 6 Gbps, Infiniband SDR, Infiniband DDR, Infiniband QDR, PCIe Bypass Generation 1, PCIe Bypass Generation 2. NOTE: Knowing the fabric types of the IOMs in your chassis is critical in preventing IOM mismatches within the same group.
Viewing the Health Status of an Individual IOM The I/O Module Status page (separate from the I/O Modules Status page) provides an overview of an individual IOM. To view the health status of an individual IOM: 1 Log in to the CMC Web interface. 2 Expand I/O Modules in the system tree. All of the IOMs (1–6) appear in the expanded I/O Modules list. 3 Click the IOM you want to view in the I/O Modules list in the system tree. 4 Click the Status subtab. The I/O Modules Status page displays. Table 11-2.
Table 11-2. I/O Module Health Status Information (continued) Item Description Warning Indicates that warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken, it could lead to critical or severe failures that can affect the integrity of the IOM. Examples of conditions causing Warnings: IOM fabric mismatch with the server's mezzanine card fabric; invalid IOM configuration, where the newly installed IOM does not match the existing IOM on the same group.
Table 11-2. I/O Module Health Status Information (continued) Item Description MAC Address Displays the MAC address for the IOM. The MAC address is a unique address assigned to a device by the hardware vendor as a means for identification. NOTE: Pass-throughs do not have MAC addresses. Only switches have MAC addresses. Role Displays the I/O module stacking membership when modules are linked together: • Member - the module is part of a stack set • Master - the module is a primary access point.
To configure the network settings for an individual IOM: 1 Log in to the CMC Web interface. 2 Click I/O Modules in the system tree. Click the Setup subtab. The Configure I/O Modules Network Settings page displays. 3 To configure network settings for I/O modules, type/select values for the following properties, and then click Apply. NOTE: Only IOMs that are powered on can be configured. NOTE: The IP address set on the IOMs from CMC is not saved to the switch's permanent startup configuration.
Table 11-3. Configure I/O Module Network Settings (continued) Item Description IP Address Specifies the IP address for the IOM network interface. Subnet Mask Specifies the subnet mask for the IOM network interface. Gateway Specifies the gateway for the IOM network interface. Troubleshooting IOM Network Settings The following list contains troubleshooting items for IOM network settings: • CMC can read the IP address setting too quickly after a configuration change; it displays 0.0.0.
12 Troubleshooting and Recovery This section explains how to perform tasks related to recovering and troubleshooting problems on the remote system using the CMC Web interface. • Gathering Configuration information, error status and error logs. • Managing power on a remote system. • Managing Lifecycle Controller jobs on a remote system. • Viewing chassis information. • Viewing the event logs. • Using the Diagnostic Console. • Reset Components.
Chassis Monitoring Tools Gathering Configuration information and Chassis Status and Logs The racdump subcommand provides a single command to get comprehensive chassis status, configuration state information, and the historic event logs.
CLI RACDUMP Racdump includes the following subsystems and aggregates the following RACADM commands: Table 12-1.
Remote RACDUMP Remote RACADM is a client side utility, which can be executed from a management station through the out of band network interface. A remote capability option -r is provided that allows you to connect to the managed system and execute RACADM subcommands from a remote console or management station. To use the remote capability, you need a valid user name (-u option) and password (-p option), and CMC IP address.
Telnet RACDUMP SSH/Telnet RACDUMP is used to refer to the RACDUMP command usage from a SSH or Telnet prompt. For more information on RACDUMP instruction, see the RACADM Command Line Reference Guide for iDRAC and CMC on support.dell.com/manuals. Configuring LEDs to Identify Components on the Chassis You can set component LEDs for all or individual components (chassis, servers, and IOMs) to blink as a means of identifying the component on the chassis.
