Integrated Dell™ Remote Access Controller Firmware Version 1.2 User Guide w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes and Notices NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. ___________________ Information in this document is subject to change without notice. © 2008 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden..
Contents 1 iDRAC Overview . . . . . . . . . . . . . . . . . . . iDRAC Management Features . . . . . . . . . . . . . . 24 . . . . . . . . . . . . . . . . 25 . . . . . . . . . . . . . . . . . . 25 iDRAC Security Features Supported Platforms Supported Operating Systems . Supported Web Browsers . . . . . . . . . . . . . . 26 . . . . . . . . . . . . . . . 27 Supported Remote Access Connections iDRAC Ports . . . . . . . . 27 . . . . . . . . . . . . . . . . . . . . . . .
Enabling or Disabling Local Configuration Access . . . . . . . . . . . . . . . . . . . . . . . 36 Configure Serial Over LAN . . . . . . . . . . . . . 36 Configure iDRAC Services . . . . . . . . . . . . . 37 . . . . . . 37 . . . . . . . . . . . . . . 37 Configure Secure Sockets Layer (SSL) Configure Virtual Media . . . . . . . 37 Configure the Managed Server for the Last Crash Screen Feature . . . . . . . . . . . . . . . . . . .
Viewing Localized Versions of the Web Interface . . . . . . . . . . . . . . . . Setting the Locale in Linux . . . . . . 51 . . . . . . . . . . . . . 53 . . . . . 54 . . . . . 55 . . . . . . . . . . . . 56 . . . . . . . . . . . . . . . . . 56 Disabling the Whitelist Feature in Firefox Installing a Java Runtime Environment (JRE) Installing Telnet or SSH Clients . Telnet with iDRAC Configuring the Backspace Key For Your Telnet Session . . . . . . . . . . . . . . . . . . . . . . SSH With iDRAC .
Configuring the iDRAC NIC . . . . . . . . . . . . . . . 67 Configuring the Network and IPMI LAN Settings . . . . . . . . . . . . . . . . . . . . . . . 67 Configuring IP Filtering and IP Blocking . . . . . . 70 . . . . . . . . . . . . . . 72 Configuring Platform Events . Configuring Platform Event Filters (PEF) . . . . . . 73 Configuring Platform Event Traps (PET) . . . . . . 73 . . . . . . . . . . . . . 74 . . . . . . . . . . . . . . . . . . . .
Configuring Serial Over LAN . . . . . . . . . . . . . . 91 Configuring iDRAC Services . . . . . . . . . . . . . . 93 . . . . . . . . . . . . . 96 Updating the iDRAC Firmware Recovering iDRAC Firmware Using the CMC 6 . . . 97 Using the iDRAC with Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . 99 Advantages and Disadvantages of Extended Schema and Standard Schema . . . . . . . . . . . . . . . . . . 99 . . . . . 100 . . . . . . .
Active Directory Standard Schema Overview . . . . . 118 Configuring Standard Schema Active Directory to Access Your iDRAC . . . . . . . . . . . . . . . . . 120 Configuring the iDRAC With Standard Schema Active Directory and the Web Interface . . . . . . . . . . 120 Configuring the iDRAC With Standard Schema Active Directory and RACADM . . . . . . . . . . . . . . 122 Configuring the iDRAC With Standard Schema Active Directory and SM-CLP . . . . . . . . . . . . . . .
System Health . . . . . . . . . . . . . . . . . . . . . . 133 . . . . . . . . . . . . . . . . . . . . . . . 133 . . . . . . . . . . . . . . . . . . . . . . . . 134 iDRAC . CMC Batteries . . . . . . . . . . . . . . . . . . . 134 . . . . . . . . . . . . . . . . . . . . . . 134 Temperatures Voltages . . . . . . . . . . . . . . . . . 134 . . . . . . . . . . . . . . . . . . . . . . . . . 135 Power Monitoring CPU POST 135 . . . . . . . . . . . . . . . . . . . .
9 Configuring and Using Virtual Media Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 . . . . . . 154 . . . . . . . . 155 . . . . . . . . . . . . . . . 156 . . . . . . . . . . . . . . . . . 157 Windows-Based Management Station Linux-Based Management Station . Configuring Virtual Media . Running Virtual Media . 153 Booting From Virtual Media . . . . . . . . . . . . Installing Operating Systems Using Virtual Media . . . . . . . . . . . . . . . . . . . . . . .
Configuring PET . . . . . . . . . . . . . . . . . . 178 . . . . . . . . . 180 Configuring IP Filtering . . . . . . . . . . . . . . . 181 Configuring IP Blocking . . . . . . . . . . . . . . 182 Configuring IP Filtering (IpRange) Configuring iDRAC Telnet and SSH Services Using Local RACADM . . . . . . . . . . . . Using an iDRAC Configuration File . . . 184 . . . . . . . . . . . 185 . . . . . . . 185 . . . . . . . . . . . . .
iDRAC SM-CLP Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 . . . . . . . . . . . . . . . . . 198 Server Power Management SEL Management . 198 MAP Target Navigation . . . . . . . . . . . . . . Setting the iDRAC IP Address, Subnet Mask, and Gateway Address . . . . . . . . . . . . . . . . 200 . 201 Updating the iDRAC Firmware Using SM-CLP . . . 202 Using Serial Over LAN (SOL) With Telnet or SSH . . . . 203 Using SOL Over Telnet With HyperTerminal on Microsoft Windows .
Using the iDRAC Configuration Utility . . . . . . . . . . . . . . . . . . . Overview 215 215 . . . . . . . . . . . . . . . . . . . . . . . . Starting the iDRAC Configuration Utility . . . . . . . . 216 . . . . . . . . . 216 . . . . . . . . . . . . . . . . . . . . . . . . . 217 Using the iDRAC Configuration Utility LAN . . . . . . . . . . . . . . . . . . . . . 217 . . . . . . . . . . . . . . . . . . 218 . . . . . . . . . . . . . . . . . . . .
Viewing the iDRAC Log . . . . . . . . . . . . . . . Viewing System Information . . . . . . . . . . . . Identifying the Managed Server in the Chassis . . . . . . . . . . . . . . . . . Using the Diagnostics Console . 241 . . . . . . . . . . 242 . . . . . . Troubleshooting and Frequently Asked Questions A RACADM Subcommand Overview . . . . . 244 249 249 . . . . . . . . . . . . . . . . . . . . . . . . . . 250 getconfig . . . . . . . . . . . . . . . . . . . . . . . . . 252 getssninfo . . . .
clrsel . 268 . . . . . . . . . . . . . . . . . . . . . . . . . . gettracelog sslcsrgen . . . . . . . . . . . . . . . . . . . . . . . 268 . . . . . . . . . . . . . . . . . . . . . . . . 270 sslcertupload . . . . . . . . . . . . . . . . . . . . 272 . . . . . . . . . . . . . . . . . . . . . . . 273 . . . . . . . . . . . . . . . . . . . . . . . . 275 . . . . . . . . . . . . . . . . . . . . . . . . . 277 sslcertdownload sslcertview testemail . testtrap .
cfgDNSServer2 (Read/Write) cfgNicEnable (Read/Write) . . . . . . . . . . . . 284 . . . . . . . . . . . . 284 cfgNicIpAddress (Read/Write) . . . . . . . . . . . 285 cfgNicNetmask (Read/Write) . . . . . . . . . . . 285 cfgNicGateway (Read/Write) . . . . . . . . . . . 286 cfgNicUseDhcp (Read/Write) . . . . . . . . . . . 286 . . . . . . . . . . 287 . . . . . . . . . . . . . . . . . . . . . . 287 cfgNicMacAddress (Read Only) cfgUserAdmin . . . 287 . . . . . . .
cfgRacTuning . . . . . . . . . . . . . . . . . . . . . . cfgRacTuneHttpPort (Read/Write) . . . . . . . . . 295 295 . . . . . . . . 296 . . . . . . . . . . . . 296 cfgRacTuneIpRangeAddr . . . . . . . . . . . . . 296 cfgRacTuneIpRangeMask . . . . . . . . . . . . . 297 . . . . . . . . . . . . . . 297 cfgRacTuneHttpsPort (Read/Write) cfgRacTuneIpRangeEnable cfgRacTuneIpBlkEnable cfgRacTuneIpBlkFailCount . . . . . . . . . . . . . 297 cfgRacTuneIpBlkFailWindow . . . . . . . . . . .
cfgRacVirtual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 . . . . . . . . . . 306 cfgVirMediaAttached (Read/Write) cfgVirAtapiSrvPort (Read/Write) cfgVirAtapiSrvPortSsl (Read/Write) . . . . . . . . 306 cfgVirMediaBootOnce (Read/Write) . . . . . . . . 307 . . . . . . . . . 307 . . . . . . . . . . . . . . . . . . . 307 cfgFloppyEmulation (Read/Write) cfgActiveDirectory . . . . . . . . . . 308 . . . . . . . . . . . 308 . . . . . . . . . . . . .
cfgIpmiLan . cfgIpmiLanEnable (Read/Write) 314 . . . . . . . . . . cfgIpmiLanPrivLimit (Read/Write) 315 . . . . . . . . . . . . . . . . 315 . . . . . . . . 316 cfgIpmiLanAlertEnable (Read/Write) cfgIpmiEncryptionKey (Read/Write) . . . . 316 . . . . . . . . . . . . . . . . . . . . . . . . 316 cfgIpmiPetCommunityName (Read/Write) . cfgIpmiPef 314 . . . . . . . . . . . . . . . . . . . . . . . cfgIpmiPefName (Read Only) . . . . . . . . . . . 316 cfgIpmiPefIndex (Read Only) . . . . . . . .
/system1/sp1/enetport1/lanendpt1/ipendpt1 . . . . . . 325 . . . . . . . . . 325 . . . . . . . . . . . . . . 326 . . . . . . . . . . . . . 326 oemdell_nicenable (Read/Write) . ipaddress (Read/Write) . subnetmask (Read/Write) . . . . . . . . . . 326 . . . . . . . . . . . . . . 327 oemdell_usedhcp (Read/Write) committed (Read/Write) /system1/sp1/enetport1/lanendpt1/ipendpt1/ dnsendpt1 . . . . . . . . . . . . . . . . . . . . . . . . oemdell_domainnamefromdhcp (Read/Write) . . . 327 . . . . .
/system1/sp1/oemdell_adservice1 enabledstate (Read/Write) . . . . . . . . . . . 332 . . . . . . . . . . . . . 332 oemdell_adracname (Read/Write) . . . . . . . . . 333 oemdell_adracdomain (Read/Write) . . . . . . . . 333 oemdell_adrootdomain (Read/Write) . . . . . . . 333 . . . . . . . . . . . 334 oemdell_timeout (Read/Write) oemdell_schematype (Read/Write) . . . . . . . . oemdell_adspecifyserverenable (Read/Write) 334 . . . . 335 . . . . . . 335 . . . . . . . . . . 335 . . . . . .
D RACADM and SM-CLP Equivalencies . . . . . . . . . . . . . . . . . . . . . . . 343 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Index 22 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iDRAC Overview The Integrated Dell™ Remote Access Controller (iDRAC) is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for Dell PowerEdge™ systems. The iDRAC uses an integrated System-on-Chip microprocessor for the remote monitor/control system. The iDRAC co-exists on the system board with the managed PowerEdge server.
The iDRAC network interface is disabled by default. It must be configured before the iDRAC is accessible. After the iDRAC is enabled and configured on the network, it can be accessed at its assigned IP address with the iDRAC web interface, telnet or SSH, and supported network management protocols, such as Intelligent Platform Management Interface (IPMI).
• Password-level security management — Prevents unauthorized access to a remote system • Role-based authority — Provides assignable permissions for different systems management tasks iDRAC Security Features The iDRAC provides the following security features: • User authentication through Microsoft Active Directory (optional) or hardware-stored user IDs and passwords • Role-based authority, which enables an administrator to configure specific privileges for each user • User ID and password configura
Check the iDRAC Readme file and the Dell PowerEdge Compatibility Guide located on the Dell Support website at support.dell.com for the latest supported platforms. Supported Operating Systems Table 1-1 lists the operating systems that support the iDRAC. See the Dell OpenManage Server Administrator Compatibility Guide located on the Dell Support website at support.dell.com for the latest information. Table 1-1.
Supported Web Browsers Table 1-2 lists the Web browsers that are supported as iDRAC clients. See the iDRAC Readme file and the Dell OpenManage Server Administrator Compatibility Guide located on the Dell Support website at support.dell.com for the latest information. NOTE: Due to serious security flaws, support for SSL 2.0 has been discontinued. Your browser must be configured to enable SSL 3.0 in order to work properly. Table 1-2.
iDRAC Ports Table 1-4 lists the ports iDRAC listens on for connections. Table 1-5 identifies the ports that the iDRAC uses as a client. This information is required when opening firewalls for remote access to an iDRAC. Table 1-4.
Other Documents You May Need In addition to this User Guide, the following documents provide additional information about the setup and operation of the iDRAC in your system: • The iDRAC online help provides information about using the Web interface. • The Dell Chassis Management Controller User Guide provides information about using the controller that manages all modules in the chassis containing your PowerEdge server.
• Updates are sometimes included with the system to describe changes to the system, software, and/or documentation. NOTE: Always read the updates first because they often supersede information in other documents. • 30 Release notes or readme files may be included to provide last-minute updates to the system or documentation or advanced technical reference material intended for experienced users or technicians.
Configuring the iDRAC This section provides information about how to establish access to the iDRAC and to configure your management environment to use iDRAC.
Table 2-1. Configuration Interfaces Interface Description iDRAC Configuration Utility Accessed at boot time, the iDRAC Configuration utility is useful when installing a new PowerEdge server. Use it for setting up the network and basic security features and for enabling other features. iDRAC Web Interface The iDRAC Web interface is a browser-based management application that you can use to interactively manage the iDRAC and monitor the managed server.
Table 2-1. Configuration Interfaces (continued) Interface Description iVM-CLI The iDRAC Virtual Media Command Line Interface (iVM-CLI) provides the managed server access to media on the management station. It is useful for developing scripts to install operating systems on multiple managed servers. SM-CLP SM-CLP is the Server Management Workgroup Server Management-Command Line Protocol (SM-CLP) implementation incorporated in the iDRAC.
Configuration Tasks This section is an overview of the configuration tasks for the management station, the iDRAC, and the managed server. The tasks to be performed include configuring the iDRAC so that it can be used remotely, configuring the iDRAC features you want to use, installing the operating system on the managed server, and installing management software on your management station and the managed server. The configuration tasks that can be used to perform each task are listed beneath the task.
• Chassis LCD Panel — see the Dell Chassis Management Controller Firmware User Guide. • iDRAC configuration utility — see "LAN" on page 217 • CMC Web interface — see "Configuring Networking Using the CMC Web Interface" on page 38 • RACADM — see "cfgLanNetworking" on page 281 Configure iDRAC Users Set up the local iDRAC users and permissions. The iDRAC holds a table of sixteen local users in firmware. You can set usernames, passwords, and roles for these users.
Configure Platform Events Platform events occur when the iDRAC detects a warning or critical condition from one of the managed server’s sensors. Configure Platform Event Filters (PEFs) to choose the events you want to detect, such as rebooting the managed server, when an event is detected.
