Integrated Dell™ Remote Access Controller Firmware Version 1.4 User Guide w ww.del l. com | support .del l.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ___________________ Information in this document is subject to change without notice. © 2009 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 iDRAC Overview . . . . . . . . . . . . . . . . . . . iDRAC Management Features . iDRAC Security Features . . . . . . . . . . . . . 24 . . . . . . . . . . . . . . . . 25 iDRAC Firmware Improvements . Supported Platforms . . . . . . . . . . . . 26 . . . . . . . . . . . . . . . . . . 26 Supported Operating Systems . . . . . . . . . . . . . . 26 . . . . . . . . . . . . . . . 27 . . . . . . . . 28 . . . . . . . . . . . . . . . . . . . . . . . 28 . . . . . . . . . . . . 29 . .
Configure Platform Events . . . . . . . . . . . . . Enabling or Disabling Local Configuration Access . . . . . . . . . . . . . . . . . . Configure iDRAC Services . . . . . 38 . . . . . . . . . . . . . 38 . . . . . . 38 . . . . . . . . . . . . . . 39 . . . . . . . 39 Configure the Managed Server for the Last Crash Screen Feature . . . . . . . . . . . . . . . . . . .
. . . . . . . . 52 . . . . . . . . . . . . 52 Configuring Your Web Browser to Connect to the Web Interface . . . . . . . . . . . . . . . . . . . 52 . . . 55 . . . . . . . . . 55 . . . . . . . . . . . . . 57 . . . . . 58 . . . . . 59 . . . . . . . . . . . . 60 . . . . . . . . . . . . . . . . . 60 Configuring a Supported Web Browser Opening Your Web Browser Adding iDRAC to the List of Trusted Domains Viewing Localized Versions of the Web Interface . . . . . . . . . .
Logging Out . . . . . . . . . . . . . . . . . . . . . 70 . . . . 71 . . . . . . . . . . . . . . . 71 Using Multiple Browser Tabs and Windows Configuring the iDRAC NIC Configuring the Network and IPMI LAN Settings . . . . . . . . . . . . . . . . . . . . 72 . . . . . . 75 . . . . . . . . . . . . . . 76 Configuring Platform Event Filters (PEF) . . . . . . 77 Configuring Platform Event Traps (PET) . . . . . . 78 . . . . . . . . . . . . . 78 . . . . . . . . . . . . . . . . . . . .
. . . . . . . 95 . . . . . . . . . . . . . . 95 . . . . . . . . . . . . . 99 . . . 100 Disabling Local Configuration Access Configuring iDRAC Services Updating the iDRAC Firmware Recovering iDRAC Firmware Using the CMC 6 Using the iDRAC with Microsoft Active Directory 103 Advantages and Disadvantages of Extended Schema and Standard Schema . . . . . . . . . . . . . . . . . . 103 . . . . . 104 . . . . . . . 104 . . . . . 105 . . . . . . . . .
Configuring the iDRAC With Standard Schema Active Directory and RACADM . . . . . . . . . . . 126 Configuring the iDRAC With Standard Schema Active Directory and SM-CLP . . . . . . . . . . . 127 . . . . . . . . . 129 Enabling SSL on a Domain Controller . Exporting the Domain Controller Root CA Certificate . . . . . . . . . . . . . . . . . . . . 130 . . 131 . . . . . 132 . . . . . . . . . . . . . .
8 Configuring and Using Serial Over LAN Enabling Serial Over LAN in the BIOS 141 . . . . . . . . . Configuring Serial Over LAN in the iDRAC Web GUI . . . . . . . . . . . . . . . . . . . . . . . . Using Serial Over LAN (SOL) . . . . 142 . . . . . . . . . . . . . . 145 Model for Redirecting SOL Over Telnet or SSH . . . . . . . . . . . . . . . . . Model for the SOL Proxy . . . . . . 145 . . . . . . . . . . . . . . 146 . . . . . 146 Model for Redirecting SOL Over IMPItool . . . . 146 . . . .
. . . . . . 165 . . . . . . . . . . . . . . . . . 167 Synchronizing the Mouse Pointers . . . . . . . . 170 Disabling or Enabling Local Console . . . . . . . . 171 . . . . . . . . . . . . . . 172 Opening a Console Redirection Session Using the Video Viewer Frequently Asked Questions 10 Configuring and Using Virtual Media Overview . . . 177 . . . . . . . . . . . . . . . . . . . . . . . . 177 . . . . . . 179 . . . . . . . . 179 . . . . . . . . . . . . . . . 180 . . . . . . . . . . . .
Enabling an iDRAC User With Permissions 195 . . . . . . . . . . . . . 196 . . . . . . . . . . . . . . . 196 Removing an iDRAC User Testing E-mail Alerting . . . . . . . 197 . . . . . . 197 Configuring IPMI . . . . . . . . . . . . . . . . . . 198 Configuring PEF . . . . . . . . . . . . . . . . . . 200 Configuring PET . . . . . . . . . . . . . . . . . . 201 . . . . . . . . . 203 Configuring IP Filtering . . . . . . . . . . . . . . . 204 Configuring IP Blocking . . . . . . . . . . .
Using the -display Option . . . . . . . . . . . . . . 221 . . . . . . . . . . . . . . . 221 . . . . . . . . . . . . . . 221 . . . . . . . . . . . . . . . . 222 Using the -level Option Using the -output Option iDRAC SM-CLP Examples . . . . . . . . . . . . 222 . . . . . . . . . . . . . . . . . 222 . . . . . . . . . . . . . . 224 Server Power Management SEL Management . MAP Target Navigation Setting the iDRAC IP Address, Subnet Mask, and Gateway Address . . . . . . . . . . . . . . .
14 Using the iDRAC Configuration Utility Overview . . . . . . . . . . . . . . . . . . . . . . . . 239 . . . . . . . . 240 . . . . . . . . . 240 . . . . . . . . . . . . . . . . . . . . . . . . . 241 . . . . . . . . . . . . . . 241 Starting the iDRAC Configuration Utility Using the iDRAC Configuration Utility LAN 239 IPMI Over LAN (On/Off) . . . . . . . . . . . . . . . . . . 242 . . . . . . . . . . . . . . . . . . . . 244 LAN Parameters Virtual Media . . . . . . . . . . . . . . 244 . . .
Viewing the iDRAC Log . . . . . . . . . . . . . . . 262 . . . . . . . . . . . . 263 Viewing System Information Identifying the Managed Server in the Chassis . . . . . . . . . . . . . . . . . Using the Diagnostics Console . . . . . . . 265 . . . . . . . . . . 266 . . . . . . 267 . . . 268 Managing Power on a Remote System Troubleshooting and Frequently Asked Questions A RACADM Subcommand Overview 275 . . . . . . . . . . . . . . . . . . . . . . . . . . 276 . . . . . . . . . . . . . . . .
clrsel . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 . . . . . . . . . . . . . . . . . . . . . . . 294 . . . . . . . . . . . . . . . . . . . . . . . . 296 . . . . . . . . . . . . . . . . . . . . . . 297 . . . . . . . . . . . . . . . . . . . . 298 . . . . . . . . . . . . . . . . . . . . . . . 299 . . . . . . . . . . . . . . . . . . . . . . . . 301 . . . . . . . . . . . . . . . . . . . . . . . . . 303 gettracelog sslcsrgen sslcertupload sslcertdownload sslcertview testemail .
cfgDNSServer2 (Read/Write) cfgNicEnable (Read/Write) . . . . . . . . . . . . 310 . . . . . . . . . . . . 310 cfgNicIpAddress (Read/Write) . . . . . . . . . . . 311 cfgNicNetmask (Read/Write) . . . . . . . . . . . 311 cfgNicGateway (Read/Write) . . . . . . . . . . . 312 cfgNicUseDhcp (Read/Write) . . . . . . . . . . . 312 . . . . . . . . . . 313 . . . . . . . . . . . . . . . . . . . . . . 313 cfgNicMacAddress (Read Only) cfgUserAdmin . . . 313 . . . . . . .
cfgRacTuneHttpsPort (Read/Write) . . . . . . . . . . . . 322 322 . . . . . . . . . . . . . 323 . . . . . . . . . . . . . . 323 cfgRacTuneIpRangeMask cfgRacTuneIpBlkEnable 322 . . . . . . . . . . . . . cfgRacTuneIpRangeEnable cfgRacTuneIpRangeAddr . . . . . . . . . . . . . . . . . . . . . 323 cfgRacTuneIpBlkFailWindow . . . . . . . . . . . 324 cfgRacTuneIpBlkPenaltyTime . . . . . . . . . . . 324 . . . . . . . . . 324 cfgRacTuneTelnetPort (Read/Write) . . . . . . . .
. . . . . . . . . . 332 cfgVirAtapiSrvPortSsl (Read/Write) . . . . . . . . 332 cfgVirMediaBootOnce (Read/Write) . . . . . . . . 333 . . . . . . . . . 333 . . . . . . . . . . . . . . . . . . . 333 . . . . . . . . . . 334 cfgVirAtapiSrvPort (Read/Write) cfgFloppyEmulation (Read/Write) cfgActiveDirectory cfgADRacDomain (Read/Write) . . . . . . . . . . . 334 . . . . . . . . . . . . . 334 cfgADAuthTimeout (Read/Write) . . . . . . . . . . 335 cfgADRootDomain (Read/Write) . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 342 cfgIpmiPefName (Read Only) . . . . . . . . . . . 342 cfgIpmiPefIndex (Read Only) . cfgIpmiPef . . . . . . . . . . . 343 cfgIpmiPefAction (Read/Write) . . . . . . . . . . 343 cfgIpmiPefEnable (Read/Write) . . . . . . . . . . 343 . . . . . . . . . . . . . . . . . . . . . . . . 344 . . . . . . . . . . . 344 . . . . . 344 . . . . . . .
oemdell_domainnamefromdhcp (Read/Write) 353 . . . . . . 354 . . . . . . . 354 . . . . . . . . 355 oemdell_dnsdomainname (Read/Write) oemdell_dnsregisterrac (Read/Write) oemdell_dnsracname (Read/Write) . . . oemdell_serversfromdhcp (Read/Write) . . . . . . 355 /system1/sp1/enetport1/lanendpt1/ipendpt1/dnsendpt1/ remotesap1 . . . . . . . . . . . . . . . . . . . . . . . 355 dnsserveraddress (Read/Write) . . . . . . . . . . 355 /system1/sp1/enetport1/lanendpt1/ipendpt1/dnsendpt1/ remotesap2 . .
organizationname (Read/Write) . . . . . . . . . . 362 . . . . . . 362 . . . . . . . . 363 . . . . . . . . . 363 . . . . . . . . 363 oemdell_organizationunit (Read/Write) oemdell_localityname (Read/Write) oemdell_statename (Read/Write) oemdell_countrycode (Read/Write) . . . . . . . 364 . . . . . . . . . . . 364 /system1/sp1/oemdell_ssl1 . . . . . . . . . . . . . . . 364 generate (Read/Write) . . . . . . . . . . . . . . . 364 . . . . . . . . . . . . 365 . . . . . . . . . . 365 . . .
Contents
1 iDRAC Overview The Integrated Dell™ Remote Access Controller (iDRAC) is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for Dell PowerEdge™ systems. The iDRAC uses an integrated System-on-Chip microprocessor for the remote monitor/control system. The iDRAC co-exists on the system board with the managed PowerEdge server.
The iDRAC network interface is disabled by default. It must be configured before the iDRAC is accessible. After the iDRAC is enabled and configured on the network, it can be accessed at its assigned IP address with the iDRAC web interface, telnet or SSH, and supported network management protocols, such as Intelligent Platform Management Interface (IPMI).
NOTE: If a warning window appears during the Single Sign-On process, it must be bypassed within 20 seconds or Single Sign-On will fail.
iDRAC Firmware Improvements The following improvements have been made to the iDRAC firmware: • Major improvements in Active Directory lookup performance • Improved responsiveness of TCP-IP networking stack • Improved health status interface between iDRAC and CMC • Security improvements using multiple third-party analysis tools Supported Platforms The iDRAC supports the following PowerEdge systems in the Dell PowerEdge M1000e system enclosure: • PowerEdge M600 • PowerEdge M605 • PowerEdge M805
Table 1-1.
Table 1-2. Supported Web Browsers Operating System Supported Web Browser Windows Internet Explorer® 6.0 with Service Pack 2 (SP2) for Windows XP and Windows 2003 R2 SP2 only Internet Explorer 7.0 for Windows Vista, Windows XP, Windows 2003 R2 SP2, and Windows Server 2008 only Mozilla Firefox 2.0 for Windows (Java vKVM/vMedia console only) Linux Mozilla Firefox 1.5 on SUSE Linux (version 10) only Mozilla Firefox 2.
Table 1-4. iDRAC Server Listening Ports Port Number Function 22* Secure Shell (SSH) 23* Telnet 80* HTTP 443* HTTPS 623 RMCP/RMCP+ 3668*, 3669* Virtual Media Service 3770*, 3771* Virtual Media Secure Service 5900* Console Redirection keyboard/mouse 5901* Console Redirection video * Configurable port Table 1-5.
• The Dell Chassis Management Controller User Guide provides information about using the controller that manages all modules in the chassis containing your PowerEdge server. • The Dell OpenManage IT Assistant User’s Guide provides information about using IT Assistant. • The Dell OpenManage Server Administrator User’s Guide provides information about installing and using Server Administrator.
• Release notes or readme files may be included to provide last-minute updates to the system or documentation or advanced technical reference material intended for experienced users or technicians.
iDRAC Overview
Configuring the iDRAC 2 This section provides information about how to establish access to the iDRAC and to configure your management environment to use iDRAC.
Table 2-1. Configuration Interfaces Interface Description iDRAC Configuration Utility Accessed at boot time, the iDRAC Configuration utility is useful when installing a new PowerEdge server. Use it for setting up the network and basic security features and for enabling other features. iDRAC Web Interface The iDRAC Web interface is a browser-based management application that you can use to interactively manage the iDRAC and monitor the managed server.
Table 2-1. Configuration Interfaces (continued) Interface Description SM-CLP SM-CLP is the Distributed Management Task Force (DMTF) Server Management-Command Line Protocol (SM-CLP) that is incorporated in the iDRAC. The SM-CLP command line is accessed by logging into the iDRAC using telnet or SSH. SM-CLP commands implement a useful subset of the local RACADM commands. The commands are useful for scripting since they can be executed from a management station command line.