Using RACADM Open a serial/Telnet/SSH text console to CMC, log in, and type: racadm setled -m [-l ] where specifies the module whose LED you want to configure. Configuration options: • server-nx where n = 1-8 and x = a, b, c, or d • switch-n where n=1–6 • cmc-active and specifies whether the LED should blink.
Table 12-2. Chassis Events That Can Generate SNMP and Email Alerts (continued) Event Description Redundancy Degraded Redundancy for the fans and/or power supplies has been reduced. Redundancy Lost No redundancy remains for the fans and/or power supplies. Power Supply Warning The power supply is approaching a failure condition. Power Supply Failure The power supply has failed. Power Supply Absent An expected power supply is not present. Hardware Log Failure The hardware log is not functioning.
Table 12-2. Chassis Events That Can Generate SNMP and Email Alerts (continued) Event Description IOM Absent An expected IOM is not present. IOM Failure The IOM is not functioning. Firmware Version Mismatch There is a firmware mismatch for the chassis or server firmware. Chassis Power Threshold Error Power consumption within the chassis reached the System Input Power Cap. SDCARD Absent There is no media in the CMC’s Secure Digital (SD) card slot, and a configured CMC feature requires it.
To add and configure SNMP alerts using the CMC Web interface: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Alerts tab. The Chassis Events page appears. 4 Enable alerting: a Select the check boxes of the events for which you want to enable alerting. To enable all events for alerting, select the Select All check box. b Click Apply to save your settings. 5 Click the Traps Settings subtab.The Chassis Event Alert Destinations page displays.
To test an event trap for an alert destination: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Alerts tab. The Chassis Events page displays. 4 Click the Traps Settings tab. The Chassis Event Alert Destinations page displays. 5 Click Send in the Test Trap column beside the destination. NOTE: Specify trap destinations as appropriately-formatted numeric addresses (IPv6 or IPv4), or Fully-qualified domain names (FQDNs).
Table 12-3.
4 Enable traps alerting by typing: racadm config -g cfgTraps -o cfgTrapsEnable 1 -i where is a value 1–4. The index number is used by CMC to distinguish up to four configurable destinations for traps alerts. Destinations may be specified as appropriately formatted numeric Addresses (IPv6 or IPv4), or Fully-qualified domain names (FQDNs).
Downloading SNMP Management Information Base (MIB) File The CMC SNMP MIB File defines chassis types, events, and indicators. CMC enables you to download the MIB file using the Web Interface. To download the CMC's SNMP Management Information Base (MIB) file using the Web interface: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click Network ServicesSNMP. The SNMP Configuration section is displayed. 4 Click Save to download the CMC MIB file to your local system.
4 Enable alerting: a Select the check boxes of the events for which you want to enable alerting. To enable all events for alerting, select the Select All check box. b Click Apply to save your settings. 5 Click the Email Alert Settings subtab. The Email Alert Destinations page displays. 6 Specify the SMTP server IP address: a Locate the SMTP (Email) Server field, and then type the SMTP hostname or IP address.
To send a test e-mail to an e-mail alert destination using the CMC Web interface: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Alerts tab. The Chassis Events page appears. 4 Click the Email Alert Settings subtab. The Email Alert Destinations page displays. 5 Click Send in the Destination Email Address column beside the destination. Using RACADM To send a test e-mail to an e-mail alert destination using RACADM: 1 Open a serial/Telnet/SSH text console to CMC and log in.
5 Specify a destination e-mail address to receive the e-mail alerts by typing: racadm config -g cfgEmailAlert -o cfgEmailAlertAddress -i where is a valid e-mail address, and is the index value you specified in step 4.
Monitoring Power and Executing Power Control Commands on the Chassis You can use the Web interface or RACADM to: • View the system’s current power status. • Perform an orderly shutdown through the operating system when rebooting, and power the system on or off. For information about power management on CMC and configuring power budget, redundancy, and power control, see "Power Management" on page 319.
