Integrated Dell™ Remote Access Controller Firmware Version 1.11 User Guide w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes and Notices NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. ___________________ Information in this document is subject to change without notice. © 2007-2008 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden..
Contents 1 iDRAC Overview . . . . . . . . . . . . . . . . . . . iDRAC Management Features . . . . . . . . . . . . . . 20 . . . . . . . . . . . . . . . . 21 . . . . . . . . . . . . . . . . . . 21 iDRAC Security Features Supported Platforms Supported Operating Systems . Supported Web Browsers . . . . . . . . . . . . . . 22 . . . . . . . . . . . . . . . 23 Supported Remote Access Connections iDRAC Ports . . . . . . . . 24 . . . . . . . . . . . . . . . . . . . . . . .
Configure Serial Over LAN . . . . . . . . . . . . . 32 Configure iDRAC Services . . . . . . . . . . . . . 32 . . . . . . 32 . . . . . . . . . . . . . . 33 Configure Secure Sockets Layer (SSL) Configure Virtual Media Install the Managed Server Software . . . . . . . Configure the Managed Server for the Last Crash Screen Feature . . . . . . . . . . . . . . . 33 . . . . . 33 . . . . . . . . . . . . . 34 Configuring Networking Using the CMC Web Interface . . . . . . . . . . . . . . . . . . .
Installing Telnet or SSH Clients . Telnet with iDRAC . . . . . . . . . . . . 46 . . . . . . . . . . . . . . . . . 47 Configuring the Backspace Key For Your Telnet Session . . . . . . . . . . . . . . SSH With iDRAC . . . . . 47 . . . . . . . . . . . . . . . . . . 48 Installing a TFTP Server . . . . . . . . . . . . . . . . . Installing Dell OpenManage IT Assistant 4 . . . . . . . Configuring the Managed Server . . . . . . 50 51 Installing the Software on the Managed Server . . . .
Configuring IPMI . . . . . . . . . . . . . . . . . . . . Adding and Configuring iDRAC Users . . . . . . . . . . Securing iDRAC Communications Using SSL and Digital Certificates . . . . . . . . . . . . . . . . Secure Sockets Layer (SSL) 69 . . . . . . . . . . . . 69 Accessing the SSL Main Menu . . . . . . . . . 70 . . . . . . . . . . 70 Generating a New Certificate Signing Request . . . . . . . . . . . . . . . . . . . . . . . 71 . . . . . . . . . . . 73 . . . . . . . . . . . .
Extended Schema Active Directory Overview Active Directory Schema Extensions . . . . . 90 . . . . . . . 90 . . . . . 91 . . . . . . . . . 91 Overview of the RAC Schema Extensions Active Directory Object Overview Configuring Extended Schema Active Directory to Access Your iDRAC . . . . . . . . . . . . . . Extending the Active Directory Schema . 95 . . . . . . 95 Installing the Dell Extension to the Active Directory Users and Computers Snap-In . . . . . 101 . . . . . . 102 . . . . . . .
7 Using GUI Console Redirection . Overview . . . . . . . . . . . . . . . . . . . . . . . . . Using Console Redirection . . . . . . . . . . . . . . . Supported Screen Resolutions and Refresh Rates . . . . . . . . . . . . . . . . . . . . Configuring Your Management Station 122 122 . . . 125 125 . . . . . . . . . . . . . . . . . 127 Synchronizing the Mouse Pointers . . . . . . . . 130 Disabling or Enabling Local Console . . . . . . . . 131 . . . . . . . . . . . . . .
Using the Local RACADM Command Line Interface . . . . . . . . . . . . . . . . . . Using the RACADM Command RACADM Subcommands . . 149 . . . . . . . . . . . . . 149 . . . . . . . . . . . . . . . . 150 Using the RACADM Utility to Configure the iDRAC . Displaying Current iDRAC Settings . . 151 . . . . . . . . 151 . . . . . . 152 . . . . . . . . . . . . . . . 153 Managing iDRAC Users with RACADM Adding an iDRAC User . . . . 153 . . . . . . . . . . . . . 154 . . . . . . . . . . . . . . .
Using the iDRAC SM-CLP Command Line Interface . . . . . . . . . . . . . . . . . System Management With SM-CLP 173 . . . . . . . . . . . . . . . . . 174 . . . . . . . . . . . . . . . . . . . . 174 Navigating the MAP Address Space Targets . . . . . . . . . . 177 . . . . . . . . . . . . . . . . . . . . . . . 178 Using the Show Verb . . . . . . . . . . . . . . . . . . Using the -level Option . . . . . . . . . . . . . 179 179 . . . . . . . . . . . . . . 179 . . . . . . . . . . . . . . . .
Deploying Your Operating System Using iVM-CLI . . . . . . . . . . . . . . . . Before You Begin . . . . Network Requirements . . . . . . . . . . . 187 . . . . . . . . . . . . . . 187 Creating a Bootable Image File . . . 188 . . . . . . . . . . . . . . . 188 . . . . . . . . . 188 . . . . . . . . . . . . 189 Configuring the Remote Systems Deploying the Operating System Using the Virtual Media Command Line Interface Utility . . . . . . . . . . . . . . . . . . . . . . .
Reset to Default . . . . . . . . . . . . . . . . . . System Event Log Menu . . . . . . . . . . . . . . Exiting the iDRAC Configuration Utility . . . . . . . 13 Recovering and Troubleshooting the Managed Server . . . . . . . . . . . . . . . . Safety First–For You and Your System . Trouble Indicators 205 . . . . . . . . . . . . . . . . . . . Problem Solving Tools . 206 . . . . . . . . . . . 206 . . . . . . . . . . . . . . 207 . . . . . . . . . . . . . . . . . 208 Checking the System Health .
getconfig . . . . . . . . . . . . . . . . . . . . . . . . . 234 getssninfo . . . . . . . . . . . . . . . . . . . . . . . . 236 getsysinfo . . . . . . . . . . . . . . . . . . . . . . . . 238 getractime . . . . . . . . . . . . . . . . . . . . . . . . 240 setniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 241 getniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 243 getsvctag . . . . . . . . . . . . . . . . . . . . . . . . 244 . . . . . . . . . . . . . . . . . . . . . . . .
testtrap . . . . . . . . . . . . . . . . . . . . . . . . . . vmdisconnect . . . . . . . . . . . . . . . . . . . . . . B iDRAC Property Database Group and Object Definitions . . . . . . . . . . . . . . . Displayable Characters idRacInfo . 261 261 . . . . . . . . . . . . . . . . . . . . . . . . 261 . . . . . . . . . . . idRacDescriptionInfo (Read Only) idRacBuildInfo (Read Only) . 262 . . . . . . . . . . . 262 263 . . . . . . . . . . . . . . 263 . . . . . . . . . . . . . . . 263 . . . . . . .
cfgUserAdmin . . . . . . . . . . . . . . . . . . . . . . . . . 269 . . . . . . . 270 cfgUserAdminIpmiLanPrivilege (Read/Write) cfgUserAdminPrivilege (Read/Write) . . . . . . 271 . . . . . . . 271 . . . . . . . . . . . . . . . 272 cfgUserAdminUserName (Read/Write) cfgUserAdminPassword (Write Only) cfgUserAdminEnable . . . . . . . . . . . . . . . 272 . . . . . . . . . . . . . . . . . . . . . . 272 cfgUserAdminSolEnable cfgEmailAlert cfgEmailAlertIndex (Read Only) . . . . . . . . . .
cfgRacTuneSshPort (Read/Write) . . . . . . . . . cfgRacTuneTelnetPort (Read/Write) . . . . . . . . 281 cfgRacTuneConRedirEncryptEnable (Read/Write) . . . . . . . . . . . . . . . . . . . . 281 cfgRacTuneConRedirPort (Read/Write) . . . . . . cfgRacTuneAsrEnable (Read/Write) 282 . . . . . . . . 282 cfgRacTuneWebserverEnable (Read/Write) . . . . 282 cfgRacTuneLocalServerVideo (Read/Write) . . . . 283 . . . . . . . . . . . . . . . . .
cfgADAuthTimeout (Read/Write) . cfgADRootDomain (Read/Write) . . . . . . . . . 290 . . . . . . . . . . 291 cfgADSpecifyServerEnable (Read/Write) 291 . . . . . . . 291 . . . . . . . . . 292 . . . . . . . . . . . . . . 292 . . . . . . . . . . . . . . . . . . 292 cfgADDomainController (Read/Write) cfgADGlobalCatalog (Read/Write) cfgADType (Read/Write) cfgStandardSchema . . . . . . cfgSSADRoleGroupIndex (Read Only) . . . . . . . cfgSSADRoleGroupName (Read/Write) . . . . . . 293 . . . .
cfgIpmiPetAlertDestIpAddr (Read/Write) cfgIpmiPetAlertEnable (Read/Write) C RACADM and SM-CLP Equivalencies . . . . . . . . . . . 300 . . . . . . . . 300 . . . . . . . . . . . . . . 303 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 Index 18 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iDRAC Overview The Integrated Dell™ Remote Access Controller (iDRAC) is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for Dell PowerEdge™ systems. The iDRAC uses an integrated System-on-Chip microprocessor for the remote monitor/control system. The iDRAC co-exists on the system board with the managed PowerEdge server.
The iDRAC network interface is disabled by default. It must be configured before the iDRAC is accessible. After the iDRAC is enabled and configured on the network, it can be accessed at its assigned IP address with the iDRAC web interface, telnet or SSH, and supported network management protocols, such as Intelligent Platform Management Interface (IPMI).
• Password-level security management — Prevents unauthorized access to a remote system • Role-based authority — Provides assignable permissions for different systems management tasks iDRAC Security Features The iDRAC provides the following security features: • User authentication through Microsoft Active Directory (optional) or hardware-stored user IDs and passwords • Role-based authority, which enables an administrator to configure specific privileges for each user • User ID and password configura
Check the iDRAC Readme file and the Dell PowerEdge Compatibility Guide located on the Dell Support website at support.dell.com for the latest supported platforms. Supported Operating Systems Table 1-1 lists the operating systems that support the iDRAC. See the Dell OpenManage Server Administrator Compatibility Guide located on the Dell Support website at support.dell.com for the latest information. Table 1-1.
Table 1-1. Supported Operating Systems (continued) Operating System Family Operating System SUSE® Linux Enterprise Server 9 with Update 2 and Update 3 (x86_64) Enterprise Server 10 (Gold) (x86_64) Supported Web Browsers NOTICE: Console Redirection and Virtual Media only support 32-bit Web browsers. Using 64-bit Web browsers will generate unexpected results or failure. Table 1-2 lists the Web browsers that are supported as iDRAC clients.
Supported Remote Access Connections Table 1-3 lists the connection features. Table 1-3.
Table 1-5. iDRAC Client Ports Port Number Function 25 SMTP 53 DNS 68 DHCP-assigned IP address 69 TFTP 162 SNMP trap 636 LDAPS 3269 LDAPS for global catalog (GC) Other Documents You May Need In addition to this User’s Guide, the following documents provide additional information about the setup and operation of the iDRAC in your system: • The iDRAC online help provides information about using the Web interface. • The Dell CMC Firmware Version 1.
• The Rack Installation Guide and Rack Installation Instructions included with your rack solution describe how to install your system into a rack. • The Getting Started Guide provides an overview of system features, setting up your system, and technical specifications. • The Hardware Owner’s Manual provides information about system features and describes how to troubleshoot the system and install or replace system components.
Configuring the iDRAC This section provides information about how to establish access to the iDRAC and to configure your management environment to use iDRAC.
Table 2-1. Configuration Interfaces (continued) Interface Description iDRAC Web Interface The iDRAC Web interface is a browser-based management application that you can use to interactively manage the iDRAC and monitor the managed server. It is the primary interface for day-to-day tasks, such as monitoring system health, viewing the system event log, managing local iDRAC users, and launching the CMC Web interface and console redirection sessions.
Table 2-1. Configuration Interfaces (continued) Interface Description SM-CLP SM-CLP is the Server Management Workgroup Server Management-Command Line Protocol (SM-CLP) implementation incorporated in the iDRAC. The SM-CLP command line is accessed by logging into the iDRAC using telnet or SSH. SM-CLP commands implement a useful subset of the local RACADM commands. The commands are useful for scripting since they can be executed from a management station command line.
The configuration tasks that can be used to perform each task are listed beneath the task. NOTE: Before performing configuration procedures in this guide, the CMC and I/O modules must be installed in the chassis and configured, and the PowerEdge server must be physically installed in the chassis. Configure the Management Station Set up a management station by installing the Dell OpenManage software, a Web browser, and other software utilities.
Configure iDRAC Users Set up the local iDRAC users and permissions. The iDRAC holds a table of sixteen local users in firmware. You can set usernames, passwords, and roles for these users.
Configure Platform Event Traps (PETs) to send alert notifications to an IP address, such as a management station with IPMI software or to send an e-mail to a specified e-mail address. • iDRAC Web interface — see "Configuring Platform Event Traps (PET)" on page 63 • RACADM — "Configuring PET" on page 159 Configure Serial Over LAN Serial Over LAN (SOL) is an IPMI feature that allows you to redirect the managed server’s serial port I/O over the network. SOL enables the iDRAC console redirection feature.
Configure Virtual Media Configure the virtual media feature so that you can install the operating system on the PowerEdge server. Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server.
NOTE: The CMC IP address can be found in the iDRAC Web interface by clicking System→ Remote Access→ CMC. You can also launch the CMC Web interface from this page. 1 Use your web browser to log in to the CMC web user interface using a URL of the form https:// or https://. 2 Enter the CMC username and password and click OK. 3 Click the plus (+) symbol next to Chassis in the left column, then click Servers. 4 Click Setup→ Deploy.