Configuration Tasks This section is an overview of the configuration tasks for the management station, the iDRAC, and the managed server. The tasks to be performed include configuring the iDRAC so that it can be used remotely, configuring the iDRAC features you want to use, installing the operating system on the managed server, and installing management software on your management station and the managed server. The configuration tasks that can be used to perform each task are listed beneath the task.
• Chassis LCD Panel — see the Dell Chassis Management Controller Firmware User Guide. • iDRAC configuration utility — see "LAN" on page 241 • CMC Web interface — see "Configuring Networking Using the CMC Web Interface" on page 39 • RACADM — see "cfgLanNetworking" on page 307 Configure iDRAC Users Set up the local iDRAC users and permissions. The iDRAC holds a table of sixteen local users in firmware. You can set usernames, passwords, and roles for these users.
Configure Platform Events Platform events occur when the iDRAC detects a warning or critical condition from one of the managed server’s sensors. Configure Platform Event Filters (PEFs) to choose the events you want to detect, such as rebooting the managed server, when an event is detected.
• iDRAC Web interface — see "Secure Sockets Layer (SSL)" on page 84 • RACADM — see "cfgRacSecurity" on page 328, "sslcsrgen" on page 295, "sslcertupload" on page 297, "sslcertdownload" on page 298, "sslcertview" on page 299 Configure Virtual Media Configure the virtual media feature so that you can install the operating system on the PowerEdge server.
NOTE: The default CMC user is root and the default password is calvin. NOTE: The CMC IP address can be found in the iDRAC Web interface by clicking System→ Remote Access→ CMC. You can also launch the CMC Web interface from this page. 1 Use your web browser to log in to the CMC web user interface using a URL of the form https:// or https://. 2 Enter the CMC username and password and click OK. 3 Click the plus (+) symbol next to Chassis in the left column, then click Servers.
Once the FlexAddress feature has been enabled and configured for the cabinet, click System→ Properties→ WWN/MAC to view a list of installed mezzanine cards, the fabrics and ports to which they are connected, the fabric port location, type of fabric, and server-configured or chassis-assigned MAC addresses for each installed embedded Ethernet and optional mezzanine card port.
To update the iDRAC firmware using the DOS iDRAC Firmware update utility, download both the update utility and the binary image, which are packaged in self-extracting archive files. Execute the Firmware Update NOTE: When the iDRAC firmware update begins, all existing iDRAC sessions are disconnected and new sessions are not permitted until the update process is completed. NOTE: The chassis fans run at 100% during the iDRAC firmware update. When the update is complete, normal fan speed regulation resumes.
NOTE: If you are backdating your iDRAC firmware from version 1.20 to an earlier version, you must delete the existing Internet Explorer ActiveX browser plugin on any Windows-based Management Station to allow the firmware to install a compatible version of the ActiveX plugin. To delete the ActiveX plugin, navigate to c:\WINNT\Downloaded Program Files and delete the file DELL IMC KVM Viewer.
Verifying the Digital Signature A digital signature is used to authenticate the identity of the signer of a file and to certify that the original content of the file has not been modified since it was signed. If you do not already have it installed on your system, you must install the Gnu Privacy Guard (GPG) to verify a digital signature. To use the standard verification procedure, perform the following steps: 1 Download the Dell Linux public GnuPG key, if you do not already have it, by navigating to lists.
at passports, checking fingerprints from different sources, etc.) 1 2 3 4 5 m = = = = = = I don't know or won't say I do NOT trust I trust marginally I trust fully I trust ultimately back to the main menu Your decision? d Type 5 . The following prompt appears: Do you really want to set this key to ultimate trust? (y/N) e Type y to confirm your choice. f Type quit to exit the GPG key editor. You must import and validate the public key only once.
The following example illustrates the steps that you follow to verify a PowerEdge M600 BIOS Update Package: 1 Download the following two files from support.dell.com: • PEM600_BIOS_LX_2.1.2.BIN.sign • PEM600_BIOS_LX_2.1.2.BIN 2 Import the public key by running the following command line: gpg --import The following output message appears: gpg: key 23B66A9D: "Dell Computer Corporation (Linux Systems Group)
gpg: Good signature from "Dell, Inc. (Product Group) " NOTE: If you have not validated the key as shown in step 3, you will receive additional messages: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
Firefox 1 Start Firefox. 2 Click Edit→ Preferences. 3 Click the Privacy tab. 4 Click the Clear Cache Now. 5 Click Close. Configuring iDRAC for Use with IT Assistant Dell™ OpenManage™ IT Assistant comes preconfigured to discover managed devices that comply with Simple Network Management Protocol (SNMP) version 1 and version 2c and Intelligent Platform Management Interface (IPMI) version 2.0. The iDRAC complies with IPMI version 2.0.
4 Toggle LAN Alert Enabled to On using the spacebar. 5 Enter the IP address of your Management Station into Alert Destination 1. 6 Enter a name string into iDRAC Name with a consistent naming convention across your data center. The default is iDRAC-{Service Tag}. Exit the iDRAC Configuration Utility by pressing , , and then to save your changes. Your server will now boot into normal operation, and IT Assistant will discover it during the next scheduled Discovery pass.
1 Navigate to iDRAC→Network/Security→Users. 2 Click on the number of an undefined User. 3 In the sub-screen, enable the User and enter a Name and Password. 4 Make sure Maximum LAN User Privilege Granted is set to Administrator. 5 Click Apply to save your changes. Using the Dell IT Assistant to View iDRAC Status and Events After Discovery is complete, the iDRACs will show up in the Servers category of the ITA Devices detail screen, and iDRAC information can be seen by clicking on the iDRAC name.
Configuring the Management Station 3 A management station is a computer used to monitor and manage the PowerEdge servers and other modules in the chassis. This section describes software installation and configuration tasks that set up a management station to work with the iDRAC. Before you begin configuring the iDRAC, follow the procedures in this section to ensure that you have installed and configured the tools you will need.
perform several management functions on the managed server, such as rebooting the computer, using iDRAC facilities. To access network and application services hosted on the managed server, however, you may need an additional NIC in the management computer. Configuring a Supported Web Browser The following sections provide instructions for configuring the supported Web browsers for use with the iDRAC Web interface. For a list of supported Web browsers, see "Supported Web Browsers" on page 27.
5 Select Medium-Low from the drop-down menu, and click Reset. Click OK to confirm. You will need to re-enter the Custom Level dialog by clicking its button.
• Allow paste operations via script: Enable • Scripting of Java applets: Enable 7 Select Tools→Internet Options→Advanced.
• Use TLS 1.0: checked • Warn about invalid site certificates: checked • Warn if changing between secure and not secure mode: checked • Warn if forms submittal is being redirected: checked NOTE: If you choose to alter any of the above settings, first understand the consequences of doing so. For example, if you choose to block pop-ups, portions of the iDRAC Web User Interface will not function properly. 9 Click Apply. 10 Click OK. 11 Select the Connections tab.
The ISO identifiers in parentheses denote the specific language variants which are supported. Use of the interface with other dialects or languages is not supported and may not function as intended. For some supported languages, resizing the browser window to 1024 pixels wide may be necessary in order to view all features. The iDRAC Web Interface is designed to work with localized keyboards for the specific language variants listed above.
5 Select your preferred language and click Move Up to move it to the top of the list. 6 In the Languages menu, click OK. 7 Click OK. Firefox 2.0 (Linux or Windows) To view a localized version of the iDRAC Web interface in Firefox 2.0, perform the following steps: 1 Click Tools→ Options, and then click the Advanced tab. 2 Under Language, click Choose. The Languages window appears. 3 In the Select a language to add... drop down menu, click to highlight a supported language, and then click Add.
LC_MESSAGES="zh_CN.UTF-8" LC_PAPER="zh_CN.UTF-8" LC_NAME="zh_CN.UTF-8" LC_ADDRESS="zh_CN.UTF-8" LC_TELEPHONE="zh_CN.UTF-8" LC_MEASUREMENT="zh_CN.UTF-8" LC_IDENTIFICATION="zh_CN.UTF-8" LC_ALL= 3 If the values include "zh_CN.UTF-8", no changes are required. If the values do not include "zh_CN.UTF-8", go to step 4. 4 Edit the /etc/sysconfig/i18n file with a text editor. 5 In the file, apply the following changes: Current entry: LANG="zh_CN.GB18030" SUPPORTED="zh_CN.GB18030:zh_CH.
3 In the Preference Name column, locate and double-click xpinstall.whitelist.required. The values for Preference Name, Status, Type, and Value change to bold text. The Status value changes to user set and the Value value changes to false. 4 In the Preferences Name column, locate xpinstall.enabled. Ensure that Value is true. If not, double-click xpinstall.enabled to set Value to true.
For Linux, once you have installed either JRE or JDK, add a path to the Java bin directory to the front of your system PATH. For example, if Java is installed in /usr/java, add the following line to your local .bashrc or /etc/profile: PATH=/usr/java/bin:$PATH; export PATH NOTE: There may already be PATH-modification lines in the files. Ensure that the path information you enter does not create conflicts.
1 Open a command prompt window (if required). 2 If you are not running a telnet session, type: telnet If you are running a telnet session, press <]>. 3 At the prompt, type: set bsasdel The following message appears: Backspace will be sent as delete.
The iDRAC SSH implementation supports multiple cryptography schemes, as shown in Table 3-1. NOTE: SSHv1 is not supported. Table 3-1.
The only times when you need to copy files to or from the iDRAC are when you update the iDRAC firmware or install certificates on the iDRAC. If you choose to use SM-CLP or RACADM when you perform these tasks, a TFTP server must be running on a computer the iDRAC can access by IP number or DNS name. You can use the netstat -a command on Windows or Linux operating systems to see if a TFTP server is already listening. Port 69 is the TFTP default port.
Configuring the Management Station
Configuring the Managed Server 4 This section describes tasks to set up the managed server to enhance your remote management capabilities. These tasks include installing the Dell Open Manage Server Administrator software and configuring the managed server to capture the last crash screen. Installing the Software on the Managed Server The Dell management software includes the following features: • Local RACADM CLI — allows you to configure and administer the iDRAC from the managed system.
Configuring the Managed Server to Capture the Last Crash Screen The iDRAC can capture the last crash screen so that you can view it in the Web interface to help troubleshoot the cause of the managed system crash. Follow these steps to enable the last crash screen feature. 1 Install the managed server software. Dell OpenManage Server Administrator (OMSA) must be installed. For more information about installing the managed server software, see the Server Administrator User’s Guide.
Disabling the Windows Automatic Reboot Option To ensure that the iDRAC can capture the last crash screen, disable the Automatic Reboot option on managed servers running Microsoft Windows Server® or Windows Vista®. 1 Open the Windows Control Panel and double-click the System icon. 2 Click the Advanced tab. 3 Under Startup and Recovery, click Settings. 4 Deselect the Automatically Reboot check box. 5 Click OK twice.
Configuring the Managed Server
Configuring the iDRAC Using the Web Interface 5 The iDRAC provides a Web interface that enables you to configure the iDRAC properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the iDRAC Web interface. This chapter provides information about how to perform common systems management tasks with the iDRAC Web interface and provides links to related information.
where iDRAC-IP-address is the IP address for the iDRAC and port-number is the HTTPS port number. The iDRAC Login window appears. Logging In You can log in as either an iDRAC user or as a Microsoft® Active Directory® user. The default user name and password are root and calvin, respectively. You must have been granted Login to iDRAC privilege by the administrator to log in to the iDRAC. To log in, perform the following steps: 1 In the Username field, type one of the following: • Your iDRAC user name.
NOTE: Closing the iDRAC Web interface within Microsoft Internet Explorer using the close button ("x") at the top right corner of the window may generate an application error. To fix this issue, download the latest Cumulative Security Update for Internet Explorer from the Microsoft Support website, located at support.microsoft.com. Using Multiple Browser Tabs and Windows Different versions of web browsers exhibit different behaviors when opening new tabs and windows.
Configuring the Network and IPMI LAN Settings NOTE: You must have Configure iDRAC privilege to perform the following steps. NOTE: Most DHCP servers require a server to store a client identifier token in its reservations table. The client (iDRAC, for example) must provide this token during DHCP negotiation. The iDRAC supplies the client identifier option using a one-byte interface number (0) followed by a six-byte MAC address. 1 Click System→ Remote Access→ iDRAC.
Table 5-2. Network Settings (continued) Setting Description Static Gateway Allows you to enter or edit a static gateway for the iDRAC NIC. To change this setting, first deselect the Use DHCP (For NIC IP Address) checkbox. Use DHCP to Enable DHCP to obtain DNS server addresses by selecting the obtain DNS server Use DHCP to obtain DNS server addresses checkbox.
Table 5-2. Network Settings (continued) Setting Description Community String Contains the community string to use in Simple Network Management Protocol (SNMP) alert traps sent from the iDRAC. SNMP alert traps are transmitted by the iDRAC when a platform event occurs. The default is public. SMTP Server Address The IP address of the Simple Mail Transfer Protocol (SMTP) server that the iDRAC communicates with to send e-mail alerts when a platform event occurs. The default is 127.0.0.1. Table 5-3.
Table 5-4. Network Configuration Page Buttons (continued) Button Description Apply Saves any new settings made to the network configuration page. NOTE: Changes to the NIC IP address settings will close all user sessions and require users to reconnect to the iDRAC Web interface using the updated IP address settings. All other changes will require the NIC to be reset, which may cause a brief loss in connectivity.
Table 5-5. Network Security Page Settings (continued) Settings Description IP Blocking Fail Window Determines the time span in seconds within which IP Block Fail Count failures must occur to trigger the IP Block Penalty Time. The default is 3600. IP Blocking Penalty The time span in seconds that login attempts from an IP address Time with excessive failures are rejected. The default is 3600. Table 5-6.
Table 5-7. Filterable Platform Events Index Platform Event 6 Redundancy Degraded 7 Redundancy Lost 8 Processor Warning Assert 9 Processor Critical Assert 10 Processor Absent Assert 11 Event Log Critical Assert 12 Watchdog Critical Assert When a platform event occurs (for example, a battery warning assert), a system event is generated and recorded in the System Event Log (SEL).