Power Troubleshooting The following information helps you to troubleshoot power supply and power-related issues: • • 428 Problem: Configured the Power Redundancy Policy to AC Redundancy, and a Power Supply Redundancy Lost event was raised. – Resolution A: This configuration requires at least one power supply in side 1 (the left three slots) and one power supply in side 2 (the right three slots) to be present and functional in the modular enclosure.
• • • Problem: Dynamic Power Supply Engagement is enabled, but none of the power supplies display in the Standby state. – Resolution A: There is insufficient surplus power. One or more power supplies are moved into the Standby state only when the surplus power available in the enclosure exceeds the capacity of at least one power supply. – Resolution B: Dynamic Power Supply Engagement cannot be fully supported with the power supply units present in the enclosure.
• Problem: 2000 W is reported as the Surplus for Peak Performance. – • Problem: A subset of servers lost power after an AC Grid failure, even when the chassis was operating in the AC Redundancy configuration with six power supplies. – • Resolution: This is expected behavior if the enclosure power policy was configured to No Redundancy.
Managing Lifecycle Controller jobs on a remote system The Lifecycle Controller service is available on each of the servers and is facilitated by iDRAC. CMC provides a listing of all Lifecycle Controller jobs on the server(s) and enables you to delete or purge existing jobs using the web interface. For information on enabling the Lifecycle Controller, see "Updating Server Component Firmware Using Lifecycle Controller" on page 214.
Deleting jobs The Delete operation is the default operation and enables you to delete all or individual jobs on the server(s). The delete operation removes the selected jobs from the Lifecycle Controller job queue. The checkbox following the Model field enables selection of all the jobs on a server. Individual jobs can be selected by using the checkboxes following the job status field.
Table 12-5, Table 12-6, Table 12-7, and Table 12-8 describe the information displayed on the Chassis Summary page. Table 12-5. Chassis Summary Item Description Name Displays the name of the chassis. The name identifies the chassis on the network. For information on setting the name of the chassis, see "Editing Slot Names" on page 137. Model Displays the chassis model or manufacturer. For example, PowerEdge 2900. Service Tag Displays the service tag of the chassis.
Table 12-6. CMC Summary (continued) Item Description Hardware Version Displays the hardware version of the active CMC. MAC Address Displays the MAC address for the CMC Network Interface. The MAC address is a unique identifier for CMC over the network. IP Address Displays the IP address of the CMC Network Interface. Gateway Displays the gateway of the CMC Network Interface. Subnet Mask Displays the subnet mask of the CMC Network Interface.
Table 12-7. iKVM Summary (continued) Item Description Part Number Displays the part number for the iKVM. The part number is a unique identifier provided by the vendor. Part number naming conventions differ from vendor to vendor. Firmware Version Displays the firmware version of the iKVM. Hardware Version Displays the hardware version of the iKVM. Power Status Displays the power status of the iKVM: On, Off, N/A (Absent).
racadm getsysinfo 3 To view the iKVM summary, type: racadm getkvminfo 4 To view the IOM summary, type: racadm getioinfo Viewing Chassis and Component Health Status Using the Web Interface To view chassis and component health summaries: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. The Chassis Health page displays. The Chassis Graphics section provides a graphical view of the front and rear of the chassis.
dynamically updated, and the component subgraphic colors and text hints are automatically changed to reflect the current state. Clicking on the component subgraphic selects that component's information and Quick Links for display below the chassis graphics. The CMC Hardware Log section provides the latest 10 entries of the CMC Hardware Log for reference.
Examples of hardware log entries critical System Software event: redundancy lost Wed May 09 15:26:28 2007 normal System Software event: log cleared was asserted Wed May 09 16:06:00 2007 warning System Software event: predictive failure was asserted Wed May 09 15:26:31 2007 critical System Software event: log full was asserted Wed May 09 15:47:23 2007 unknown System Software event: unknown event Using the Web Interface You can view, save a text file version of, and clear the hardware log in the CMC Web int
To clear the hardware log, click Clear Log. NOTE: CMC creates a new log entry indicating that the log was cleared. Table 12-9. Hardware Log Information Item Description Severity OK Indicates a normal event that does not require corrective actions. Informational Indicates an informational entry on an event in which the Severity status has not changed. Unknown Indicates a noncritical event for which corrective actions should be taken soon to avoid system failures.