Configure iDRAC Services Enable or disable the iDRAC network services — such as telnet, SSH, and the Web server interface — and reconfigure ports and other service parameters. • iDRAC Web interface — see "Configuring iDRAC Services" on page 93 • RACADM — see "Configuring iDRAC Telnet and SSH Services Using Local RACADM" on page 184 Configure Secure Sockets Layer (SSL) Configure SSL for the iDRAC web server.
Configure the Managed Server for the Last Crash Screen Feature Set up the managed server so that the iDRAC can capture the screen image after an operating system crash or freeze. • Managed Server — see "Configuring the Managed Server to Capture the Last Crash Screen" on page 62, "Disabling the Windows Automatic Reboot Option" on page 63 Configuring Networking Using the CMC Web Interface NOTE: You must have Chassis Configuration Administrator privilege to set up iDRAC network settings from the CMC.
Viewing FlexAddress Mezzanine Card Fabric Connections The M1000e includes FlexAddress, an advanced multilevel, multistandard networking system. FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/MAC) for each managed server port connection. NOTICE: In order to avoid errors that may lead to an inability to power on the managed server, you must have the correct type of mezzanine card installed for each port and fabric connection.
Downloading the Firmware or Update Package Download the firmware from support.dell.com. The firmware image is available in several different formats to support the different update methods available. To update the iDRAC firmware using the iDRAC Web interface or SM-CLP, or to recover the iDRAC using the CMC Web interface, download the binary image, packaged as a self-extracting archive.
You can use the CMC Web interface to update the firmware only when the CMC detects that the iDRAC firmware is corrupted, as could occur if the iDRAC firmware update progress is interrupted before it completes. See "Recovering iDRAC Firmware Using the CMC" on page 97. NOTE: After the CMC updates the firmware of the iDRAC, the iDRAC generates new SHA1 and MD5 keys for the SSL certificate.
Verifying the Digital Signature A digital signature is used to authenticate the identity of the signer of a file and to certify that the original content of the file has not been modified since it was signed. If you do not already have it installed on your system, you must install the Gnu Privacy Guard (GPG) to verify a digital signature. To use the standard verification procedure, perform the following steps: 1 Download the Dell Linux public GnuPG key, if you do not already have it, by navigating to lists.
at passports, checking fingerprints from different sources, etc.) 1 2 3 4 5 m = = = = = = I don't know or won't say I do NOT trust I trust marginally I trust fully I trust ultimately back to the main menu Your decision? d Type 5 . The following prompt appears: Do you really want to set this key to ultimate trust? (y/N) e Type y to confirm your choice. f Type quit to exit the GPG key editor. You must import and validate the public key only once.
The following example illustrates the steps that you follow to verify a PowerEdge M600 BIOS Update Package: 1 Download the following two files from support.dell.com: • PEM600_BIOS_LX_2.1.2.BIN.sign • PEM600_BIOS_LX_2.1.2.BIN 2 Import the public key by running the following command line: gpg --import The following output message appears: gpg: key 23B66A9D: "Dell Computer Corporation (Linux Systems Group)
The following output message appears: gpg: Signature made Fri Jul 11 15:03:47 2008 CDT using DSA key ID 23B66A9D gpg: Good signature from "Dell, Inc. (Product Group) " NOTE: If you have not validated the key as shown in step 3, you will receive additional messages: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
Firefox 1 Start Firefox. 2 Click Edit→Preferences. 3 Click the Privacy tab. 4 Click the Clear Cache Now. 5 Click Close.
Configuring the iDRAC 47
Configuring the iDRAC
Configuring the Management Station A management station is a computer used to monitor and manage the PowerEdge servers and other modules in the chassis. This section describes software installation and configuration tasks that set up a management station to work with the iDRAC. Before you begin configuring the iDRAC, follow the procedures in this section to ensure that you have installed and configured the tools you will need.
Using the iDRAC console redirection feature (see "Using GUI Console Redirection" on page 137), you can access the managed server’s console even if you do not have network access to the server’s ports. You can also perform several management functions on the managed server, such as rebooting the computer, using iDRAC facilities. To access network and application services hosted on the managed server, however, you may need an additional NIC in the management computer.
NOTE: Different versions of Internet Explorer have different security levels as defaults. To ensure that your system functions properly, click the Advanced tab and verify that Enable Install-On-Demand (Other), Enable third-party browser extensions, Sun Java Enabled, and Use SSL 3.0 are checked (names may vary depending on your version). If you make any changes to these settings, restart Internet Explorer. 3 Click the Connections tab. 4 Under Local Area Network (LAN) settings, click LAN Settings.
The iDRAC Web Interface is designed to work with localized keyboards for the specific language variants listed above. Some features of the iDRAC Web Interface, such as Console Redirection, may require additional steps to access certain functions/letters. For more details on how to use localized keyboards in these situations, see "Using the Video Viewer" on page 143. Use of other keyboards is not supported and may cause unexpected problems. Internet Explorer 6.
Firefox 2.0 (Linux or Windows) To view a localized version of the iDRAC Web interface in Firefox 2.0, perform the following steps: 1 Click Tools→Options, and then click the Advanced tab. 2 Under Language, click Choose. The Languages window appears. 3 In the Select a language to add... drop down menu, click to highlight a supported language, and then click Add. 4 Click to select your preferred language, and then click Move Up until the language appears a the top of the list.
LC_MEASUREMENT="zh_CN.UTF-8" LC_IDENTIFICATION="zh_CN.UTF-8" LC_ALL= 3 If the values include "zh_CN.UTF-8", no changes are required. If the values do not include "zh_CN.UTF-8", go to step 4. 4 Edit the /etc/sysconfig/i18n file with a text editor. 5 In the file, apply the following changes: Current entry: LANG="zh_CN.GB18030" SUPPORTED="zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" Updated entry: LANG="zh_CN.UTF-8" SUPPORTED="zh_CN.UTF8:zh_CN.GB18030:zh_CH.
4 In the Preferences Name column, locate xpinstall.enabled. Ensure that Value is true. If not, double-click xpinstall.enabled to set Value to true. Installing a Java Runtime Environment (JRE) NOTE: If you use the Internet Explorer browser, an ActiveX control is provided for the console viewer. You can also use the Java console viewer with Internet Explorer if you install a JRE and configure the console viewer in iDRAC web interface before you launch the viewer.
NOTE: There may already be PATH-modification lines in the files. Ensure that the path information you enter does not create conflicts. Installing Telnet or SSH Clients By default, the iDRAC telnet service is disabled and the SSH service is enabled. Since telnet is an insecure protocol, you should use it only if you cannot install an SSH client or your network connection is otherwise secured. NOTE: There can be only one active telnet or SSH connection to the iDRAC at a time.
3 At the prompt, type: set bsasdel The following message appears: Backspace will be sent as delete. To configure a Linux telnet session to use the key, perform the following steps: 1 Open a shell and type: stty erase ^h 2 At the prompt, type: telnet SSH With iDRAC Secure Shell (SSH) is a command line connection with the same capabilities as a telnet session, but with session negotiation and encryption to improve security. The iDRAC supports SSH version 2 with password authentication.
Table 3-1.
You can use the netstat -a command on Windows or Linux operating systems to see if a TFTP server is already listening. Port 69 is the TFTP default port.
Configuring the Management Station
Configuring the Managed Server This section describes tasks to set up the managed server to enhance your remote management capabilities. These tasks include installing the Dell Open Manage Server Administrator software and configuring the managed server to capture the last crash screen. Installing the Software on the Managed Server The Dell management software includes the following features: • Local RACADM CLI — allows you to configure and administer the iDRAC from the managed system.
Configuring the Managed Server to Capture the Last Crash Screen The iDRAC can capture the last crash screen so that you can view it in the Web interface to help troubleshoot the cause of the managed system crash. Follow these steps to enable the last crash screen feature. 1 Install the managed server software. For more information about installing the managed server software, see the Server Administrator User’s Guide.
Disabling the Windows Automatic Reboot Option To ensure that the iDRAC can capture the last crash screen, disable the Automatic Reboot option on managed servers running Microsoft Windows Server® or Windows Vista®. 1 Open the Windows Control Panel and double-click the System icon. 2 Click the Advanced tab. 3 Under Startup and Recovery, click Settings. 4 Deselect the Automatically Reboot check box. 5 Click OK twice.
Configuring the Managed Server
Configuring the iDRAC Using the Web Interface The iDRAC provides a Web interface that enables you to configure the iDRAC properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the iDRAC Web interface. This chapter provides information about how to perform common systems management tasks with the iDRAC Web interface and provides links to related information.
where iDRAC-IP-address is the IP address for the iDRAC and port-number is the HTTPS port number. The iDRAC Login window appears. Logging In You can log in as either an iDRAC user or as a Microsoft® Active Directory® user. The default user name and password are root and calvin, respectively. You must have been granted Login to iDRAC privilege by the administrator to log in to the iDRAC. To log in, perform the following steps: 1 In the Username field, type one of the following: • Your iDRAC user name.
NOTE: Closing the iDRAC Web interface within Microsoft Internet Explorer using the close button ("x") at the top right corner of the window may generate an application error. To fix this issue, download the latest Cumulative Security Update for Internet Explorer from the Microsoft Support website, located at support.microsoft.com. Using Multiple Bowser Tabs and Windows Different versions of web browsers exhibit different behaviors when opening new tabs and windows.
Table 5-1. Network Settings Setting Description Enable NIC When checked, indicates that the NIC is enabled and activates the remaining controls in this group. When a NIC is disabled, all communication to and from the iDRAC via the network is blocked. The default is off. Media Access Control (MAC) Address Displays the Media Access Control (MAC) address that uniquely identifies each node in a network. The MAC address cannot be changed.
Table 5-1. Network Settings (continued) Setting Description Static Preferred DNS Server Allows the user to enter or edit a static IP address for the preferred DNS server. To change this setting, first deselect the Use DHCP to obtain DNS server addresses checkbox. Static Alternate DNS Server Uses the secondary DNS server IP address when Use DHCP to obtain DNS server addresses is not selected. Enter an IP address of 0.0.0.0 if there is no alternate DNS server.
Table 5-2. IPMI LAN Settings Setting Description Enable IPMI Over When checked, indicates that the IPMI LAN channel is LAN enabled. The default is off. Channel Privilege Level Limit Configures the maximum privilege level, for the user, that can be accepted on the LAN channel. Select one of the following options: Administrator, Operator, or User. The default is Administrator. Encryption Key Configures the encryption key: 0 to 20 hexadecimal characters (with no blanks allowed). The default is blank.
3 When you have finished configuring the settings, click Apply. 4 Click the appropriate button to continue. See Table 5-5. Table 5-4. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a range of IP addresses that can access the iDRAC. The default is off. IP Range Address Determines the acceptable IP subnet address. The default is 192.168.1.0. IP Range Subnet Mask Defines the significant bit positions in the IP address.
Configuring Platform Events Platform event configuration provides a mechanism for configuring the iDRAC to perform selected actions on certain event messages. The actions include no action, reboot system, power cycle system, power off system, and generate an alert (Platform Event Trap [PET] and/or e-mail). The filterable platform events are listed in Table 5-6. . Table 5-6.
Configuring Platform Event Filters (PEF) NOTE: Configure platform event filters before you configure the platform event traps or e-mail alert settings. 1 Log in to the iDRAC Web interface. See "Accessing the Web Interface" on page 65. 2 Click System and then the Alert Management tab. 3 On the Platform Events page, enable Alert Generation for an event by clicking the corresponding Generate Alert checkbox for that event.
NOTE: To successfully send a trap, configure the Community String value on the Network Configuration page. The Community String value indicates the community string to use in a Simple Network Management Protocol (SNMP) alert trap sent from the iDRAC. SNMP alert traps are transmitted by the iDRAC when a platform event occurs. The default setting for the Community String is Public. d Click Send to test the configured alert (if desired). e Repeat step a through step d for any remaining destination numbers.
b In the Network Configuration page under IPMI LAN Settings, select Enable IPMI Over LAN. c Update the IPMI LAN channel privileges, if required: NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications. Under IPMI LAN Settings, click the Channel Privilege Level Limit drop-down menu, select Administrator, Operator, or User and click Apply. d Set the IPMI LAN channel encryption key, if required.
To add and configure iDRAC users, perform the following steps: NOTE: You must have Configure iDRAC permission to perform the following steps. 1 Click System→Remote Access→iDRAC and then click the Network/Security tab. 2 Open the Users page to configure users. The Users page displays each user’s User ID, State, Username, IPMI LAN Privileges, iDRAC Privileges, and Serial Over LAN. NOTE: User-1 is reserved for the IPMI anonymous user and is not configurable. 3 In the User ID column, click a user ID number.
Table 5-7. General Properties (continued) Property Description Username Specifies an iDRAC user name with up to 16 characters. Each user must have a unique user name. NOTE: User names on the iDRAC cannot include the / (forward slash) or . (period) characters. NOTE: If the user name is changed, the new name will not appear in the user interface until the next user login. Change Password Enables the New Password and Confirm New Password fields. When unchecked, the user’s Password cannot be changed.
Table 5-9. iDRAC User Privileges (continued) Property Description Configure Users Enables the user to allow specific users to access the system. Clear Logs Enables the user to clear the iDRAC logs. Execute Server Control Commands Enables the user to execute RACADM commands. Access Console Redirection Enables the user to run Console Redirection. Access Virtual Media Enables the user to run and use Virtual Media.
Table 5-11. User Configuration Page Buttons Button Action Print Prints the User Configuration values that appear on the screen. Refresh Reloads the User Configuration page. Apply Saves any new settings made to the user configuration. Go Back To Users Page Returns to the Users Page.
The encryption process provides a high level of data protection. The iDRAC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America. The iDRAC Web server has a Dell self-signed SSL digital certificate (Server ID) by default. To ensure high security over the Internet, replace the Web server SSL certificate with a certificate signed by a well-known certificate authority.
Table 5-12. SSL Main Menu Options Field Description Generate a New Certificate Signing Request (CSR) Select the option and click Next to open the Generate Certificate Signing Request (CSR) page. NOTE: Each new CSR overwrites any previous CSR on the firmware. For a CA to accept your CSR, the CSR in the firmware must match the certificate returned from the CA.
3 Click Generate to create the CSR. 4 Click Download to save the CSR file to your local computer. 5 Click the appropriate button to continue. See Table 5-15. Table 5-14. Generate Certificate Signing Request (CSR) Page Options Field Description Common Name The exact name being certified (usually the Web server's domain name, for example, www.xyzcompany.com). Only alphanumeric characters, hyphens, underscores, and periods are valid. Spaces are not valid.
Table 5-15. Generate Certificate Signing Request (CSR) Page Buttons Button Description Print Prints the Generate Certificate Signing Request values that appear on the screen. Refresh Reloads the Generate Certificate Signing Request page. Generate Generates a CSR and then prompts the user to save it to a specified directory. Download Downloads the certificate to the local computer. Go Back to SSL Main Menu Returns the user to the SSL Main Menu page.
Viewing a Server Certificate 1 On the SSL Main Menu page, select View Server Certificate and click Next. Table 5-17 describes the fields and associated descriptions listed in the Certificate window. 2 Click the appropriate button to continue. See Table 5-18. Table 5-17.