Configuring Platform Event Traps (PET) NOTE: You must have Configure iDRAC permission to add or enable/disable an SNMP alert. The following options will not be available if you do not have Configure iDRAC permission. 1 Log in to the remote system using a supported Web browser. See "Accessing the Web Interface" on page 69. 2 Ensure that you followed the procedures in "Configuring Platform Event Filters (PEF)" on page 77.
b Ensure that the Enabled checkbox is selected. c In the Destination Email Address field, type a valid e-mail address. d Click Apply. NOTE: To successfully send a test e-mail, the SMTP Server Address must be configured on the Network Configuration page. The IP address of the SMTP Server communicates with the iDRAC to send e-mail alerts when a platform event occurs. e Click Send to test the configured e-mail alert (if desired). f Repeat step a through step e for any remaining e-mail alert settings.
a Click System→ Remote Access→ iDRAC. b Click the Network Security tab, then click Serial Over LAN. c On the Serial Over LAN Configuration page, click the Enable Serial Over LAN checkbox to enable Serial over LAN. d Update the IPMI SOL baud rate. NOTE: To redirect the serial console over the LAN, ensure that the SOL baud rate is identical to your managed server’s baud rate. Click the Baud Rate drop-down menu to select a data speed of 19.2 kbps, 57.6 kbps or 115.2 kbps. e Click Apply.
Table 5-11 describes the iDRAC Group permissions. If you add an iDRAC User Privilege to the Administrator, Power User, or Guest User, the iDRAC Group will change to the Custom group. 5 When completed, click Apply. 6 Click the appropriate button to continue. See Table 5-12. Table 5-8. General Properties Property Description User ID Contains one of 16 preset User ID numbers. This field cannot be edited. Enable User When checked, indicates that the user’s access to the iDRAC is enabled.
Table 5-10. iDRAC User Privileges Property Description iDRAC Group Specifies the user’s maximum iDRAC user privilege as one of the following: Administrator, Power User, Guest User, Custom, or None. See Table 5-11 for iDRAC Group permissions. Login to iDRAC Enables the user to log in to the iDRAC. Configure iDRAC Enables the user to configure the iDRAC. Configure Users Enables the user to allow specific users to access the system. Clear Logs Enables the user to clear the iDRAC logs.
Table 5-11. iDRAC Group Permissions User Group Permissions Granted Custom Selects any combination of the following permissions: Login to iDRAC, Configure iDRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands None No assigned permissions Table 5-12. User Configuration Page Buttons Button Action Print Prints the User Configuration values that appear on the screen.
Secure Sockets Layer (SSL) The iDRAC includes a Web server that is configured to use the industrystandard SSL security protocol to transfer encrypted data over a network. Built upon public-key and private-key encryption technology, SSL is a widely accepted technology for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.
After the CA approves the CSR and sends the certificate, upload the certificate to the iDRAC firmware. The CSR information stored on the iDRAC firmware must match the information contained in the certificate. Accessing the SSL Main Menu 1 Click System→Remote Access→iDRAC, then click the Network/Security tab. 2 Click SSL to open the SSL Main Menu page. Use the SSL Main Menu page to generate a CSR to send to a CA. The CSR information is stored on the iDRAC firmware.
Generating a New Certificate Signing Request NOTE: Each new CSR overwrites any previous CSR data stored in the firmware. The CSR in the firmware must match the certificate returned from the CA. Otherwise, the iDRAC will not accept the certificate. 1 On the SSL Main Menu page, select Generate a New Certificate Signing Request (CSR) and click Next. 2 On the Generate Certificate Signing Request (CSR) page, enter a value for each CSR attribute.
Table 5-15. Generate Certificate Signing Request (CSR) Page Options (continued) Field Description Country Code The name of the country where the entity applying for certification is located. Email The e-mail address associated with the CSR. Type the company’s e-mail address, or any e-mail address associated with the CSR. This field is optional. Table 5-16.
Table 5-17. Certificate Upload Page Buttons Button Description Print Prints the values that appear on the Certificate Upload page. Refresh Reloads the Certificate Upload page. Apply Applies the certificate to the iDRAC firmware. Go Back to SSL Main Returns the user to the SSL Main Menu page. Menu Viewing a Server Certificate 1 On the SSL Main Menu page, select View Server Certificate and click Next. Table 5-18 describes the fields and associated descriptions listed in the Certificate window.
Configuring and Managing Active Directory Certificates NOTE: You must have Configure iDRAC permission to configure Active Directory and upload, download, and view an Active Directory certificate. NOTE: For more information about Active Directory configuration and how to configure Active Directory with the standard schema or an extended schema, see "Using the iDRAC with Microsoft Active Directory" on page 103.
Table 5-21. Active Directory Main Menu Page Buttons Button Definition Print Prints the Active Directory Main Menu values that appear on the screen. Refresh Reloads the Active Directory Main Menu page. Next Processes the information on the Active Directory Main Menu page and continues to the next step. Configuring Active Directory (Standard Schema and Extended Schema) 1 On the Active Directory Main Menu page, select Configure Active Directory and click Next.
Table 5-22. Active Directory Configuration Page Settings (continued) Setting Description Timeout The time, in seconds, to wait for Active Directory queries to complete. Minimum value is equal to or greater than 15 seconds. The default value is 120. Use Standard Schema Uses standard schema with Active Directory. Use Extended Schema Uses the extended schema with Active Directory. iDRAC Name The name that uniquely identifies the iDRAC in Active Directory. This default is blank.
Table 5-24. Role Group Privileges Setting Description Role Group Privilege Level Specifies the user’s maximum iDRAC user privilege as one of the following: Administrator, Power User, Guest User, None, or Custom. See Table 5-25 for Role Group permissions. Login to iDRAC Allows the group log in access to the iDRAC. Configure iDRAC Allows the group permission to configure the iDRAC. Configure Users Allows the group permission to configure users. Clear Logs Allows the group permission to clear logs.
Table 5-25. Role Group Permissions (continued) Property Description Custom Selects any combination of the following permissions: Login to iDRAC, Configure iDRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands None No assigned permissions Uploading an Active Directory CA Certificate 1 On the Active Directory Main Menu page, select Upload Active Directory CA Certificate and click Next.
Downloading an iDRAC Server Certificate 1 On the Active Directory Main Menu page, select Download iDRAC Server Certificate and click Next. 2 Save the file to a directory on your system. 3 In the Download Complete window, click Close. Viewing an Active Directory CA Certificate Use the Active Directory Main Menu page to view a CA server certificate for your iDRAC. 1 On the Active Directory Main Menu page, select View Active Directory CA Certificate and click Next.
Enabling or Disabling Local Configuration Access NOTE: The default setting for local configuration access is Enabled. Enabling Local Configuration Access 1 Click System→ Remote Access→ iDRAC→ Network/Security. 2 Under Local Configuration, click to uncheck Disable iDRAC local USER Configuration Updates to enable access. 3 Click Apply. 4 Click the appropriate button to continue. Disabling Local Configuration Access 1 Click System→ Remote Access→ iDRAC→ Network/Security.
• Automated System Recovery Agent — see Table 5-32 for Automated System Recovery Agent settings 4 Click Apply. 5 Click the appropriate button to continue. See Table 5-33. Table 5-29. Web Server Settings Setting Description Enabled Enables or disables the iDRAC web server. When checked, the checkbox indicates that the web server is enabled. The default is enabled. Max Sessions The maximum number of simultaneous sessions allowed for this system. This field is not editable.
Table 5-30. SSH Settings (continued) Setting Description Timeout The secure shell idle timeout, in seconds. Timeout range is 60 to 10,800 seconds. Enter 0 seconds to disable the Timeout feature. The default is 1,800. Port Number The port on which the iDRAC listens for an SSH connection. The default is 22. Table 5-31. Telnet Settings Setting Description Enabled Enables or disables telnet. When checked, telnet is enabled.
Updating the iDRAC Firmware NOTE: If the iDRAC firmware becomes corrupted, as could occur if the iDRAC firmware update progress is interrupted before it completes, you can recover the iDRAC using the CMC. See your CMC Firmware User Guide for instructions. The CMC Web interface (CMC 2.0 or later) also provides a One-to-Many Out-of-Band iDRAC firmware update capacity that can be used at any time. NOTE: The firmware update, by default, retains the current iDRAC settings.
6 In the Firmware Update - Validation (page 2 of 4) window, you will see the results of the validation performed on the image file you uploaded. • If the image file uploaded successfully and passed all verification checks, a message will appear indicating that the firmware image has been verified. OR • If the image did not upload successfully, or it did not pass the verification checks, the firmware update will return to the Firmware Update - Upload (page 1 of 4) window.
If the iDRAC firmware becomes corrupted, as could occur if the iDRAC firmware update progress is interrupted before it completes, you can use the CMC Web interface to update its firmware. If the CMC detects the corrupted iDRAC firmware, the iDRAC is listed on the Updatable Components page in the CMC Web interface. NOTE: See the CMC Firmware User Guide for instructions for using the CMC Web interface.
Configuring the iDRAC Using the Web Interface 101
Configuring the iDRAC Using the Web Interface
Using the iDRAC with Microsoft Active Directory 6 A directory service maintains a common database of all information needed for controlling users, computers, printers, and other devices on a network. If your company uses the Microsoft® Active Directory® service software, you can configure the software to provide access to the iDRAC, allowing you to add and control iDRAC user privileges to your existing users in your Active Directory software.
Extended Schema Active Directory Overview There are three ways to enable Active Directory with the extended schema: • With the iDRAC Web interface (see "Configuring the iDRAC With Extended Schema Active Directory Using the Web Interface" on page 119). • With the RACADM CLI tool (see "Configuring the iDRAC With Extended Schema Active Directory Using RACADM" on page 120). • With the SM-CLP command line (see "Configuring the iDRAC With Extended Schema Active Directory and SM-CLP" on page 121).
Overview of the RAC Schema Extensions To provide the greatest flexibility in the multitude of customer environments, Dell provides a group of properties that can be configured by the user depending on the desired results. Dell has extended the schema to include an Association, Device, and Privilege property. The Association property is used to link together the users or groups with a specific set of privileges to one or more RAC devices.
Figure 6-1. Typical Setup for Active Directory Objects Association Object User(s) Group(s) Privilege Object RAC Device Object(s) RAC Privilege Object NOTE: The RAC privilege object applies to both DRAC 4 and iDRAC. You can create as many or as few association objects as required.
When adding Universal Groups from separate domains, create an Association Object with Universal Scope. The Default Association objects created by the Dell Schema Extender Utility are Domain Local Groups and will not work with Universal Groups from other domains. Figure 6-2.
See "Adding iDRAC Users and Privileges to Active Directory" on page 116 for detailed instructions. Figure 6-3 provides an example of Active Directory objects in multiple domains. In this scenario, you have two iDRACs (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). User1 is in Domain1, and user2 and user 3 are in Domain2. In this scenario, configure user1 and user2 with Administrator privileges to both iDRACs and configure user3 with login privileges to the RAC2.
4 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator) and Priv2 has login privileges. 5 Group user1 and user2 into Group1. The group scope of Group1 must be Universal. 6 Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RAC1, RAC2 as RAC Devices in AO1. 7 Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and RAC2 as RAC Devices in AO2.
• Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema.
Table 6-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) dellRacDevice 1.2.840.113556.1.8000.1280.1.1.1.1 dellAssociationObject 1.2.840.113556.1.8000.1280.1.1.1.2 dellRACPrivileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 6-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Used to define the privileges (Authorization Rights) for the iDRAC device. Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-7. dellProduct Class (continued) OID 1.2.840.113556.1.8000.1280.1.1.1.5 SuperClasses Computer Attributes dellAssociationMembers Table 6-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that Distinguished Name belong to this Attribute. (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsServerResetUser 1.2.840.113556.1.8000.1280.1.1.2.7 TRUE TRUE if the user has Server Reset rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsConsoleRedirectUser 1.2.840.113556.1.8000.1280.1.1.2.8 TRUE TRUE if the user has Console Boolean (LDAPTYPE_BOOLEAN Redirection rights on the device. 1.3.6.1.4.1.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellAssociationMembers 1.2.840.113556.1.8000.1280.1.1.2.14 FALSE List of Distinguished Name dellAssociationObjectMembers (LDAPTYPE_DN that belong to this Product. This 1.3.6.1.4.1.1466.115.121.1.12) attribute is the backward link to the dellProductMembers Linked attribute.
Opening the Active Directory Users and Computers Snap-In To open the Active Directory Users and Computers snap-in, perform the following steps: 1 If you are logged into the domain controller, click Start→ Admin Tools→ Active Directory Users and Computers. If you are not logged into the domain controller, you must have the appropriate Microsoft Administrator Pack installed on your local system. To install this Administrator Pack, click Start→ Run, type MMC, and press Enter.
4 Select RAC Device Object. 5 Click OK. Creating a Privilege Object NOTE: A Privilege Object must be created in the same domain as the related Association Object. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→ Dell RAC Object. The New Object window appears. 3 Type a name for the new object. 4 Select Privilege Object. 5 Click OK. 6 Right-click the privilege object that you created, and select Properties.
Adding Objects to an Association Object Using the Association Object Properties window, you can associate users or user groups, privilege objects, and RAC devices or RAC device groups. If your system is running Windows 2000 mode or higher, use Universal Groups to span domains with your user or RAC objects. You can add groups of Users and RAC devices. The procedure for creating Dellrelated groups and non-Dell-related groups is identical.
Configuring the iDRAC With Extended Schema Active Directory Using the Web Interface 1 Open a supported Web browser window. 2 Log in to the iDRAC Web interface. 3 Click System→ Remote Access. 4 Click the Configuration tab and select Active Directory. 5 On the Active Directory Main Menu page, select Configure Active Directory and click Next. 6 In the Common Settings section: a Select the Enable Active Directory check box. b Type the Root Domain Name.
NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The domain controllers’ SSL certificates should have been signed by the root CA. Have the root CA certificate available on your management station accessing the iDRAC (see "Exporting the Domain Controller Root CA Certificate" on page 130). c Click Apply.
racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgActiveDirectory -o cfgADRacName racadm sslcertupload -t 0x2 -f racadm sslcertdownload -t 0x1 -f 2 If DHCP is enabled on the iDRAC and you want to use the DNS provided by the DHCP server, type the following RACADM command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 3 If DHCP is disabled on the iDRAC or you want to manually input your DNS
set oemdell_schematype=1 set oemdell_adracdomain= set oemdell_adrootdomain= set oemdell_adracname= set /system1/sp1/oemdell_ssl1 oemdell_certtype=AD load -source /system1/sp1/oemdell_ssl1 set /system1/sp1/oemdell_ssl1 oemdell_certtype=SSL dump -destination /system1/sp1/oemdell_ssl1 2 If DHCP is enabled on the iDRAC and you want to use the DNS provided by the DHCP server, type the following SM-CLP co
role and the privilege level is defined on each iDRAC, not in the Active Directory. Up to five role groups can be configured and defined in each iDRAC. Table 5-11 on page 82 shows the privileges level of the role groups and Table 6-9 shows the default role group settings. Figure 6-4. Configuration of iDRAC with Microsoft Active Directory and the Standard Schema Configuration on Active Directory Side Configuration on iDRAC Side Role Group Name and Domain Name Role Group Role Definition User Table 6-9.