Downloading the Firmware or Update Package Download the firmware from support.dell.com. The firmware image is available in several different formats to support the different update methods available. To update the iDRAC firmware using the iDRAC Web interface or SM-CLP, or to recover the iDRAC using the CMC Web interface, download the binary image, packaged as a self-extracting archive.
You can use the CMC Web interface to update the firmware only when the CMC detects that the iDRAC firmware is corrupted, as could occur if the iDRAC firmware update progress is interrupted before it completes. See "Recovering iDRAC Firmware Using the CMC" on page 86. Using the DOS Update Utility To update the iDRAC firmware using the DOS update utility, boot the managed server to DOS, and execute the idrac16d command.
Verifying the Digital Signature A digital signature is used to authenticate the identity of the signer of a file and to certify that the original content of the file has not been modified since it was signed. If you do not already have it installed on your system, you must install the Gnu Privacy Guard (GPG) to verify a digital signature. To use the standard verification procedure, perform the following steps: 1 Download the Dell Linux public GnuPG key, if you do not already have it, by navigating to lists.
at passports, checking fingerprints from different sources, etc.) 1 2 3 4 5 m = = = = = = I don't know or won't say I do NOT trust I trust marginally I trust fully I trust ultimately back to the main menu Your decision? d Type 5 . The following prompt appears: Do you really want to set this key to ultimate trust? (y/N) e Type y to confirm your choice. f Type quit to exit the GPG key editor. You must import and validate the public key only once.
The following example illustrates the steps that you follow to verify a 1425SC BIOS Update Package: 1 Download the following two files from support.dell.com: • PESC1425-BIOS-LX-A01.bin.sign • PESC1425-BIOS-LX-A01.bin 2 Import the public key by running the following command line: gpg --import The following output message appears: gpg: key 23B66A9D: "Dell Computer Corporation (Linux Systems Group)
The following output message appears: gpg: Signature made Thu 14 Apr 2005 04:25:37 AM IST using DSA key ID 23B66A9D gpg: Good signature from "Dell Computer Corporation (Linux Systems Group) " NOTE: If you have not validated the key as shown in step 3, you will receive additional messages: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
Configuring the Management Station A management station is a computer used to monitor and manage the PowerEdge servers and other modules in the chassis. This section describes software installation and configuration tasks that set up a management station to work with the iDRAC. Before you begin configuring the iDRAC, follow the procedures in this section to ensure that you have installed and configured the tools you will need.
Using the iDRAC console redirection feature (see "Using GUI Console Redirection" on page 121), you can access the managed server’s console even if you do not have network access to the server’s ports. You can also perform several management functions on the managed server, such as rebooting the computer, using iDRAC facilities. To access network and application services hosted on the managed server, however, you may need an additional NIC in the management computer.
Adding iDRAC to the List of Trusted Domains When you access the iDRAC Web interface through the Web browser, you may be prompted to add the iDRAC IP address to the list of trusted domains if the IP address is missing from the list. When completed, click Refresh or relaunch the Web browser to establish a connection to the iDRAC Web interface.
Firefox 1.5 (Linux) To view a localized version of the iDRAC Web interface in Firefox, perform the following steps: 1 Click Edit→ Preferences, then click the Advanced tab. 2 In the Language section, click Choose. 3 Click Select a language to add…. 4 Select a supported language and click Add. 5 Select your preferred language and click Move Up to move it to the top of the list. 6 In the Languages menu, click OK. 7 Click OK.
LC_MEASUREMENT="zh_CN.UTF-8" LC_IDENTIFICATION="zh_CN.UTF-8" LC_ALL= 3 If the values include "zh_CN.UTF-8", no changes are required. If the values do not include "zh_CN.UTF-8", go to step 4. 4 Edit the /etc/sysconfig/i18n file with a text editor. 5 In the file, apply the following changes: Current entry: LANG="zh_CN.GB18030" SUPPORTED="zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" Updated entry: LANG="zh_CN.UTF-8" SUPPORTED="zh_CN.UTF8:zh_CN.GB18030:zh_CH.
3 In the Preference Name column, locate and double-click xpinstall.whitelist.required. The values for Preference Name, Status, Type, and Value change to bold text. The Status value changes to user set and the Value value changes to false. 4 In the Preferences Name column, locate xpinstall.enabled. Ensure that Value is true. If not, double-click xpinstall.enabled to set Value to true.
Telnet with iDRAC Telnet is included in Microsoft® Windows® and Linux operating systems and can be run from a command shell. You may also choose to install a commercial or freely available telnet client with more convenience features than the standard version included with your operating system. If your management station is running Windows XP or Windows 2003, you may experience an issue with the characters in an iDRAC telnet session.
To configure a Linux telnet session to use the key, perform the following steps: 1 Open a shell and type: stty erase ^h 2 At the prompt, type: telnet SSH With iDRAC Secure Shell (SSH) is a command line connection with the same capabilities as a telnet session, but with session negotiation and encryption to improve security. The iDRAC supports SSH version 2 with password authentication. SSH is enabled by default on the iDRAC.
Table 3-1.
You can use the netstat -a command on Windows or Linux operating systems to see if a TFTP server is already listening. Port 69 is the TFTP default port.
Configuring the Managed Server This section describes tasks to set up the managed server to enhance your remote management capabilities. These tasks include installing the Dell Open Manage Server Administrator software and configuring the managed server to capture the last crash screen. Installing the Software on the Managed Server The Dell management software includes the following features: • Local RACADM CLI — allows you to configure and administer the iDRAC from the managed system.
Configuring the Managed Server to Capture the Last Crash Screen The iDRAC can capture the last crash screen so that you can view it in the Web interface to help troubleshoot the cause of the managed system crash. Follow these steps to enable the last crash screen feature. 1 Install the managed server software. For more information about installing the managed server software, see the Server Administrator User’s Guide.
Disabling the Windows Automatic Reboot Option To ensure that the iDRAC can capture the last crash screen, disable the Automatic Reboot option on managed servers running Microsoft Windows Server® or Windows Vista®. 1 Open the Windows Control Panel and double-click the System icon. 2 Click the Advanced tab. 3 Under Startup and Recovery, click Settings. 4 Deselect the Automatically Reboot check box. 5 Click OK twice.
Configuring the Managed Server
Configuring the iDRAC Using the Web Interface The iDRAC provides a Web interface that enables you to configure the iDRAC properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the iDRAC Web interface. This chapter provides information about how to perform common systems management tasks with the iDRAC Web interface and provides links to related information.
where iDRAC-IP-address is the IP address for the iDRAC and port-number is the HTTPS port number. The iDRAC Login window appears. Logging In You can log in as either an iDRAC user or as a Microsoft® Active Directory® user. The default user name and password are root and calvin, respectively. You must have been granted Login to iDRAC privilege by the administrator to log in to the iDRAC. To log in, perform the following steps: 1 In the Username field, type one of the following: • Your iDRAC user name.
NOTE: Closing the iDRAC Web interface within Microsoft Internet Explorer using the close button ("x") at the top right corner of the window may generate an application error. To fix this issue, download the latest Cumulative Security Update for Internet Explorer from the Microsoft Support website, located at support.microsoft.com. Configuring the iDRAC NIC This section assumes that the iDRAC has already been configured and is accessible on the network.
Table 5-1. Network Settings (continued) Setting Description Use DHCP (For NIC IP Address) Prompts the iDRAC to obtain an IP address for the NIC from the Dynamic Host Configuration Protocol (DHCP) server. Also deactivates the Static IP Address, Static Subnet Mask, and Static Gateway controls. The default is off. Static IP Address Allows you to enter or edit a static IP address for the iDRAC NIC. To change this setting, deselect the Use DHCP (For NIC IP Address) checkbox.
Table 5-1. Network Settings (continued) Setting Description DNS iDRAC Name Displays the iDRAC name only when Register iDRAC on DNS is selected. The default name is idrac-service_tag, where service_tag is the service tag number of the Dell server. For example: idrac-00002. Use DHCP for DNS Domain Name Uses the default DNS domain name. When the box is not selected and the Register iDRAC on DNS option is selected, modify the DNS domain name in the DNS Domain Name field. The default is Disabled.
Table 5-3. Network Configuration Page Buttons Button Description Advanced Settings Opens the Network Security page, allowing the user to enter IP Range, and IP Blocking attributes. Print Prints the Network Configuration values that appear on the screen. Refresh Reloads the Network Configuration page. Apply Saves any new settings made to the network configuration page.
Table 5-4. Network Security Page Settings (continued) Settings Description IP Blocking Enabled Enables the IP address blocking feature, which limits the number of failed login attempts from a specific IP address for a preselected time span. The default is off. IP Blocking Fail Count Sets the number of login failures attempted from an IP address before the login attempts are rejected from that address. The default is 10.
The filterable platform events are listed in Table 5-6. . Table 5-6.
3 On the Platform Events page, enable Alert Generation for an event by clicking the corresponding Generate Alert checkbox for that event. NOTE: You can enable or disable Alert Generation for all events by clicking the checkbox next to the Generate Alert column heading. 4 Click the radio button below the action you would like to enable for each event. Only one action can be set for each event. 5 Click Apply.
Configuring E-Mail Alerts 1 Log in to the remote system using a supported Web browser. 2 Ensure that you followed the procedures in "Configuring Platform Event Filters (PEF)" on page 62. 3 Configure your e-mail alert settings. a On the Alert Management tab, click Email Alert Settings. 4 Configure your e-mail alert destination. a In the Email Alert Number column, click a destination number. There are four possible destinations to receive alerts. b Ensure that the Enabled checkbox is selected.
Under IPMI LAN Settings, click the Channel Privilege Level Limit drop-down menu, select Administrator, Operator, or User and click Apply. d Set the IPMI LAN channel encryption key, if required. NOTE: The iDRAC IPMI supports the RMCP+ protocol. NOTE: The encryption key must consist of an even number of hexadecimal characters with a maximum length of 20 characters. Under IPMI LAN Settings in the Encryption Key field, type the encryption key. e Click Apply. 3 Configure IPMI Serial over LAN (SOL).
2 Open the Users page to configure users. The Users page displays each user’s User ID, State, Username, IPMI LAN Privileges, iDRAC Privileges, and Serial Over LAN. NOTE: User-1 is reserved for the IPMI anonymous user and is not configurable. 3 In the User ID column, click a user ID number. 4 On the User Configuration page, configure the user’s properties and privileges. Table 5-7 describes the General settings for configuring an iDRAC user name and password.
Table 5-7. General Properties (continued) Property Description Change Password Enables the New Password and Confirm New Password fields. When unchecked, the user’s Password cannot be changed. New Password Enables editing the iDRAC user’s password. Enter a Password with up to 20 characters. The characters will not display. Confirm New Password Retype the iDRAC user’s password to confirm. Table 5-8.
Table 5-9. iDRAC User Privileges (continued) Property Description Access Console Redirection Enables the user to run Console Redirection. Access Virtual Media Enables the user to run and use Virtual Media. Test Alerts Enables the user to send test alerts (e-mail and PET) to a specific user. Execute Diagnostic Commands Enables the user to run diagnostic commands. Table 5-10.
Table 5-11. User Configuration Page Buttons (continued) Button Action Apply Saves any new settings made to the user configuration. Go Back To Users Page Returns to the Users Page.
The iDRAC Web server has a Dell self-signed SSL digital certificate (Server ID) by default. To ensure high security over the Internet, replace the Web server SSL certificate with a certificate signed by a well-known certificate authority. To initiate the process of obtaining a signed certificate, you can use the iDRAC Web interface to generate a Certificate Signing Request (CSR) with your company’s information. You can then submit the generated CSR to a CA such as VeriSign or Thawte.
Table 5-12. SSL Main Menu Options Field Description Generate a New Certificate Signing Request (CSR) Select the option and click Next to open the Generate Certificate Signing Request (CSR) page. NOTE: Each new CSR overwrites any previous CSR on the firmware. For a CA to accept your CSR, the CSR in the firmware must match the certificate returned from the CA.
3 Click Generate to create the CSR. 4 Click Download to save the CSR file to your local computer. 5 Click the appropriate button to continue. See Table 5-15. Table 5-14. Generate Certificate Signing Request (CSR) Page Options Field Description Common Name The exact name being certified (usually the Web server's domain name, for example, www.xyzcompany.com). Only alphanumeric characters, hyphens, underscores, and periods are valid. Spaces are not valid.
Table 5-15. Generate Certificate Signing Request (CSR) Page Buttons Button Description Print Prints the Generate Certificate Signing Request values that appear on the screen. Refresh Reloads the Generate Certificate Signing Request page. Generate Generates a CSR and then prompts the user to save it to a specified directory. Download Downloads the certificate to the local computer. Go Back to SSL Main Menu Returns the user to the SSL Main Menu page.
Viewing a Server Certificate 1 On the SSL Main Menu page, select View Server Certificate and click Next. Table 5-17 describes the fields and associated descriptions listed in the Certificate window. 2 Click the appropriate button to continue. See Table 5-18. Table 5-17.
To access the Active Directory Main Menu: 1 Click System→ Remote Access→ iDRAC, and then click the Network/Security tab. 2 Click Active Directory to open the Active Directory Main Menu page. Table 5-19 lists the Active Directory Main Menu page options. 3 Click the appropriate button to continue. See Table 5-20. Table 5-19.
Configuring Active Directory (Standard Schema and Extended Schema) 1 On the Active Directory Main Menu page, select Configure Active Directory and click Next. 2 On the Active Directory Configuration page, enter the Active Directory settings. Table 5-21 describes the Active Directory Configuration and Management page settings. 3 Click Apply to save the settings. 4 Click the appropriate button to continue. See Table 5-22.