Viewing the CMC Log CMC generates a log of chassis-related events. NOTE: To clear the hardware log, you must have Clear Logs Administrator privilege. Using the Web Interface You can view, save a text file version of, and clear the CMC log in the CMC Web interface. You can re-sort the log entries by Source, Date/Time, or Description by clicking the column heading. Subsequent clicks on the column headings reverse the sort.
Using RACADM To view the CMC log information using RACADM: 1 Open a serial/Telnet/SSH text console to CMC and log in. 2 To view the hardware log, type: racadm getraclog To clear the hardware log, type: racadm clrraclog Using the Diagnostic Console The Diagnostic Console page enables an advanced user, or a user under the direction of technical support, to diagnose issues related to the chassis hardware using CLI commands. NOTE: To modify these settings, you must have Debug Command Administrator privilege.
Table 12-11. Supported Diagnostic Commands (continued) Command Result netstat Prints the contents of the routing table. ping Verifies that the destination is reachable from CMC with the current routing-table contents. You must type a destination IP address in the field to the right of this option. An Internet control message protocol (ICMP) echo packet is sent to the destination IP address based on the current routing-table contents.
Table 12-12. CMC Summary Attribute Health Description OK CMC is present and communicating with its components. Informational Displays information about CMC when no change in health status (OK, Warning, Severe) has occurred. Warning Warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken, critical or severe failures that can affect the integrity of CMC can occur. Severe At least one failure alert has been issued.
Table 12-13. Virtual Reseat Server (continued) Attribute Description Health OK The server is present and communicating with CMC. In the event of a communication failure between CMC and the server, the CMC cannot obtain or display health status for the server. Informational Displays information about the server when there is no change in health status (OK, Warning, Severe). iDRAC Status Warning Warning alerts have been issued, and corrective action must be taken.
Table 12-13. Virtual Reseat Server (continued) Attribute Description Power State Displays the server power status: • N/A - CMC has not determined the power state of the server. • Off - The server or the chassis is off. • On - The chassis and server are on. • Powering On - Temporary state between Off and On. Once the powering on cycle completes, the Power State changes to On. • Powering Off - Temporary state between On and Off. Once the powering off cycle completes, the Power State changes to Off.
CMC provides tools to troubleshoot these problems, with the primary source of troubleshooting information being the CMC Trace Log. This log contains an error message for NTP related failures. If CMC is unable to synchronize with any of the remote NTP servers that have been configured, then it derives its timing from the local system clock.
Jan 8 19:59:24 cmc ntpd[1423]: Cannot find existing interface for address 1.2.3.4 Jan 8 19:59:24 cmc ntpd[1423]: configuration of 1.2.3.
Table 12-14.
Table 12-14.
Table 12-14. LED Color and Blinking Patterns (continued) Component LED Color, Blinking Pattern Meaning PSU (Oval) Green, glowing steadily AC OK (Oval) Green, blinking Not used (Oval) Green, dark AC Not OK Amber, glowing steadily Not used Amber, blinking Fault Amber, dark No fault (Circle) Green, glowing steadily DC OK (Circle) Green, dark DC Not OK Troubleshooting a Non-responsive CMC NOTE: It is not possible to log in to the standby CMC using a serial console.
Bottom LED — The bottom LED is multi-colored. When CMC is active and running, and there are no problems, the bottom LED is blue. If it is amber, a fault was detected. The fault could be caused by any of the following three events: • A core failure. In this case, the CMC board must be replaced. • A self-test failure. In this case, the CMC board must be replaced. • An image corruption. In this case, you can recover CMC by uploading the CMC firmware image.