To access the Active Directory Main Menu: 1 Click System→Remote Access→iDRAC, and then click the Network/Security tab. 2 Click Active Directory to open the Active Directory Main Menu page. Table 5-19 lists the Active Directory Main Menu page options. 3 Click the appropriate button to continue. See Table 5-20. Table 5-19.
Configuring Active Directory (Standard Schema and Extended Schema) 1 On the Active Directory Main Menu page, select Configure Active Directory and click Next. 2 On the Active Directory Configuration page, enter the Active Directory settings. Table 5-21 describes the Active Directory Configuration and Management page settings. 3 Click Apply to save the settings. 4 Click the appropriate button to continue. See Table 5-22.
Table 5-21. Active Directory Configuration Page Settings (continued) Setting Description iDRAC Domain Name The DNS name of the domain, where the Active Directory iDRAC object resides. This default is blank. The name must be a valid domain name consisting of x.y, where x is a 1-254 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. Role Groups The list of role groups associated with the iDRAC.
Table 5-23. Role Group Privileges (continued) Setting Description Login to iDRAC Allows the group log in access to the iDRAC. Configure iDRAC Allows the group permission to configure the iDRAC. Configure Users Allows the group permission to configure users. Clear Logs Allows the group permission to clear logs. Execute Server Control Commands Allows the group permission to execute server control commands. Access Console Redirection Allows the group access to Console Redirection.
Table 5-24. Role Group Permissions (continued) Property Description Custom Selects any combination of the following permissions: Login to iDRAC, Configure iDRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands None No assigned permissions Uploading an Active Directory CA Certificate 1 On the Active Directory Main Menu page, select Upload Active Directory CA Certificate and click Next.
Downloading an iDRAC Server Certificate 1 On the Active Directory Main Menu page, select Download iDRAC Server Certificate and click Next. 2 Save the file to a directory on your system. 3 In the Download Complete window, click Close. Viewing an Active Directory CA Certificate Use the Active Directory Main Menu page to view a CA server certificate for your iDRAC. 1 On the Active Directory Main Menu page, select View Active Directory CA Certificate and click Next.
Enabling or Disabling Local Configuration Access NOTE: The default setting for local configuration access is Enabled. Enabling Local Configuration Access 1 Click System→Remote Access→iDRAC→Network/Security. 2 Under Local Configuration, click to uncheck Disable iDRAC local USER Configuration Updates to enable access. 3 Click Apply. 4 Click the appropriate button to continue. Disabling Local Configuration Access 1 Click System→Remote Access→iDRAC→Network/Security.
Table 5-28. Serial Over LAN Configuration Page Settings Setting Description Enable Serial Over LAN When checked, the checkbox indicates that Serial Over LAN is enabled. Baud Rate Indicates the data speed. Select a data speed of 19.2 kbps, 57.6 kbps, or 115.2 kbps. Table 5-29. Serial Over LAN Configuration Page Buttons Button Description Print Prints the Serial Over LAN Configuration values that appear on the screen. Refresh Reloads the Serial Over LAN Configuration page.
Table 5-31. Serial Over LAN Configuration Advanced Settings Page Buttons Button Description Refresh Reloads the Serial Over LAN Configuration Advanced Settings page. Apply Saves any new settings that you make while viewing the Serial Over LAN Configuration Advanced Settings page. Go Back To Serial Over Returns the user to the Serial Over LAN Configuration LAN Configuration page. Page Configuring iDRAC Services NOTE: To modify these settings, you must have Configure iDRAC permission.
Table 5-32. Web Server Settings Setting Description Enabled Enables or disables the iDRAC web server. When checked, the checkbox indicates that the web server is enabled. The default is enabled. Max Sessions The maximum number of simultaneous sessions allowed for this system. This field is not editable. There can be four simultaneous sessions. Current Sessions The number of current sessions on the system, less than or equal to the Max Sessions. This field is not editable.
Table 5-34. Telnet Settings Setting Description Enabled Enables or disables telnet. When checked, telnet is enabled. Max Sessions The maximum number of simultaneous sessions allowed for this system. Only one session is supported. Active Sessions The number of current sessions on the system. Timeout The telnet idle timeout, in seconds. Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 0.
Updating the iDRAC Firmware NOTICE: If the iDRAC firmware becomes corrupted, as could occur if the iDRAC firmware update progress is interrupted before it completes, you can recover the iDRAC using the CMC. See your CMC Firmware User Guide for instructions. NOTE: The firmware update, by default, retains the current iDRAC settings. During the update process, you have the option to reset the iDRAC configuration to the factory defaults.
6 In the Firmware Update - Validation (page 2 of 4) window, you will see the results of the validation performed on the image file you uploaded. • If the image file uploaded successfully and passed all verification checks, a message will appear indicating that the firmware image has been verified. OR • If the image did not upload successfully, or it did not pass the verification checks, the firmware update will return to the Firmware Update - Upload (page 1 of 4) window.
If the iDRAC firmware becomes corrupted, as could occur if the iDRAC firmware update progress is interrupted before it completes, you can use the CMC Web interface to update its firmware. If the CMC detects the corrupted iDRAC firmware, the iDRAC is listed on the Updatable Components page in the CMC Web interface. NOTE: See the CMC Firmware User Guide for instructions for using the CMC Web interface.
Using the iDRAC with Microsoft Active Directory A directory service maintains a common database of all information needed for controlling users, computers, printers, and other devices on a network. If your company uses the Microsoft® Active Directory® service software, you can configure the software to provide access to the iDRAC, allowing you to add and control iDRAC user privileges to your existing users in your Active Directory software.
Extended Schema Active Directory Overview There are three ways to enable Active Directory with the extended schema: • With the iDRAC Web interface (see "Configuring the iDRAC With Extended Schema Active Directory Using the Web Interface" on page 115). • With the RACADM CLI tool (see "Configuring the iDRAC With Extended Schema Active Directory Using RACADM" on page 116). • With the SM-CLP command line (see "Configuring the iDRAC With Extended Schema Active Directory and SM-CLP" on page 117).
Overview of the RAC Schema Extensions To provide the greatest flexibility in the multitude of customer environments, Dell provides a group of properties that can be configured by the user depending on the desired results. Dell has extended the schema to include an Association, Device, and Privilege property. The Association property is used to link together the users or groups with a specific set of privileges to one or more RAC devices.
Figure 6-1. Typical Setup for Active Directory Objects Association Object User(s) Group(s) Privilege Object RAC Device Object(s) RAC Privilege Object NOTE: The RAC privilege object applies to both DRAC 4 and iDRAC. You can create as many or as few association objects as required.
When adding Universal Groups from separate domains, create an Association Object with Universal Scope. The Default Association objects created by the Dell Schema Extender Utility are Domain Local Groups and will not work with Universal Groups from other domains. Figure 6-2.
See "Adding iDRAC Users and Privileges to Active Directory" on page 112 for detailed instructions. Figure 6-3 provides an example of Active Directory objects in multiple domains. In this scenario, you have two iDRACs (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). User1 is in Domain1, and user2 and user 3 are in Domain2. In this scenario, configure user1 and user2 with administrator privileges to both iDRACs and configure user3 with login privileges to the RAC2.
3 Create two RAC Device Objects, RAC1 and RAC2, to represent the two iDRACs. 4 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privileges. 5 Group user1 and user2 into Group1. The group scope of Group1 must be Universal. 6 Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RAC1, RAC2 as RAC Devices in AO1.
You can extend your schema using one of the following: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema.
Table 6-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) dellRacDevice 1.2.840.113556.1.8000.1280.1.1.1.1 dellAssociationObject 1.2.840.113556.1.8000.1280.1.1.1.2 dellRACPrivileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 6-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Used to define the privileges (Authorization Rights) for the iDRAC device. Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-7. dellProduct Class (continued) OID 1.2.840.113556.1.8000.1280.1.1.1.5 SuperClasses Computer Attributes dellAssociationMembers Table 6-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsServerResetUser 1.2.840.113556.1.8000.1280.1.1.2.7 TRUE TRUE if the user has Server Reset rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsConsoleRedirectUser 1.2.840.113556.1.8000.1280.1.1.2.8 TRUE if the user has Console Redirection rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellAssociationMembers 1.2.840.113556.1.8000.1280.1.1.2.14 FALSE List of Distinguished Name dellAssociationObjectMembers (LDAPTYPE_DN that belong to this Product. 1.3.6.1.4.1.1466.115.121.1.12) This attribute is the backward link to the dellProductMembers Linked attribute.
Opening the Active Directory Users and Computers Snap-In To open the Active Directory Users and Computers snap-in, perform the following steps: 1 If you are logged into the domain controller, click Start→Admin Tools→ Active Directory Users and Computers. If you are not logged into the domain controller, you must have the appropriate Microsoft Administrator Pack installed on your local system. To install this Administrator Pack, click Start→Run, type MMC, and press Enter.
4 Select RAC Device Object. 5 Click OK. Creating a Privilege Object NOTE: A Privilege Object must be created in the same domain as the related Association Object. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→Dell RAC Object. The New Object window appears. 3 Type a name for the new object. 4 Select Privilege Object. 5 Click OK. 6 Right-click the privilege object that you created, and select Properties.
Adding Objects to an Association Object Using the Association Object Properties window, you can associate users or user groups, privilege objects, and RAC devices or RAC device groups. If your system is running Windows 2000 mode or higher, use Universal Groups to span domains with your user or RAC objects. You can add groups of Users and RAC devices. The procedure for creating Dell-related groups and non-Dell-related groups is identical.
Configuring the iDRAC With Extended Schema Active Directory Using the Web Interface 1 Open a supported Web browser window. 2 Log in to the iDRAC Web interface. 3 Click System→Remote Access. 4 Click the Configuration tab and select Active Directory. 5 On the Active Directory Main Menu page, select Configure Active Directory and click Next. 6 In the Common Settings section: a Select the Enable Active Directory check box. b Type the Root Domain Name.
NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The domain controllers’ SSL certificates should have been signed by the root CA. Have the root CA certificate available on your management station accessing the iDRAC (see "Exporting the Domain Controller Root CA Certificate" on page 126). c Click Apply.
racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgActiveDirectory -o cfgADRacName racadm sslcertupload -t 0x2 -f racadm sslcertdownload -t 0x1 -f 2 If DHCP is enabled on the iDRAC and you want to use the DNS provided by the DHCP server, type the following RACADM command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 3 If DHCP is disabled on the iDRAC or you want to manually input your DNS
set oemdell_schematype=1 set oemdell_adracdomain= set oemdell_adrootdomain= set oemdell_adracname= set /system1/sp1/oemdell_ssl1 oemdell_certtype=AD load -source /system1/sp1/oemdell_ssl1 set /system1/sp1/oemdell_ssl1 oemdell_certtype=SSL dump -destination /system1/sp1/oemdell_ssl1 2 If DHCP is enabled on the iDRAC and you want to use the DNS provided by the DHCP server, type the following SM-CLP co
solution, the role and the privilege level is defined on each iDRAC, not in the Active Directory. Up to five role groups can be configured and defined in each iDRAC. Table 5-10 on page 78 shows the privileges level of the role groups and Table 6-9 shows the default role group settings. Figure 6-4.
Table 6-9. Default Role Group Privileges (continued) Default Privilege Level Permissions Granted Bit Mask None No assigned permissions 0x00000000 None No assigned permissions 0x00000000 NOTE: The Bit Mask values are used only when setting up the standard schema with the RACADM. There are two ways to enable the standard schema in Active Directory: • With the iDRAC Web user interface. See "Configuring the iDRAC With Standard Schema Active Directory and the Web Interface" on page 120.
4 Select Active Directory to open the Active Directory Main Menu page. 5 On the Active Directory Main Menu page, select Configure Active Directory and click Next. 6 In the Common Settings section: a Select the Enable Active Directory check box. b Type the Root Domain Name. The Root Domain Name is the fully qualified root domain name for the forest. c Type the Timeout time in seconds. 7 Click Use Standard Schema in the Active Directory Schema Selection section.
b In the Certificate Upload page, type the file path of the certificate or browse to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The domain controllers’ SSL certificates should have been signed by the root CA.
racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupName racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupPrivilege racadm sslcertupload -t 0x2 -f racadm sslcertdownload -t 0x1 -f NOTE: For bit mask values, see Table B-1.
Use the following commands to configure the iDRAC Active Directory Feature with the standard schema using SM-CLP.
5 If DHCP is disabled on the iDRAC or you want to manually enter your DNS IP addresses, type the following SM-CLP commands: set /system1/sp1/enetport1/lanendpt1/\ ipendpt1/dnsendpt1 oemdell_serversfromdhcp=0 set /system1/sp1/enetport1/lanendpt1/ipendpt1/\ dnsendpt1/remotesap1 dnsserveraddress= set /system1/sp1/enetport1/lanendpt1/ipendpt1/\ dnsendpt1/remotesap1 dnsserveraddress= Enabling SSL on a Domain Controller If you are using Microsoft Enterprise Root CA
Exporting the Domain Controller Root CA Certificate NOTE: If your system is running Windows 2000, the following steps may vary. 1 Locate the domain controller that is running the Microsoft Enterprise CA service. 2 Click Start→Run. 3 In the Run field, type mmc and click OK. 4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 machines) and select Add/Remove Snap-in. 5 In the Add/Remove Snap-In window, click Add. 6 In the Standalone Snap-In window, select Certificates and click Add.
e In the Security Certificate Main Menu page, select Upload Server Certificate and click Apply. f In the Certificate Upload screen, perform one of the following procedures: g • Click Browse and select the certificate. • In the Value field, type the path to the certificate. Click Apply. Importing the iDRAC Firmware SSL Certificate Use the following procedure to import the iDRAC firmware SSL certificate to all domain controller trusted certificate lists.
Using Active Directory to Log In To the iDRAC You can use Active Directory to log in to the iDRAC using the Web interface. Use one of the following formats to enter your username: or \ or / where username is an ASCII string of 1–256 bytes. White space and special characters (such as \, /, or @) cannot be used in the user name or the domain name. NOTE: You cannot specify NetBIOS domain names, such as Americas, as these names cannot be resolved.
Table 6-10. Using iDRAC With Active Directory: Frequently Asked Questions (continued) Question Answer Does using the iDRAC with Active Directory support multiple domain environments? Yes. The domain forest function level must be in Native mode or Windows 2003 mode. In addition, the groups among Association Object, RAC user objects, and RAC Device Objects (including Association Object) must be universal groups.
Table 6-10. Using iDRAC With Active Directory: Frequently Asked Questions (continued) Question Answer What can I do if I cannot log into the iDRAC using Active Directory authentication? How do I troubleshoot the issue? 1 Ensure that you use the correct user domain name during a login and not the NetBIOS name. 2 If you have a local iDRAC user account, log into the iDRAC using your local credentials.
Viewing the Configuration and Health of the Managed Server System Summary Click System→Properties→Summary to obtain information about the Main System Enclosure and the Integrated Dell Remote Access Controller. Main System Enclosure System Information This section of the iDRAC Web interface provides the following basic information about the managed server: • Description — The model number or name of the managed server. • BIOS Version — The version number of the managed server's BIOS.