Table 5-21. Active Directory Configuration Page Settings (continued) Setting Description iDRAC Domain Name The DNS name of the domain, where the Active Directory iDRAC object resides. This default is blank. The name must be a valid domain name consisting of x.y, where x is a 1-254 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. Role Groups The list of role groups associated with the iDRAC.
Table 5-23. Role Group Privileges (continued) Setting Description Login to iDRAC Allows the group log in access to the iDRAC. Configure iDRAC Allows the group permission to configure the iDRAC. Configure Users Allows the group permission to configure users. Clear Logs Allows the group permission to clear logs. Execute Server Control Commands Allows the group permission to execute server control commands. Access Console Redirection Allows the group access to Console Redirection.
Table 5-24. Role Group Permissions (continued) Property Description Custom Selects any combination of the following permissions: Login to iDRAC, Configure iDRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands None No assigned permissions Uploading an Active Directory CA Certificate 1 On the Active Directory Main Menu page, select Upload Active Directory CA Certificate and click Next.
Downloading an iDRAC Server Certificate 1 On the Active Directory Main Menu page, select Download iDRAC Server Certificate and click Next. 2 Save the file to a directory on your system. 3 In the Download Complete window, click Close. Viewing an Active Directory CA Certificate Use the Active Directory Main Menu page to view a CA server certificate for your iDRAC. 1 On the Active Directory Main Menu page, select View Active Directory CA Certificate and click Next.
Configuring Serial Over LAN 1 Click System→ Remote Access→ iDRAC→ Network/Security. 2 Click Serial Over LAN to open the Serial Over LAN Configuration page. Table 5-28 provides information about the Serial Over LAN Configuration page settings. 3 Click Apply. 4 Configure the advanced settings, if required. Otherwise, click the appropriate button to continue. See Table 5-29. To configure the advanced settings, perform the following steps: a Click Advanced Settings.
Table 5-30. Serial Over LAN Configuration Advanced Settings Page Settings Setting Description Character Accumulate Interval The amount of time that the iDRAC will wait before transmitting a partial SOL character data package. The time is measured in seconds. Character Send Threshold The iDRAC will send an SOL character data package containing the characters as soon as this number of characters (or greater) has been accepted. The threshold is measured in characters. Table 5-31.
• Telnet — see Table 5-34 for telnet settings • Automated System Recovery Agent — see Table 5-35 for Automated System Recovery Agent settings 4 Click Apply. 5 Click the appropriate button to continue. See Table 5-36. Table 5-32. Web Server Settings Setting Description Enabled Enables or disables the iDRAC web server. When checked, the checkbox indicates that the web server is enabled. The default is enabled. Max Sessions The maximum number of simultaneous sessions allowed for this system.
Table 5-33. SSH Settings (continued) Setting Description Timeout The secure shell idle timeout, in seconds. Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 300. Port Number The port on which the iDRAC listens for an SSH connection. The default is 22. Table 5-34. Telnet Settings Setting Description Enabled Enables or disables telnet. When checked, telnet is enabled. Max Sessions The maximum number of simultaneous sessions allowed for this system.
Updating the iDRAC Firmware NOTICE: If the iDRAC firmware becomes corrupted, as could occur if the iDRAC firmware update progress is interrupted before it completes, you can recover the iDRAC using the CMC. See your CMC Firmware User’s Guide for instructions. NOTE: The firmware update, by default, retains the current iDRAC settings. During the update process, you have the option to reset the iDRAC configuration to the factory defaults.
OR • If the image did not upload successfully, or it did not pass the verification checks, the firmware update will return to the Firmware Update - Upload (page 1 of 4) window. You can attempt to upgrade the iDRAC again or click Cancel to reset the iDRAC to normal operating mode. NOTE: If you deselect the Preserve Configuration checkbox, the iDRAC will be reset to its default settings. In the default settings, the LAN is disabled. You will not be able to log in to the iDRAC Web interface.
To update the iDRAC firmware, perform the following steps: 1 Download the latest iDRAC firmware to your management computer from support.dell.com. 2 Log in to the CMC Web-based interface. 3 Click Chassis in the system tree. 4 Click the Update tab. The Updatable Components page appears. The server with the recoverable iDRAC is included in the list if it is able to be recovered from the CMC. 5 Click server-n, where n is the number of the server whose iDRAC you want to recover.
Configuring the iDRAC Using the Web Interface
Using the iDRAC with Microsoft Active Directory A directory service maintains a common database of all information needed for controlling users, computers, printers, and other devices on a network. If your company uses the Microsoft® Active Directory® service software, you can configure the software to provide access to the iDRAC, allowing you to add and control iDRAC user privileges to your existing users in your Active Directory software.
Extended Schema Active Directory Overview There are three ways to enable Active Directory with the extended schema: • With the iDRAC Web interface. See "Configuring the iDRAC With Extended Schema Active Directory Using the Web Interface" on page 105. • With the RACADM CLI tool. See "Configuring the iDRAC With Extended Schema Active Directory Using RACADM" on page 106. • With the SM-CLP command line. See "Configuring the iDRAC With Extended Schema Active Directory and SM-CLP" on page 107.
Overview of the RAC Schema Extensions To provide the greatest flexibility in the multitude of customer environments, Dell provides a group of properties that can be configured by the user depending on the desired results. Dell has extended the schema to include an Association, Device, and Privilege property. The Association property is used to link together the users or groups with a specific set of privileges to one or more RAC devices.
Figure 6-1. Typical Setup for Active Directory Objects Association Object User(s) Group(s) Privilege Object RAC Device Object(s) RAC Privilege Object NOTE: The RAC privilege object applies to both DRAC 4 and iDRAC. You can create as many or as few association objects as required.
When adding Universal Groups from separate domains, create an Association Object with Universal Scope. The Default Association objects created by the Dell Schema Extender Utility are Domain Local Groups and will not work with Universal Groups from other domains. Figure 6-2.
See "Adding iDRAC Users and Privileges to Active Directory" on page 102 for detailed instructions. Figure 6-3 provides an example of Active Directory objects in multiple domains. In this scenario, you have two iDRACs (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). User1 is in Domain1, and user2 and user 3 are in Domain2. In this scenario, configure user1 and user2 with administrator privileges to both iDRACs and configure user3 with login privileges to the RAC2.
3 Create two RAC Device Objects, RAC1 and RAC2, to represent the two iDRACs. 4 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privileges. 5 Group user1 and user2 into Group1. The group scope of Group1 must be Universal. 6 Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RAC1, RAC2 as RAC Devices in AO1.
You can extend your schema using one of the following: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema.
Table 6-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) dellRacDevice 1.2.840.113556.1.8000.1280.1.1.1.1 dellAssociationObject 1.2.840.113556.1.8000.1280.1.1.1.2 dellRACPrivileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 6-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Used to define the privileges (Authorization Rights) for the iDRAC device. Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-7. dellProduct Class (continued) OID 1.2.840.113556.1.8000.1280.1.1.1.5 SuperClasses Computer Attributes dellAssociationMembers Table 6-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsServerResetUser 1.2.840.113556.1.8000.1280.1.1.2.7 TRUE TRUE if the user has Server Reset rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsConsoleRedirectUser 1.2.840.113556.1.8000.1280.1.1.2.8 TRUE if the user has Console Redirection rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellAssociationMembers 1.2.840.113556.1.8000.1280.1.1.2.14 FALSE List of Distinguished Name dellAssociationObjectMembers (LDAPTYPE_DN that belong to this Product. 1.3.6.1.4.1.1466.115.121.1.12) This attribute is the backward link to the dellProductMembers Linked attribute.
Opening the Active Directory Users and Computers Snap-In To open the Active Directory Users and Computers snap-in, perform the following steps: 1 If you are logged into the domain controller, click Start→ Admin Tools→ Active Directory Users and Computers. If you are not logged into the domain controller, you must have the appropriate Microsoft Administrator Pack installed on your local system. To install this Administrator Pack, click Start→ Run, type MMC, and press Enter.
4 Select RAC Device Object. 5 Click OK. Creating a Privilege Object NOTE: A Privilege Object must be created in the same domain as the related Association Object. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→ Dell RAC Object. The New Object window appears. 3 Type a name for the new object. 4 Select Privilege Object. 5 Click OK. 6 Right-click the privilege object that you created, and select Properties.
Adding Objects to an Association Object Using the Association Object Properties window, you can associate users or user groups, privilege objects, and RAC devices or RAC device groups. If your system is running Windows 2000 mode or higher, use Universal Groups to span domains with your user or RAC objects. You can add groups of Users and RAC devices. The procedure for creating Dell-related groups and non-Dell-related groups is identical.
Configuring the iDRAC With Extended Schema Active Directory Using the Web Interface 1 Open a supported Web browser window. 2 Log in to the iDRAC Web interface. 3 Click System→ Remote Access. 4 Click the Configuration tab and select Active Directory. 5 On the Active Directory Main Menu page, select Configure Active Directory and click Next. 6 In the Common Settings section: a Select the Enable Active Directory check box. b Type the Root Domain Name.
NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The domain controllers’ SSL certificates should have been signed by the root CA. Have the root CA certificate available on your management station accessing the iDRAC (see "Exporting the Domain Controller Root CA Certificate" on page 116). c Click Apply.
racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgActiveDirectory -o cfgADRacName racadm sslcertupload -t 0x2 -f racadm sslcertdownload -t 0x1 -f 2 If DHCP is enabled on the iDRAC and you want to use the DNS provided by the DHCP server, type the following RACADM command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 3 If DHCP is disabled on the iDRAC or you want to manually input your DNS
set oemdell_schematype=1 set oemdell_adracdomain= set oemdell_adrootdomain= set oemdell_adracname= set /system1/sp1/oemdell_ssl1 oemdell_certtype=AD load -source /system1/sp1/oemdell_ssl1 set /system1/sp1/oemdell_ssl1 oemdell_certtype=SSL dump -destination /system1/sp1/oemdell_ssl1 2 If DHCP is enabled on the iDRAC and you want to use the DNS provided by the DHCP server, type the following SM-CLP co
solution, the role and the privilege level is defined on each iDRAC, not in the Active Directory. Up to five role groups can be configured and defined in each iDRAC. Table 5-10 on page 68 shows the privileges level of the role groups and Table 6-9 shows the default role group settings. Figure 6-4.
Table 6-9. Default Role Group Privileges (continued) Default Privilege Level Permissions Granted Bit Mask None No assigned permissions 0x00000000 None No assigned permissions 0x00000000 NOTE: The Bit Mask values are used only when setting up the standard schema with the RACADM. There are two ways to enable the standard schema in Active Directory: • With the iDRAC Web user interface. See "Configuring the iDRAC With Standard Schema Active Directory and the Web Interface" on page 110.
4 Select Active Directory to open the Active Directory Main Menu page. 5 On the Active Directory Main Menu page, select Configure Active Directory and click Next. 6 In the Common Settings section: a Select the Enable Active Directory check box. b Type the Root Domain Name. The Root Domain Name is the fully qualified root domain name for the forest. c Type the Timeout time in seconds. 7 Click Use Standard Schema in the Active Directory Schema Selection section.
b In the Certificate Upload page, type the file path of the certificate or browse to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The domain controllers’ SSL certificates should have been signed by the root CA.
racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupName racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupPrivilege racadm sslcertupload -t 0x2 -f racadm sslcertdownload -t 0x1 -f NOTE: For bit mask values, see Table B-1.
Use the following commands to configure the iDRAC Active Directory Feature with the standard schema using SM-CLP.
5 If DHCP is disabled on the iDRAC or you want to manually enter your DNS IP addresses, type the following SM-CLP commands: set /system1/sp1/enetport1/lanendpt1/\ ipendpt1/dnsendpt1 oemdell_serversfromdhcp=0 set /system1/sp1/enetport1/lanendpt1/ipendpt1/\ dnsendpt1/remotesap1 dnsserveraddress= set /system1/sp1/enetport1/lanendpt1/ipendpt1/\ dnsendpt1/remotesap1 dnsserveraddress= Enabling SSL on a Domain Controller If you are using Microsoft Enterprise Root CA
Exporting the Domain Controller Root CA Certificate NOTE: If your system is running Windows 2000, the following steps may vary. 1 Locate the domain controller that is running the Microsoft Enterprise CA service. 2 Click Start→ Run. 3 In the Run field, type mmc and click OK. 4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 machines) and select Add/Remove Snap-in. 5 In the Add/Remove Snap-In window, click Add. 6 In the Standalone Snap-In window, select Certificates and click Add.
e In the Security Certificate Main Menu page, select Upload Server Certificate and click Apply. f In the Certificate Upload screen, perform one of the following procedures: g • Click Browse and select the certificate. • In the Value field, type the path to the certificate. Click Apply. Importing the iDRAC Firmware SSL Certificate Use the following procedure to import the iDRAC firmware SSL certificate to all domain controller trusted certificate lists.
Using Active Directory to Log In To the iDRAC You can use Active Directory to log in to the iDRAC using the Web interface. Use one of the following formats to enter your username: or \ or / where username is an ASCII string of 1–256 bytes. White space and special characters (such as \, /, or @) cannot be used in the user name or the domain name. NOTE: You cannot specify NetBIOS domain names, such as Americas, as these names cannot be resolved.
Table 6-10. Using iDRAC With Active Directory: Frequently Asked Questions (continued) Question Answer Does using the iDRAC with Active Directory support multiple domain environments? Yes. The domain forest function level must be in Native mode or Windows 2003 mode. In addition, the groups among Association Object, RAC user objects, and RAC Device Objects (including Association Object) must be universal groups.