Recovering the Firmware Image CMC enters recover mode when a normal CMC OS boot is not possible. In recover mode, a small subset of commands are available that allow you to reprogram the flash devices by uploading the firmware update file, firmimg.cmc. This is the same firmware image file used for normal firmware updates. The recovery process displays its current activity and boots to the CMC OS upon completion.
Troubleshooting Network Problems The internal CMC trace log allows you to debug CMC alerting and networking. You can access the trace log using the CMC Web interface (see "Using the Diagnostic Console") or RACADM (see "Using the RACADM Command Line Interface" and the gettracelog command section in the RACADM Command Line Reference Guide for iDRAC6 and CMC. The trace log tracks the following information: • DHCP — Traces packets sent to and received from a DHCP server.
To perform management actions, a user with Administrator privileges is required. If the administrator account password is forgotten, it can be reset using the PASSWORD_RST jumper on the CMC board. The PASSWORD_RST jumper uses a two-pin connector as shown in Figure 12-1.
Figure 12-1. Password Reset Jumper Location PASSWORD_RSET Table 12-15. CMC Password Jumper Settings PASSWORD_RSET (default) The password reset feature is disabled. The password reset feature is enabled. 3 Slide the CMC module into the enclosure. Reattach any cables that were disconnected. NOTE: Ensure that the CMC module becomes the active CMC, and remains the active CMC until the remaining steps are completed.
4 If the jumpered CMC module is the only CMC, then simply wait for it to finish rebooting. If you have redundant CMCs in your chassis, then initiate a changeover to make the jumpered CMC module active. On the GUI interface: a Navigate to the Chassis page, click the Power tab Control subtab. b Select the Reset CMC (warm boot) button and click Apply. CMC automatically fails over to the redundant module, and that module now becomes active.
To restore the Chassis configuration: 1 On the Chassis Backup screen, click Browse. 2 Type or navigate to the backup file, then click Open to select it. 3 Click Restore. NOTE: CMC does not reset upon restoring configuration, however CMC services may take some time to effectively impose any changed/new configuration. After successful completion, all current sessions are closed. Troubleshooting Alerting Use the CMC log and the trace log to troubleshoot CMC alerts.
Troubleshooting and Recovery
Diagnostics 13 The LCD panel helps you to diagnose problems with any server or module in the chassis. If there is a problem or fault with the chassis or any server or other module in the chassis, the LCD panel status indicator blinks amber. On the Main Menu an icon with an amber background displays next to the menu item—Server or Enclosure—that leads to the faulty server or module.
Table 13-1. LCD Panel Navigational Icons Icon Normal Icon Icon Name and Description Highlighted Back. Highlight and press the center button to return to the previous screen. Accept/Yes. Highlight and press the center button to accept a change and return to the previous screen. Skip/Next. Highlight and press the center button to skip any changes and go to the next screen. No. Highlight and press the center button to answer "No" to a question and go to the next screen. Rotate.
LCD Setup Menu The LCD Setup menu displays a menu of items that can be configured: • Language Setup — choose the language you want to use for LCD screen text and messages. • Default Screen — choose the screen that displays when there is no activity on the LCD panel. 1 Use the up and down arrow buttons to highlight an item in the menu or highlight the Back icon if you want to return to the Main menu. 2 Press the center button to activate your selection.
The currently active default screen is highlighted in light blue. 1 Use the up and down arrow buttons to highlight the screen you want to set to the default. 2 Press the center button. The Accept icon is highlighted. 3 Press the center button again to confirm the change. The Default Screen is displayed. Graphical Server Status Screen The Graphical Server Status screen displays icons for each server installed in the chassis and indicates the general health status for each server.
Graphical Module Status Screen The Graphical Module Status screen displays all modules installed in the rear of the chassis and provides summary health information for each module.