Table 6-9. Default Role Group Privileges (continued) Default Privilege Level Permissions Granted Bit Mask None No assigned permissions 0x00000000 None No assigned permissions 0x00000000 NOTE: The Bit Mask values are used only when setting up the standard schema with the RACADM. There are two ways to enable the standard schema in Active Directory: • With the iDRAC Web user interface. See "Configuring the iDRAC With Standard Schema Active Directory and the Web Interface" on page 124.
4 Select Active Directory to open the Active Directory Main Menu page. 5 On the Active Directory Main Menu page, select Configure Active Directory and click Next. 6 In the Common Settings section: a Select the Enable Active Directory check box. b Type the Root Domain Name. The Root Domain Name is the fully qualified root domain name for the forest. c Type the Timeout time in seconds. 7 Click Use Standard Schema in the Active Directory Schema Selection section.
b In the Certificate Upload page, type the file path of the certificate or browse to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The domain controllers’ SSL certificates should have been signed by the root CA.
racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupName racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupPrivilege racadm sslcertupload -t 0x2 -f racadm sslcertdownload -t 0x1 -f NOTE: For bit mask values, see Table B-1.
Use the following commands to configure the iDRAC Active Directory Feature with the standard schema using SM-CLP.
5 If DHCP is disabled on the iDRAC or you want to manually enter your DNS IP addresses, type the following SM-CLP commands: set /system1/sp1/enetport1/lanendpt1/\ ipendpt1/dnsendpt1 oemdell_serversfromdhcp=0 set /system1/sp1/enetport1/lanendpt1/ipendpt1/\ dnsendpt1/remotesap1 dnsserveraddress= set /system1/sp1/enetport1/lanendpt1/ipendpt1/\ dnsendpt1/remotesap1 dnsserveraddress= Enabling SSL on a Domain Controller If you are using Microsoft Enterprise Root CA
Exporting the Domain Controller Root CA Certificate NOTE: If your system is running Windows 2000, the following steps may vary. 1 Locate the domain controller that is running the Microsoft Enterprise CA service. 2 Click Start→ Run. 3 In the Run field, type mmc and click OK. 4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 machines) and select Add/Remove Snap-in. 5 In the Add/Remove Snap-In window, click Add. 6 In the Standalone Snap-In window, select Certificates and click Add.
e In the Security Certificate Main Menu page, select Upload Server Certificate and click Apply. f In the Certificate Upload screen, perform one of the following procedures: g • Click Browse and select the certificate. • In the Value field, type the path to the certificate. Click Apply. Importing the iDRAC Firmware SSL Certificate Use the following procedure to import the iDRAC firmware SSL certificate to all domain controller trusted certificate lists.
Using Active Directory to Log In To the iDRAC You can use Active Directory to log in to the iDRAC using the Web interface. Use one of the following formats to enter your username: or \ or / where username is an ASCII string of 1–256 bytes. White space and special characters (such as \, /, or @) cannot be used in the user name or the domain name. NOTE: You cannot specify NetBIOS domain names, such as Americas, as these names cannot be resolved.
Table 6-10. Using iDRAC With Active Directory: Frequently Asked Questions (continued) Question Answer Does using the iDRAC with Active Directory support multiple domain environments? Yes. The domain forest function level must be in Native mode or Windows 2003 mode. In addition, the groups among Association Object, RAC user objects, and RAC Device Objects (including Association Object) must be universal groups.
Table 6-10. Using iDRAC With Active Directory: Frequently Asked Questions (continued) Question Answer What can I do if I cannot log into the iDRAC using Active Directory authentication? How do I troubleshoot the issue? 1 Ensure that you use the correct user domain name during a login and not the NetBIOS name. 2 If you have a local iDRAC user account, log into the iDRAC using your local credentials.
Viewing the Configuration and Health of the Managed Server 7 System Summary Click System→ Properties→ Summary to obtain information about the Main System Enclosure and the Integrated Dell Remote Access Controller. Main System Enclosure System Information This section of the iDRAC Web interface provides the following basic information about the managed server: • Description — The model number or name of the managed server. • BIOS Version — The version number of the managed server's BIOS.
• Model Name — The model number, type, or description of the installed Mezzanine card(s). Integrated Storage Card This section of the iDRAC Web Interface provides information about the integrated Storage Controller Card installed on the Managed Server: • Card Type — shows the model name of the installed storage card.
• Gateway — The IP address of the network gateway configured for the iDRAC. • Subnet Mask — The TCP/IP Subnet Mask configured for iDRAC. • MAC Address — The MAC address associated with the LOM (LAN on Motherboard) Network Interface Controller of the iDRAC. • DHCP Enabled — Enabled if the iDRAC is set to fetch its IP address and associated info from a DHCP server. • Preferred DNS Address 1 — Set to the currently active primary DNS server.
CMC The CMC page displays the health status, firmware revision, and IP address of the Chassis Management Controller. You can also launch the CMC Web Interface by clicking the Launch the CMC Web Interface button. Batteries The Batteries page displays the status and values of the system board coin-cell battery that maintains the Real-Time Clock (RTC) and CMOS configuration data storage of the managed system.
CPU The CPU Information page reports the health of each CPU on the managed server. This health status is a roll-up of a number of individual thermal, power, and functional tests. POST The Post Code page displays the last system post code (in hexadecimal) prior to booting the operating system of the managed server. Misc Health The Misc Health page provides access to the following system logs: System Event Log — Displays system-critical events that occur on the managed system.
Viewing the Configuration and Health of the Managed Server
8 Configuring and Using Serial Over LAN Serial Over LAN (SOL) is an IPMI feature that allows a managed server’s textbased console data that would traditionally be sent to the serial I/O port to be redirected over the iDRAC’s dedicated Out-of-Band Ethernet management network. The SOL out-of-band console enables system administrators to remotely manage the blade server’s text-based console from any location with network access. With SOL, you can: • Remotely access operating systems with no timeout.
2 Press to enter the BIOS setup utility during POST. 3 Scroll down to Serial Communication and press . In the pop-up window, the serial communication list is presented with the following options: • Off • On without console redirection • On with console redirection via COM1 Use the arrow keys to navigate between options. 4 Ensure that On with console redirection via COM1 is enabled. 5 Ensure that the Failsafe Baud Rate is identical to SOL baud rate that is configured on iDRAC.
Table 8-1. Serial Over LAN Configuration Page Settings Setting Description Enable Serial Over LAN When selected, the checkbox indicates that Serial Over LAN is enabled. Baud Rate Indicates the data speed. Select a data speed of 19.2 kbps, 57.6 kbps, or 115.2 kbps. Table 8-2. Serial Over LAN Configuration Page Buttons Button Description Print Prints the Serial Over LAN Configuration values that appear on the screen. Refresh Reloads the Serial Over LAN Configuration page.
Table 8-3. Serial Over LAN Configuration Advanced Settings Page Settings Setting Description Character Send Threshold Specifies the number of characters per SOL data packet. As soon as the number of characters accepted by the iDRAC is equal to or greater than the Character Send Threshold value, the iDRAC starts transmitting SOL data packets that contain numbers of characters equal to or less than the Character Send Threshold value.
8 Click Enable on either SSH or Telnet as required. SSH is on by default. 9 Click Apply. NOTE: SSH is recommended due to better security and encryption mechanisms. NOTE: SSH/Telnet session duration can be infinite as long as the timeout value is set to 0. The default timeout value is 1800 seconds. 10 Enable iDRAC Out-of-Band interface (IPMI over LAN) by selecting System→Remote Access→iDRAC→Network/Security→Network. 11 Enable the IPMI Over LAN option under IPMI LAN Settings.
When the SOL Proxy communicates with the Telnet client on a management station, it uses the TCP/IP protocol. However, SOL proxy communicates with the managed system's iDRAC over the RMCP/IPMI/SOL protocol, which is a UDP-based protocol. Therefore, if you communicate with your managed system's iDRAC from SOL Proxy over a WAN connection, you may experience network performance issues. The recommended usage model is to have the SOL Proxy and the iDRAC server on the same LAN.
NOTE: If a SOL session is not closed successfully in the utility, more SOL sessions may not be available. The way to resolve this situation is to delete the SMASH console in the web GUI under System→Remote Access→iDRAC→ Network/Security→Sessions. Using SOL Over PuTTY To start SOL from PuTTY on a Windows management station, follow these steps: NOTE: If required, you can change the default SSH/telnet timeout at System → Remote Access→ iDRAC → Network/Security → Services.
start /system1/sol1 5 To quit a SOL session from Telnet on Linux, type <]> (press and hold the control key and enter a right square bracket). A Telnet prompt displays. Type quit to exit telnet. Using SOL Over OpenSSH with Linux OpenSSH is an open source utility for using the SSH protocol. To start SOL from OpenSSH on a Linux management station, follow these steps: NOTE: If required, you can change the default SSH session timeout at System→ Remote Access→iDRAC→ Network/Security →Services.
3 Enter the following command in the Windows command prompt or in the Linux shell prompt to start SOL via iDRAC: ipmitool -H -I lanplus -U -P sol activate This connects you to the managed server's serial port. 4 To quit a SOL session from IPMItool, press <~> and <.> (press the tilde and period keys in sequence, one after the other). The SOL session will close.
NOTE: The Windows telnet command that is run from an MS-DOS prompt supports ANSI terminal emulation. The BIOS must be set for ANSI emulation to display all the screens correctly. Before Using SOL Proxy Before using SOL proxy, refer to the Baseboard Management Controller Utilities User's Guide to learn how to configure your management stations.
Depending on the console you use, there are different steps for accessing SOL Proxy. Throughout this section, the management station where the SOL Proxy is running is referred as the SOL Proxy Server. • For Linux Enterprise Operating Systems: The SOL Proxy will start automatically during system startup. Alternatively, you can go to directory /etc/init.
Using HyperTerminal With SOL Proxy 1 From the remote station, open HyperTerminal.exe. 2 Choose TCPIP(Winsock). 3 Enter host address localhost and port number 623. Connecting to the Remote Managed System's BMC After a SOL Proxy session is successfully established, you are presented with the following choices: 1. Connect to the Remote Server's BMC 2. Configure the Serial-Over-LAN for the Remote Server 3. Activate Console Redirection 4. Reboot and Activate Console Redirection 5. Help 6.
NOTE: You can locate the IPMI encryption key in the iDRAC GUI at System→ Remote Access→iDRAC→Network/Security→Network→IPMI LAN Settings→ Encryption Key. NOTE: The default IPMI encryption key is all zeros. If you press for the encryption option, iDRAC will use this default encryption key. 5 Select option 2 in the main menu. The SOL configuration menu appears.
9 Select option 6 in the main menu to end your telnet session and disconnect from SOL Proxy. NOTE: If a user does not terminate the SOL session correctly, issue the following command to reboot iDRAC. Please allow the iDRAC 1-2 minutes to complete booting. Refer to "RACADM Subcommands" on page 192 for more details. racadm racreset Operating System Configuration Complete the steps below to configure generic UNIX®-like operating systems.
# Run xdm in runlevel 5 x:5:respawn:/etc/X11/prefdm -nodaemon ______________________________________________________________ Example of modified /etc/inittab: ______________________________________________________________ # # inittab This file describes how the INIT process should set up # the system in a certain run-level.
vc/3 vc/4 SKIP the rest of file ______________________________________________________________ Example of modified /etc/securetty: ______________________________________________________________ Console ttyS0 vc/1 vc/2 vc/3 vc/4 SKIP the rest of file ______________________________________________________________ 3 Edit the /boot/grub/grub.conf or /boot/grub/menu.
Example of original /boot/grub/grub.conf in Red Hat Enterprise Linux 5: ______________________________________________________________ # grub.conf generated by anaconda # # Note that you do not have to return grub after making changes to this # file # NOTICE: You have a /boot partition. This means that # eg. all kernel and initrd paths are relative to /boot/, # root (hd0,0) # kernel /vmlinux-version ro root= /dev/VolGroup00/LogVol00 # initrd /initrd-version.
# eg. all kernel and initrd paths are relative to /boot/, # root (hd0,0) # kernel /vmlinux-version ro root= /dev/VolGroup00/LogVol00 # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 #splashimage=(hd0,0)/grub/splash.xpm/gz hiddenmenu # Redirect the OS boot via SOL title Red Hat Enterprise Linux 5 SOL redirection root (hd0,0) kernel /vmlinuz-2.6.18-8.el5 ro root= /dev/VolGroup00/LogVol00 rhgb quiet console=tty1 console= ttyS0,115200 initrd /initrd-2.6.18-8.el5.
______________________________________________________________ Example of modified /boot/grub/menu.list in SLES 10: ______________________________________________________________ #Modified by YaST2. Last modification on Sat Oct 11 21:52:09 UTC 2008 Default 0 Timeout 8 #gfxmenu (hd0.5)/boot/message ###Don't change this comment - YaST2 identifier: Original name: linux### title SUSE Linux Enterprise Server 10 SP1 SOL redirection root (hd0,5) kernel /boot/vmlinux-2.6.16-46-0.
default:multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Boot Entries -----------Boot entry ID: 1 OS Friendly Name: Winodws Server 2003, Enterprise Path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS OS Load Options: /redirect /nonexecute=optout /fastdetect /usepmtimer ______________________________________________________________ Example of modified bootcfg setting: ______________________________________________________________ Boot Loader Settings -------------------timeout: 30 default: multi(0)disk(0)r
Using GUI Console Redirection 9 This section provides information about using the iDRAC console redirection feature. Overview The iDRAC console redirection feature enables you to access the local console remotely in either graphic or text mode. Using console redirection, you can control one or more iDRAC-enabled systems from one location. You do not have to sit in front of each server to perform all the routine maintenance.
If a second user requests a console redirection session, the first user is notified and is given the option to refuse access, allow only video, or allow full shared access. The second user is notified that another user has control. The first user must respond within thirty seconds or full access is automatically granted to the second user.
2 If you are using Firefox or want to use the Java Viewer with Internet Explorer, install a Java Runtime Environment (JRE). See "Installing a Java Runtime Environment (JRE)" on page 59. 3 It is recommended that you configure your monitor display resolution to 1280x1024 pixels or higher. NOTE: If you have an active console redirection session and a lower resolution monitor is connected to the iKVM, the server console resolution may reset if the server is selected on the local console.