Table 6-10. Using iDRAC With Active Directory: Frequently Asked Questions (continued) Question Answer What can I do if I cannot log into the iDRAC using Active Directory authentication? How do I troubleshoot the issue? 1 Ensure that you use the correct user domain name during a login and not the NetBIOS name. 2 If you have a local iDRAC user account, log into the iDRAC using your local credentials.
Using GUI Console Redirection This section provides information about using the iDRAC console redirection feature. Overview The iDRAC console redirection feature enables you to access the local console remotely in either graphic or text mode. Using console redirection, you can control one or more iDRAC-enabled systems from one location. You do not have to sit in front of each server to perform all the routine maintenance.
Supported Screen Resolutions and Refresh Rates Table 7-1 lists the supported screen resolutions and corresponding refresh rates for a console redirection session that is running on the managed server. Table 7-1.
Configuring Console Redirection in the iDRAC Web Interface To configure console redirection in the iDRAC Web interface, perform the following steps: 1 Click System and then click the Console tab. 2 Click Configuration to open the Console Redirection Configuration page. 3 Configure the console redirection properties. Table 7-2 describes the settings for console redirection. 4 When completed, click Apply. 5 Click the appropriate button to continue. See Table 7-3. Table 7-2.
Table 7-2. Console Redirection Configuration Properties (continued) Property Description Video Encryption Enabled Checked indicates that video encryption is enabled. All traffic going to the video port is encrypted. Unchecked indicates that video encryption is disabled. Traffic going to the video port is not encrypted. The default is Encrypted. Disabling encryption can improve performance on slower networks. Mouse Mode Choose Windows if the managed server is running on a Windows operating system.
Table 7-3. Console Redirection Configuration Page Buttons Button Definition Print Prints the Console Redirection Configuration page Refresh Reloads the Console Redirection Configuration page Apply Saves any new settings made to the console redirection.
Table 7-4. Console Redirection Page Information (continued) Property Description Mouse Mode Displays the mouse acceleration currently in effect. Mouse Acceleration mode should be chosen based on the type of operating system installed on the managed server. Console Plug-in Type Shows the plug-in type currently configured. ActiveX — An Active-X viewer will be launched. ActiveX viewer will only work on Internet Explorer while running on a Windows Operating System. Java — A Java viewer will be launched.
3 If a console redirection session is available, click Launch Viewer. NOTE: Multiple message boxes may appear after you launch the application. To prevent unauthorized access to the application, you must navigate through these message boxes within three minutes. Otherwise, you will be prompted to relaunch the application. NOTE: If one or more Security Alert windows appear in the following steps, read the information in the window and click Yes to continue.
Table 7-6. Viewer Menu Bar Selections Menu Item Item Description Video Pause Temporarily pauses console redirection. Resume Resumes console redirection. Refresh Redraws the viewer screen image. Capture Captures the current remote system screen to a .bmp Current Screen file on Windows or a .png file on Linux. A dialog box is displayed that allows you to save the file to a specified location.
Table 7-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Keyboard Hold Right Alt Select this item before typing keys you want to Key combine with the right key. Hold Left Alt Key Select this item before typing keys you want to combine with the left key. Left Windows Key Select Hold Down before typing characters you want to combine with the left Windows key. Select Press and Release to send a left Windows key keystroke.
Table 7-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Mouse Synchronize Cursor The Mouse menu enables you to synchronize the cursor so that the mouse on the client is redirected to the mouse on the server. Options Color Mode Allows you to select a color depth to improve performance over the network.
The Synchronize cursor menu item is a toggle. Ensure that there is a check mark next to the item in the menu so that the mouse synchronization is active. When using Red Hat® Linux® or Novell® SUSE® Linux, be sure to configure the mouse mode for Linux before you launch the viewer. See "Configuring Console Redirection in the iDRAC Web Interface" on page 123 for help with configuration. The operating system’s default mouse settings are used to control the mouse arrow in the iDRAC Console Redirection screen.
Frequently Asked Questions Table 7-7 lists frequently asked questions and answers. Table 7-7. Using Console Redirection: Frequently Asked Questions Question Answer Can a new remote console video session be started when the local video on the server is turned off? Yes. Why does it take It gives a local user an opportunity to take any action before 15 seconds to turn off the video is switched off.
Table 7-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer What privileges are Any user with iDRAC configuration privileges can turn the needed for an iDRAC local console on or off. user to turn on or off the local server video? How can I get the current status of the local server video? The status is displayed on the Console Redirection Configuration page of the iDRAC Web interface.
Table 7-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why doesn’t the mouse sync in DOS when performing Console Redirection? The Dell BIOS is emulating the mouse driver as a PS/2 mouse. By design, the PS/2 mouse uses relative position for the mouse pointer, which causes the lag in syncing. iDRAC has a USB mouse driver, which allows absolute position and closer tracking of the mouse pointer.
Table 7-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why doesn’t the Num Lock indicator on my management station reflect the status of the Num Lock on the remote server? When accessed through the iDRAC, the Num Lock indicator on the management station does not necessarily coincide with the state of the Num Lock on the remote server.
Using GUI Console Redirection
Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the console redirection viewer, provides the managed server access to media connected to a remote system on the network. Figure 8-1 shows the overall architecture of Virtual Media. Figure 8-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps. Virtual media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
See "Supported Web Browsers" on page 23 for more information. You must have administrator rights to install ActiveX. Before installing the ActiveX control, Internet Explorer may display a security warning. To complete the ActiveX control installation procedure, accept the ActiveX control when Internet Explorer prompts you with a security warning.
Table 8-2. Virtual Media Configuration Values (continued) Attribute Value Maximum Sessions Displays the maximum number of Virtual Media sessions allowed. This is always 1. Active Sessions Displays the current number of Virtual Media sessions. Virtual Media Encryption Enabled Click the checkbox to enable or disable encryption on Virtual Media connections. Checked enables encryption; unchecked disables encryption.
Table 8-3. Virtual Media Configuration Page Buttons Button Description Print Prints the Console Configuration values that appear on the screen. Refresh Reloads the Console Configuration page. Apply Saves any new settings made to the Console Configuration page. Running Virtual Media NOTICE: Do not issue a racreset command when running a Virtual Media session. Otherwise, undesirable results may occur, including loss of data.
4 Click Launch Viewer. NOTE: On Linux, the file jviewer.jnlp is downloaded to your desktop and a dialog box will ask what to do with the file. Choose the option to Open with program and then select the javaws application, which is located in the bin subdirectory of your JRE installation directory. The iDRACView application launches in a separate window. 5 Click Media→ Virtual Media Wizard…. The Media Redirection wizard appears. 6 View the Status window.
To change the BIOS setting, perform the following steps: 1 Boot the managed server. 2 Press to enter the BIOS setup window. 3 Scroll to the boot sequence and press . In the pop-up window, the virtual optical drives and virtual floppy drives are listed with the standard boot devices. 4 Ensure that the virtual drive is enabled and listed as the first device with bootable media. If required, follow the on-screen instructions to modify the boot order. 5 Save the changes and exit.
Using Virtual Media When the Server’s Operating System Is Running Windows-Based Systems On Windows systems, the virtual media drives are automounted if they are attached and configured with a drive letter. Using the virtual drives from within Windows is similar to using your physical drives. When you connect to the media using the Virtual Media wizard, the media is available at the system by clicking the drive and browsing its content.
Table 8-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer Why do I sometimes lose my client connection? • You can sometimes lose your client connection if the network is slow or if you change the CD in the client system CD drive. For example, if you change the CD in the client system’s CD drive, the new CD might have an autostart feature.
Table 8-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer How do I configure my virtual device On the managed server, access the BIOS Setup as a bootable device? and navigate to the boot menu. Locate the virtual CD, Virtual Floppy, or Virtual Flash and change the device boot order as needed. For example, to boot from a CD drive, configure the CD drive as the first drive in the boot order.
Table 8-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy device on a system running Red Hat® Enterprise Linux® or the SUSE® Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
Table 8-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer What file system types are supported on my Virtual Floppy Drive? Your Virtual Floppy Drive supports FAT16 or FAT32 file systems. When I performed a firmware update remotely using the iDRAC Web interface, my virtual drives at the server were removed. Why? Firmware updates cause the iDRAC to reset, drop the remote connection, and unmount the virtual drives. The drives will reappear when the iDRAC reset is complete.
Using the Local RACADM Command Line Interface The local RACADM command line interface (CLI) provides access to the iDRAC management features from the managed server. RACADM provides access to the same features as the iDRAC Web interface. However, RACADM can be used in scripts to ease configuration of multiple servers and iDRACs, where the Web interface is more useful for interactive management. Local RACADM commands do not use network connections to access the iDRAC from the managed server.
The subcommand list includes all commands that are supported by the iDRAC. To get help for a subcommand, type: racadm help The command displays the syntax and command-line options for the subcommand. RACADM Subcommands Table 9-1 provides a description of each RACADM subcommand that you can run in RACADM. For a detailed listing of RACADM subcommands including syntax and valid entries, see "RACADM Subcommand Overview" on page 231. Table 9-1.
Table 9-1. RACADM Subcommands (continued) Command Description racreset Resets the iDRAC. racresetcfg Resets the iDRAC to the default configuration. serveraction Performs power management operations on the managed server. setniccfg Sets the IP configuration for the controller. sslcertdownload Downloads a CA certificate. sslcertupload Uploads a CA certificate or server certificate to the iDRAC. sslcertview Views a CA certificate or server certificate in the iDRAC.
For example, to display a list of all cfgLanNetworking group object settings, type the following command: racadm getconfig -g cfgLanNetworking Managing iDRAC Users with RACADM NOTICE: Use caution when using the racresetcfg command, as all configuration parameters are reset to the original defaults. Any previous changes are lost. NOTE: If you are configuring a new iDRAC or if you ran the racadm racresetcfg command, the only current user is root with the password calvin.
Adding an iDRAC User To add a new user to the iDRAC, perform the following steps: 1 Set the user name. 2 Set the password. 3 Set the Login to iDRAC user privilege. 4 Enable the user.
Table 9-2. Bit Masks for User Privileges (continued) User Privilege Privilege Bit Mask Clear Logs 0x0000008 Execute Server Control Commands 0x0000010 Access Console Redirection 0x0000020 Access Virtual Media 0x0000040 Test Alerts 0x0000080 Execute Debug Commands 0x0000100 For example, to allow the user Configure iDRAC, Configure Users, Clear Logs, and Access Console Redirection privileges, add the values 0x00000002, 0x00000004, 0x00000008, and 0x00000010 to construct the bitmap 0x0000002E.
NOTE: Ensure that the SMTP and E-mail Alert settings are configured before testing the e-mail alert feature. See "Configuring E-Mail Alerts" on page 64 for more information. Testing the iDRAC SNMP Trap Alert Feature The iDRAC SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed server. The following example shows how a user can test the SNMP trap alert feature.
racadm config -g cfgLanNetworking -o cfgNicGateway 192.168.0.120 racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 192.168.0.5 racadm config -g cfgLanNetworking -o cfgDNSServer2 192.168.0.
where is one of the following: • 2 (User) • 3 (Operator) • 4 (Administrator) For example, to set the IPMI LAN channel privilege to 2 (User), type the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanPrivilegeLimit 2 b Set the IPMI LAN channel encryption key, if required, using a command such as the following: NOTE: The iDRAC IPMI supports the RMCP+ protocol. See the IPMI 2.0 specifications for more information.
For example, to configure the IPMI privileges to 2 (User), enter the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolMinPrivilege 2 NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate is identical to your managed server’s baud rate. b Update the IPMI SOL baud rate using the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolBaudRate where is 19200, 57600, or 115200 bps.
1 Configure PEF actions using the following command: racadm config -g cfgIpmiPef -o cfgIpmiPefAction -i where is the PEF index (see Table 5-6 on page 62), and is a value from Table 9-3.
4 Configure the Community Name string. At the command prompt, type: racadm config -g cfgIpmiLan -o cfgIpmiPetCommunityName where is the PET Community Name.
5 Test the configured e-mail alert, if desired, by entering the following command: racadm testemail -i where is the e-mail destination index to test. Configuring IP Filtering (IpRange) IP address filtering (or IP Range Checking) allows iDRAC access only from clients or management workstations whose IP addresses are within a userspecified range. All other login requests are denied.
Table 9-4. IP Address Filtering (IpRange) Properties Property Description cfgRacTuneIpRangeEnable Enables the IP range checking feature. cfgRacTuneIpRangeAddr Determines the acceptable IP address bit pattern, depending on the 1’s in the subnet mask. This property is bitwise anded with cfgRacTuneIpRangeMask to determine the upper portion of the allowed IP address. Any IP address that contains this bit pattern in its upper bits is allowed to log in.
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.57 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255 2 To restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask, as shown below: racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.212 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.
• The amount of time in seconds that the blocked IP address is prevented from establishing a session after the allowed number of failures is exceeded (cfgRacTuneIpBlkPenaltyTime) As login failures accumulate from a specific IP address, they are registered by an internal counter. When the user logs in successfully, the failure history is cleared and the internal counter is reset.