• Model Name — The model number, type, or description of the installed Mezzanine card(s). • Integrated Storage Card — The model number or name of the installed storage controller card. Auto Recovery This section of the iDRAC Web interface details the current mode of operation of the Auto Recovery feature of the managed server as set by Open Manage Server Administrator: • Recovery Action — Action to be performed when a system fault or hang is detected.
• Subnet Mask — The TCP/IP Subnet Mask configured for iDRAC. • MAC Address — The MAC address associated with the LOM (LAN on Motherboard) Network Interface Controller of the iDRAC. • DHCP Enabled — Enabled if the iDRAC is set to fetch its IP address and associated info from a DHCP server. • Preferred DNS Address 1 — Set to the currently active primary DNS server. • Alternate DNS Address 2 — Set to the alternate DNS server address.
CMC The CMC page displays the health status, firmware revision, and IP address of the Chassis Management Controller. You can also launch the CMC Web Interface by clicking the Launch the CMC Web Interface button. Batteries The Batteries page displays the status and values of the system board coin-cell battery that maintains the Real-Time Clock (RTC) and CMOS configuration data storage of the managed system.
CPU The CPU Information page reports the health of each CPU on the managed server. This health status is a roll-up of a number of individual thermal, power, and functional tests. POST The Post Code page displays the last system post code (in hexadecimal) prior to booting the operating system of the managed server. Misc Health The Misc Health page provides access to the following system logs: System Event Log — Displays system-critical events that occur on the managed system.
Viewing the Configuration and Health of the Managed Server
Using GUI Console Redirection This section provides information about using the iDRAC console redirection feature. Overview The iDRAC console redirection feature enables you to access the local console remotely in either graphic or text mode. Using console redirection, you can control one or more iDRAC-enabled systems from one location. You do not have to sit in front of each server to perform all the routine maintenance.
If a second user requests a console redirection session, the first user is notified and is given the option to refuse access, allow only video, or allow full shared access. The second user is notified that another user has control. The first user must respond within thirty seconds or full access is automatically granted to the second user.
2 If you are using Firefox or want to use the Java Viewer with Internet Explorer, install a Java Runtime Environment (JRE). See "Installing a Java Runtime Environment (JRE)" on page 55. 3 It is recommended that you configure your monitor display resolution to 1280x1024 pixels or higher. NOTICE: If you have an active console redirection session and a lower resolution monitor is connected to the iKVM, the server console resolution may reset if the server is selected on the local console.
Table 8-2. Console Redirection Configuration Properties (continued) Property Description Active Sessions Displays the number of Active Console sessions. This field is read-only. Keyboard and Mouse Port The network port number used for connecting to the Number Console Redirection Keyboard/Mouse option. This traffic is always encrypted. You may need to change this number if another program is using the default port. The default is 5900.
Table 8-2. Console Redirection Configuration Properties (continued) Property Description Disable Local Console Checked indicates that output to the iKVM monitor is disabled during console redirection. This ensures that the tasks you perform using Console Redirection will not be visible on the managed server’s local monitor. NOTE: For information about using Virtual Media with Console Redirection, see "Configuring and Using Virtual Media" on page 153.
Table 8-4. Console Redirection Page Information Property Description Console Redirection Enabled Yes/No Video Encryption Enabled Yes/No Max Sessions Displays the maximum number of supported console redirection sessions Current Sessions Displays the current number of active console redirection sessions Mouse Mode Displays the mouse acceleration currently in effect. Mouse Acceleration mode should be chosen based on the type of operating system installed on the managed server.
The buttons in Table 8-5 are available on the Console Redirection page. Table 8-5. Console Redirection Page Buttons Button Definition Refresh Reloads the Console Redirection Configuration page Launch Viewer Opens a console redirection session on the targeted remote system Print Prints the Console Redirection Configuration page 3 If a console redirection session is available, click Launch Viewer. NOTE: Multiple message boxes may appear after you launch the application.
Table 8-6 describes the menu options that are available for use in the viewer. Table 8-6. Viewer Menu Bar Selections Menu Item Item Description Video Pause Temporarily pauses console redirection. Resume Resumes console redirection. Refresh Redraws the viewer screen image. Capture Captures the current remote system screen to a .bmp Current Screen file on Windows or a .png file on Linux. A dialog box is displayed that allows you to save the file to a specified location.
Table 8-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Keyboard Hold Right Alt Select this item before typing keys you want to Key combine with the right key. Hold Left Alt Key Select this item before typing keys you want to combine with the left key. Left Windows Key Select Hold Down before typing characters you want to combine with the left Windows key. Select Press and Release to send a left Windows key keystroke.
Table 8-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Mouse Synchronize Cursor The Mouse menu enables you to synchronize the cursor so that the mouse on the client is redirected to the mouse on the server. Options Color Mode Allows you to select a color depth to improve performance over the network.
The Synchronize cursor menu item is a toggle. Ensure that there is a check mark next to the item in the menu so that the mouse synchronization is active. When using Red Hat® Linux® or Novell® SUSE® Linux, be sure to configure the mouse mode for Linux before you launch the viewer. See "Configuring Console Redirection in the iDRAC Web Interface" on page 139 for help with configuration. The operating system’s default mouse settings are used to control the mouse arrow in the iDRAC Console Redirection screen.
Frequently Asked Questions Table 8-7 lists frequently asked questions and answers. Table 8-7. Using Console Redirection: Frequently Asked Questions Question Answer Can a new remote console video session be started when the local video on the server is turned off? Yes. Why does it take It gives a local user an opportunity to take any action before 15 seconds to turn off the video is switched off.
Table 8-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer What privileges are Any user with iDRAC configuration privileges can turn the needed for an iDRAC local console on or off. user to turn on or off the local server video? How can I get the current status of the local server video? The status is displayed on the Console Redirection Configuration page of the iDRAC Web interface.
Table 8-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why doesn’t the mouse sync in DOS when performing Console Redirection? The Dell BIOS is emulating the mouse driver as a PS/2 mouse. By design, the PS/2 mouse uses relative position for the mouse pointer, which causes the lag in syncing. iDRAC has a USB mouse driver, which allows absolute position and closer tracking of the mouse pointer.
Table 8-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why doesn’t the Num Lock indicator on my management station reflect the status of the Num Lock on the remote server? When accessed through the iDRAC, the Num Lock indicator on the management station does not necessarily coincide with the state of the Num Lock on the remote server.
Using GUI Console Redirection
Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the console redirection viewer, provides the managed server access to media connected to a remote system on the network. Figure 9-1 shows the overall architecture of Virtual Media. Figure 9-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps. Virtual media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
Depending on your version of Internet Explorer, a custom security setting for ActiveX may be required: 1 Start Internet Explorer. 2 Click Tools→Internet Options, and then click the Security tab. 3 Under Select a Web content zone to specify its security settings, click to select the desired zone. 4 Under Security level for this zone, click Custom Level. The Security Settings window appears.
Configuring Virtual Media 1 Log in to the iDRAC Web interface. 2 Select System in the navigation tree and click the Console tab. 3 Click Configuration→Virtual Media to configure the Virtual Media settings. Table 9-2 describes the Virtual Media configuration values. 4 When you have finished configuring the settings, click Apply. 5 Click the appropriate button to continue. See Table 9-3. Table 9-2.
Table 9-2. Virtual Media Configuration Values (continued) Attribute Value Virtual Media SSL Port Number The network port number used for encrypted connections to the Virtual Media service. Two consecutive ports starting from the port number specified are used to connect to the Virtual Media service. The port number following the specified port must not be configured for any other iDRAC service. The default is 3670.
1 Open a supported Web browser on your management station. See "Supported Web Browsers" on page 27. 2 Start the iDRAC Web interface. "Accessing the Web Interface" on page 65. 3 Select System in the navigation tree and click the Console tab. The Console Redirection page appears. If you want to change the values of any of the displayed attributes, see "Configuring Virtual Media" on page 156.
8 Click the Connect button next to each selected media type. The media is connected and the Status window is updated. 9 Click the Close button. Disconnecting Virtual Media 1 Click Media→Virtual Media Wizard…. 2 Click Disconnect next to the media you wish to disconnect. The media is disconnected and the Status window is updated. 3 Click Close. Booting From Virtual Media The system BIOS enables you to boot from virtual optical drives or virtual floppy drives.
Installing Operating Systems Using Virtual Media This section describes a manual, interactive method to install the operating system on your management station that may take several hours to complete. A scripted operating system installation procedure using Virtual Media may take less than 15 minutes to complete. See "Deploying the Operating System" on page 207 for more information. 1 Verify the following: • The operating system installation CD is inserted in the management station’s CD drive.
Frequently Asked Questions Table 9-4 lists frequently asked questions and answers. Table 9-4. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my Virtual Media client connection drop. Why? When a network time-out occurs, the iDRAC firmware drops the connection, disconnecting the link between the server and the Virtual Drive.
Table 9-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer Why do I sometimes lose my client connection? • You can sometimes lose your client connection if the network is slow or if you change the CD in the client system CD drive. For example, if you change the CD in the client system’s CD drive, the new CD might have an autostart feature.
Table 9-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer How do I configure my virtual device On the managed server, access the BIOS Setup as a bootable device? and navigate to the boot menu. Locate the virtual CD, Virtual Floppy, or Virtual Flash and change the device boot order as needed. For example, to boot from a CD drive, configure the CD drive as the first drive in the boot order.
Table 9-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy device on a system running Red Hat® Enterprise Linux® or the SUSE® Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
Table 9-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer What file system types are supported on my Virtual Floppy Drive? Your Virtual Floppy Drive supports FAT16 or FAT32 file systems. When I performed a firmware update remotely using the iDRAC Web interface, my virtual drives at the server were removed. Why? Firmware updates cause the iDRAC to reset, drop the remote connection, and unmount the virtual drives. The drives will reappear when the iDRAC reset is complete.
Configuring and Using Virtual Media
Using the Local RACADM Command Line Interface The local RACADM command line interface (CLI) provides access to the iDRAC management features from the managed server. RACADM provides access to the same features as the iDRAC Web interface. However, RACADM can be used in scripts to ease configuration of multiple servers and iDRACs, where the Web interface is more useful for interactive management. Local RACADM commands do not use network connections to access the iDRAC from the managed server.
The subcommand list includes all commands that are supported by the iDRAC. To get help for a subcommand, type: racadm help The command displays the syntax and command-line options for the subcommand. RACADM Subcommands Table 10-1 provides a description of each RACADM subcommand that you can run in RACADM. For a detailed listing of RACADM subcommands including syntax and valid entries, see "RACADM Subcommand Overview" on page 249. Table 10-1.
Table 10-1. RACADM Subcommands (continued) Command Description racreset Resets the iDRAC. racresetcfg Resets the iDRAC to the default configuration. serveraction Performs power management operations on the managed server. setniccfg Sets the IP configuration for the controller. sslcertdownload Downloads a CA certificate. sslcertupload Uploads a CA certificate or server certificate to the iDRAC. sslcertview Views a CA certificate or server certificate in the iDRAC.
For example, to display a list of all cfgLanNetworking group object settings, type the following command: racadm getconfig -g cfgLanNetworking Managing iDRAC Users with RACADM NOTICE: Use caution when using the racresetcfg command, as all configuration parameters are reset to the original defaults. Any previous changes are lost. NOTE: If you are configuring a new iDRAC or if you ran the racadm racresetcfg command, the only current user is root with the password calvin.
Adding an iDRAC User To add a new user to the iDRAC, perform the following steps: 1 Set the user name. 2 Set the password. 3 Set the Login to iDRAC user privilege. 4 Enable the user.
Table 10-2. Bit Masks for User Privileges (continued) User Privilege Privilege Bit Mask Clear Logs 0x0000008 Execute Server Control Commands 0x0000010 Access Console Redirection 0x0000020 Access Virtual Media 0x0000040 Test Alerts 0x0000080 Execute Debug Commands 0x0000100 For example, to allow the user Configure iDRAC, Configure Users, Clear Logs, and Access Console Redirection privileges, add the values 0x00000002, 0x00000004, 0x00000008, and 0x00000010 to construct the bitmap 0x0000002E.
NOTE: Ensure that the SMTP and E-mail Alert settings are configured before testing the e-mail alert feature. See "Configuring E-Mail Alerts" on page 74 for more information. Testing the iDRAC SNMP Trap Alert Feature The iDRAC SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed server. The following example shows how a user can test the SNMP trap alert feature.
racadm config -g cfgLanNetworking -o cfgNicGateway 192.168.0.120 racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 192.168.0.5 racadm config -g cfgLanNetworking -o cfgDNSServer2 192.168.0.
a Update the IPMI channel privileges by entering the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanPrivilegeLimit where is one of the following: • 2 (User) • 3 (Operator) • 4 (Administrator) Using the Local RACADM Command Line Interface 175
For example, to set the IPMI LAN channel privilege to 2 (User), type the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanPrivilegeLimit 2 b Set the IPMI LAN channel encryption key, if required, using a command such as the following: NOTE: The iDRAC IPMI supports the RMCP+ protocol. See the IPMI 2.0 specifications for more information. racadm config -g cfgIpmiLan -o cfgIpmiEncryptionKey where is a 20-character encryption key in a valid hexadecimal format.
b Update the IPMI SOL baud rate using the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolBaudRate where is 19200, 57600, or 115200 bps. For example: racadm config -g cfgIpmiSol -o cfgIpmiSolBaudRate 57600 c Enable SOL by typing the following command at the command prompt. NOTE: SOL can be enabled or disabled for each individual user. racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable -i 2 where is the user’s unique ID.
For example, to enable PEF to reboot the system and send an IPMI alert when a processor critical event is detected, type the following command: racadm config -g cfgIpmiPef -o cfgIpmiPefAction -i 9 2 Configuring PET 1 Enable global alerts using the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 2 Enable PET using the following command: racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i <0|1> where is the PET destination index and 0 or 1 disable PET or enable P
Configuring E-mail Alerts 1 Enable global alerts by entering the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 2 Enable e-mail alerts by entering the following commands: racadm config -g cfgEmailAlert -o cfgEmailAlertEnable -i <0|1> where is the e-mail destination index and 0 disables the e-mail alert or 1 enables the alert. The e-mail destination index can be a value from 1 through 4.
Configuring IP Filtering (IpRange) IP address filtering (or IP Range Checking) allows iDRAC access only from clients or management workstations whose IP addresses are within a userspecified range. All other login requests are denied.
Table 10-4. IP Address Filtering (IpRange) Properties (continued) Property Description cfgRacTuneIpRangeMask Defines the significant bit positions in the IP address. The mask should be in the form of a netmask, where the more significant bits are all 1’s with a single transition to all zeros in the lower-order bits. Configuring IP Filtering To configure IP filtering in the Web interface, follow these steps: 1 Click System→Remote Access→iDRAC→Network/Security.
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.252 The last byte of the range mask is set to 252, the decimal equivalent of 11111100b. IP Filtering Guidelines Use the following guidelines when enabling IP filtering: • Ensure that cfgRacTuneIpRangeMask is configured in the form of a netmask, where all most significant bits are 1’s (which defines the subnet in the mask) with a transition to all 0’s in the low-order bits.