Module Status Screen The Module Status screen displays information and error messages about a module. For messages that can appear on this screen, see "LCD Module and Server Status Information" on page 475 and "LCD Error Messages" on page 468. Use the up and down arrow keys to move through messages. Use the left and right arrow keys to scroll messages that do not fit on the screen. Highlight the Back icon and press the center button to return to the Graphical Module Status screen.
Diagnostics The LCD panel helps you to diagnose problems with any server or module in the chassis. If there is a problem or fault with the chassis or any server or other module in the chassis, the LCD panel status indicator blinks amber. On the Main Menu a blinking icon with an amber background displays next to the menu item—Server or Enclosure—that leads to the faulty server or module.
Figure 13-1.
Table 13-2. LCD Hardware Trouble Shooting Items Symptom Issue Recovery Action Alert screen message CMC Not Responding and Loss of communication from CMC to the LCD front panel. Check that CMC is booting; then, reset CMC using GUI or RACADM commands. Alert screen message CMC Not Responding and LCD module communications is stuck during a CMC fail-over or reboots. Review the hardware log using the GUI or RACADM commands. Look for a message that states: Can LED is blinking amber.
Front Panel LCD Messages This section contains two subsections that list error and status information that is displayed on the front panel LCD. Error messages on the LCD have a format that is similar to the System Event Log (SEL) viewed from the CLI or Web interface. The tables in the error section list the error and warning messages that are displayed on the various LCD screens and the possible cause of the message. Text enclosed in angled brackets (< >) indicates that the text may vary.
Table 13-4. Enclosure/Chassis Status Screen Severity Message Cause Critical Fan is removed. This fan is required for proper cooling of the enclosure/chassis. Warning Power supply redundancy is degraded. One or more PSU have failed or removed and the system can no longer support full PSU redundancy. Critical Power supply redundancy is lost. One or more PSU have failed or removed and the system is no longer redundant. Critical The power supplies are not redundant.
Table 13-5. Fan Status Screens Severity Message Cause Critical Fan RPM is operating The speed of the specified fan is less than the lower critical not sufficient to provide enough threshold. cooling to the system. Critical Fan RPM is operating The speed of the specified fan is greater than the upper critical too high, usually due to a broken threshold. fan blade. Table 13-6.
Table 13-8. PSU Status Screens Severity Message Cause Critical Power supply failed. The PSU has failed. Critical The power input for power supply Loss of AC power or AC cord is lost. unplugged. Warning Power supply is operating at 110 volts, and could cause a circuit breaker fault. Table 13-9. Power supply is plug into a 110 volt source. Server Status Screen Severity Message Cause Warning The system board ambient Server temperature is getting cool.
Table 13-9. Server Status Screen (continued) Severity Message Critical The CPU voltage is outside of the allowable range. Critical The system board voltage is outside of the allowable range. Critical The mezzanine card voltage is outside of the allowable range. Critical The storage voltage is outside of the allowable range. Critical CPU has an internal error (IERR). CPU failure.
Table 13-9. Server Status Screen (continued) Severity Message Cause Critical The system board fail-safe voltage This event is generated when the is outside of the allowable range. system board voltages are not at normal levels. Critical The watchdog timer expired. The iDRAC watchdog timer expires and no action is set. Critical The watchdog timer reset the system.
Table 13-9. Server Status Screen (continued) Severity Message Cause Critical An I/O channel check NMI was detected on a component at bus device function . A critical interrupt is generated in the I/O Channel. Critical An I/O channel check NMI wa detected on a component at slot . A critical interrupt is generated in the I/O Channel. Critical A PCI parity error was detected on Parity error was detected on the a component at bus PCI bus.
Table 13-9. Server Status Screen (continued) Severity Message Cause Critical Memory redundancy is lost. Critical A bus fatal error was detected on a Fatal error is detected on the PCIe component at bus bus. device function . Critical A software NMI was detected on a Chip error is detected. component at bus device function . Critical Failed to program virtual MAC address on a component at bus device function .