Table 9-2. Console Redirection Configuration Properties (continued) Property Description Active Sessions Displays the number of Active Console sessions. This field is read-only. Keyboard and Mouse Port The network port number used for connecting to the Number Console Redirection Keyboard/Mouse option. This traffic is always encrypted. You may need to change this number if another program is using the default port. The default is 5900.
Table 9-2. Console Redirection Configuration Properties (continued) Property Description Disable Local Console Checked indicates that output to the iKVM monitor is disabled during console redirection. This ensures that the tasks you perform using Console Redirection will not be visible on the managed server’s local monitor. NOTE: For information about using Virtual Media with Console Redirection, see "Configuring and Using Virtual Media" on page 177.
Table 9-4. Console Redirection Page Information Property Description Console Redirection Enabled Yes/No Video Encryption Enabled Yes/No Max Sessions Displays the maximum number of supported console redirection sessions Current Sessions Displays the current number of active console redirection sessions Mouse Mode Displays the mouse acceleration currently in effect. Mouse Acceleration mode should be chosen based on the type of operating system installed on the managed server.
The buttons in Table 9-5 are available on the Console Redirection page. Table 9-5. Console Redirection Page Buttons Button Definition Refresh Reloads the Console Redirection Configuration page Launch Viewer Opens a console redirection session on the targeted remote system Print Prints the Console Redirection Configuration page 3 If a console redirection session is available, click Launch Viewer. NOTE: Multiple message boxes may appear after you launch the application.
Table 9-6. Viewer Menu Bar Selections Menu Item Item Description Video Pause Temporarily pauses console redirection. Resume Resumes console redirection. Refresh Redraws the viewer screen image. Capture Current Captures the current remote system screen to a .bmp Screen file on Windows or a .png file on Linux. A dialog box is displayed that allows you to save the file to a specified location.
Table 9-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Keyboard Hold Right Alt Key Select this item before typing keys you want to combine with the right key. Hold Left Alt Key Select this item before typing keys you want to combine with the left key. Left Windows Key Select Hold Down before typing characters you want to combine with the left Windows key. Select Press and Release to send a left Windows key keystroke.
Table 9-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Mouse Synchronize Cursor The Mouse menu enables you to synchronize the cursor so that the mouse on the client is redirected to the mouse on the server. Options Color Mode Allows you to select a color depth to improve performance over the network.
The Synchronize cursor menu item is a toggle. Ensure that there is a check mark next to the item in the menu so that the mouse synchronization is active. When using Red Hat® Linux® or Novell® SUSE® Linux, be sure to configure the mouse mode for Linux before you launch the viewer. See "Configuring Console Redirection in the iDRAC Web Interface" on page 163 for help with configuration. The operating system’s default mouse settings are used to control the mouse arrow in the iDRAC Console Redirection screen.
Frequently Asked Questions Table 9-7 lists frequently asked questions and answers. Table 9-7. Using Console Redirection: Frequently Asked Questions Question Answer Can a new remote console video session be started when the local video on the server is turned off? Yes. Why does it take It gives a local user an opportunity to take any action before the 15 seconds to turn off video is switched off.
Table 9-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer How can I get the current status of the local server video? The status is displayed on the Console Redirection Configuration page of the iDRAC Web interface. The RACADM CLI command racadm getconfig –g cfgRacTuning displays the status in the object cfgRacTuneLocalServerVideo. The status is also seen on the iKVM OSCAR display. When the local console is enabled, a green status appears next to the server name.
Table 9-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer I am still having issues Ensure that the correct mouse is selected for your operating with mouse system before starting a console redirection session. synchronization. Ensure that Synchronize Mouse is checked in the Mouse menu. Press or select Mouse→ Synchronize mouse to toggle mouse synchronization. When synchronization is enabled, a check mark appears next to the selection in the Mouse menu.
Table 9-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer How much bandwidth do I need to run a console redirection session? Dell recommends a 5 MB/sec connection for good performance. A 1 MB/sec connection is required for minimal performance. What are the minimum The management station requires an Intel® Pentium III system requirements 500 MHz processor with at least 256 MB of RAM.
Using GUI Console Redirection
10 Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the console redirection viewer, provides the managed server access to media connected to a remote system on the network. Figure 10-1 shows the overall architecture of Virtual Media. Figure 10-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps. Virtual media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
Depending on your version of Internet Explorer, a custom security setting for ActiveX may be required: 1 Start Internet Explorer. 2 Click Tools→ Internet Options, and then click the Security tab. 3 Under Select a Web content zone to specify its security settings, click to select the desired zone. 4 Under Security level for this zone, click Custom Level. The Security Settings window appears.
2 Select System in the navigation tree and click the Console tab. 3 Click Configuration→ Virtual Media to configure the Virtual Media settings. Table 10-2 describes the Virtual Media configuration values. 4 When you have finished configuring the settings, click Apply. 5 Click the appropriate button to continue. See Table 10-3. Table 10-2. Virtual Media Configuration Values Attribute Value Attach Virtual Media Attach - Immediately attaches Virtual Media to the server.
Table 10-2. Virtual Media Configuration Values (continued) Attribute Value Virtual Media SSL Port Number The network port number used for encrypted connections to the Virtual Media service. Two consecutive ports starting from the port number specified are used to connect to the Virtual Media service. The port number following the specified port must not be configured for any other iDRAC service. The default is 3670.
3 Select System in the navigation tree and click the Console tab. The Console Redirection page appears. If you want to change the values of any of the displayed attributes, see "Configuring Virtual Media" on page 180. NOTE: The Floppy Image File under Floppy Drive (if applicable) may appear, as this device can be virtualized as a virtual floppy. You can select one optical drive and one floppy at the same time, or a single drive.
Disconnecting Virtual Media 1 Click Media→ Virtual Media Wizard…. 2 Click Disconnect next to the media you wish to disconnect. The media is disconnected and the Status window is updated. 3 Click Close. Booting From Virtual Media The system BIOS enables you to boot from virtual optical drives or virtual floppy drives. During POST, enter the BIOS setup window and verify that the virtual drives are enabled and listed in the correct order.
• The operating system installation CD is inserted in the management station’s CD drive. • The local CD drive is selected. • You are connected to the virtual drives. 2 Follow the steps for booting from the virtual media in the "Booting From Virtual Media" section to ensure that the BIOS is set to boot from the CD drive that you are installing from. 3 Follow the on-screen instructions to complete the installation.
Frequently Asked Questions Table 10-4 lists frequently asked questions and answers. Table 10-4. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my Virtual Media When a network time-out occurs, the iDRAC client connection drop. firmware drops the connection, disconnecting Why? the link between the server and the Virtual Drive.
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer Why do I sometimes lose my client connection? • You can sometimes lose your client connection if the network is slow or if you change the CD in the client system CD drive. For example, if you change the CD in the client system’s CD drive, the new CD might have an autostart feature.
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer How do I configure my virtual device On the managed server, access the BIOS Setup as a bootable device? and navigate to the boot menu. Locate the virtual CD, Virtual Floppy, or Virtual Flash and change the device boot order as needed. For example, to boot from a CD drive, configure the CD drive as the first drive in the boot order.
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy device on a system running Red Hat® Enterprise Linux® or the SUSE® Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer What file system types are supported Your Virtual Floppy Drive supports FAT16 or on my Virtual Floppy Drive? FAT32 file systems. When I performed a firmware update remotely using the iDRAC Web interface, my virtual drives at the server were removed. Why? Firmware updates cause the iDRAC to reset, drop the remote connection, and unmount the virtual drives. The drives will reappear when the iDRAC reset is complete.
Configuring and Using Virtual Media
11 Using the Local RACADM Command Line Interface The local RACADM command line interface (CLI) provides access to the iDRAC management features from the managed server. RACADM provides access to the same features as the iDRAC Web interface. However, RACADM can be used in scripts to ease configuration of multiple servers and iDRACs, where the Web interface is more useful for interactive management. Local RACADM commands do not use network connections to access the iDRAC from the managed server.
The subcommand list includes all commands that are supported by the iDRAC. To get help for a subcommand, type: racadm help The command displays the syntax and command-line options for the subcommand. RACADM Subcommands Table 11-1 provides a description of each RACADM subcommand that you can run in RACADM. For a detailed listing of RACADM subcommands including syntax and valid entries, see "RACADM Subcommand Overview" on page 275. Table 11-1.
Table 11-1. RACADM Subcommands (continued) Command Description racresetcfg Resets the iDRAC to the default configuration. serveraction Performs power management operations on the managed server. setniccfg Sets the IP configuration for the controller. sslcertdownload Downloads a CA certificate. sslcertupload Uploads a CA certificate or server certificate to the iDRAC. sslcertview Views a CA certificate or server certificate in the iDRAC. sslcsrgen Generates and downloads the SSL CSR.
For example, to display a list of all cfgLanNetworking group object settings, type the following command: racadm getconfig -g cfgLanNetworking Managing iDRAC Users with RACADM NOTE: Use caution when using the racresetcfg command, as all configuration parameters are reset to the original defaults. Any previous changes are lost. NOTE: If you are configuring a new iDRAC or if you ran the racadm racresetcfg command, the only current user is root with the password calvin.
Adding an iDRAC User To add a new user to the iDRAC, perform the following steps: 1 Set the user name. 2 Set the password. 3 Set the Login to iDRAC user privilege. 4 Enable the user.
Table 11-2. Bit Masks for User Privileges (continued) User Privilege Privilege Bit Mask Clear Logs 0x0000008 Execute Server Control Commands 0x0000010 Access Console Redirection 0x0000020 Access Virtual Media 0x0000040 Test Alerts 0x0000080 Execute Debug Commands 0x0000100 For example, to allow the user Configure iDRAC, Configure Users, Clear Logs, and Access Console Redirection privileges, add the values 0x00000002, 0x00000004, 0x00000008, and 0x00000010 to construct the bitmap 0x0000002E.
NOTE: Ensure that the SMTP and E-mail Alert settings are configured before testing the e-mail alert feature. See "Configuring E-Mail Alerts" on page 78 for more information. Testing the iDRAC SNMP Trap Alert Feature The iDRAC SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed server. The following example shows how a user can test the SNMP trap alert feature.
racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 192.168.0.5 racadm config -g cfgLanNetworking -o cfgDNSServer2 192.168.0.
a Update the IPMI channel privileges by entering the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanPrivilegeLimit where is one of the following: • 2 (User) • 3 (Operator) • 4 (Administrator) For example, to set the IPMI LAN channel privilege to 2 (User), type the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanPrivilegeLimit 2 b Set the IPMI LAN channel encryption key, if required, using a command such as the following: NOTE: The iDRAC IPMI supports the RMCP
• 4 (Administrator) For example, to configure the IPMI privileges to 2 (User), enter the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolMinPrivilege 2 NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate is identical to your managed server’s baud rate. b Update the IPMI SOL baud rate using the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolBaudRate where is 19200, 57600, or 115200 bps.
1 Configure PEF actions using the following command: racadm config -g cfgIpmiPef -o cfgIpmiPefAction -i where is the PEF index (see Table 5-7 on page 76), and is a value from Table 11-3.
4 Configure the Community Name string. At the command prompt, type: racadm config -g cfgIpmiLan -o cfgIpmiPetCommunityName where is the PET Community Name.
5 Test the configured e-mail alert, if desired, by entering the following command: racadm testemail -i where is the e-mail destination index to test. Configuring IP Filtering (IpRange) IP address filtering (or IP Range Checking) allows iDRAC access only from clients or management workstations whose IP addresses are within a userspecified range. All other login requests are denied.
Table 11-4. IP Address Filtering (IpRange) Properties Property Description cfgRacTuneIpRangeEnable Enables the IP range checking feature. cfgRacTuneIpRangeAddr Determines the acceptable IP address bit pattern, depending on the 1’s in the subnet mask. This property is bitwise anded with cfgRacTuneIpRangeMask to determine the upper portion of the allowed IP address. Any IP address that contains this bit pattern in its upper bits is allowed to log in.
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.57 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255 2 To restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask, as shown below: racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.212 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.
• The amount of time in seconds that the blocked IP address is prevented from establishing a session after the allowed number of failures is exceeded (cfgRacTuneIpBlkPenaltyTime) As login failures accumulate from a specific IP address, they are registered by an internal counter. When the user logs in successfully, the failure history is cleared and the internal counter is reset.
Enabling IP Blocking The following example prevents a client IP address from establishing a session for five minutes if that client has failed five login attempts in a one-minute period of time.
racadm config -g cfgSerial -o cfgSerialSshEnable 1 To disable the telnet or SSH service, change the value from 1 to 0: racadm config -g cfgSerial -o cfgSerialTelnetEnable 0 racadm config -g cfgSerial -o cfgSerialSshEnable 0 Type the following command to change the telnet port number on the iDRAC: racadm config -g cfgRacTuning -o cfgRacTuneTelnetPort For example, to change the telnet port from the default 22 to 8022, type this command: racadm config -g cfgRacTuning -o cfgRacTuneTelnetPort 8
To obtain a configuration file, with the RACADM getconfig command, enter the following command at a command prompt on the managed server: racadm getconfig -f myconfig.cfg This command creates the file myconfig.cfg in the current directory. Configuration File Syntax NOTE: Edit the configuration file with a plain text editor, such as Notepad on Windows or vi on Linux. The racadm utility parses ASCII text only. Any formatting confuses the parser and may corrupt the iDRAC database.
• Parameters are specified as object=value pairs with no white space between the object, =, and value. White space that is included after the value is ignored. White space inside a value string remains unmodified. Any character to the right of the = is taken as is (for example, a second =, or a #, [, ], and so forth). • The parser ignores an index object entry. You cannot specify which index is used.
configured. If a modified object represents a new index, the index is created on the iDRAC during configuration. • You cannot specify a desired index in a configuration file. Indexes may be created and deleted, so over time the group may become fragmented with used and unused indexes. If an index is present, it is modified. If an index is not present, the first available index is used.
# comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 Loading the Configuration File Into the iDRAC The command racadm config -f parses the configuration file to verify that valid group and object names are present and that syntax rules are followed. If the file is error-free the command then updates the iDRAC database with the contents of the file. NOTE: To verify the syntax only and not update the iDRAC database, add the -c option to the config subcommand.
where is the name of a file to save the iDRAC properties, such a myconfig.cfg. See "Creating an iDRAC Configuration File" on page 208 for more information. NOTE: Some configuration files contain unique iDRAC information (such as the static IP address) that must be modified before you export the file to other iDRACs. 2 Edit the configuration file you created in the previous step and remove or comment-out any settings you do not want to replicate.