"Login Retry Restriction Properties" on page 183 lists the user-defined parameters. Table 10-5. Login Retry Restriction Properties Property Definition cfgRacTuneIpBlkEnable Enables the IP blocking feature. When consecutive failures (cfgRacTuneIpBlkFailCount) from a single IP address are encountered within a specific amount of time (cfgRacTuneIpBlkFailWindow), all further attempts to establish a session from that address are rejected for a certain time span (cfgRacTuneIpBlkPenaltyTime).
The following example prevents more than three failed attempts within one minute, and prevents additional login attempts for an hour.
For a complete list of available RACADM CLI commands, see "Using the Local RACADM Command Line Interface" on page 167. Using an iDRAC Configuration File An iDRAC configuration file is a text file that contains a representation of the values in the iDRAC database. You can use the RACADM getconfig subcommand to generate a configuration file containing the current values from the iDRAC.
Example: # # This is a comment [cfgUserAdmin] cfgUserAdminPrivilege=4 • Group entries must be surrounded by [ and ] characters. The starting [ character denoting a group name must start in column one. This group name must be specified before any of the objects in that group. Objects that do not include an associated group name generate an error. The configuration data is organized into groups as defined in "iDRAC Property Database Group and Object Definitions" on page 279.
• The line for an indexed group cannot be deleted from a configuration file. You must remove an indexed object manually using the following command: racadm config -g -o -i "" NOTE: A NULL string (identified by two "" characters) directs the iDRAC to delete the index for the specified group.
Modifying the iDRAC IP Address in a Configuration File When you modify the iDRAC IP address in the configuration file, remove all unnecessary = entries. Only the actual variable group’s label with "[" and "]" remains, including the two = entries pertaining to the IP address change. For example: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.
Errors in the configuration file are flagged with the line number and a message that explains the problem. You must correct all errors before the configuration file can update the iDRAC. NOTICE: Use the racresetcfg subcommand to reset the database and the iDRAC NIC settings to the original default settings and remove all users and user configurations. While the root user is available, other users’ settings are also reset to the default settings.
3 Copy the edited configuration file to a network drive where it is accessible to each managed server whose iDRAC you want to configure. 4 For each iDRAC you want to configure: a Log in to the managed server and start a command prompt.
Using the iDRAC SM-CLP Command Line Interface This section provides information about the Server Management Workgroup (SMWG) Server Management-Command Line Protocol (SM-CLP) that is incorporated in the iDRAC. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SMWG SM-CLP specifications. For more information on these specifications, see the Distributed Management Task Force (DMTF) website at www.dmtf.org.
• Active Directory configuration • iDRAC LAN configuration • SSL Certificate Signature Request (CSR) generation • Virtual media configuration • Serial over LAN (SOL) redirection over Telnet or SSH iDRAC SM-CLP Support SM-CLP is hosted from the iDRAC firmware and supports telnet and SSH connections. The iDRAC SM-CLP interface is based on the SM-CLP Specification Version 1.0 provided by the DMTF organization.
Table 11-1. Supported SM-CLP CLI Verbs (continued) Verb Description Options delete Deletes an object instance. –examine, –help, –output, –version Syntax: delete [options] target dump Moves a binary image from the MAP to a URI. –destination, –examine, dump -destination [options] –help, –output, –version [target] exit Exits from the SM-CLP shell session. Syntax: –help, –output, –version exit [options] help Displays help for SM-CLP commands.
Table 11-1. Supported SM-CLP CLI Verbs (continued) Verb Description Options start Starts a target. –examine, –force, –help, –output, –version Syntax: start [options] [target] stop Shuts down a target. Syntax: stop [options] [target] version Displays the version attributes of a target. Syntax: –examine, –force, –help, –output, –state, –version, –wait –examine, –help, –output, –version version [options] Table 11-2 describes the SM-CLP options.
Table 11-2. Supported SM-CLP Options (continued) SM-CLP Option Description –level, -l Instructs the verb to operate on targets at additional levels beneath the specified target. Syntax: -level –output, –o Specifies the format for the output. Syntax: -output -source Specifies the location of an image in a load command. Syntax: -source –version, –v Displays the SMASH-CLP version number.
Targets Table 11-3 provides a list of targets available through the SM-CLP. Table 11-3. SM-CLP Targets Target Definition /system1/ The managed system target. /system1/sp1 The service processor. /system1/sol1 Serial over LAN target. /system1/sp1/account1 through /system1/sp1/account16 The sixteen local iDRAC user accounts. account1 is the root account. /system1/sp1/enetport1 The iDRAC NIC MAC address. /system1/sp1/enetport1/lanendpt1/ ipendpt1 The iDRAC IP, gateway, and netmask settings.
Using the -display Option The show –display option allows you to limit the output of the command to one or more of properties, targets, and verbs. For example, to display just the properties and targets at the current location, use the following command: show -d properties,targets /system1/sp1/account1 To list only certain properties, qualify them, as in the following command: show -d properties=(userid,username) /system1/sp1/account1 If you only want to show one property, you can omit the parentheses.
iDRAC SM-CLP Examples The following subsections provide examples for using the SM-CLP to perform the following operations: • Server power management • SEL management • MAP target navigation • Display system properties • Setting the iDRAC IP address, subnet mask, and gateway address For information on the use of the iDRAC SM-CLP interface, see "iDRAC SMCLP Property Database" on page 321.
Table 11-5.
Table 11-5.
Table 11-6. Map Target Navigation Operations (continued) Operation Syntax Navigate to the SEL ->cd system1 target and display the ->cd sp1 log records ->cd logs1 ->show ->cd system1/sp1/logs1 ->show Display current target ->cd . Move up one level ->cd ..
When you commit the changes, the new network settings take effect, which causes your telnet or ssh session to be terminated. By introducing the commit step, you can delay the termination of your session until you have completed all of your SM-CLP commands. Table 11-7 provides examples of setting the iDRAC properties using SM-CLP. Table 11-7.
3 Enter the following command: load -source tftp:/// /system1/sp1 where is the DNS name or IP address of your TFTP server and is the path to the update package on the TFTP server. Your telnet or SSH session will be terminated. You may need to wait several minutes for the firmware update to complete. 4 To verify that the new firmware was written, start a new telnet or SSH session and re-enter the version command again.
4 Enter the DNS name or IP address of the iDRAC in the Host address field. 5 Enter the Telnet port number in the Port number field. 6 Click OK. To end the SOL session, click the HyperTerminal disconnect icon. Using SOL Over Telnet With Linux To start SOL from Telnet on a Linux management station, follow these steps: 1 Start a shell.
Deploying Your Operating System Using iVM-CLI The Virtual Media Command Line Interface (iVM-CLI) utility is a command-line interface that provides virtual media features from the management station to the iDRAC in the remote system. Using iVM-CLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the iVM-CLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using the iDRAC Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Windows systems. Creating an Image File for Linux Systems Use the Data Duplicator (dd) utility to create a bootable image file for your Linux system.
When you create the image file, do the following: • Follow standard network-based installation procedures • Mark the deployment image as "read only" to ensure that each target system boots and executes the same deployment procedure 4 Perform one of the following procedures: • Integrate ipmitool and the Virtual Media command line interface (iVM-CLI) into your existing operating system deployment application. Use the sample ivmdeploy script as a guide to using the utility.
• is the path to an ISO9660 image of the operating system installation CD or DVD • is the path to the device containing the operating system installation CD or DVD The ivmdeploy script passes its command line options to the iVMCLI utility. See "Command Line Options" on page 210 for details about these options. The script processes the -r option slightly differently than the iVMCLI -r option.
If your operating system supports administrator privileges or an operating system-specific privilege or group membership, administrator privileges are also required to run the iVM-CLI command. The client system’s administrator controls user groups and privileges, thereby controlling the users who can run the utility. For Windows systems, you must have Power User privileges to run the iVMCLI utility.
Command Line Options The iVM-CLI interface is identical on both Windows and Linux systems. The utility uses options that are consistent with the RACADM utility options. For example, an option to specify the iDRAC IP address requires the same syntax for both RACADM and iVM-CLI utilities. The iVM-CLI command format is as follows: iVMCLI [parameter] [operating_system_shell_options] Command-line syntax is case sensitive. See "iVM-CLI Parameters" for more information.
The must have the following attributes: • Valid user name • iDRAC Virtual Media User permission If iDRAC authentication fails, an error message appears and the command is terminated. iDRAC User Password -p This parameter provides the password for the specified iDRAC user. If iDRAC authentication fails, an error message displays and the command terminates.
Omit this parameter from the command line if you are not virtualizing floppy media. If an invalid value is detected, an error message displays and the command terminates. CD/DVD Device or Image File -c { | } where is a valid CD/DVD drive letter (Windows systems) or a valid CD/DVD device file name (Linux systems) and is the file name and path of a valid ISO-9660 image file.
Help Display -h This parameter displays a summary of the iVM-CLI utility parameters. If no other non-switch options are provided, the command terminates without error. Manual Display -m This parameter displays a detailed “man page” for the iVM-CLI utility, including descriptions of all of the possible options. Encrypted Data -e When this parameter is included in the command line, iVM-CLI will use an SSL-encrypted channel to transfer data between the management station and the iDRAC in the remote system.
multiple iVM-CLI instances are started in this way, and one or more of the command instances must be manually terminated, use the operating systemspecific facilities for listing and terminating processes. iVM-CLI Return Codes 0 = No error 1 = Unable to connect 2 = iVM-CLI command line error 3 = RAC firmware connection dropped English-only text messages are also issued to standard error output whenever errors are encountered.
Using the iDRAC Configuration Utility Overview The iDRAC Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for the iDRAC and for the managed server.
Starting the iDRAC Configuration Utility You must use an iKVM-connected console to access the iDRAC Configuration Utility initially or after a resetting the iDRAC to the default settings. 1 At the keyboard connected to the iKVM console, press to display the iKVM On Screen Configuration and Reporting (OSCAR) menu. Use and to highlight the slot containing your server, then press .
• The bottom line of the screen displays instructions for the current item. You can press to display help for the current item. • When you have finished using the iDRAC Configuration Utility, press to view the exit menu, where you can choose to save or discard your changes or return to the utility. The following sections describe the iDRAC Configuration Utility menu items. LAN Use , , and the spacebar to select between Enabled and Disabled.
Press any key to clear the message and continue. See "LAN" on page 217 for an explanation of the message. LAN Parameters Press to display the LAN Parameters submenu. When you have finished configuring the LAN parameters, press to return to the previous menu. Table 13-1. LAN Parameters Item Description RMCP+ Encryption Key Press to edit the value, when finished. The RMCP+ Encryption key is a 40-character hexadecimal string (characters 0-9, a-f, and A-F).
Table 13-1. LAN Parameters (continued) Item Description Default Gateway If the IP Address Source is set to DHCP, this field displays the IP address of the default gateway obtained from DHCP. If the IP Address Source is set to Static, enter the IP address of the default gateway. The default is 192.168.0.1. LAN Alert Enabled Select On to enable the Platform Event Trap (PET) LAN alert. Alert Policy Entry 1 Select Enable or Disable to activate the first alert destination.
Virtual Media Use and to select Attached or Detached. When you select Attached, the virtual media devices are attached to the USB bus, making them available for use during Console Redirection sessions. If you select Detached, users cannot access virtual media devices during Console Redirection sessions. NOTE: To use a USB Flash Drive with the Virtual Media feature, the USB Flash Drive Emulation Type must be set to Hard disk in the BIOS Setup Utility.
Reset to Default Use the Reset to Default menu item to reset all of the iDRAC configuration items to the factory defaults. This may be required, for example, if you have forgotten the administrative user password or if you want to reconfigure the iDRAC from the default settings. NOTE: In the default configuration, the iDRAC networking is disabled. You cannot reconfigure the iDRAC over the network until you have enabled the iDRAC network in the iDRAC Configuration Utility. Press to select the item.
Exiting the iDRAC Configuration Utility When you have finished making changes to the iDRAC configuration, press the key to display the Exit menu. Select Save Changes and Exit and press to retain your changes. Select Discard Changes and Exit and press to ignore any changes you made. Select Return to Setup and press to return to the iDRAC Configuration Utility.
Recovering and Troubleshooting the Managed Server This section explains how to perform tasks related to diagnosing and troubleshooting a remote managed server using the iDRAC facilities.
Trouble Indicators This section describes indications that there may be a problem with your system. LED Indicators The initial indication of system trouble may be the LEDs on the chassis or components installed in the chassis. The following components and modules have status LEDs: • Chassis LCD display • Servers • Fans • CMCs • I/O modules • Power supplies The single LED on the chassis LCD summarizes the status of all of the components in the system.
Hardware Trouble Indicators Indications that a module has a hardware problem include the following: • Failure to power up • Noisy fans • Loss of network connectivity • Battery, temperature, voltage, or power monitoring sensor alerts • Hard drive failures • USB media failure • Physical damage caused by dropping, water, or other external stress When these kinds of problems occur, you can try to correct the problem using these strategies: • Reseat the module and restart it • Try inserting the
Table 14-2. Trouble Indicators Look for: Action: Messages in the iDRAC Log See "Viewing the iDRAC Log" on page 238. Problem Solving Tools This section describes iDRAC facilities you can use to diagnose problems with your system, especially when you are trying to solve problems remotely.
Click any component on the Health page to see information about the component. Sensor readings are displayed for batteries, temperatures, voltages, and power monitoring, helping to diagnose some types of problems. The iDRAC and CMC information pages provide useful current status and configuration information. Checking the System Event Log (SEL) The SEL Log page displays messages for events that occur on the managed server.
Checking the Post Codes The Post Codes page displays the last system post code prior to booting the operating system. Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from Power on Reset, and allow you to diagnose any faults related to system boot-up. NOTE: View the text for POST code message numbers in the LCD display or in the Hardware Owner’s Manual.
Table 14-6. Last Crash Screen Page Buttons Button Action Print Prints the Last Crash Screen page. Save Opens a pop-up window that enables you to save the Last Crash Screen page to a directory of your choice. Delete Deletes the Last Crash Screen page. Refresh Reloads the Last Crash Screen page. NOTE: Due to fluctuations in the Auto Recovery timer, the Last Crash Screen may not be captured when the System Reset Timer is configured with a value that is too high. The default setting is 480 seconds.
Table 14-7. Boot Capture Options Button/Option Description Previous Screen Takes you to previous screen, if any, in the replay console. Play Starts the screenplay from current screen in the replay console. Pause Pauses the screenplay on the current screen being displayed in the replay console. Stop Stops the screenplay and loads the first screen of that boot sequence. Next Screen Takes you to next screen, if any, in the replay console.
Table 14-8.
Table 14-8.
Table 14-8. Server Status Screen (continued) Severity Message Cause Critical System Board OS Watchdog: The iDRAC watchdog Watchdog sensor for System detected that the system Board, power cycle was asserted has crashed (timer expired because no response was received from Host) and the action is set to power cycle. Critical System Board SEL: Event Log The SEL device detects sensor for System Board, log full that only one entry can was asserted be added to the SEL before it is full.