Enabling IP Blocking The following example prevents a client IP address from establishing a session for five minutes if that client has failed five login attempts in a one-minute period of time.
racadm config -g cfgSerial -o cfgSerialSshEnable 1 To disable the telnet or SSH service, change the value from 1 to 0: racadm config -g cfgSerial -o cfgSerialTelnetEnable 0 racadm config -g cfgSerial -o cfgSerialSshEnable 0 Type the following command to change the telnet port number on the iDRAC: racadm config -g cfgRacTuning -o cfgRacTuneTelnetPort For example, to change the telnet port from the default 22 to 8022, type this command: racadm config -g cfgRacTuning -o cfgRacTuneTelnetPort 8
To obtain a configuration file, with the RACADM getconfig command, enter the following command at a command prompt on the managed server: racadm getconfig -f myconfig.cfg This command creates the file myconfig.cfg in the current directory. Configuration File Syntax NOTICE: Edit the configuration file with a plain text editor, such as Notepad on Windows or vi on Linux. The racadm utility parses ASCII text only. Any formatting confuses the parser and may corrupt the iDRAC database.
• Parameters are specified as object=value pairs with no white space between the object, =, and value. White space that is included after the value is ignored. White space inside a value string remains unmodified. Any character to the right of the = is taken as is (for example, a second =, or a #, [, ], and so forth). • The parser ignores an index object entry. You cannot specify which index is used.
configured. If a modified object represents a new index, the index is created on the iDRAC during configuration. • You cannot specify a desired index in a configuration file. Indexes may be created and deleted, so over time the group may become fragmented with used and unused indexes. If an index is present, it is modified. If an index is not present, the first available index is used.
# comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 Loading the Configuration File Into the iDRAC The command racadm config -f parses the configuration file to verify that valid group and object names are present and that syntax rules are followed. If the file is error-free the command then updates the iDRAC database with the contents of the file. NOTE: To verify the syntax only and not update the iDRAC database, add the -c option to the config subcommand.
where is the name of a file to save the iDRAC properties, such a myconfig.cfg. See "Creating an iDRAC Configuration File" on page 166 for more information. NOTE: Some configuration files contain unique iDRAC information (such as the static IP address) that must be modified before you export the file to other iDRACs. 2 Edit the configuration file you created in the previous step and remove or comment-out any settings you do not want to replicate.
Using the Local RACADM Command Line Interface
Using the iDRAC SM-CLP Command Line Interface This section provides information about the Server Management Workgroup (SMWG) Server Management-Command Line Protocol (SM-CLP) that is incorporated in the iDRAC. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SMWG SM-CLP specifications. For more information on these specifications, see the Distributed Management Task Force (DMTF) website at www.dmtf.org.
• Active Directory configuration • iDRAC LAN configuration • SSL Certificate Signature Request (CSR) generation • Virtual media configuration • Serial over LAN (SOL) redirection over Telnet or SSH iDRAC SM-CLP Support SM-CLP is hosted from the iDRAC firmware and supports telnet and SSH connections. The iDRAC SM-CLP interface is based on the SM-CLP Specification Version 1.0 provided by the DMTF organization.
Table 10-1. Supported SM-CLP CLI Verbs (continued) Verb Description Options delete Deletes an object instance. –examine, –help, –output, –version Syntax: delete [options] target dump Moves a binary image from the MAP to a URI. –destination, –examine, dump -destination [options] –help, –output, –version [target] exit Exits from the SM-CLP shell session. Syntax: –help, –output, –version exit [options] help Displays help for SM-CLP commands.
Table 10-1. Supported SM-CLP CLI Verbs (continued) Verb Description Options start Starts a target. –examine, –force, –help, –output, –version Syntax: start [options] [target] stop Shuts down a target. Syntax: stop [options] [target] version Displays the version attributes of a target. Syntax: –examine, –force, –help, –output, –state, –version, –wait –examine, –help, –output, –version version [options] Table 10-2 describes the SM-CLP options.
Table 10-2. Supported SM-CLP Options (continued) SM-CLP Option Description –level, -l Instructs the verb to operate on targets at additional levels beneath the specified target. Syntax: -level –output, –o Specifies the format for the output. Syntax: -output -source Specifies the location of an image in a load command. Syntax: -source –version, –v Displays the SMASH-CLP version number.
Targets Table 10-3 provides a list of targets available through the SM-CLP. Table 10-3. SM-CLP Targets Target Definition /system1/ The managed system target. /system1/sp1 The service processor. /system1/sol1 Serial over LAN target. /system1/sp1/account1 through /system1/sp1/account16 The sixteen local iDRAC user accounts. account1 is the root account. /system1/sp1/enetport1 The iDRAC NIC MAC address. /system1/sp1/enetport1/lanendpt1/ ipendpt1 The iDRAC IP, gateway, and netmask settings.
Using the -display Option The show –display option allows you to limit the output of the command to one or more of properties, targets, and verbs. For example, to display just the properties and targets at the current location, use the following command: show -d properties,targets /system1/sp1/account1 To list only certain properties, qualify them, as in the following command: show -d properties=(userid,username) /system1/sp1/account1 If you only want to show one property, you can omit the parentheses.
iDRAC SM-CLP Examples The following subsections provide examples for using the SM-CLP to perform the following operations: • Server power management • SEL management • MAP target navigation • Display system properties • Setting the iDRAC IP address, subnet mask, and gateway address Server Power Management Table 10-4 provides examples of using SM-CLP to perform power management operations on a managed server. Table 10-4.
Table 10-5.
Table 10-5.
Table 10-6. Map Target Navigation Operations (continued) Operation Syntax Navigate to the SEL ->cd system1 target and display the ->cd sp1 log records ->cd logs1 ->show ->cd system1/sp1/logs1 ->show Display current target ->cd . Move up one level ->cd ..
When you commit the changes, the new network settings take effect, which causes your telnet or ssh session to be terminated. By introducing the commit step, you can delay the termination of your session until you have completed all of your SM-CLP commands. Table 10-7 provides examples of setting the iDRAC properties using SM-CLP. Table 10-7.
3 Enter the following command: load -source tftp:/// /system1/sp1 where is the DNS name or IP address of your TFTP server and is the path to the update package on the TFTP server. Your telnet or SSH session will be terminated. You may need to wait several minutes for the firmware update to complete. 4 To verify that the new firmware was written, start a new telnet or SSH session and re-enter the version command again.
4 Enter the DNS name or IP address of the iDRAC in the Host address field. 5 Enter the Telnet port number in the Port number field. 6 Click OK. To end the SOL session, click the HyperTerminal disconnect icon. Using SOL Over Telnet With Linux To start SOL from Telnet on a Linux management station, follow these steps: 1 Start a shell.
Deploying Your Operating System Using iVM-CLI The Virtual Media Command Line Interface (iVM-CLI) utility is a command-line interface that provides virtual media features from the management station to the iDRAC in the remote system. Using iVM-CLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the iVM-CLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using the iDRAC Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Windows systems. Creating an Image File for Linux Systems Use the Data Duplicator (dd) utility to create a bootable image file for your Linux system.
When you create the image file, do the following: • Follow standard network-based installation procedures • Mark the deployment image as "read only" to ensure that each target system boots and executes the same deployment procedure 4 Perform one of the following procedures: • Integrate ipmitool and the Virtual Media command line interface (iVM-CLI) into your existing operating system deployment application. Use the sample ivmdeploy script as a guide to using the utility.
• is the path to the device containing the operating system installation CD or DVD The ivmdeploy script passes its command line options to the ivmcli utility. See "Command Line Options" on page 191 for details about these options. The script processes the -r option slightly differently than the ivmcli -r option. If the argument to the -r option is the name of an existing file, the script reads iDRAC IP addresses from the specified file and runs the ivmcli utility once for each line.
The client system’s administrator controls user groups and privileges, thereby controlling the users who can run the utility. For Windows systems, you must have Power User privileges to run the iVMCLI utility. For Linux systems, you can access the iVM-CLI utility without administrator privileges by using the sudo command. This command provides a centralized means of providing non-administrator access and logs all user commands.
The iVM-CLI command format is as follows: ivmcli [parameter] [operating_system_shell_options] Command-line syntax is case sensitive. See "iVM-CLI Parameters" for more information. If the remote system accepts the commands and the iDRAC authorizes the connection, the command continues to run until either of the following occurs: • The iVM-CLI connection terminates for any reason. • The process is manually terminated using an operating system control.
iDRAC User Password -p This parameter provides the password for the specified iDRAC user. If iDRAC authentication fails, an error message displays and the command terminates.
CD/DVD Device or Image File -c { | } where is a valid CD/DVD drive letter (Windows systems) or a valid CD/DVD device file name (Linux systems) and is the file name and path of a valid ISO-9660 image file. This parameter specifies the device or file that will supply the virtual CD/DVD-ROM media: For example, an image file is specified as: -c c:\temp\mydvd.img (Windows systems) -c /tmp/mydvd.
Manual Display -m This parameter displays a detailed “man page” for the iVM-CLI utility, including descriptions of all of the possible options. Encrypted Data -e When this parameter is included in the command line, iVM-CLI will use an SSL-encrypted channel to transfer data between the management station and the iDRAC in the remote system. If this parameter is not included in the command line, the data transfer is not encrypted.
iVM-CLI Return Codes 0 = No error 1 = Unable to connect 2 = iVM-CLI command line error 3 = RAC firmware connection dropped English-only text messages are also issued to standard error output whenever errors are encountered.
Using the iDRAC Configuration Utility Overview The iDRAC Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for the iDRAC and for the managed server.
Starting the iDRAC Configuration Utility You must use an iKVM-connected console to access the iDRAC Configuration Utility initially or after a resetting the iDRAC to the default settings. 1 At the keyboard connected to the iKVM console, press to display the iKVM On Screen Configuration and Reporting (OSCAR) menu. Use and to highlight the slot containing your server, then press .
• The bottom line of the screen displays instructions for the current item. You can press to display help for the current item. • When you have finished using the iDRAC Configuration Utility, press to view the exit menu, where you can choose to save or discard your changes or return to the utility. The following sections describe the iDRAC Configuration Utility menu items. LAN Use , , and the spacebar to select between Enabled and Disabled.
Press any key to clear the message and continue. See "LAN" on page 199 for an explanation of the message. LAN Parameters Press to display the LAN Parameters submenu. When you have finished configuring the LAN parameters, press to return to the previous menu. Table 12-1. LAN Parameters Item Description RMCP+ Encryption Key Press to edit the value, when finished. The RMCP+ Encryption key is a 40-character hexadecimal string (characters 0-9, a-f, and A-F).
Table 12-1. LAN Parameters (continued) Item Description Default Gateway If the IP Address Source is set to DHCP, this field displays the IP address of the default gateway obtained from DHCP. If the IP Address Source is set to Static, enter the IP address of the default gateway. The default is 192.168.0.1. LAN Alert Enabled Select On to enable the Platform Event Trap (PET) LAN alert. Alert Policy Entry 1 Select Enable or Disable to activate the first alert destination.
Virtual Media Use and to select Attached or Detached. When you select Attached, the virtual media devices are attached to the USB bus, making them available for use during Console Redirection sessions. If you select Detached, users cannot access virtual media devices during Console Redirection sessions. NOTE: To use a USB Flash Drive with the Virtual Media feature, the USB Flash Drive Emulation Type must be set to Hard disk in the BIOS Setup Utility.
Reset to Default Use the Reset to Default menu item to reset all of the iDRAC configuration items to the factory defaults. This may be required, for example, if you have forgotten the administrative user password or if you want to reconfigure the iDRAC from the default settings. NOTE: In the default configuration, the iDRAC networking is disabled. You cannot reconfigure the iDRAC over the network until you have enabled the iDRAC network in the iDRAC Configuration Utility. Press to select the item.
Exiting the iDRAC Configuration Utility When you have finished making changes to the iDRAC configuration, press the key to display the Exit menu. Select Save Changes and Exit and press to retain your changes. Select Discard Changes and Exit and press to ignore any changes you made. Select Return to Setup and press to return to the iDRAC Configuration Utility.
Recovering and Troubleshooting the Managed Server This section explains how to perform tasks related to diagnosing and troubleshooting a remote managed server using the iDRAC facilities.
LED Indicators The initial indication of system trouble may be the LEDs on the chassis or components installed in the chassis. The following components and modules have status LEDs: • Chassis LCD display • Servers • Fans • CMCs • I/O modules • Power supplies The single LED on the chassis LCD summarizes the status of all of the components in the system. A solid blue LED on the LCD indicates that no fault conditions have been detected in the system.
• Loss of network connectivity • Battery, temperature, voltage, or power monitoring sensor alerts • Hard drive failures • USB media failure • Physical damage caused by dropping, water, or other external stress When these kinds of problems occur, you can try to correct the problem using these strategies: • Reseat the module and restart it • Try inserting the module into a different bay in the chassis • Try replacing hard drives or USB keys • Reconnect or replace the power and network cables
Problem Solving Tools This section describes iDRAC facilities you can use to diagnose problems with your system, especially when you are trying to solve problems remotely.
Checking the System Event Log (SEL) The SEL Log page displays messages for events that occur on the managed server. To view the System Event Log, perform the following steps: 1 Click System and then click the Logs tab. 2 Click System Event Log to display the System Event Log page. The System Event Log page displays a system health indicator (see Table 13-3), a time stamp, and a description of the event. 3 Click the appropriate System Event Log page button to continue (see Table 13-4). Table 13-4.
To view the Post Codes, perform the following steps: 1 Click System, the Logs tab, and then Post Codes. The Post Codes page displays a system health indicator (see Table 13-3), a hexadecimal code, and a description of the code. 2 Click the appropriate Post Code page button to continue (see Table 13-5). Table 13-5. Post Code Buttons Button Action Print Prints the Post Codes page. Refresh Reloads the Post Codes page.
Table 13-6. Last Crash Screen Page Buttons (continued) Button Action Delete Deletes the Last Crash Screen page. Refresh Reloads the Last Crash Screen page. NOTE: Due to fluctuations in the Auto Recovery timer, the Last Crash Screen may not be captured when the System Reset Timer is configured with a value that is too high. The default setting is 480 seconds. Use Server Administrator or IT Assistant to set the System Reset Timer to 60 seconds and ensure that the Last Crash Screen functions properly.