Using the Local RACADM Command Line Interface
12 Using the iDRAC SM-CLP Command Line Interface This section provides information about the Distributed Management Task Force (DMTF) Server Management-Command Line Protocol (SM-CLP) that is incorporated in the iDRAC. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SM-CLP specifications. For more information on these specifications, see the Distributed Management Task Force (DMTF) website at www.dmtf.org.
• Active Directory configuration • iDRAC LAN configuration • SSL Certificate Signature Request (CSR) generation • Virtual media configuration • Serial over LAN (SOL) redirection over Telnet or SSH iDRAC SM-CLP Support SM-CLP is hosted from the iDRAC firmware and supports telnet and SSH connections. The iDRAC SM-CLP interface is based on the SM-CLP Specification Version 1.0 provided by the DMTF organization.
Table 12-1. Supported SM-CLP CLI Verbs (continued) Verb Description Options delete Deletes an object instance. –examine, –help, –output, –version Syntax: delete [options] target dump Moves a binary image from the MAP to a URI. –destination, –examine, dump -destination [options] –help, –output, –version [target] exit Exits from the SM-CLP shell session. –help, –output, –version Syntax: exit [options] help Displays help for SM-CLP commands.
Table 12-1. Supported SM-CLP CLI Verbs (continued) Verb Description Options start Starts a target. –examine, –force, –help, –output, –version Syntax: start [options] [target] stop Shuts down a target. Syntax: –examine, –force, –help, –output, –version, –wait stop [options] [target] version Displays the version attributes of a target. Syntax: –examine, –help, –output, –version version [options] Table 12-2 describes the SM-CLP options. Some options have abbreviated forms, as shown in the table.
Table 12-2. Supported SM-CLP Options (continued) SM-CLP Option Description –level, -l Instructs the verb to operate on targets at additional levels beneath the specified target. Syntax: -level –output, –o Specifies the format for the output. Syntax: -output -source Specifies the location of an image in a load command. Syntax: -source –version, –v Displays the SMASH-CLP version number.
Targets Table 12-3 provides a list of targets available through the SM-CLP. Table 12-3. SM-CLP Targets Target Definition /system1/ The managed system target. /system1/sp1 The service processor. /system1/sol1 Serial over LAN target. /system1/sp1/account1 through /system1/sp1/account16 The sixteen local iDRAC user accounts. account1 is the root account. /system1/sp1/enetport1 The iDRAC NIC MAC address. /system1/sp1/enetport1/lanendpt1/ ipendpt1 The iDRAC IP, gateway, and netmask settings.
Using the -display Option The show –display option allows you to limit the output of the command to one or more of properties, targets, and verbs. For example, to display just the properties and targets at the current location, use the following command: show -d properties,targets /system1/sp1/account1 To list only certain properties, qualify them, as in the following command: show -d properties=(userid,username) /system1/sp1/account1 If you only want to show one property, you can omit the parentheses.
iDRAC SM-CLP Examples The following subsections provide examples for using the SM-CLP to perform the following operations: • Server power management • SEL management • MAP target navigation • Display system properties • Setting the iDRAC IP address, subnet mask, and gateway address For information on the use of the iDRAC SM-CLP interface, see "iDRAC SMCLP Property Database" on page 347.
Table 12-5.
Table 12-5.
Table 12-6. Map Target Navigation Operations (continued) Operation Syntax Navigate to the SEL target and display the log records ->cd system1 ->cd sp1 ->cd logs1 ->show ->cd system1/sp1/logs1 ->show Display current target ->cd . Move up one level ->cd ..
When you commit the changes, the new network settings take effect, which causes your telnet or ssh session to be terminated. By introducing the commit step, you can delay the termination of your session until you have completed all of your SM-CLP commands. Table 12-7 provides examples of setting the iDRAC properties using SM-CLP. Table 12-7.
3 Enter the following command: load -source tftp:/// /system1/sp1 where is the DNS name or IP address of your TFTP server and is the path to the update package on the TFTP server. Your telnet or SSH session will be terminated. You may need to wait several minutes for the firmware update to complete. 4 To verify that the new firmware was written, start a new telnet or SSH session and re-enter the version command again.
Using the iDRAC SM-CLP Command Line Interface
13 Deploying Your Operating System Using iVM-CLI The Virtual Media Command Line Interface (iVM-CLI) utility is a commandline interface that provides virtual media features from the management station to the iDRAC in the remote system. Using iVM-CLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the iVM-CLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using the iDRAC Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Windows systems. Creating an Image File for Linux Systems Use the Data Duplicator (dd) utility to create a bootable image file for your Linux system.
When you create the image file, do the following: • Follow standard network-based installation procedures • Mark the deployment image as "read only" to ensure that each target system boots and executes the same deployment procedure 4 Perform one of the following procedures: • Integrate ipmitool and the Virtual Media command line interface (iVMCLI) into your existing operating system deployment application. Use the sample ivmdeploy script as a guide to using the utility.
• is the path to an ISO9660 image of the operating system installation CD or DVD • is the path to the device containing the operating system installation CD or DVD The ivmdeploy script passes its command line options to the iVMCLI utility. See "Command Line Options" on page 234 for details about these options. The script processes the -r option slightly differently than the iVMCLI -r option.
If your operating system supports Administrator privileges or an operating system-specific privilege or group membership, Administrator privileges are also required to run the iVM-CLI command. The client system’s administrator controls user groups and privileges, thereby controlling the users who can run the utility. For Windows systems, you must have Power User privileges to run the iVMCLI utility.
Command Line Options The iVM-CLI interface is identical on both Windows and Linux systems. The utility uses options that are consistent with the RACADM utility options. For example, an option to specify the iDRAC IP address requires the same syntax for both RACADM and iVM-CLI utilities. The iVM-CLI command format is as follows: iVMCLI [parameter] [operating_system_shell_options] Command-line syntax is case sensitive. See "iVM-CLI Parameters" for more information.
The must have the following attributes: • Valid user name • iDRAC Virtual Media User permission If iDRAC authentication fails, an error message appears and the command is terminated. iDRAC User Password -p This parameter provides the password for the specified iDRAC user. If iDRAC authentication fails, an error message displays and the command terminates.
Omit this parameter from the command line if you are not virtualizing floppy media. If an invalid value is detected, an error message displays and the command terminates. CD/DVD Device or Image File -c { | } where is a valid CD/DVD drive letter (Windows systems) or a valid CD/DVD device file name (Linux systems) and is the file name and path of a valid ISO-9660 image file.
Help Display -h This parameter displays a summary of the iVM-CLI utility parameters. If no other non-switch options are provided, the command terminates without error. Manual Display -m This parameter displays a detailed “man page” for the iVM-CLI utility, including descriptions of all of the possible options. Encrypted Data -e When this parameter is included in the command line, iVM-CLI will use an SSL-encrypted channel to transfer data between the management station and the iDRAC in the remote system.
iVM-CLI instances are started in this way, and one or more of the command instances must be manually terminated, use the operating system-specific facilities for listing and terminating processes. iVM-CLI Return Codes 0 = No error 1 = Unable to connect 2 = iVM-CLI command line error 3 = RAC firmware connection dropped English-only text messages are also issued to standard error output whenever errors are encountered.
14 Using the iDRAC Configuration Utility Overview The iDRAC Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for the iDRAC and for the managed server.
Starting the iDRAC Configuration Utility You must use an iKVM-connected console to access the iDRAC Configuration Utility initially or after a resetting the iDRAC to the default settings. 1 At the keyboard connected to the iKVM console, press to display the iKVM On Screen Configuration and Reporting (OSCAR) menu. Use and to highlight the slot containing your server, then press .
• The bottom line of the screen displays instructions for the current item. You can press to display help for the current item. • When you have finished using the iDRAC Configuration Utility, press to view the exit menu, where you can choose to save or discard your changes or return to the utility. The following sections describe the iDRAC Configuration Utility menu items. LAN Use , , and the spacebar to select between Enabled and Disabled.
LAN Parameters Press to display the LAN Parameters submenu. When you have finished configuring the LAN parameters, press to return to the previous menu. Table 14-1. LAN Parameters Item Description RMCP+ Encryption Press to edit the value, when finished. The Key RMCP+ Encryption key is a 40-character hexadecimal string (characters 0-9, a-f, and A-F). RMCP+ is an IPMI extension that adds authentication and encryption to IPMI. The default value is a string of 40 0s.
Table 14-1. LAN Parameters (continued) Item Description Default Gateway If the IP Address Source is set to DHCP, this field displays the IP address of the default gateway obtained from DHCP. If the IP Address Source is set to Static, enter the IP address of the default gateway. The default is 192.168.0.1. LAN Alert Enabled Select On to enable the Platform Event Trap (PET) LAN alert. Alert Policy Entry 1 Select Enable or Disable to activate the first alert destination.
Virtual Media Use and to select Attached or Detached. When you select Attached, the virtual media devices are attached to the USB bus, making them available for use during Console Redirection sessions. If you select Detached, users cannot access virtual media devices during Console Redirection sessions. NOTE: To use a USB Flash Drive with the Virtual Media feature, the USB Flash Drive Emulation Type must be set to Hard disk in the BIOS Setup Utility.
Reset to Default Use the Reset to Default menu item to reset all of the iDRAC configuration items to the factory defaults. This may be required, for example, if you have forgotten the administrative user password or if you want to reconfigure the iDRAC from the default settings. NOTE: In the default configuration, the iDRAC networking is disabled. You cannot reconfigure the iDRAC over the network until you have enabled the iDRAC network in the iDRAC Configuration Utility. Press to select the item.
Select Save Changes and Exit and press to retain your changes. Select Discard Changes and Exit and press to ignore any changes you made. Select Return to Setup and press to return to the iDRAC Configuration Utility.
15 Recovering and Troubleshooting the Managed Server This section explains how to perform tasks related to diagnosing and troubleshooting a remote managed server using the iDRAC facilities.
Trouble Indicators This section describes indications that there may be a problem with your system. LED Indicators The initial indication of system trouble may be the LEDs on the chassis or components installed in the chassis. The following components and modules have status LEDs: • Chassis LCD display • Servers • Fans • CMCs • I/O modules • Power supplies The single LED on the chassis LCD summarizes the status of all of the components in the system.
Hardware Trouble Indicators Indications that a module has a hardware problem include the following: • Failure to power up • Noisy fans • Loss of network connectivity • Battery, temperature, voltage, or power monitoring sensor alerts • Hard drive failures • USB media failure • Physical damage caused by dropping, water, or other external stress When these kinds of problems occur, you can try to correct the problem using these strategies: • Reseat the module and restart it • Try inserting the
Table 15-2. Trouble Indicators Look for: Action: Messages in the iDRAC Log See "Viewing the iDRAC Log" on page 262. Problem Solving Tools This section describes iDRAC facilities you can use to diagnose problems with your system, especially when you are trying to solve problems remotely.
Click any component on the Health page to see information about the component. Sensor readings are displayed for batteries, temperatures, voltages, and power monitoring, helping to diagnose some types of problems. The iDRAC and CMC information pages provide useful current status and configuration information. Checking the System Event Log (SEL) The SEL Log page displays messages for events that occur on the managed server.
Checking the Post Codes The Post Codes page displays the last system post code prior to booting the operating system. Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from Power on Reset, and allow you to diagnose any faults related to system boot-up. NOTE: View the text for POST code message numbers in the LCD display or in the Hardware Owner’s Manual.
Table 15-6. Last Crash Screen Page Buttons Button Action Print Prints the Last Crash Screen page. Save Opens a pop-up window that enables you to save the Last Crash Screen page to a directory of your choice. Delete Deletes the Last Crash Screen page. Refresh Reloads the Last Crash Screen page. NOTE: Due to fluctuations in the Auto Recovery timer, the Last Crash Screen may not be captured when the System Reset Timer is configured with a value that is too high. The default setting is 480 seconds.
Table 15-7. Boot Capture Options Button/Option Description Previous Screen Takes you to previous screen, if any, in the replay console. Play Starts the screenplay from current screen in the replay console. Pause Pauses the screenplay on the current screen being displayed in the replay console. Stop Stops the screenplay and loads the first screen of that boot sequence. Next Screen Takes you to next screen, if any, in the replay console.
Table 15-8.
Table 15-8. Server Status Screen (continued) Severity Message Critical Backplane Drive : Storage Drive was Drive Slot sensor for Backplane, removed drive removed Critical Backplane Drive : Storage Drive failed Drive Slot sensor for Backplane, drive fault was asserted Critical System Board PFault Fail Safe: This event is generated Voltage sensor for System Board, when the system board state asserted was asserted voltages are not at normal levels.
Table 15-8. Server Status Screen (continued) Severity Message Cause Warning ECC Corr Err: Memory sensor, correctable ECC ( ) was asserted Correctable ECC errors reached a critical rate. Critical ECC Uncorr Err: Memory sensor, uncorrectable ECC ( ) was asserted An uncorrectable ECC error was detected. Critical I/O Channel Chk: Critical Event sensor, I/O channel check NMI was asserted A critical interrupt is generated in the I/O Channel.
Table 15-8. Server Status Screen (continued) Severity Message Critical Memory Spared: Memory sensor, Memory spare is no redundancy lost longer redundant. ( ) was asserted Critical Memory Mirrored: Memory sensor, redundancy lost ( ) was asserted Critical Memory RAID: Memory sensor, RAID Memory is no redundancy lost ( ) was asserted Warning Memory Added: Memory sensor, Added memory module presence ( ) was removed.
Table 15-8.
Table 15-8.
Table 15-8.
Viewing the iDRAC Log The iDRAC Log is a persistent log maintained in the iDRAC firmware. The log contains a list of user actions (such as log in, log out, and security policy changes) and alerts issued by the iDRAC. The oldest entries are overwritten when the log becomes full. Where the System Event Log (SEL) contains records of events that occur in the managed server, the iDRAC log contains records of events that occur in the iDRAC.
Table 15-10. iDRAC Log Buttons (continued) Button Action Save As Opens a pop-up window that enables you to save the iDRAC Log to a directory of your choice. NOTE: If you are using Internet Explorer and encounter a problem when saving, be sure to download the Cumulative Security Update for Internet Explorer, located on the Microsoft Support website at support.microsoft.com. Refresh Reloads the iDRAC Log page.