Table 14-8. Server Status Screen (continued) Severity Message Cause Non-Recoverable CPU Bus PERR: Processor sensor, transition to nonrecoverable was asserted The processor bus PERR entered a nonrecoverable state. Non-Recoverable CPU Init Err: Processor sensor, transition to non-recoverable was asserted The processor initialization entered a non-recoverable state.
Table 14-8. Server Status Screen (continued) Severity Message Cause Critical Chipset Err: Critical Event sensor, PCI PERR was asserted Chip error is detected. Warning Mem ECC Warning: Memory Correctable ECC errors sensor, transition to non-critical have increased from a from OK ( ) was asserted Critical Mem ECC Warning: Memory Correctable ECC errors sensor, transition to critical from have reached a critical less severe (
Table 14-8.
Table 14-8.
Table 14-8. Server Status Screen (continued) Severity Message Cause Critical LinkT/FlexAddr: Link Tuning sensor, failed to program the virtual MAC address () was asserted This event is generated when the BIOS fails to program the virtual MAC address on the given NIC device. Critical I/O Fatal Err: Fatal IO Group sensor, fatal IO error () This event is generated in association with a CPU IERR and indicates which device caused the CPU IERR.
Table 14-9. Field iDRAC Log Page Information (continued) Description Description A brief description of the event and the user name that logged into the iDRAC. Using the iDRAC Log Page Buttons The iDRAC Log page provides the following buttons (see Table 14-10). Table 14-10. iDRAC Log Buttons Button Action Print Prints the iDRAC Log page. Clear Log Clears the iDRAC Log entries. NOTE: The Clear Log button only appears if you have Clear Logs permission.
Main System enclosure Table 14-11 and Table 14-12 describe the main system enclosure properties. Table 14-11. System Information Fields Field Description Description Provides a system description. BIOS Version Lists the system BIOS version. Service Tag Lists the system Service Tag number. Host Name Provides the host system’s name. OS Name Lists the operating system running on the system. Table 14-12.
Table 14-13. iDRAC Information Fields (continued) Field Description IP Address The 32-bit address that identifies the network interface. The value is displayed in a dot separated format, such as 143.166.154.127. Gateway The IP Address of the gateway that acts as a bridge to other networks. This value is in a dot separated format, such as 143.166.150.5. Subnet Mask The subnet mask identifies the parts of the IP Address that make up the Extended Network Prefix and the Host Number.
If you entered 0 leave the LED flashing, follow these steps to disable it: 1 Click System→Remote Access→iDRAC→Troubleshooting. 2 On the Identify page, uncheck the value box next to Identify Server. 3 Click Apply. Using the Diagnostics Console The iDRAC provides a standard set of network diagnostic tools (see Table 14-14) that are similar to the tools included with Microsoft® Windows® or Linux-based systems. Using the iDRAC Web interface, you can access the network debugging tools.
Table 14-14. Diagnostic Commands (continued) Command Description gettracelog Displays the iDRAC trace log. See "gettracelog" on page 268 for more information. Managing Power on a Remote System The iDRAC enables you to remotely perform several power management actions on the managed server. Use the Power Management page to perform an orderly shutdown through the operating system when rebooting and powering on and off.
Table 14-15. Power Control Actions (continued) Reset System (warm boot) Reboots the system without powering off (warm boot). Power Cycle System Powers off, then reboots the system (cold boot). Table 14-16. Power Management Page Buttons Button Action Print Prints the Power Management values that appear on the screen. Refresh Reloads the Power Management page. Apply Saves any new settings that you make while viewing the Power Management page.
Table 14-17. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of the iDRAC? From the CMC Web interface: 1 Click Chassis→Servers, then click the Setup tab. 2 Click Deploy. 3 Read the IP address for your server from the table that is displayed. From the iKVM: • Reboot the server and enter the iDRAC Configuration Utility by pressing OR • Watch for the IP address to display during BIOS POST.
Table 14-17. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of the CMC? From the iDRAC Web interface: • Click System→Remote Access→CMC. The CMC IP address is displayed on the Summary page. OR • Select the "Dell CMC" console in the OSCAR to log into the CMC through a local serial connection. CMC RACADM commands can be issued from this connection. Refer to the CMC Firmware User Guide for a complete list of the CMC RACADM subcommands.
Table 14-17. Frequently Asked Questions/Troubleshooting (continued) Question Answer I have forgotten the You must restore the iDRAC to its default settings. iDRAC administrative user 1 Reboot the server and press when name and password. prompted to enter the iDRAC Configuration Utility. 2 On the configuration utility menu, highlight Reset to Default and press . For more information, see "Reset to Default" on page 221.
Table 14-17. Frequently Asked Questions/Troubleshooting (continued) Question Answer When attempting to boot the managed server, the power indicator is green, but there is no POST or no video at all. This can happen if any of the following conditions is true: • Memory is not installed or is inaccessible. • The CPU is not installed or is inaccessible. • The video riser card is missing or improperly connected. Also, look for error messages in the iDRAC log from the iDRAC Web interface or from the LCD.
RACADM Subcommand Overview This section provides descriptions of the subcommands that are available in the RACADM command line interface. help Table A-1 describes the help command. Table A-1. Help Command Command Definition help Lists all of the subcommands available to use with racadm and provides a short description for each.
Supported Interfaces • Local RACADM config Table A-2 describes the config and getconfig subcommands. Table A-2. config/getconfig Subcommand Definition config Configures the iDRAC. getconfig Gets the iDRAC configuration data.
Table A-3. config Subcommand Options and Descriptions (continued) Option Description -p The -p, or password, option directs config to delete the password entries contained in the config file -f after the configuration is complete. -g The -g , or group, option must be used with the -o option. The specifies the group containing the object that is to be set. -o The -o , or object, option must be used with the -g option.
• racadm config -f myrac.cfg Configures or reconfigures the iDRAC. The myrac.cfg file may be created with the getconfig command. The myrac.cfg file may also be edited manually as long as the parsing rules are followed. NOTE: The myrac.cfg file does not contain passwords. To include passwords in the file, you must enter them manually. If you want to remove passwords from the myrac.cfg file during configuration, use the -p option.
Table A-4. getconfig Subcommand Options (continued) Option Description -i The -i , or index, option is valid only for indexed groups and can be used to specify a unique group. If -i is not specified, a value of 1 is assumed for groups, which are tables that have multiple entries. The index is specified by the index value, not a "named" value. -o The -o , or object, option specifies the object name that is used in the query. This option can be used with the -g option.
• racadm getconfig -g cfgUserAdmin -i 2 -v Displays the user group instance at index 2 with extensive information for the property values. Synopsis racadm getconfig -f racadm getconfig -g [-i ] racadm getconfig -u racadm getconfig -h Supported Interfaces • Local RACADM getssninfo Table A-5 describes the getssninfo subcommand. Table A-5.
Supported Interfaces • Local RACADM Input Table A-6 describes the getssninfo subcommand options. Table A-6. getssninfo Subcommand Options Option Description -A The -A option eliminates the printing of data headers. -u The -u user name option limits the printed output to only the detail session records for the given user name. If an asterisk (*) symbol is given as the user name, all users are listed. Summary information is not printed when this option is specified.
getsysinfo Table A-8 describes the racadm getsysinfo subcommand. Table A-8. getsysinfo Command Definition getsysinfo Displays iDRAC information, system information, and watchdog status information. Synopsis racadm getsysinfo [-d] [-s] [-w] [-A] Description The getsysinfo subcommand displays information related to the iDRAC, managed server, and watchdog configuration. Supported Interfaces • Local RACADM Input Table A-9 describes the getsysinfo subcommand options. Table A-9.
Sample Output RAC Information: RAC Date/Time Firmware Version Firmware Build Last Firmware Update = = = = Wed Aug 22 20:01:33 2007 0.32 13661 Mon Aug 20 08:09:36 2007 Hardware Version Current IP Address Current IP Gateway Current IP Netmask DHCP Enabled MAC Address Current DNS Server 1 Current DNS Server 2 DNS Servers from DHCP Register DNS RAC Name DNS RAC Name Current DNS Domain = = = = = = = = = = = = NA 192.168.0.120 192.168.0.1 255.255.255.0 1 00:14:22:18:cd:f9 10.32.60.4 10.32.60.
Examples • racadm getsysinfo -A -s "System Information:" "PowerEdge M600" "0.2.1" "0.32" "48192" "dell-x92i38xc2n" "" "ON" • racadm getsysinfo -w -s System Information: System Model System BIOS Version BMC Firmware Version Service Tag Host Name OS Name Power Status = PowerEdge M600 = 0.2.1 = 0.
Synopsis racadm getractime [-d] Description With no options, the getractime subcommand displays the time in a common readable format. With the -d option, getractime displays the time in the format, yyyymmddhhmmss.mmmmmms, which is the same format returned by the UNIX date command. Output The getractime subcommand displays the output on one line. Sample Output racadm getractime Thu Dec 8 20:15:26 2005 racadm getractime -d 20071208201542.
Synopsis racadm setniccfg -d racadm setniccfg -s [ ] racadm setniccfg -o [ ] Description The setniccfg subcommand sets the iDRAC IP address. • The -d option enables DHCP for the NIC (default is DHCP enabled). • The -s option enables static IP settings. The IP address, netmask, and gateway can be specified. Otherwise, the existing static settings are used. , , and must be typed as dotseparated strings.
getniccfg Table A-12 describes the getniccfg subcommand. Table A-12. getniccfg Subcommand Definition getniccfg Displays the current IP configuration for the iDRAC. Synopsis racadm getniccfg Description The getniccfg subcommand displays the current NIC settings. Sample Output The getniccfg subcommand will display an appropriate error message if the operation is not successful.
getsvctag Table A-13 describes the getsvctag subcommand. Table A-13. getsvctag Subcommand Definition getsvctag Displays a service tag. Synopsis racadm getsvctag Description The getsvctag subcommand displays the service tag of the host system. Example Type getsvctag at the command prompt. The output is displayed as follows: Y76TP0G The command returns 0 on success and nonzero on errors. Supported Interfaces • Local RACADM racreset Table A-14 describes the racreset subcommand. Table A-14.
Synopsis racadm racreset Description The racreset subcommand issues a reset to the iDRAC. The reset event is written into the iDRAC log. Examples • racadm racreset Start the iDRAC soft reset sequence. Supported Interfaces • Local RACADM racresetcfg Table A-15 describes the racresetcfg subcommand. Table A-15. racresetcfg Subcommand Definition racresetcfg Resets the entire RAC configuration to factory default values.
NOTICE: This command deletes your current iDRAC configuration and resets the iDRAC configuration to the default settings. After reset, the default name and password are root and calvin, respectively, and the IP address is 192.168.0.120 plus the number of the slot the server inhabits in the chassis. serveraction Table A-16 describes the serveraction subcommand. Table A-16. serveraction Subcommand Definition serveraction Executes a managed server reset or power-on/off/cycle.
Output The serveraction subcommand displays an error message if the requested operation could not be performed, or a success message if the operation completed successfully. Supported Interfaces • Local RACADM getraclog Table A-18 describes the racadm getraclog command. Table A-18. getraclog Command Definition getraclog -i Displays the number of entries in the iDRAC log. getraclog Displays the iDRAC log entries.
Table A-19. getraclog Subcommand Options (continued) Option Description -o Displays the output in a single line. -s Specifies the starting record used for the display. Output The default output display shows the record number, time stamp, source, and description. The timestamp begins at midnight, January 1 and increases until the managed server boots. After the managed server boots, the managed server’s system time is used for the timestamp.
getsel Table A-20 describes the getsel command. Table A-20. getsel Command Definition getsel -i Displays the number of entries in the System Event Log. getsel Displays SEL entries. Synopsis racadm getsel -i racadm getsel [-E] [-R] [-A] [-o] [-c count] [-s count] [-m] Description The getsel -i command displays the number of entries in the SEL. The following getsel options (without the -i option) are used to read entries. NOTE: If no arguments are specified, the entire log is displayed. Table A-21.
Output The default output display shows the record number, timestamp, severity, and description. For example: Record: 1 Date/Time: 11/16/2005 22:40:43 Severity: Ok Description: System Board SEL: event log sensor for System Board, log cleared was asserted Supported Interfaces • Local RACADM clrsel Synopsis racadm clrsel Description The clrsel command removes all existing records from the System Event Log (SEL).
Synopsis racadm gettracelog -i racadm gettracelog [-A] [-o] [-c count] [-s startrecord] [-m] Description The gettracelog (without the -i option) command reads entries. The following gettracelog entries are used to read entries: Table A-23. gettracelog Subcommand options Option Description -i Displays the number of entries in the iDRAC trace log. -m Displays one screen at a time and prompts the user to continue (similar to the UNIX more command). -o Displays the output in a single line.
Supported Interfaces • Local RACADM sslcsrgen Table A-24 describes the sslcsrgen subcommand. Table A-24. sslcsrgen Subcommand Description sslcsrgen Generates and downloads an SSL certificate signing request (CSR) from the RAC. Synopsis racadm sslcsrgen [-g] [-f ] racadm sslcsrgen -s Description The sslcsrgen subcommand can be used to generate a CSR and download the file to the client’s local file system.
If no options are specified, a CSR is generated and downloaded to the local file system as sslcsr by default. The -g option cannot be used with the -s option, and the -f option can only be used with the -g option. The sslcsrgen -s subcommand returns one of the following status codes: • CSR was generated successfully. • CSR does not exist. • CSR generation in progress. NOTE: Before a CSR can be generated, the CSR fields must be configured in the RACADM cfgRacSecurity group.
Options Table A-27 describes the sslcertupload subcommand options. Table A-27. sslcertupload Subcommand Options Option Description -t Specifies the type of certificate to upload, either the CA certificate or server certificate. 1 = server certificate 2 = CA certificate -f Specifies the file name of the certificate to be uploaded. If the file is not specified, the sslcert file in the current directory is selected.
Options Table A-29 describes the sslcertdownload subcommand options. Table A-29. sslcertdownload Subcommand Options Option Description -t Specifies the type of certificate to download, either the Microsoft® Active Directory® certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -f Specifies the file name of the certificate to be downloaded. If the -f option or the filename is not specified, the sslcert file in the current directory is selected.
Options Table A-31 describes the sslcertview subcommand options. Table A-31. sslcertview Subcommand Options Option Description -t Specifies the type of certificate to view, either the Microsoft Active Directory certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -A Prevents printing headers/labels.
Valid From Valid To : Jul : Jul 8 16:21:56 2005 GMT 7 16:21:56 2010 GMT racadm sslcertview -t 1 -A 00 US Texas Round Rock Dell Inc. Remote Access Group iDRAC default certificate US Texas Round Rock Dell Inc. Remote Access Group iDRAC default certificate Jul 8 16:21:56 2005 GMT Jul 7 16:21:56 2010 GMT Supported Interfaces • Local RACADM testemail Table A-32 describes the testemail subcommand. Table A-32.
Description Sends a test e-mail from the iDRAC to a specified destination. Prior to executing the testemail command, ensure that the specified index in the RACADM cfgEmailAlert group is enabled and configured properly. Table A-33 provides an example of commands for the cfgEmailAlert group. Table A-33.