Table 13-7.
Table 13-7.
Table 13-7. Server Status Screen (continued) Severity Message Critical System Board OS Watchdog: The iDRAC watchdog Watchdog sensor for System detected that the system Board, power cycle was asserted has crashed (timer expired because no response was received from Host) and the action is set to power cycle. Critical System Board SEL: Event Log The SEL device detects sensor for System Board, log full that only one entry can was asserted be added to the SEL before it is full.
Table 13-7. Server Status Screen (continued) Severity Message Cause Non-Recoverable CPU Bus PERR: Processor sensor, transition to nonrecoverable was asserted The processor bus PERR entered a nonrecoverable state. Non-Recoverable CPU Init Err: Processor sensor, transition to non-recoverable was asserted The processor initialization entered a non-recoverable state.
Table 13-7. Server Status Screen (continued) Severity Message Cause Critical Chipset Err: Critical Event sensor, PCI PERR was asserted Chip error is detected. Warning Mem ECC Warning: Memory Correctable ECC errors sensor, transition to non-critical have increased from a from OK ( ) was asserted Critical Mem ECC Warning: Memory Correctable ECC errors sensor, transition to critical from have reached a critical less severe (
Table 13-7.
Table 13-7.
To access the iDRAC Log, perform the following steps: • Click System→ Remote Access→ iDRAC and then click iDRAC Log. The iDRAC Log provides the information in Table 13-8. Table 13-8. iDRAC Log Page Information Field Description Date/Time The date and time (for example, Dec 19 16:55:47). The iDRAC sets its clock from the managed server’s clock. When the iDRAC initially starts and is unable to communicate with the managed server, the time is displayed as the string System Boot.
Viewing System Information The System Summary page displays information about the following system components: • Main System enclosure • Integrated Dell Remote Access Controller To access the system information, click System→ Properties. Main System enclosure Table 13-10 and Table 13-11 describe the main system enclosure properties. Table 13-10. System Information Fields Field Description Description Provides a system description. BIOS Version Lists the system BIOS version.
Integrated Dell Remote Access Controller Table 13-12 describes the iDRAC properties. Table 13-12. iDRAC Information Fields Field Description Date/Time Provides the current date and time on the iDRAC in GMT. Firmware Version Lists the version of the iDRAC firmware. Firmware Updated Lists the date the firmware was last updated. The date is displayed in UTC format, for example: Tue, 8 May 2007, 22:18:21 UTC. IP Address The 32-bit address that identifies the network interface.
To identify the server: 1 Click System→ Remote Access→ iDRAC→ Troubleshooting. 2 On the Identify page, check the value box next to Identify Server. 3 In the Identify Server Timeout field, enter the number of seconds that you want the LED to blink. Enter 0 if you want the LED to remain flashing until you disable it. 4 Click Apply. A blue LED on the server will flash for the number of seconds you specified.
Table 13-13. Diagnostic Commands (continued) Command Description ifconfig Displays the contents of the network interface table. netstat Prints the content of the routing table. ping Verifies that the destination IP address is reachable from the iDRAC with the current routing-table contents. A destination IP address must be entered in the field to the right of this option.
Table 13-14. Power Control Actions (continued) NMI (NonMasking Interrupt) Sends a high-level interrupt to the operating system, which causes the system to halt operation to allow for critical diagnostic or troubleshooting activities. Graceful Shutdown Attempts to cleanly shut down the operating system, then powers off the system. It requires an ACPI (Advanced Configuration and Power Interface) aware operating system, which allows for system directed power management.
Table 13-16. Frequently Asked Questions/Troubleshooting Question Answer The LED on the server is blinking amber. Check the SEL for messages and then clear the SEL to stop the blinking LED. From the iDRAC Web interface: • See "Checking the System Event Log (SEL)" on page 209 From SM-CLP: • See "SEL Management" on page 180 From the iDRAC Configuration Utility: • See "System Event Log Menu" on page 203 There is a blinking blue LED on the server. A user has activated the locator ID for the server.
Table 13-16. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of the iDRAC? (continued) For example: $ racadm getniccfg -m server-1 DHCP Enabled IP Address Subnet Mask Gateway = = = = 1 192.168.0.1 255.255.255.0 192.168.0.1 From local RACADM: 1 Enter the following command at a command prompt: racadm getsysinfo From the LCD: 1 On the Main Menu, highlight Server and press the check button.
Table 13-16. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of the CMC? From the iDRAC Web interface: • Click System→ Remote Access→ CMC. The CMC IP address is displayed on the Summary page. OR • Select the "Dell CMC" console in the OSCAR to log into the CMC through a local serial connection. CMC RACADM commands can be issued from this connection. Refer to the CMC Firmware Version 1.0 User’s Guide for a complete list of the CMC RACADM subcommands.
Table 13-16. Frequently Asked Questions/Troubleshooting (continued) Question Answer I have forgotten the You must restore the iDRAC to its default settings. iDRAC administrative user 1 Reboot the server and press when name and password. prompted to enter the iDRAC Configuration Utility. 2 On the configuration utility menu, highlight Reset to Default and press . For more information, see "Reset to Default" on page 203.
Table 13-16. Frequently Asked Questions/Troubleshooting (continued) Question Answer When attempting to boot the managed server, the power indicator is green, but there is no POST or no video at all. This can happen if any of the following conditions is true: • Memory is not installed or is inaccessible. • The CPU is not installed or is inaccessible. • The video riser card is missing or improperly connected. Also, look for error messages in the iDRAC log from the iDRAC Web interface or from the LCD.
Recovering and Troubleshooting the Managed Server
RACADM Subcommand Overview This section provides descriptions of the subcommands that are available in the RACADM command line interface. help Table A-1 describes the help command. Table A-1. Help Command Command Definition help Lists all of the subcommands available to use with racadm and provides a short description for each.
Supported Interfaces • Local RACADM config Table A-2 describes the config and getconfig subcommands. Table A-2. config/getconfig Subcommand Definition config Configures the iDRAC. getconfig Gets the iDRAC configuration data.
Table A-3. config Subcommand Options and Descriptions (continued) Option Description -p The -p, or password, option directs config to delete the password entries contained in the config file -f after the configuration is complete. -g The -g , or group, option must be used with the -o option. The specifies the group containing the object that is to be set. -o The -o , or object, option must be used with the -g option.
• racadm config -f myrac.cfg Configures or reconfigures the iDRAC. The myrac.cfg file may be created with the getconfig command. The myrac.cfg file may also be edited manually as long as the parsing rules are followed. NOTE: The myrac.cfg file does not contain passwords. To include passwords in the file, you must enter them manually. If you want to remove passwords from the myrac.cfg file during configuration, use the -p option.
Table A-4. getconfig Subcommand Options (continued) Option Description -i The -i , or index, option is valid only for indexed groups and can be used to specify a unique group. If -i is not specified, a value of 1 is assumed for groups, which are tables that have multiple entries. The index is specified by the index value, not a "named" value. -o The -o , or object, option specifies the object name that is used in the query. This option can be used with the -g option.
• racadm getconfig -g cfgUserAdmin -i 2 -v Displays the user group instance at index 2 with extensive information for the property values. Synopsis racadm getconfig -f racadm getconfig -g [-i ] racadm getconfig -u racadm getconfig -h Supported Interfaces • Local RACADM getssninfo Table A-5 describes the getssninfo subcommand. Table A-5.
Supported Interfaces • Local RACADM Input Table A-6 describes the getssninfo subcommand options. Table A-6. getssninfo Subcommand Options Option Description -A The -A option eliminates the printing of data headers. -u The -u user name option limits the printed output to only the detail session records for the given user name. If an asterisk (*) symbol is given as the user name, all users are listed. Summary information is not printed when this option is specified.
getsysinfo Table A-8 describes the racadm getsysinfo subcommand. Table A-8. getsysinfo Command Definition getsysinfo Displays iDRAC information, system information, and watchdog status information. Synopsis racadm getsysinfo [-d] [-s] [-w] [-A] Description The getsysinfo subcommand displays information related to the iDRAC, managed server, and watchdog configuration. Supported Interfaces • Local RACADM Input Table A-9 describes the getsysinfo subcommand options. Table A-9.
Sample Output RAC Information: RAC Date/Time Firmware Version Firmware Build Last Firmware Update = = = = Wed Aug 22 20:01:33 2007 0.32 13661 Mon Aug 20 08:09:36 2007 Hardware Version Current IP Address Current IP Gateway Current IP Netmask DHCP Enabled MAC Address Current DNS Server 1 Current DNS Server 2 DNS Servers from DHCP Register DNS RAC Name DNS RAC Name Current DNS Domain = = = = = = = = = = = = NA 192.168.0.120 192.168.0.1 255.255.255.0 1 00:14:22:18:cd:f9 10.32.60.4 10.32.60.
Examples • racadm getsysinfo -A -s "System Information:" "PowerEdge M600" "0.2.1" "0.32" "48192" "dell-x92i38xc2n" "" "ON" • racadm getsysinfo -w -s System Information: System Model System BIOS Version BMC Firmware Version Service Tag Host Name OS Name Power Status = PowerEdge M600 = 0.2.1 = 0.
Synopsis racadm getractime [-d] Description With no options, the getractime subcommand displays the time in a common readable format. With the -d option, getractime displays the time in the format, yyyymmddhhmmss.mmmmmms, which is the same format returned by the UNIX date command. Output The getractime subcommand displays the output on one line. Sample Output racadm getractime Thu Dec 8 20:15:26 2005 racadm getractime -d 20071208201542.
Synopsis racadm setniccfg -d racadm setniccfg -s [ ] racadm setniccfg -o [ ] Description The setniccfg subcommand sets the iDRAC IP address. • The -d option enables DHCP for the NIC (default is DHCP enabled). • The -s option enables static IP settings. The IP address, netmask, and gateway can be specified. Otherwise, the existing static settings are used. , , and must be typed as dotseparated strings.
getniccfg Table A-12 describes the getniccfg subcommand. Table A-12. getniccfg Subcommand Definition getniccfg Displays the current IP configuration for the iDRAC. Synopsis racadm getniccfg Description The getniccfg subcommand displays the current NIC settings. Sample Output The getniccfg subcommand will display an appropriate error message if the operation is not successful.
getsvctag Table A-13 describes the getsvctag subcommand. Table A-13. getsvctag Subcommand Definition getsvctag Displays a service tag. Synopsis racadm getsvctag Description The getsvctag subcommand displays the service tag of the host system. Example Type getsvctag at the command prompt. The output is displayed as follows: Y76TP0G The command returns 0 on success and nonzero on errors. Supported Interfaces • Local RACADM racreset Table A-14 describes the racreset subcommand. Table A-14.
Synopsis racadm racreset Description The racreset subcommand issues a reset to the iDRAC. The reset event is written into the iDRAC log. Examples • racadm racreset Start the iDRAC soft reset sequence. Supported Interfaces • Local RACADM racresetcfg Table A-15 describes the racresetcfg subcommand. Table A-15. racresetcfg Subcommand Definition racresetcfg Resets the entire RAC configuration to factory default values.
NOTICE: This command deletes your current iDRAC configuration and resets the iDRAC configuration to the default settings. After reset, the default name and password are root and calvin, respectively, and the IP address is 192.168.0.120 plus the number of the slot the server inhabits in the chassis. serveraction Table A-16 describes the serveraction subcommand. Table A-16. serveraction Subcommand Definition serveraction Executes a managed server reset or power-on/off/cycle.
Output The serveraction subcommand displays an error message if the requested operation could not be performed, or a success message if the operation completed successfully. Supported Interfaces • Local RACADM getraclog Table A-18 describes the racadm getraclog command. Table A-18. getraclog Command Definition getraclog -i Displays the number of entries in the iDRAC log. getraclog Displays the iDRAC log entries.
Table A-19. getraclog Subcommand Options (continued) Option Description -o Displays the output in a single line. -s Specifies the starting record used for the display. Output The default output display shows the record number, time stamp, source, and description. The timestamp begins at midnight, January 1 and increases until the managed server boots. After the managed server boots, the managed server’s system time is used for the timestamp.
getsel Table A-20 describes the getsel command. Table A-20. getsel Command Definition getsel -i Displays the number of entries in the System Event Log. getsel Displays SEL entries. Synopsis racadm getsel -i racadm getsel [-E] [-R] [-A] [-o] [-c count] [-s count] [-m] Description The getsel -i command displays the number of entries in the SEL. The following getsel options (without the -i option) are used to read entries. NOTE: If no arguments are specified, the entire log is displayed. Table A-21.
Output The default output display shows the record number, timestamp, severity, and description. For example: Record: 1 Date/Time: 11/16/2005 22:40:43 Severity: Ok Description: System Board SEL: event log sensor for System Board, log cleared was asserted Supported Interfaces • Local RACADM clrsel Synopsis racadm clrsel Description The clrsel command removes all existing records from the System Event Log (SEL).
Synopsis racadm gettracelog -i racadm gettracelog [-A] [-o] [-c count] [-s startrecord] [-m] Description The gettracelog (without the -i option) command reads entries. The following gettracelog entries are used to read entries: Table A-23. gettracelog Subcommand options Option Description -i Displays the number of entries in the iDRAC trace log. -m Displays one screen at a time and prompts the user to continue (similar to the UNIX more command). -o Displays the output in a single line.