Table 15-12. Auto Recovery Fields Field Description Recovery Action When a system hang is detected, the iDRAC can be configured to perform one of the following actions: No Action, Hard Reset, Power Down, or Power Cycle. Initial Countdown The number of seconds after a system hang is detected at which the iDRAC will perform a Recovery Action. Present Countdown The current value, in seconds, of the countdown timer. Integrated Dell Remote Access Controller Table 15-13 describes the iDRAC properties.
Identifying the Managed Server in the Chassis The PowerEdge M1000e chassis holds up to sixteen servers. To locate a specific server in the chassis, you can use the iDRAC Web interface to turn on a blue flashing LED on the server. When you turn on the LED, you can specify the number of seconds that you want the LED to flash to ensure that you can reach the chassis while the LED is still flashing. Entering 0 leaves the LED flashing until you disable it.
To refresh the Diagnostics Console page, click Refresh. Table 15-14. Diagnostic Commands Command Description arp Displays the contents of the Address Resolution Protocol (ARP) table. ARP entries may not be added or deleted. ifconfig Displays the contents of the network interface table. netstat Prints the content of the routing table. ping Verifies that the destination IP address is reachable from the iDRAC with the current routing-table contents.
Table 15-15. Power Control Actions (continued) Powers Off System Turns off the system power (equivalent to pressing the power button when the system power is on). NMI (NonMasking Interrupt) Sends a high-level interrupt to the operating system, which causes the system to halt operation to allow for critical diagnostic or troubleshooting activities. Graceful Shutdown Attempts to cleanly shut down the operating system, then powers off the system.
Table 15-17. Frequently Asked Questions/Troubleshooting Question Answer The LED on the server is blinking amber. Check the SEL for messages and then clear the SEL to stop the blinking LED. From the iDRAC Web interface: • See "Checking the System Event Log (SEL)" on page 251 From SM-CLP: • See "SEL Management" on page 222 From the iDRAC Configuration Utility: • See "System Event Log Menu" on page 245 There is a blinking blue LED on the server. A user has activated the locator ID for the server.
Table 15-17. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of the iDRAC? (continued) For example: $ racadm getniccfg -m server-1 DHCP Enabled IP Address Subnet Mask Gateway = = = = 1 192.168.0.1 255.255.255.0 192.168.0.1 From local RACADM: 1 Enter the following command at a command prompt: racadm getsysinfo From the LCD: 1 On the Main Menu, highlight Server and press the check button.
Table 15-17. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of the CMC? From the iDRAC Web interface: • Click System→ Remote Access→ CMC. The CMC IP address is displayed on the Summary page. OR • Select the "Dell CMC" console in the OSCAR to log into the CMC through a local serial connection. CMC RACADM commands can be issued from this connection. Refer to the CMC Firmware User Guide for a complete list of the CMC RACADM subcommands.
Table 15-17. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I change the name of the slot for my server? 1 Log in to the CMC Web interface. 2 Open the Chassis tree and click Servers. 3 Click the Setup tab. 4 Type the new name for the slot in the row for your server. 5 Click Apply. When starting a console redirection session from the iDRAC Web interface, an ActiveX security popup appears. The iDRAC may not be a trusted site from the client browser.
Recovering and Troubleshooting the Managed Server
Recovering and Troubleshooting the Managed Server 273
Recovering and Troubleshooting the Managed Server
A RACADM Subcommand Overview This section provides descriptions of the subcommands that are available in the RACADM command line interface. help Table A-1 describes the help command. Table A-1. Help Command Command Definition help Lists all of the subcommands available to use with racadm and provides a short description for each.
Supported Interfaces • Local RACADM config Table A-2 describes the config and getconfig subcommands. Table A-2. config/getconfig Subcommand Definition config Configures the iDRAC. getconfig Gets the iDRAC configuration data.
Table A-3. config Subcommand Options and Descriptions (continued) Option Description -p The -p, or password, option directs config to delete the password entries contained in the config file -f after the configuration is complete. -g The -g , or group, option must be used with the -o option. The specifies the group containing the object that is to be set. -o The -o , or object, option must be used with the -g option.
• racadm config -f myrac.cfg Configures or reconfigures the iDRAC. The myrac.cfg file may be created with the getconfig command. The myrac.cfg file may also be edited manually as long as the parsing rules are followed. NOTE: The myrac.cfg file does not contain passwords. To include passwords in the file, you must enter them manually. If you want to remove passwords from the myrac.cfg file during configuration, use the -p option.
Table A-4. getconfig Subcommand Options (continued) Option Description -i The -i , or index, option is valid only for indexed groups and can be used to specify a unique group. If -i is not specified, a value of 1 is assumed for groups, which are tables that have multiple entries. The index is specified by the index value, not a "named" value. -o The -o , or object, option specifies the object name that is used in the query. This option can be used with the -g option.
• racadm getconfig -g cfgUserAdmin -i 2 -v Displays the user group instance at index 2 with extensive information for the property values. Synopsis racadm getconfig -f racadm getconfig -g [-i ] racadm getconfig -u racadm getconfig -h Supported Interfaces • Local RACADM getssninfo Table A-5 describes the getssninfo subcommand. Table A-5.
Supported Interfaces • Local RACADM Input Table A-6 describes the getssninfo subcommand options. Table A-6. getssninfo Subcommand Options Option Description -A The -A option eliminates the printing of data headers. -u The -u user name option limits the printed output to only the detail session records for the given user name. If an asterisk (*) symbol is given as the user name, all users are listed. Summary information is not printed when this option is specified.
getsysinfo Table A-8 describes the racadm getsysinfo subcommand. Table A-8. getsysinfo Command Definition getsysinfo Displays iDRAC information, system information, and watchdog status information. Synopsis racadm getsysinfo [-d] [-s] [-w] [-A] Description The getsysinfo subcommand displays information related to the iDRAC, managed server, and watchdog configuration. Supported Interfaces • Local RACADM Input Table A-9 describes the getsysinfo subcommand options. Table A-9.
Sample Output RAC Information: RAC Date/Time Firmware Version Firmware Build Last Firmware Update = = = = Wed Aug 22 20:01:33 2007 0.32 13661 Mon Aug 20 08:09:36 2007 Hardware Version Current IP Address Current IP Gateway Current IP Netmask DHCP Enabled MAC Address Current DNS Server 1 Current DNS Server 2 DNS Servers from DHCP Register DNS RAC Name DNS RAC Name Current DNS Domain = = = = = = = = = = = = NA 192.168.0.120 192.168.0.1 255.255.255.0 1 00:14:22:18:cd:f9 10.32.60.4 10.32.60.
Examples • racadm getsysinfo -A -s "System Information:" "PowerEdge M600" "0.2.1" "0.32" "48192" "dell-x92i38xc2n" "" "ON" • racadm getsysinfo -w -s System Information: System Model System BIOS Version BMC Firmware Version Service Tag Host Name OS Name Power Status = PowerEdge M600 = 0.2.1 = 0.
Synopsis racadm getractime [-d] Description With no options, the getractime subcommand displays the time in a common readable format. With the -d option, getractime displays the time in the format, yyyymmddhhmmss.mmmmmms, which is the same format returned by the UNIX date command. Output The getractime subcommand displays the output on one line. Sample Output racadm getractime Thu Dec 8 20:15:26 2005 racadm getractime -d 20071208201542.
Synopsis racadm setniccfg -d racadm setniccfg -s [ ] racadm setniccfg -o [ ] Description The setniccfg subcommand sets the iDRAC IP address. • The -d option enables DHCP for the NIC (default is DHCP enabled). • The -s option enables static IP settings. The IP address, netmask, and gateway can be specified. Otherwise, the existing static settings are used. , , and must be typed as dot-separated strings.
Synopsis racadm getniccfg Description The getniccfg subcommand displays the current NIC settings. Sample Output The getniccfg subcommand will display an appropriate error message if the operation is not successful. Otherwise, on success, the output is displayed in the following format: NIC Enabled = 1 DHCP Enabled = 1 IP Address = 192.168.0.1 Subnet Mask = 255.255.255.0 Gateway = 192.168.0.1 Supported Interfaces • Local RACADM getsvctag Table A-13 describes the getsvctag subcommand.
Example Type getsvctag at the command prompt. The output is displayed as follows: Y76TP0G The command returns 0 on success and nonzero on errors. Supported Interfaces • Local RACADM racreset Table A-14 describes the racreset subcommand. Table A-14. racreset Subcommand Definition racreset Resets the iDRAC. NOTE: When you issue a racreset subcommand, the iDRAC may require up to one minute to return to a usable state.
racresetcfg Table A-15 describes the racresetcfg subcommand. Table A-15. racresetcfg Subcommand Definition racresetcfg Resets the entire RAC configuration to factory default values. Synopsis racadm racresetcfg Supported Interfaces • Local RACADM Description The racresetcfg command removes all user-configured database property entries. The database has default properties for all entries that are used to restore the iDRAC back to the default settings.
Description The serveraction subcommand enables users to perform power management operations on the host system. Table A-17 describes the serveraction power control options. Table A-17. serveraction Subcommand Options String Definition Specifies the action. The string options are: • powerdown — Powers down the managed server. • powerup — Powers up the managed server. • powercycle — Issues a power-cycle operation on the managed server.
Synopsis racadm getraclog -i racadm getraclog [-A] [-o] [-c count] [-s startrecord] [-m] Description The getraclog -i command displays the number of entries in the iDRAC log. NOTE: If no options are provided, the entire log is displayed. The following options allow the getraclog command to read entries: Table A-19. getraclog Subcommand Options Option Description -A Displays the output with no headers or labels. -c Provides the maximum count of entries to be returned.
clrraclog Synopsis racadm clrraclog Description The clrraclog subcommand removes all existing records from the iDRAC log. A new single record is created to record the date and time when the log was cleared. getsel Table A-20 describes the getsel command. Table A-20. getsel Command Definition getsel -i Displays the number of entries in the System Event Log. getsel Displays SEL entries.
Table A-21. getsel Subcommand Options Option Description -c Provides the maximum count of entries to be returned. -o Displays the output in a single line. -s Specifies the starting record used for the display. -E Places the 16 bytes of raw SEL at the end of each line of output as a sequence of hex values. -R Only the raw data is printed. -m Displays one screen at a time and prompts the user to continue (similar to the UNIX more command).
Supported Interfaces • Local RACADM gettracelog Table A-22 describes the gettracelog subcommand. Table A-22. gettracelog Command Definition gettracelog -i Displays the number of entries in the iDRAC trace log. gettracelog Displays the iDRAC trace log. Synopsis racadm gettracelog -i racadm gettracelog [-A] [-o] [-c count] [-s startrecord] [-m] Description The gettracelog (without the -i option) command reads entries. The following gettracelog entries are used to read entries: Table A-23.
Output The default output display shows the record number, timestamp, source, and description. The timestamp begins at midnight, January 1 and increases until the managed system boots. After the managed system boots, the managed system’s system time is used for the timestamp. For example: Record: 1 Date/Time: Dec Source: ssnmgrd[175] 8 08:21:30 Description: root from 192.168.157.
Options Table A-25 describes the sslcsrgen subcommand options. Table A-25. sslcsrgen Subcommand Options Option Description -g Generates a new CSR. -s Returns the status of a CSR generation process (generation in progress, active, or none). -f Specifies the filename of the location, , where the CSR will be downloaded. NOTE: If the -f option is not specified, the filename defaults to sslcsr in your current directory.
sslcertupload Table A-26 describes the sslcertupload subcommand. Table A-26. sslcertupload Subcommand Description sslcertupload Uploads a custom SSL server or CA certificate from the client to the iDRAC. Synopsis racadm sslcertupload -t [-f ] Options Table A-27 describes the sslcertupload subcommand options. Table A-27. sslcertupload Subcommand Options Option Description -t Specifies the type of certificate to upload, either the CA certificate or server certificate.
sslcertdownload Table A-28 describes the sslcertdownload subcommand. Table A-28. sslcertdownload Subcommand Description sslcertdownload Downloads an SSL certificate from the RAC to the client’s file system. Synopsis racadm sslcertdownload -t [-f ] Options Table A-29 describes the sslcertdownload subcommand options. Table A-29.
sslcertview Table A-30 describes the sslcertview subcommand. Table A-30. sslcertview Subcommand Description sslcertview Displays the SSL server or CA certificate that exists on the iDRAC. Synopsis racadm sslcertview -t [-A] Options Table A-31 describes the sslcertview subcommand options. Table A-31. sslcertview Subcommand Options Option Description -t Specifies the type of certificate to view, either the Microsoft Active Directory certificate or server certificate.
Organizational Unit (OU) Common Name (CN) : Remote Access Group : iDRAC default certificate Issuer Information: Country Code (CC) State (S) Locality (L) Organization (O) Organizational Unit (OU) Common Name (CN) : : : : : : Valid From Valid To : Jul : Jul racadm sslcertview -t 1 -A 00 US Texas Round Rock Dell Inc. Remote Access Group iDRAC default certificate US Texas Round Rock Dell Inc.
testemail Table A-32 describes the testemail subcommand. Table A-32. testemail configuration Subcommand Description testemail Tests the iDRAC’s e-mail alerting feature. Synopsis racadm testemail -i Description Sends a test e-mail from the iDRAC to a specified destination. Prior to executing the testemail command, ensure that the specified index in the RACADM cfgEmailAlert group is enabled and configured properly. Table A-33 provides an example of commands for the cfgEmailAlert group.
Options Table A-34 describes the testemail subcommand options. Table A-34. testemail Subcommand Option Option Description -i Specifies the index of the e-mail alert to test. Output None. Supported Interfaces • Local RACADM testtrap Table A-35 describes the testtrap subcommand. Table A-35. testtrap Subcommand Description testtrap Tests the iDRAC’s SNMP trap alerting feature.
Table A-36. cfg e-mail Alert Commands Action Command Enable the alert racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i 1 1 Set the destination e-mail racadm config -g cfgIpmiPet -o IP address cfgIpmiPetAlertDestIpAddr -i 1 192.168.0.110 View the current test trap racadm getconfig -g cfgIpmiPet -i settings where is a number from 1 to 4 Input Table A-37 describes the testtrap subcommand options. Table A-37.