Supported Interfaces • Local RACADM testtrap Table A-35 describes the testtrap subcommand. Table A-35. testtrap Subcommand Description testtrap Tests the iDRAC’s SNMP trap alerting feature. Synopsis racadm testtrap -i Description The testtrap subcommand tests the iDRAC’s SNMP trap alerting feature by sending a test trap from the iDRAC to a specified destination trap listener on the network.
Input Table A-37 describes the testtrap subcommand options. Table A-37. testtrap Subcommand Options Option Description -i Specifies the index of the trap configuration to use for the test Valid values are from 1 to 4.
iDRAC Property Database Group and Object Definitions The iDRAC property database contains the configuration information for the iDRAC. Data is organized by associated object, and objects are organized by object group. The IDs for the groups and objects that the property database supports are listed in this section. Use the group and object IDs with the RACADM utility to configure the iDRAC. The following sections describe each object and indicate whether the object is readable, writable, or both.
idRacProductInfo (Read Only) Legal Values String of up to 63 ASCII characters. Default Integrated Dell Remote Access Controller Description A text string that identifies the product. idRacDescriptionInfo (Read Only) Legal Values String of up to 255 ASCII characters. Default This system component provides a complete set of remote management functions for Dell PowerEdge servers. Description A text description of the RAC type.
idRacBuildInfo (Read Only) Legal Values String of up to 16 ASCII characters. Default The current RAC firmware build version. For example, "05.12.06". Description A string containing the current product build version. idRacName (Read Only) Legal Values String of up to 15 ASCII characters. Default iDRAC Description A user assigned name to identify this controller. idRacType (Read Only) Default 8 Description Identifies the remote access controller type as the iDRAC.
One instance of the group is allowed. All objects in this group will require the iDRAC NIC to be reset, which may cause a brief loss in connectivity. Objects that change the iDRAC NIC IP address settings will close all active user sessions and require users to reconnect using the updated IP address settings. cfgDNSDomainNameFromDHCP (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies that the iDRAC DNS domain name should be assigned from the network DHCP server.
cfgDNSRacName (Read/Write) Legal Values String of up to 63 ASCII characters. At least one character must be alphabetic. NOTE: Some DNS servers only register names of 31 characters or fewer. Default rac-service tag Description Displays the RAC name, which is rac-service tag by default. This parameter is only valid if cfgDNSRegisterRac is set to 1 (TRUE). cfgDNSRegisterRac (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Registers the iDRAC name on the DNS server.
Description Specifies that the DNS server IP addresses should be assigned from the DHCP server on the network. cfgDNSServer1 (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Description Specifies the IP address for DNS server 1. This property is only valid if cfgDNSServersFromDHCP is set to 0 (FALSE). NOTE: cfgDNSServer1 and cfgDNSServer2 may be set to identical values while swapping addresses.
Default 0 Description Enables or disables the iDRAC network interface controller. If the NIC is disabled, the remote network interfaces to the iDRAC will no longer be accessible, and the iDRAC will only be available through the local RACADM interface. cfgNicIpAddress (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 192.168.0.
Description The subnet mask used for static assignment of the iDRAC IP address. This property is only valid if cfgNicUseDhcp is set to 0 (FALSE). cfgNicGateway (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid gateway IP address. For example: 192.168.0.1. Default 192.168.0.1 Description The gateway IP address used for static assignment of the RAC IP address.
cfgNicMacAddress (Read Only) Legal Values A string representing the RAC NIC MAC address. Default The current MAC address of the iDRAC NIC. For example, 00:12:67:52:51:A3. Description The iDRAC NIC MAC address. cfgUserAdmin This group provides configuration information about the users who are allowed to access the RAC through the available remote interfaces. Up to 16 instances of the user group are allowed. Each instance represents the configuration for an individual user.
cfgUserAdminPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff Default 0x00000000 Description This property specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values. Table B-1 describes the user privilege bit values that can be combined to create bit masks. Table B-1.
Table B-2. Sample Bit Masks for User Privileges User Privilege(s) Privilege Bit Mask The user is not allowed to access the iDRAC. 0x00000000 The user may only login to the 0x00000001 iDRAC and view iDRAC and server configuration information. The user may login to the iDRAC 0x00000001 + 0x00000002 = 0x00000003 and change configuration. The user may login to RAC, access virtual media, and access console redirection.
Default "" Description The password for this user. User passwords are encrypted and cannot be seen or displayed after the property is written. cfgUserAdminEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables an individual user. cfgUserAdminSolEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Serial Over LAN (SOL) user access. cfgEmailAlert This group contains parameters to configure the RAC e-mail alerting capabilities.
The following subsections describe the objects in this group. Up to four instances of this group are allowed. cfgEmailAlertIndex (Read Only) Legal Values 1–4 Default This parameter is populated based on the existing instances. Description The unique index of an alert instance. cfgEmailAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies the destination email address for email alerts. For example, user1@company.com.
Description The e-mail address of the alert source. cfgEmailAlertCustomMsg Legal Values String. Maximum Length = 32. Default "" Description Specifies a custom message that is sent with the alert. cfgSessionManagement This group contains parameters to configure the number of sessions that can connect to the iDRAC. One instance of the group is allowed. The following subsections describe the objects in this group.
cfgSsnMgtWebserverTimeout (Read/Write) Legal Values 60 – 1920 Default 300 Description Defines the web server time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session; you must log out and log in again to make the new settings effective. An expired web server session logs out the current session.
After the message appears, the system returns you to the shell that generated the Secure Shell session. cfgSsnMgtTelnetIdleTimeout (Read/Write) Legal Values 0 (No timeout) 60 – 1920 Default 300 Description Defines the telnet idle time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached.
Default 1 Description Enables or disables the secure shell (SSH) interface on the iDRAC. cfgSerialTelnetEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the telnet console interface on the iDRAC. cfgRacTuning This group is used to configure various iDRAC configuration properties, such as valid ports and security port restrictions.
cfgRacTuneHttpsPort (Read/Write) Legal Values 10 – 65535 Default 443 Description Specifies the port number to use for HTTPS network communication with the iDRAC. cfgRacTuneIpRangeEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP Address Range validation feature of the iDRAC. cfgRacTuneIpRangeAddr Legal Values String, IP address formatted. For example, 192.168.0.44. Default 192.168.1.
cfgRacTuneIpRangeMask Legal Values Standard IP mask values with left-justified bits Default 255.255.255.0 Description String, IP-address formatted. For example, 255.255.255.0. cfgRacTuneIpBlkEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP address blocking feature of the RAC.
cfgRacTuneIpBlkFailWindow Legal Values 10 – 65535 Default 60 Description Defines the time span in seconds that the failed attempts are counted. When failure attempts age beyond this limit, they are dropped from the count. cfgRacTuneIpBlkPenaltyTime Legal Values 10 – 65535 Default 300 Description Defines the time span in seconds that session requests from an IP address with excessive failures are rejected.
cfgRacTuneTelnetPort (Read/Write) Legal Values 1 – 65535 Default 23 Description Specifies the port number used for the iDRAC telnet interface. cfgRacTuneConRedirEncryptEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Encrypts the video in a console redirection session.
Description Specifies the port to be used for keyboard and mouse traffic during console redirection activity with the iDRAC. cfgRacTuneConRedirVideoPort (Read/Write) Legal Values 1 – 65535 Default 5901 Description Specifies the port to be used for video traffic during console redirection activity with the iDRAC. NOTE: This object requires an iDRAC reset before it becomes active.
Default 1 Description Enables and disables the iDRAC web server. If this property is disabled, the iDRAC will not be accessible using client web browsers. This property has no effect on the telnet/SSH or local RACADM interfaces. cfgRacTuneLocalServerVideo (Read/Write) Legal Values 1 (Enables) 0 (Disables) Default 1 Description Enables (switches ON) or disables (switches OFF) the local server video.
ifcRacManagedNodeOs This group contains properties that describe the Managed Server operating system. One instance of the group is allowed. The following subsections describe the objects in this group. ifcRacMnOsHostname (Read/Write) Legal Values String. Maximum Length = 255. Default "" Description The host name of the managed server. ifcRacMnOsOsName (Read/Write) Legal Values String. Maximum Length = 255. Default "" Description The operating system name of the managed server.
cfgSecCsrCommonName (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Common Name (CN). cfgSecCsrOrganizationName (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Organization Name (O). cfgSecCsrOrganizationUnit (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Organization Unit (OU).
cfgSecCsrLocalityName (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Locality (L). cfgSecCsrStateName (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR State Name (S). cfgSecCsrCountryCode (Read/Write) Legal Values String. Maximum Length = 2.
cfgSecCsrEmailAddr (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Email Address. cfgSecCsrKeySize (Read/Write) Legal Values 1024 2048 4096 Default 1024 Description Specifies the SSL asymmetric key size for the CSR. cfgRacVirtual This group contains parameters to configure the iDRAC virtual media feature. One instance of the group is allowed. The following subsections describe the objects in this group.
Default 1 Description This object is used to attach virtual devices to the system via the USB bus. When the devices are attached the server will recognize valid USB mass storage devices attached to the system. This is equivalent to attaching a local USB CDROM/floppy drive to a USB port on the system. When the devices are attached you then can connect to the virtual devices remotely using the iDRAC Web interface or the CLI. Setting this object to 0 will cause the devices to detach from the USB bus.
cfgVirMediaBootOnce (Read/Write) Legal Values 1 (Enabled) 0 (Disabled) Default 0 Description Enables or disables the virtual media boot-once feature of the iDRAC. If this property is enabled when the host server is rebooted, this feature will attempt to boot from the virtual media devices—if the appropriate media is installed in the device.
cfgADRacDomain (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default "" Description Active Directory Domain in which the DRAC resides. cfgADRacName (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default "" Description Name of iDRAC as recorded in the Active Directory forest.
Description Enables or disables Active Directory user authentication on the iDRAC. If this property is disabled, local iDRAC authentication is used for user logins instead. cfgADAuthTimeout (Read/Write) NOTE: To modify this property, you must have Configure iDRAC permission. Legal Values 15 – 300 Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out.
Default 0 Description 1 (True) enables you to specify an LDAP or a Global Catalog server. 0 (False) disables this option. cfgADDomainController (Read/Write) Valid IP address or a fully qualified domain name (FQDN) Default No default value Description The iDRAC uses the value you specify to search the LDAP server for user names.
Default 1 = Extended schema Description Determines the schema type to use with Active Directory. cfgStandardSchema This group contains parameters to configure the Active Directory standard schema settings. cfgSSADRoleGroupIndex (Read Only) Legal Values Integer from 1 to 5. Description Index of the Role Group as recorded in the Active Directory. cfgSSADRoleGroupName (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters.
Default (blank) Description Active Directory Domain in which the Role Group resides. cfgSSADRoleGroupPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff Default (blank) Description Use the bit mask numbers in Table B-3 to set role-based authority privileges for a Role Group. Table B-3.
cfgIpmiSolEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables SOL. cfgIpmiSolBaudRate (Read/Write) Legal Values 19200, 57600, 115200 Default 115200 Description The baud rate for serial communication over LAN. cfgIpmiSolMinPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the minimum privilege level required for SOL access.
cfgIpmiSolAccumulateInterval (Read/Write) Legal Values 1 – 255. Default 10 Description Specifies the typical amount of time that the iDRAC waits before transmitting a partial SOL character data packet. This value is 1-based 5ms increments. cfgIpmiSolSendThreshold (Read/Write) Legal Values 1 – 255 Default 255 Description The SOL threshold limit value. Specifies the maximum number of bytes to buffer before sending an SOL data packet.
Default 0 Description Enables or disables the IPMI over LAN interface. cfgIpmiLanPrivLimit (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the maximum privilege level allowed for IPMI over LAN access. cfgIpmiLanAlertEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 0 Description Enables or disables global e-mail alerting. This property overrides all individual e-mail alerting enable/disable properties.
cfgIpmiEncryptionKey (Read/Write) Legal Values A string of hexadecimal digits from 0 to 20 characters with no spaces. Default 00000000000000000000 Description The IPMI encryption key. cfgIpmiPetCommunityName (Read/Write) Legal Values A string up to 18 characters. Default public Description The SNMP community name for traps. cfgIpmiPef This group is used to configure the platform event filters available on the managed server.
Description Specifies the name of the platform event filter. cfgIpmiPefIndex (Read Only) Legal Values 1 – 17 Default The index value of a platform event filter object. Description Specifies the index of a specific platform event filter. cfgIpmiPefAction (Read/Write) Legal Values 0 (None) 1 (Power Down) 2 (Reset) 3 (Power Cycle) Default 0 Description Specifies the action that is performed on the managed server when the alert is triggered.
Default 1 Description Enables or disables a specific platform event filter. cfgIpmiPet This group is used to configure platform event traps on the managed server. cfgIpmiPetIndex (Read/Write) Legal Values 1–4 Default The appropriate index value. Description Unique identifier for the index corresponding to the trap. cfgIpmiPetAlertDestIpAddr (Read/Write) Legal Values String representing a valid IP address. For example, 192.168.0.67. Default 0.0.0.
cfgIpmiPetAlertEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables a specific trap.
iDRAC Property Database Group and Object Definitions
iDRAC SMCLP Property Database /system1/sp1/account<1-16> This target provides configuration information about the local users who are allowed to access the RAC through available remote interfaces. Up to 16 instances of the user group are allowed. Each instance <1-16> represents the configuration for an individual local user. userid (Read Only) Legal values 1-16 Default Depends on the account instance being accessed. Description Specifies the instance ID or the local user ID.
Description A text string that contains the name of the local user for this account. The string must not contain a forward slash (/), period (.), at symbol (@), or quotation marks ("). Deleting the user is done by deleting the account. (delete account<1-16>). NOTE: This property value must be unique among usernames.
enabledstate (Read/Write) Legal Values 0 (Disabled) 1 (Enabled) Default 0 Description Helps enable or disable an individual user. solenabled (Read/Write) Legal Values 0 (Disabled) 1 (Enabled) Default 0 Description Enables or disables Serial Over LAN (SOL) user access.
Description Specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values. Table C-1 describes the user privilege bit values that can be combined to create bit masks. Table C-1.
Table C-2. Sample Bit Masks for User Privileges User Privilege(s) Privilege Bit Mask The user may login to RAC, access 0x00000001 + 0x00000040 + virtual media, and access console 0x00000080 = 0x000000C1 redirection. /system1/sp1/enetport1/* This group contains parameters to configure the iDRAC NIC. One instance of the group is allowed. All objects in this group require the iDRAC NIC to be reset, which may cause a brief loss in connectivity.
Default 0 Description Enables or disables the iDRAC network interface controller. If the NIC is disabled, the remote network interfaces to the iDRAC become inaccessible, rendering the iDRAC available only through the local RACADM interface. ipaddress (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 192.168.0.n (where n is 120 plus the server slot number) Description Specifies the static IP address to assign to the RAC.
1 (Enabled) Default 0 Description Specifies whether DHCP is used to assign the iDRAC IP address. If this property is set to 1 (Enabled), the iDRAC IP address, subnet mask, and gateway are assigned from the DHCP server on the network. If this property is set to 0 (Disabled), the static IP address, subnet mask, and gateway gain values inserted manually by the user.