Supported Interfaces • Local RACADM sslcsrgen Table A-24 describes the sslcsrgen subcommand. Table A-24. sslcsrgen Subcommand Description sslcsrgen Generates and downloads an SSL certificate signing request (CSR) from the RAC. Synopsis racadm sslcsrgen [-g] [-f ] racadm sslcsrgen -s Description The sslcsrgen subcommand can be used to generate a CSR and download the file to the client’s local file system.
If no options are specified, a CSR is generated and downloaded to the local file system as sslcsr by default. The -g option cannot be used with the -s option, and the -f option can only be used with the -g option. The sslcsrgen -s subcommand returns one of the following status codes: • CSR was generated successfully. • CSR does not exist. • CSR generation in progress. NOTE: Before a CSR can be generated, the CSR fields must be configured in the RACADM cfgRacSecurity group.
Options Table A-27 describes the sslcertupload subcommand options. Table A-27. sslcertupload Subcommand Options Option Description -t Specifies the type of certificate to upload, either the CA certificate or server certificate. 1 = server certificate 2 = CA certificate -f Specifies the file name of the certificate to be uploaded. If the file is not specified, the sslcert file in the current directory is selected.
Options Table A-29 describes the sslcertdownload subcommand options. Table A-29. sslcertdownload Subcommand Options Option Description -t Specifies the type of certificate to download, either the Microsoft® Active Directory® certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -f Specifies the file name of the certificate to be downloaded. If the -f option or the filename is not specified, the sslcert file in the current directory is selected.
Options Table A-31 describes the sslcertview subcommand options. Table A-31. sslcertview Subcommand Options Option Description -t Specifies the type of certificate to view, either the Microsoft Active Directory certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -A Prevents printing headers/labels.
Valid From Valid To : Jul : Jul 8 16:21:56 2005 GMT 7 16:21:56 2010 GMT racadm sslcertview -t 1 -A 00 US Texas Round Rock Dell Inc. Remote Access Group iDRAC default certificate US Texas Round Rock Dell Inc. Remote Access Group iDRAC default certificate Jul 8 16:21:56 2005 GMT Jul 7 16:21:56 2010 GMT Supported Interfaces • Local RACADM testemail Table A-32 describes the testemail subcommand. Table A-32.
Description Sends a test e-mail from the iDRAC to a specified destination. Prior to executing the testemail command, ensure that the specified index in the RACADM cfgEmailAlert group is enabled and configured properly. Table A-33 provides an example of commands for the cfgEmailAlert group. Table A-33.
Supported Interfaces • Local RACADM testtrap Table A-35 describes the testtrap subcommand. Table A-35. testtrap Subcommand Description testtrap Tests the iDRAC’s SNMP trap alerting feature. Synopsis racadm testtrap -i Description The testtrap subcommand tests the iDRAC’s SNMP trap alerting feature by sending a test trap from the iDRAC to a specified destination trap listener on the network.
Input Table A-37 describes the testtrap subcommand options. Table A-37. testtrap Subcommand Options Option Description -i Specifies the index of the trap configuration to use for the test Valid values are from 1 to 4. Supported Interfaces • Local RACADM vmdisconnect Table A-38 describes the vmdisconnect subcommand. Table A-38. vmdisconnect Subcommand Description vmdisconnect Closes all open iDRAC virtual media connections from remote clients.
iDRAC Property Database Group and Object Definitions The iDRAC property database contains the configuration information for the iDRAC. Data is organized by associated object, and objects are organized by object group. The IDs for the groups and objects that the property database supports are listed in this section. Use the group and object IDs with the RACADM utility to configure the iDRAC. The following sections describe each object and indicate whether the object is readable, writable, or both.
idRacProductInfo (Read Only) Legal Values String of up to 63 ASCII characters. Default Integrated Dell Remote Access Controller Description A text string that identifies the product. idRacDescriptionInfo (Read Only) Legal Values String of up to 255 ASCII characters. Default This system component provides a complete set of remote management functions for Dell PowerEdge servers. Description A text description of the RAC type.
idRacBuildInfo (Read Only) Legal Values String of up to 16 ASCII characters. Default The current RAC firmware build version. For example, "05.12.06". Description A string containing the current product build version. idRacName (Read Only) Legal Values String of up to 15 ASCII characters. Default iDRAC Description A user assigned name to identify this controller. idRacType (Read Only) Default 8 Description Identifies the remote access controller type as the iDRAC.
One instance of the group is allowed. All objects in this group will require the iDRAC NIC to be reset, which may cause a brief loss in connectivity. Objects that change the iDRAC NIC IP address settings will close all active user sessions and require users to reconnect using the updated IP address settings. cfgDNSDomainNameFromDHCP (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies that the iDRAC DNS domain name should be assigned from the network DHCP server.
cfgDNSRacName (Read/Write) Legal Values String of up to 63 ASCII characters. At least one character must be alphabetic. NOTE: Some DNS servers only register names of 31 characters or fewer. Default rac-service tag Description Displays the RAC name, which is rac-service tag by default. This parameter is only valid if cfgDNSRegisterRac is set to 1 (TRUE). cfgDNSRegisterRac (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Registers the iDRAC name on the DNS server.
Description Specifies that the DNS server IP addresses should be assigned from the DHCP server on the network. cfgDNSServer1 (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Description Specifies the IP address for DNS server 1. This property is only valid if cfgDNSServersFromDHCP is set to 0 (FALSE). NOTE: cfgDNSServer1 and cfgDNSServer2 may be set to identical values while swapping addresses.
Default 0 Description Enables or disables the iDRAC network interface controller. If the NIC is disabled, the remote network interfaces to the iDRAC will no longer be accessible, and the iDRAC will only be available through the local RACADM interface. cfgNicIpAddress (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 192.168.0.
Description The subnet mask used for static assignment of the iDRAC IP address. This property is only valid if cfgNicUseDhcp is set to 0 (FALSE). cfgNicGateway (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid gateway IP address. For example: 192.168.0.1. Default 192.168.0.1 Description The gateway IP address used for static assignment of the RAC IP address.
cfgNicMacAddress (Read Only) Legal Values A string representing the RAC NIC MAC address. Default The current MAC address of the iDRAC NIC. For example, 00:12:67:52:51:A3. Description The iDRAC NIC MAC address. cfgUserAdmin This group provides configuration information about the users who are allowed to access the RAC through the available remote interfaces. Up to 16 instances of the user group are allowed. Each instance represents the configuration for an individual user.
cfgUserAdminPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff Default 0x00000000 Description This property specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values. Table B-1 describes the user privilege bit values that can be combined to create bit masks. Table B-1.
Table B-2. Sample Bit Masks for User Privileges User Privilege(s) Privilege Bit Mask The user is not allowed to access the iDRAC. 0x00000000 The user may only login to the 0x00000001 iDRAC and view iDRAC and server configuration information. The user may login to the iDRAC 0x00000001 + 0x00000002 = 0x00000003 and change configuration. The user may login to RAC, access virtual media, and access console redirection.
Default "" Description The password for this user. User passwords are encrypted and cannot be seen or displayed after the property is written. cfgUserAdminEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables an individual user. cfgUserAdminSolEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Serial Over LAN (SOL) user access. cfgEmailAlert This group contains parameters to configure the RAC e-mail alerting capabilities.
The following subsections describe the objects in this group. Up to four instances of this group are allowed. cfgEmailAlertIndex (Read Only) Legal Values 1–4 Default This parameter is populated based on the existing instances. Description The unique index of an alert instance. cfgEmailAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies the destination email address for email alerts. For example, user1@company.com.
Description The e-mail address of the alert source. cfgEmailAlertCustomMsg Legal Values String. Maximum Length = 32. Default "" Description Specifies a custom message that is sent with the alert. cfgSessionManagement This group contains parameters to configure the number of sessions that can connect to the iDRAC. One instance of the group is allowed. The following subsections describe the objects in this group.
cfgSsnMgtWebserverTimeout (Read/Write) Legal Values 60 – 1920 Default 300 Description Defines the web server time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session; you must log out and log in again to make the new settings effective. An expired web server session logs out the current session.
After the message appears, the system returns you to the shell that generated the Secure Shell session. cfgSsnMgtTelnetIdleTimeout (Read/Write) Legal Values 0 (No timeout) 60 – 1920 Default 300 Description Defines the telnet idle time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached.
Default 1 Description Enables or disables the secure shell (SSH) interface on the iDRAC. cfgSerialTelnetEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the telnet console interface on the iDRAC. cfgRacTuning This group is used to configure various iDRAC configuration properties, such as valid ports and security port restrictions.
cfgRacTuneHttpsPort (Read/Write) Legal Values 10 – 65535 Default 443 Description Specifies the port number to use for HTTPS network communication with the iDRAC. cfgRacTuneIpRangeEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP Address Range validation feature of the iDRAC. cfgRacTuneIpRangeAddr Legal Values String, IP address formatted. For example, 192.168.0.44. Default 192.168.1.
cfgRacTuneIpRangeMask Legal Values Standard IP mask values with left-justified bits Default 255.255.255.0 Description String, IP-address formatted. For example, 255.255.255.0. cfgRacTuneIpBlkEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP address blocking feature of the RAC.
cfgRacTuneIpBlkFailWindow Legal Values 10 – 65535 Default 60 Description Defines the time span in seconds that the failed attempts are counted. When failure attempts age beyond this limit, they are dropped from the count. cfgRacTuneIpBlkPenaltyTime Legal Values 10 – 65535 Default 300 Description Defines the time span in seconds that session requests from an IP address with excessive failures are rejected.
cfgRacTuneTelnetPort (Read/Write) Legal Values 1 – 65535 Default 23 Description Specifies the port number used for the iDRAC telnet interface. cfgRacTuneConRedirEncryptEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Encrypts the video in a console redirection session.
Description Specifies the port to be used for keyboard and mouse traffic during console redirection activity with the iDRAC. cfgRacTuneConRedirVideoPort (Read/Write) Legal Values 1 – 65535 Default 5901 Description Specifies the port to be used for video traffic during console redirection activity with the iDRAC. NOTE: This object requires an iDRAC reset before it becomes active.
Default 1 Description Enables and disables the iDRAC web server. If this property is disabled, the iDRAC will not be accessible using client web browsers. This property has no effect on the telnet/SSH or local RACADM interfaces. cfgRacTuneLocalServerVideo (Read/Write) Legal Values 1 (Enables) 0 (Disables) Default 1 Description Enables (switches ON) or disables (switches OFF) the local server video. ifcRacManagedNodeOs This group contains properties that describe the Managed Server operating system.
Description The host name of the managed server. ifcRacMnOsOsName (Read/Write) Legal Values String. Maximum Length = 255. Default "" Description The operating system name of the managed server. cfgRacSecurity This group is used to configure settings related to the iDRAC SSL certificate signing request (CSR) feature. The properties in this group must be configured before generating a CSR from the iDRAC.
cfgSecCsrOrganizationName (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Organization Name (O). cfgSecCsrOrganizationUnit (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Organization Unit (OU). cfgSecCsrLocalityName (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Locality (L).
cfgSecCsrStateName (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR State Name (S). cfgSecCsrCountryCode (Read/Write) Legal Values String. Maximum Length = 2. Default "" Description Specifies the CSR Country Code (CC) cfgSecCsrEmailAddr (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Email Address.
cfgSecCsrKeySize (Read/Write) Legal Values 1024 2048 4096 Default 1024 Description Specifies the SSL asymmetric key size for the CSR. cfgRacVirtual This group contains parameters to configure the iDRAC virtual media feature. One instance of the group is allowed. The following subsections describe the objects in this group. cfgVirMediaAttached (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description This object is used to attach virtual devices to the system via the USB bus.
NOTE: You must restart your system to enable all changes. cfgVirAtapiSrvPort (Read/Write) Legal Values 1 – 65535 Default 3668 Description Specifies the port number used for encrypted virtual media connections to the iDRAC. cfgVirAtapiSrvPortSsl (Read/Write) Legal Values Any unused port number between 0 and 65535 decimal. Default 3670 Description Sets the port used for SSL virtual media connections.
Description Enables or disables the virtual media boot-once feature of the iDRAC. If this property is enabled when the host server is rebooted, this feature will attempt to boot from the virtual media devices—if the appropriate media is installed in the device. cfgFloppyEmulation (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description When set to 0, the virtual floppy drive is recognized as a removable disk by Windows operating systems.
Description Active Directory Domain in which the DRAC resides. cfgADRacName (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default "" Description Name of iDRAC as recorded in the Active Directory forest. cfgADEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Active Directory user authentication on the iDRAC.
Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out. cfgADRootDomain (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default "" Description Root domain of the Domain Forest. cfgADSpecifyServerEnable (Read/Write) Legal Values 1 or 0 (True or False) Default 0 Description 1 (True) enables you to specify an LDAP or a Global Catalog server.
Default No default value Description The iDRAC uses the value you specify to search the LDAP server for user names. cfgADGlobalCatalog (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN) Default No default value Description iDRAC uses the value you specify to search the Global Catalog server for user names. cfgADType (Read/Write) Legal Values 1 = Enables Active Directory with the extended schema. 2 = Enables Active Directory with the standard schema.
cfgSSADRoleGroupIndex (Read Only) Legal Values Integer from 1 to 5. Description Index of the Role Group as recorded in the Active Directory. cfgSSADRoleGroupName (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default (blank) Description Name of the Role Group as recorded in the Active Directory forest. cfgSSADRoleGroupDomain (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters.
Default (blank) Description Use the bit mask numbers in Table B-3 to set role-based authority privileges for a Role Group. Table B-3.
Description Enables or disables SOL. cfgIpmiSolBaudRate (Read/Write) Legal Values 19200, 57600, 115200 Default 115200 Description The baud rate for serial communication over LAN. cfgIpmiSolMinPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the minimum privilege level required for SOL access. cfgIpmiSolAccumulateInterval (Read/Write) Legal Values 1 – 255.