Table 13-10. CMC Status (continued) Item Description Firmware Version Only displays on an active CMC. Displays Standby for the standby CMC. IP4 Displays current IPv4 enabled state only on an active CMC. IP4 Address: Only displays if IPv4 is enabled only on an active CMC. IP6 Displays current IPv6 enabled state only on an active CMC. IP6 Local Address: Only displays if IPv6 is enabled only on an active CMC.
Table 13-12. Fan Status Item Description Name/Location Example: Fan1, Fan2, etc. Error Messages If no error then "No Errors" is shown; otherwise error messages are listed, critical errors first, then warnings. RPM Current fan speed in RPM. Table 13-13. PSU Status Item Description Name/Location Example: PSU1, PSU2, etc. Error Messages If no error then "No Errors" is shown; otherwise error messages are listed, critical errors first, then warnings. Status Offline, Online, or Standby.
Table 13-15. iKVM Status Item Description Name iKVM. No Error If there are no errors, then No Errors is displayed; otherwise error messages are listed. The critical errors are listed first, and then the warnings. For more information see "LCD Error Messages". Status Off or On. Model/Manufacture A description of the iKVM model. Service Tag The factory-assigned service tag. Part Number The Manufacturer part number. Firmware Version iKVM firmware version.
Table 13-16. Server Status (continued) Item Description Service Tag Displays if iDRAC finished booting. BIOS Version Server BIOS firmware version. Last POST Code Displays the last server BIOS POST code messages string. iDRAC Firmware Version Displays if iDRAC finished booting. NOTE: iDRAC version 1.01 is displayed as 1.1. There is no iDRAC version 1.10. IP4 Displays the current IPv4 enabled state. IP4 Address: Only displays if IPv4 is enabled.
Diagnostics
Index A ACI, 371 Activating FlexAddress Plus, 267 Active Directory, 269 adding CMC users, 290 configuring access to the CMC, 282 configuring and managing certificates, 177 extending schemas, 282 objects, 277 schema extensions, 276 using with standard schema, 270 viewing a server certificate, 195 CMC configuring, 292 creating a configuration file, 101 downloading firmware, 53 feature sets, 22 installing, 33 log, 440 redundant environment, 57 setting up, 33 CMC VLAN, 90 command line console features, 61 add
E H Enabling or Disabling DCHP, 87 hardware log, 437 hardware specifications, 26 F fabric management, 399 I feature sets of CMC, 22 I/O fabric, 399 featurecard, 252 iDRAC recovering firmware, 213 firmware downloading, 53 managing, 206 updating, CMC, 208 updating, iKVM, 210 updating, IOM infrastructure device, 211 updating, Server iDRAC, 212 FlexAddress, 249 activating, 250 activation verification, 252 configuring using CLI, 254 deactivating, 253 license agreement, 263 Linux configuration, 255 trou
N Network LAN Settings, 85 network properties configuring manually, 83 configuring using racadm, 83 parsing rules, 103 Red Hat Enterprise Linux configuring for serial console redirection, 70 redundant environment, 57 remote access connection (RAC), 27 O OSCAR, 369 remote RACADM configuring, 52 P S parsing rules, 103 Secure Sockets Layer (SSL) about, 188 password disabling, 453 reset jumper location, 455 power budgeting configuring, 53 power conservation, 330 proxy server, 41 R RAC see Remote Access
SNMP alerts adding and configuring, 416 specifications hardware, 26 standard schema using with Active Directory, 270 T telnet console using, 62 U Using FlexAddress Plus, 268 V Viewing Current IPv4 Network Settings, 84 Viewing Current IPv6 Network Settings, 84 W web browser configuring, 41 supported browsers, 28 web interface accessing, 111 configuring email alerts, 423 WS-Management, 28 484 Index