1 (Enabled) Default 0 Description Specifies that the iDRAC DNS domain name should be assigned from the network DHCP server. oemdell_dnsdomainname (Read/Write) Legal Values A string of up to 254 ASCII characters. At least one of the characters must be alphabetic. Default “” Description Holds the DNS domain name. This parameter is only valid if oemdell_domainnamefromdhcp is set to 0 (Disabled).
oemdell_dnsracname (Read/Write) Legal Values A string of up to 63 ASCII characters. At least one character must be alphabetic. NOTE: Some DNS servers only register names of up to 31 characters. Default rac-service tag Description Displays the RAC name, which is the RAC service tag by default. This parameter is only valid if oemdell_dnsregisterrac is set to 1 (Registered).
Default 0.0.0.0 Description Specifies the IP address for DNS Server 1. This property is only valid if oemdell_serversfromdhcp is set to 0 (Disabled). /system1/sp1/enetport1/lanendpt1/ipendpt1/dnse ndpt1/remotesap2 dnsserveraddress (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 0.0.0.0 Description Specifies the IP address for DNS Server 2. This property is only valid if oemdell_serversfromdhcp is set to 0 (Disabled).
Description The gateway IP address used for static assignment of the RAC IP address. This property is only valid if oemdell_usedhcp is set to 0 (Disabled). /system1/sp1/group<1-5> These groups contain parameters to configure the Active Directory standard schema settings. oemdell_groupname (Read/Write) Legal Values Any printable text string up to 254 characters with no blank spaces. Default “” Description Holds the name of the Role Group as recorded in the Active Directory forest.
Default “” Description Use the bit mask numbers in Table B-3 to set role-based authority privileges for a Role Group. Table C-3.
Description Enables or disables Active Directory user authentication on the iDRAC. If this property is disabled, only local iDRAC authentication is used for user logins. oemdell_adracname (Read/Write) Legal Values Any printable text string up to 254 characters with no blank spaces. Default "" Description Name of iDRAC as recorded in the Active Directory forest. oemdell_adracdomain (Read/Write) Legal Values Any printable text string up to 254 characters with no blank spaces.
Description The root domain of the Domain Forest. oemdell_timeout (Read/Write) Legal Values 15 – 300 Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out. oemdell_schematype (Read/Write) Legal Values 1 (Extended schema) 2 (Standard schema) Default 1 Description Determines the schema type to use with Active Directory.
Description Enables the user to specify an LDAP or a Global Catalog server. oemdell_addomaincontroller (Read/Write) Legal Values A valid IP address or a fully qualified domain name (FQDN). Default “” Description Value specified by the user that the iDRAC uses to search the LDAP server for usernames. oemdell_adglobalcatalog (Read/Write) Legal Values A valid IP address or an FQDN.
commonname (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Common Name. organizationname (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Organization Name. oemdell_organizationunit (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Organization Unit.
oemdell_localityname (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Locality. oemdell_statename (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR State Name. oemdell_countrycode (Read/Write) Legal Values A string of up to 2 characters. Default "" Description Specifies the CSR Country Code.
oemdell_emailaddress (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Email Address. oemdell_keysize (Read/Write) Legal Values 1024 2048 4096 Default 1024 Description Specifies the SSL asymmetric key size for the CSR. /system1/sp1/oemdell_ssl1 Contains parameters necessary to generate Certificate Signing Requests (CSRs) and view certificates.
Default 0 Description Generates a CSR when set to 1. Set the properties in the oemdell_racsecurity1 target before generating a CSR. oemdell_status (Read Only) Legal values CSR not found CSR generated Default CSR not found Description Shows the status of the previous generate command issued, if any, during the current session.
/system1/sp1/oemdell_vmservice1 This group contains parameters to configure the iDRAC virtual media feature. enabledstate (Read/Write) Legal Values VMEDIA_DETACH VMEDIA_ATTACH VMEDIA_AUTO_ATTACH Default VMEDIA_ATTACH Description Used to attach virtual devices to the system via the USB bus, allowing the server to recognize valid USB mass storage devices attached to the system. This is equivalent to attaching a local USB CDROM/floppy drive to a USB port on the system.
oemdell_floppyemulation (Read/Write) Legal Values 0 (Disabled) 1 (Enabled) Default 0 Description When set to 0, the virtual floppy drive is recognized as a removable disk by Windows operating systems. Windows operating systems will assign a drive letter that is C: or higher during enumeration. When set to 1, the Virtual Floppy drive will be seen as a floppy drive by Windows operating systems.
Default FALSE Description Indicates that the port has SSL disabled. portnumber (Read/Write) Legal Values 1 – 65535 Default 3670 Description Specifies the port number used for encrypted virtual media connections to the iDRAC. oemdell_sslenabled (Read Only) Legal Value TRUE Default TRUE Description Indicates that the port has SSL enabled.
RACADM and SM-CLP Equivalencies Table D-1 lists the RACADM groups and objects and, where they exist, SMSLP equivalent locations in the SM-CLP MAP. Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies RACADM Groups/Objects SM-CLP Description idRacInfo idRacName String of up to 15 ASCII characters. Default: iDRAC. idRacProductInfo String of up to 63 ASCII characters. Default: Integrated Dell Remote Access Controller. idRacDescriptionInfo String of up to 255 ASCII characters.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgADEnable enablestate 0 to disable, 1 to enable. Default: 0 cfgADRacName oemdell_adracname String of up to 254 characters. cfgADRacDomain oemdell_adracdomain String of up to 254 characters. cfgADRootDomain oemdell_adrootdomain String of up to 254 characters. cfgADAuthTimeout oemdell_timeout 15 to 300 seconds.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgSSADRoleGroupPrivilege oemdell_groupprivilege Bit mask with values between 0x00000000 and 0x000001ff. cfgLanNetworking /system1/sp1/enetport1 cfgNicMacAddress macaddress The MAC address of the interface. Not editable. /system1/sp1/enetport1/ lanendpt1/ipendpt1 cfgNicEnable oemdell_nicenable 0 to disable NIC, 1 to enable NIC.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgDNSRacName oemdell_dnsracname String of up to 63 ASCII characters. At least one character must be alphabetic. Default: iDRAC- plus the Dell service tag. cfgDNSRegisterRac oemdell_dnsregisterrac Set to 1 to register iDRAC name in DNS. Default: 0 cfgDNSServersFromDHCP oemdell_dnsserversfromdhcp Set to 1 to get DNS server addresses from DHCP.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgVirMediaAttached enabledstate Set to 1 (RACADM)/ VMEDIA_ATTACH (SM-CLP) to attach media. Default: 1 (RACADM)/ VMEDIA_ATTACH (SM-CLP) cfgVirMediaBootOnce oemdell_singleboot Set to 1 to perform next boot from selected media. Default 0. /system1/sp1/oemdell_vmservice1/ tcpendpt1 cfgVirAtapiSvrPort oemdell_sslenabled Set to 1 if SSL is enabled for first virtual media device, 0 if not.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgUserAdminPassword password A string of up to 20 ASCII characters. cfgUserAdminPrivilege oemdell_extendedprivileges Bit mask value between 0x00000000 and 0x000001ff. Default: 0x00000000 cfgUserAdminSolEnable solenabled Set to 1 to allow user to use Serial over LAN. Default: 0 cfgUserAdminUserName username String of up to 16 characters.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgSsnMgtTelnetIdleTimeout Number of seconds idle before a telnet session times out. 0 to disable timeout or 60-1920 seconds. Default: 300 cfgSsnMgtWebserverTimeout Number of seconds idle before a Web interface session times out. 60-1920 seconds. Default: 300 cfgRacTuning cfgRacTuneConRedirEnable Set to 1 to enable console redirection, 0 to disable.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgRacTuneIpBlkFailWindow Time span in seconds during which to count failed login attempts (10 to 65535). Default: 60 cfgRacTuneIpBlkPenaltyTime Time span in seconds that a blocked IP remains blocked (10 to 65535). Default: 300 cfgRacTuneIpRangeAddr Base IP address for IP range filter. Default: 192.168.0.1 cfgRacTuneIpRangeEnable Set to 1 to allow IP range filtering.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgRacSecCsrCommonName commonname Active Directory common name. String of up to 254 characters. cfgRacSecCsrCountryCode oemdell_countrycode Active Directory country code. 2 characters. cfgRacSecCsrEmailAddr oemdell_emailaddress E-mail address to use for Certificate Signing Request. String of up to 254 characters.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgIpmiSolEnable Set to 1 to enable Serial over LAN feature. Default: 0 cfgIpmiSolSendThreshold Maximum number of characters to collect before sending SOL data (1 to 255). Default: 255 cfgIpmiSolMinPrivilege Minimum privilege required to use SOL. 2 (user), 3 (operator), or 4 (administrator). Default: 4 cfgIpmiLan cfgIpmiEncryptionKey A string of 0 to 40 hexadecimal digits.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgIpmiPefIndex The index number of the platform event filter. (1 - 17) cfgIpmiPefName The name of the platform event, a string of up to 254 characters. Not editable. cfgIpmiPet cfgIpmiPetAlertDestIpAddr IP address of the platform event trap receiver. Default: 0.0.0.0 cfgIpmiPetAlertEnable Set to 1 to enable the platform event trap.
Table D-2. RACADM Subcommands and SM-CLP Equivalencies RACADM Subcommand SM-CLP sslcertupload -t 2 set /system1/sp1/oemdell_ssl1 oemdell_certtype=AD sslcertdownload -t 1 set /system1/sp1/oemdell_ssl1 oemdell_certtype=SSL Uploads the Active Directory Certificate load -source
Glossary Active Directory Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. AGP Abbreviation for accelerated graphics port, which is a bus specification that allows graphics cards faster access to main system memory.
CA A certificate authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains.
DLL Abbreviation for Dynamic Link Library, which is a library of small programs, any of which can be called when needed by a larger program that is running in the system. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (or file). DDNS Abbreviation for Dynamic Domain Name System. DMTF Abbreviation for Distributed Management Task Force. DNS Abbreviation for Domain Name System.
GPIO Abbreviation for general purpose input/output. GRUB Acronym for GRand Unified Bootloader, a new and commonly-used Linux loader. GUI Abbreviation for graphical user interface, which refers to a computer display interface that uses elements such as windows, dialog boxes, and buttons as opposed to a command prompt interface, in which all user interaction is displayed and typed in text. hardware log Records events generated by the iDRAC and the CMC.
IPMI Abbreviation for Intelligent Platform Management Interface, which is a part of systems management technology. Kbps Abbreviation for kilobits per second, which is a data transfer rate. LAN Abbreviation for local area network. LDAP Abbreviation for Lightweight Directory Access Protocol. LED Abbreviation for light-emitting diode. LOM Abbreviation for Local area network On Motherboard.
MIB Abbreviation for management information base. MII Abbreviation for Media Independent Interface. NAS Abbreviation for network attached storage. NIC Abbreviation for network interface card. An adapter circuit board installed in a computer to provide a physical connection to a network. OID Abbreviation for Object Identifiers. OSCAR Acronym for On Screen Configuration and Reporting. OSCAR is the menu displayed by the Avocent iKVM when you press .
RAM disk A memory-resident program which emulates a hard drive. The iDRAC maintains a RAM disk in its memory. RAC Abbreviation for remote access controller. ROM Acronym for read-only memory, which is memory from which data may be read, but to which data cannot be written. RPM Abbreviation for Red Hat® Package Manager, which is a package-management system for the Red Hat Enterprise Linux® operating system that helps installation of software packages. It is similar to an installation program.
SSH Abbreviation for Secure Shell. SSL Abbreviation for secure sockets layer. standard schema A solution used with Active Directory to determine user access to iDRAC; uses Active Directory group objects only. TAP Abbreviation for Telelocator Alphanumeric Protocol, which is a protocol used for submitting requests to a pager service.
VNC Abbreviation for virtual network computing. VT-100 Abbreviation for Video Terminal 100, which is used by the most common terminal emulation programs. WAN Abbreviation for wide area network.
Glossary
Index A Active Directory about the extended schema, 100-114 about the standard schema, 118 accessing the iDRAC with, 105 adding iDRAC users to, 112 configuring extended schema with RACADM, 116 configuring extended schema with SM-CLP, 117 configuring extended schema with the web interface, 115 configuring standard schema with RACADM, 122 configuring standard schema with SM-CLP, 123 configuring standard schema with the web interface, 120 extended schema classes and attributes, 107 logging in to the iDRAC with
configuring iDRAC during initialization, 34 IP address, locating, 38 web Interface, 32 directory service. See Active Directory Distributed Management Task Force (DMTF), 191 CMC Web interface locating the iDRAC IP address, 245 documents you may need, 29 CMC web interface configuring iDRAC network properties, 38 E community string, SNMP, 69, 316 e-mail alerts configuring with RACADM, 179 configuring with the web interface, 74 configuration file creating, 185 extended schema.
G gettracelog command, diagnostics console, 243 group permissions table of, 78 I iDRAC creating a configuration file, 185 log, viewing, 238 recovering firmware, 97 resetting to factory defaults, 221 securing communications, 79 system information, 240 updating the firmware, 39 iDRAC configuration utility about, 215 configuring IPMI, 217 configuring LAN user, 220 configuring network properties, 217-218 configuring virtual media, 220 starting, 216 iDRAC service ports, 28 ifconfig command, diagnostics console,
parameters, 210 return codes, 214 syntax, 210 using, 208 ivmdeploy script, 207 M Manageability Access Point. See MAP J Java console redirection plug-in, 55, 142 K key, verify, 43, 45 L last crash screen capturing on the managed server, 62 viewing, 228 Lightweight Directory Access Protocol (LDAP).
configuring with the web interface, 72-73, 178 filterable platform events table, 72 network properties configuring manually, 173 configuring with RACADM, 173 configuring with the CMC web interface, 38 configuring with the iDRAC configuration utility, 217-218 configuring with the Web interface, 67 ping command, diagnostics console, 242 O ports table of, 28 On Screen Configuration and Reporting.
proxy server, web browser configuration, 51 getsel, 267 getssninfo, 168, 254 getsvctag, 168, 262 getsysinfo, 168, 256 gettracelog, 168, 268 help, 249 racreset, 169, 262 racresetcfg, 169, 263 serveraction, 169, 264 setniccfg, 169, 259 sslcertdownload, 169, 272 sslcertupload, 169, 271 sslcertview, 169, 273 sslcsrgen, 169, 270 testemail, 169, 275 testtrap, 169, 277 public key, verify, 43, 45 PuTTY, Windows SSH client, 57 R RACADM configuring Active Directory extended schema, 116 configuring Active Directory
LDIF (Active Directory schema extender), 106 secure shell. See SSH secure sockets layer. See SSL signature, verify, 42-45 Simple Network Management Protocol. See SNMP Serial Over LAN.
enabling on a domain controller, 125 importing the firmware certificate, 127 standard schema. See Active Directory System Event Log.
configuring with the web interface, 156 installing the operating system, 160 running, 157 logging in, 66 logging out, 66 updating firmware, 96 web server, iDRAC configuring with the web interface, 93 W web browser configuring, 50 proxy server configuration, 51 supported browsers, 27 web interface accessing, 65 browser configuration, 50 configuring Active Directory with extended schema, 115 configuring Active Directory with standard schema, 120 configuring ASR service, 93 configuring e-mail alerts, 74 conf
Index