Description Specifies the typical amount of time that the iDRAC waits before transmitting a partial SOL character data packet. This value is 1-based 5ms increments. cfgIpmiSolSendThreshold (Read/Write) Legal Values 1 – 255 Default 255 Description The SOL threshold limit value. Specifies the maximum number of bytes to buffer before sending an SOL data packet. cfgIpmiLan This group is used to configure the IPMI over LAN capabilities of the system.
cfgIpmiLanPrivLimit (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the maximum privilege level allowed for IPMI over LAN access. cfgIpmiLanAlertEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 0 Description Enables or disables global e-mail alerting. This property overrides all individual e-mail alerting enable/disable properties.
Description The IPMI encryption key. cfgIpmiPetCommunityName (Read/Write) Legal Values A string up to 18 characters. Default public Description The SNMP community name for traps. cfgIpmiPef This group is used to configure the platform event filters available on the managed server. The event filters can be used to control policy related to actions that are triggered when critical events occur on the managed server. cfgIpmiPefName (Read Only) Legal Values String. Maximum Length = 255.
Default The index value of a platform event filter object. Description Specifies the index of a specific platform event filter. cfgIpmiPefAction (Read/Write) Legal Values 0 (None) 1 (Power Down) 2 (Reset) 3 (Power Cycle) Default 0 Description Specifies the action that is performed on the managed server when the alert is triggered. cfgIpmiPefEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables a specific platform event filter.
cfgIpmiPet This group is used to configure platform event traps on the managed server. cfgIpmiPetIndex (Read/Write) Legal Values 1–4 Default The appropriate index value. Description Unique identifier for the index corresponding to the trap. cfgIpmiPetAlertDestIpAddr (Read/Write) Legal Values String representing a valid IP address. For example, 192.168.0.67. Default 0.0.0.0 Description Specifies the destination IP address for the trap receiver on the network.
Default 1 Description Enables or disables a specific trap.
iDRAC Property Database Group and Object Definitions
RACADM and SM-CLP Equivalencies Table C-1 lists the RACADM groups and objects and, where they exist, SMSLP equivalent locations in the SM-CLP MAP. Table C-1. RACADM Groups/Objects and SM-CLP Equivalencies RACADM Groups/Objects SM-CLP Description idRacInfo idRacName String of up to 15 ASCII characters. Default: iDRAC. idRacProductInfo String of up to 63 ASCII characters. Default: Integrated Dell Remote Access Controller. idRacDescriptionInfo String of up to 255 ASCII characters.
Table C-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgADEnable enablestate 0 to disable, 1 to enable. Default: 0 cfgADRacName oemdell_adracname String of up to 254 characters. cfgADRacDomain oemdell_adracdomain String of up to 254 characters. cfgADRootDomain oemdell_adrootdomain String of up to 254 characters. cfgADAuthTimeout oemdell_timeout 15 to 300 seconds.
Table C-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgSSADRoleGroupPrivilege oemdell_groupprivilege Bit mask with values between 0x00000000 and 0x000001ff. cfgLanNetworking /system1/sp1/enetport1 cfgNicMacAddress macaddress The MAC address of the interface. Not editable. /system1/sp1/enetport1/ lanendpt1/ipendpt1 cfgNicEnable oemdell_nicenable 0 to disable NIC, 1 to enable NIC.
Table C-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgDNSRacName oemdell_dnsracname String of up to 63 ASCII characters. At least one character must be alphabetic. Default: iDRAC- plus the Dell service tag. cfgDNSRegisterRac oemdell_dnsregisterrac Set to 1 to register iDRAC name in DNS. Default: 0 cfgDNSServersFromDHCP oemdell_dnsserversfromdhcp Set to 1 to get DNS server addresses from DHCP.
Table C-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgVirMediaAttached enabledstate Set to 1 (RACADM)/ VMEDIA_ATTACH (SM-CLP) to attach media. Default: 1 (RACADM)/ VMEDIA_ATTACH (SM-CLP) cfgVirMediaBootOnce oemdell_singleboot Set to 1 to perform next boot from selected media. Default 0. /system1/sp1/oemdell_vmservice1/ tcpendpt1 cfgVirAtapiSvrPort oemdell_sslenabled Set to 1 if SSL is enabled for first virtual media device, 0 if not.
Table C-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgUserAdminPassword password A string of up to 20 ASCII characters. cfgUserAdminPrivilege oemdell_extendedprivileges Bit mask value between 0x00000000 and 0x000001ff. Default: 0x00000000 cfgUserAdminSolEnable solenabled Set to 1 to allow user to use Serial over LAN. Default: 0 cfgUserAdminUserName username String of up to 16 characters.
Table C-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgSsnMgtTelnetIdleTimeout Number of seconds idle before a telnet session times out. 0 to disable timeout or 60-1920 seconds. Default: 300 cfgSsnMgtWebserverTimeout Number of seconds idle before a Web interface session times out. 60-1920 seconds. Default: 300 cfgRacTuning cfgRacTuneConRedirEnable Set to 1 to enable console redirection, 0 to disable.
Table C-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgRacTuneIpBlkFailWindow Time span in seconds during which to count failed login attempts (10 to 65535). Default: 60 cfgRacTuneIpBlkPenaltyTime Time span in seconds that a blocked IP remains blocked (10 to 65535). Default: 300 cfgRacTuneIpRangeAddr Base IP address for IP range filter. Default: 192.168.0.1 cfgRacTuneIpRangeEnable Set to 1 to allow IP range filtering.
Table C-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgRacSecCsrCommonName commonname Active Directory common name. String of up to 254 characters. cfgRacSecCsrCountryCode oemdell_countrycode Active Directory country code. 2 characters. cfgRacSecCsrEmailAddr oemdell_emailaddress E-mail address to use for Certificate Signing Request. String of up to 254 characters.
Table C-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgIpmiSolEnable Set to 1 to enable Serial over LAN feature. Default: 0 cfgIpmiSolSendThreshold Maximum number of characters to collect before sending SOL data (1 to 255). Default: 255 cfgIpmiSolMinPrivilege Minimum privilege required to use SOL. 2 (user), 3 (operator), or 4 (administrator). Default: 4 cfgIpmiLan cfgIpmiEncryptionKey A string of 0 to 40 hexadecimal digits.
Table C-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgIpmiPefIndex The index number of the platform event filter. (1 - 17) cfgIpmiPefName The name of the platform event, a string of up to 254 characters. Not editable. cfgIpmiPet cfgIpmiPetAlertDestIpAddr IP address of the platform event trap receiver. Default: 0.0.0.0 cfgIpmiPetAlertEnable Set to 1 to enable the platform event trap.
Table C-2. RACADM Subcommands and SM-CLP Equivalencies RACADM Subcommand SM-CLP sslcertupload -t 2 set /system1/sp1/oemdell_ssl1 oemdell_certtype=AD sslcertdownload -t 1 set /system1/sp1/oemdell_ssl1 oemdell_certtype=SSL Uploads the Active Directory Certificate load -source
Glossary Active Directory Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. AGP Abbreviation for accelerated graphics port, which is a bus specification that allows graphics cards faster access to main system memory.
security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains. If the applicant meets the CA’s security standards, the CA issues a certificate to the applicant that uniquely identifies that applicant for transactions over networks and on the Internet. CD Abbreviation for compact disc.
system. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (or file). DDNS Abbreviation for Dynamic Domain Name System. DMTF Abbreviation for Distributed Management Task Force. DNS Abbreviation for Domain Name System. iDRAC Abbreviation for Dell Remote Access Controller 5. DSU Abbreviation for disk storage unit.
GRUB Acronym for GRand Unified Bootloader, a new and commonly-used Linux loader. GUI Abbreviation for graphical user interface, which refers to a computer display interface that uses elements such as windows, dialog boxes, and buttons as opposed to a command prompt interface, in which all user interaction is displayed and typed in text. hardware log Records events generated by the iDRAC and the CMC.
IPMI Abbreviation for Intelligent Platform Management Interface, which is a part of systems management technology. Kbps Abbreviation for kilobits per second, which is a data transfer rate. LAN Abbreviation for local area network. LDAP Abbreviation for Lightweight Directory Access Protocol. LED Abbreviation for light-emitting diode. LOM Abbreviation for Local area network On Motherboard.
MIB Abbreviation for management information base. MII Abbreviation for Media Independent Interface. NAS Abbreviation for network attached storage. NIC Abbreviation for network interface card. An adapter circuit board installed in a computer to provide a physical connection to a network. OID Abbreviation for Object Identifiers. OSCAR Acronym for On Screen Configuration and Reporting. OSCAR is the menu displayed by the Avocent iKVM when you press .
RAM disk A memory-resident program which emulates a hard drive. The iDRAC maintains a RAM disk in its memory. RAC Abbreviation for remote access controller. ROM Acronym for read-only memory, which is memory from which data may be read, but to which data cannot be written. RPM Abbreviation for Red Hat® Package Manager, which is a package-management system for the Red Hat Enterprise Linux® operating system that helps installation of software packages. It is similar to an installation program.
SSH Abbreviation for Secure Shell. SSL Abbreviation for secure sockets layer. standard schema A solution used with Active Directory to determine user access to iDRAC; uses Active Directory group objects only. TAP Abbreviation for Telelocator Alphanumeric Protocol, which is a protocol used for submitting requests to a pager service.
VNC Abbreviation for virtual network computing. VT-100 Abbreviation for Video Terminal 100, which is used by the most common terminal emulation programs. WAN Abbreviation for wide area network.
Glossary
Index A Active Directory about the extended schema, 90-104 about the standard schema, 108 accessing the iDRAC with, 95 adding iDRAC users to, 102 configuring extended schema with RACADM, 106 configuring extended schema with SM-CLP, 107 configuring extended schema with the web interface, 105 configuring standard schema with RACADM, 112 configuring standard schema with SM-CLP, 113 configuring standard schema with the web interface, 110 extended schema classes and attributes, 97 logging in to the iDRAC with, 1
CMC about, 19 configuring iDRAC during initialization, 30 IP address, locating, 34 web Interface, 28 CMC Web interface locating the iDRAC IP address, 225 CMC web interface configuring iDRAC network properties, 33 community string, SNMP, 59, 298 configuration file creating, 166 configuring task overview, 29-33 configuring multiple iDRACs with RACADM, 170 console redirection configuring, 123 opening a session, 125 using, 121 CSR about, 70 generating, 71 D Dell object identifiers, 90 diagnostics console, 222
G gettracelog command, diagnostics console, 223 group permissions table of, 68 I iDRAC creating a configuration file, 166 log, viewing, 218 recovering firmware, 86 resetting to factory defaults, 203 securing communications, 69 system information, 221 updating the firmware, 34 iDRAC configuration utility about, 197 configuring IPMI, 199 configuring LAN user, 202 configuring network properties, 199-200 configuring virtual media, 202 starting, 198 iDRAC service ports, 24 ifconfig command, diagnostics console,
iVM-CLI utility (continued) operating system shell options, 195 parameters, 192 return codes, 196 syntax, 192 using, 190 logs iDRAC, 218 post codes, 209 See also SEL server, 51 lost administrative password, 203 ivmdeploy script, 189 M J Java console redirection plug-in, 46, 126 managed server capturing the last crash screen, 52 configuring, 51 management storage, 51 K key, verify, 38, 40 L last crash screen capturing on the managed server, 52 viewing, 210 Lightweight Directory Access Protocol (LDAP).
N netstat command, diagnostics console, 223 network properties configuring manually, 155 configuring with RACADM, 155 configuring with the CMC web interface, 33 configuring with the iDRAC configuration utility, 199-200 configuring with the Web interface, 57 PEF configuring with RACADM, 158 configuring with the web interface, 62 PET configuring with RACADM, 159 configuring with the web interface, 61, 63, 159 filterable platform events table, 62 ping command, diagnostics console, 223 Platform Event Filter.
property database groups (continued) cfgRacVirtual, 287 cfgSerial, 276 cfgSessionManagement, 274 cfgUserAdmin, 269 idRacInfo, 261 ifcRacManagedNodesOs, 283 proxy server, web browser configuration, 42 public key, verify, 38, 40 PuTTY, Windows SSH client, 48 R RACADM configuring Active Directory extended schema, 106 configuring Active Directory with standard schema, 112 configuring e-mail alerts, 160 configuring IP blocking, 163 configuring IP filtering, 161 configuring IPMI, 156 configuring multiple iDRACS,
S safety, 205 schema extender utility, 96 schema, Active Directory comparison of extended and standard, 89 screen resolutions, support, 122 scripts ivmdeploy, 189 LDIF (Active Directory schema extender), 96 secure shell. See SSH secure sockets layer. See SSL security using SSL and digital certificates, 69 See RACADM SEL managing with SM-CLP, 180 managing with the iDRAC configuration utility, 203 managing with the web interface, 209 Serial Over LAN.
SSH client installation, 46 configuring iDRAC service with RACADM, 165 configuring service with the web interface, 82 OpenSSH software for Linux, 48 PuTTY client for Windows, 48 SSL about, 69 enabling on a domain controller, 115 importing the firmware certificate, 117 standard schema. See Active Directory System Event Log.
video viewer using, 127 virtual media about, 137 booting, 142 command line, 190 configuring with the iDRAC configuration utility, 202 configuring with the web interface, 139 installing the operating system, 143 running, 141 W web browser configuring, 42 proxy server configuration, 42 supported browsers, 23 web interface accessing, 55 browser configuration, 42 configuring Active Directory with extended schema, 105 configuring Active Directory with standard schema, 110 web interface (continued) configuring
Index