RACADM Subcommand Overview
B iDRAC Property Database Group and Object Definitions The iDRAC property database contains the configuration information for the iDRAC. Data is organized by associated object, and objects are organized by object group. The IDs for the groups and objects that the property database supports are listed in this section. Use the group and object IDs with the RACADM utility to configure the iDRAC. The following sections describe each object and indicate whether the object is readable, writable, or both.
idRacProductInfo (Read Only) Legal Values String of up to 63 ASCII characters. Default Integrated Dell Remote Access Controller Description A text string that identifies the product. idRacDescriptionInfo (Read Only) Legal Values String of up to 255 ASCII characters. Default This system component provides a complete set of remote management functions for Dell PowerEdge servers. Description A text description of the RAC type.
idRacBuildInfo (Read Only) Legal Values String of up to 16 ASCII characters. Default The current RAC firmware build version. For example, "05.12.06". Description A string containing the current product build version. idRacName (Read Only) Legal Values String of up to 15 ASCII characters. Default iDRAC Description A user assigned name to identify this controller. idRacType (Read Only) Default 8 Description Identifies the remote access controller type as the iDRAC.
One instance of the group is allowed. All objects in this group will require the iDRAC NIC to be reset, which may cause a brief loss in connectivity. Objects that change the iDRAC NIC IP address settings will close all active user sessions and require users to reconnect using the updated IP address settings. cfgDNSDomainNameFromDHCP (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies that the iDRAC DNS domain name should be assigned from the network DHCP server.
cfgDNSRacName (Read/Write) Legal Values String of up to 63 ASCII characters. At least one character must be alphabetic. NOTE: Some DNS servers only register names of 31 characters or fewer. Default rac-service tag Description Displays the RAC name, which is rac-service tag by default. This parameter is only valid if cfgDNSRegisterRac is set to 1 (TRUE). cfgDNSRegisterRac (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Registers the iDRAC name on the DNS server.
Description Specifies that the DNS server IP addresses should be assigned from the DHCP server on the network. cfgDNSServer1 (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Description Specifies the IP address for DNS server 1. This property is only valid if cfgDNSServersFromDHCP is set to 0 (FALSE). NOTE: cfgDNSServer1 and cfgDNSServer2 may be set to identical values while swapping addresses.
Default 0 Description Enables or disables the iDRAC network interface controller. If the NIC is disabled, the remote network interfaces to the iDRAC will no longer be accessible, and the iDRAC will only be available through the local RACADM interface. cfgNicIpAddress (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 192.168.0.
Description The subnet mask used for static assignment of the iDRAC IP address. This property is only valid if cfgNicUseDhcp is set to 0 (FALSE). cfgNicGateway (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid gateway IP address. For example: 192.168.0.1. Default 192.168.0.1 Description The gateway IP address used for static assignment of the RAC IP address.
cfgNicMacAddress (Read Only) Legal Values A string representing the RAC NIC MAC address. Default The current MAC address of the iDRAC NIC. For example, 00:12:67:52:51:A3. Description The iDRAC NIC MAC address. cfgUserAdmin This group provides configuration information about the users who are allowed to access the RAC through the available remote interfaces. Up to 16 instances of the user group are allowed. Each instance represents the configuration for an individual user.
cfgUserAdminPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff Default 0x00000000 Description This property specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values. Table B-1 describes the user privilege bit values that can be combined to create bit masks. Table B-1.
Table B-2. Sample Bit Masks for User Privileges User Privilege(s) Privilege Bit Mask The user is not allowed to access the iDRAC. 0x00000000 The user may only login to the iDRAC and view iDRAC and server configuration information. 0x00000001 The user may login to the iDRAC and change configuration. 0x00000001 + 0x00000002 = 0x00000003 The user may login to RAC, access 0x00000001 + 0x00000040 + 0x00000080 = virtual media, and access console 0x000000C1 redirection.
Default "" Description The password for this user. User passwords are encrypted and cannot be seen or displayed after the property is written. cfgUserAdminEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables an individual user. cfgUserAdminSolEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Serial Over LAN (SOL) user access. cfgEmailAlert This group contains parameters to configure the RAC e-mail alerting capabilities.
The following subsections describe the objects in this group. Up to four instances of this group are allowed. cfgEmailAlertIndex (Read Only) Legal Values 1–4 Default This parameter is populated based on the existing instances. Description The unique index of an alert instance. cfgEmailAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies the destination email address for email alerts. For example, user1@company.com.
Description The e-mail address of the alert source. cfgEmailAlertCustomMsg Legal Values String. Maximum Length = 32. Default "" Description Specifies a custom message that is sent with the alert. cfgSessionManagement This group contains parameters to configure the number of sessions that can connect to the iDRAC. One instance of the group is allowed. The following subsections describe the objects in this group.
cfgSsnMgtWebserverTimeout (Read/Write) Legal Values 60 – 1920 Default 300 Description Defines the web server time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session; you must log out and log in again to make the new settings effective. An expired web server session logs out the current session.
After the message appears, the system returns you to the shell that generated the Secure Shell session. cfgSsnMgtTelnetIdleTimeout (Read/Write) Legal Values 0 (No timeout) 60 – 1920 Default 300 Description Defines the telnet idle time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached.
Default 1 Description Enables or disables the secure shell (SSH) interface on the iDRAC. cfgSerialTelnetEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the telnet console interface on the iDRAC. cfgRacTuning This group is used to configure various iDRAC configuration properties, such as valid ports and security port restrictions.
cfgRacTuneHttpsPort (Read/Write) Legal Values 10 – 65535 Default 443 Description Specifies the port number to use for HTTPS network communication with the iDRAC. cfgRacTuneIpRangeEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP Address Range validation feature of the iDRAC. cfgRacTuneIpRangeAddr Legal Values String, IP address formatted. For example, 192.168.0.44. Default 192.168.1.
cfgRacTuneIpRangeMask Legal Values Standard IP mask values with left-justified bits Default 255.255.255.0 Description String, IP-address formatted. For example, 255.255.255.0. cfgRacTuneIpBlkEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP address blocking feature of the RAC.
cfgRacTuneIpBlkFailWindow Legal Values 10 – 65535 Default 60 Description Defines the time span in seconds that the failed attempts are counted. When failure attempts age beyond this limit, they are dropped from the count. cfgRacTuneIpBlkPenaltyTime Legal Values 10 – 65535 Default 300 Description Defines the time span in seconds that session requests from an IP address with excessive failures are rejected.
cfgRacTuneTelnetPort (Read/Write) Legal Values 1 – 65535 Default 23 Description Specifies the port number used for the iDRAC telnet interface. cfgRacTuneConRedirEncryptEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Encrypts the video in a console redirection session.
Description Specifies the port to be used for keyboard and mouse traffic during console redirection activity with the iDRAC. cfgRacTuneConRedirVideoPort (Read/Write) Legal Values 1 – 65535 Default 5901 Description Specifies the port to be used for video traffic during console redirection activity with the iDRAC. NOTE: This object requires an iDRAC reset before it becomes active.
Default 1 Description Enables and disables the iDRAC web server. If this property is disabled, the iDRAC will not be accessible using client web browsers. This property has no effect on the telnet/SSH or local RACADM interfaces. cfgRacTuneLocalServerVideo (Read/Write) Legal Values 1 (Enables) 0 (Disables) Default 1 Description Enables (switches ON) or disables (switches OFF) the local server video.
ifcRacManagedNodeOs This group contains properties that describe the Managed Server operating system. One instance of the group is allowed. The following subsections describe the objects in this group. ifcRacMnOsHostname (Read/Write) Legal Values String. Maximum Length = 255. Default "" Description The host name of the managed server. ifcRacMnOsOsName (Read/Write) Legal Values String. Maximum Length = 255. Default "" Description The operating system name of the managed server.
cfgSecCsrCommonName (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Common Name (CN). cfgSecCsrOrganizationName (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Organization Name (O). cfgSecCsrOrganizationUnit (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Organization Unit (OU).
cfgSecCsrLocalityName (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Locality (L). cfgSecCsrStateName (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR State Name (S). cfgSecCsrCountryCode (Read/Write) Legal Values String. Maximum Length = 2.
cfgSecCsrEmailAddr (Read/Write) Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Email Address. cfgSecCsrKeySize (Read/Write) Legal Values 1024 2048 4096 Default 1024 Description Specifies the SSL asymmetric key size for the CSR. cfgRacVirtual This group contains parameters to configure the iDRAC virtual media feature. One instance of the group is allowed. The following subsections describe the objects in this group.
Default 1 Description This object is used to attach virtual devices to the system via the USB bus. When the devices are attached the server will recognize valid USB mass storage devices attached to the system. This is equivalent to attaching a local USB CDROM/floppy drive to a USB port on the system. When the devices are attached you then can connect to the virtual devices remotely using the iDRAC Web interface or the CLI. Setting this object to 0 will cause the devices to detach from the USB bus.
cfgVirMediaBootOnce (Read/Write) Legal Values 1 (Enabled) 0 (Disabled) Default 0 Description Enables or disables the virtual media boot-once feature of the iDRAC. If this property is enabled when the host server is rebooted, this feature will attempt to boot from the virtual media devices—if the appropriate media is installed in the device.
cfgADRacDomain (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default "" Description Active Directory Domain in which the DRAC resides. cfgADRacName (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default "" Description Name of iDRAC as recorded in the Active Directory forest.
Description Enables or disables Active Directory user authentication on the iDRAC. If this property is disabled, local iDRAC authentication is used for user logins instead. cfgADAuthTimeout (Read/Write) NOTE: To modify this property, you must have Configure iDRAC permission. Legal Values 15 – 300 Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out.
Description 1 (True) enables you to specify an LDAP or a Global Catalog server. 0 (False) disables this option. cfgADDomainController (Read/Write) Valid IP address or a fully qualified domain name (FQDN) Default No default value Description The iDRAC uses the value you specify to search the LDAP server for user names.
Description Determines the schema type to use with Active Directory. cfgStandardSchema This group contains parameters to configure the Active Directory standard schema settings. cfgSSADRoleGroupIndex (Read Only) Legal Values Integer from 1 to 5. Description Index of the Role Group as recorded in the Active Directory. cfgSSADRoleGroupName (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters.
Description Active Directory Domain in which the Role Group resides. cfgSSADRoleGroupPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff Default (blank) Description Use the bit mask numbers in Table B-3 to set role-based authority privileges for a Role Group. Table B-3.
cfgIpmiSolEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables SOL. cfgIpmiSolBaudRate (Read/Write) Legal Values 19200, 57600, 115200 Default 115200 Description The baud rate for serial communication over LAN. cfgIpmiSolMinPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the minimum privilege level required for SOL access.
cfgIpmiSolAccumulateInterval (Read/Write) Legal Values 1 – 255. Default 10 Description Specifies the typical amount of time that the iDRAC waits before transmitting a partial SOL character data packet. This value is 1-based 5ms increments. cfgIpmiSolSendThreshold (Read/Write) Legal Values 1 – 255 Default 255 Description The SOL threshold limit value. Specifies the maximum number of bytes to buffer before sending an SOL data packet.
Description Enables or disables the IPMI over LAN interface. cfgIpmiLanPrivLimit (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the maximum privilege level allowed for IPMI over LAN access. cfgIpmiLanAlertEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 0 Description Enables or disables global e-mail alerting. This property overrides all individual e-mail alerting enable/disable properties.
Default 00000000000000000000 Description The IPMI encryption key. cfgIpmiPetCommunityName (Read/Write) Legal Values A string up to 18 characters. Default public Description The SNMP community name for traps. cfgIpmiPef This group is used to configure the platform event filters available on the managed server. The event filters can be used to control policy related to actions that are triggered when critical events occur on the managed server. cfgIpmiPefName (Read Only) Legal Values String.
cfgIpmiPefIndex (Read Only) Legal Values 1 – 17 Default The index value of a platform event filter object. Description Specifies the index of a specific platform event filter. cfgIpmiPefAction (Read/Write) Legal Values 0 (None) 1 (Power Down) 2 (Reset) 3 (Power Cycle) Default 0 Description Specifies the action that is performed on the managed server when the alert is triggered.
Description Enables or disables a specific platform event filter. cfgIpmiPet This group is used to configure platform event traps on the managed server. cfgIpmiPetIndex (Read/Write) Legal Values 1–4 Default The appropriate index value. Description Unique identifier for the index corresponding to the trap. cfgIpmiPetAlertDestIpAddr (Read/Write) Legal Values String representing a valid IP address. For example, 192.168.0.67. Default 0.0.0.
Default 1 Description Enables or disables a specific trap.
iDRAC Property Database Group and Object Definitions
C iDRAC SMCLP Property Database /system1/sp1/account<1-16> This target provides configuration information about the local users who are allowed to access the RAC through available remote interfaces. Up to 16 instances of the user group are allowed. Each instance <1-16> represents the configuration for an individual local user. userid (Read Only) Legal values 1-16 Default Depends on the account instance being accessed. Description Specifies the instance ID or the local user ID.
Description A text string that contains the name of the local user for this account. The string must not contain a forward slash (/), period (.), at symbol (@), or quotation marks ("). Deleting the user is done by deleting the account. (delete account<116>). NOTE: This property value must be unique among usernames.
enabledstate (Read/Write) Legal Values 0 (Disabled) 1 (Enabled) Default 0 Description Helps enable or disable an individual user. solenabled (Read/Write) Legal Values 0 (Disabled) 1 (Enabled) Default 0 Description Enables or disables Serial Over LAN (SOL) user access.
Description Specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values. Table C-1 describes the user privilege bit values that can be combined to create bit masks. Table C-1.
Table C-2. Sample Bit Masks for User Privileges User Privilege(s) Privilege Bit Mask The user may login to RAC, access 0x00000001 + 0x00000040 + virtual media, and access console 0x00000080 = 0x000000C1 redirection. /system1/sp1/enetport1/* This group contains parameters to configure the iDRAC NIC. One instance of the group is allowed. All objects in this group require the iDRAC NIC to be reset, which may cause a brief loss in connectivity.
Description Enables or disables the iDRAC network interface controller. If the NIC is disabled, the remote network interfaces to the iDRAC become inaccessible, rendering the iDRAC available only through the local RACADM interface. ipaddress (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 192.168.0.n (where n is 120 plus the server slot number) Description Specifies the static IP address to assign to the RAC.
Default 0 Description Specifies whether DHCP is used to assign the iDRAC IP address. If this property is set to 1 (Enabled), the iDRAC IP address, subnet mask, and gateway are assigned from the DHCP server on the network. If this property is set to 0 (Disabled), the static IP address, subnet mask, and gateway gain values inserted manually by the user.
Default 0 Description Specifies that the iDRAC DNS domain name should be assigned from the network DHCP server. oemdell_dnsdomainname (Read/Write) Legal Values A string of up to 254 ASCII characters. At least one of the characters must be alphabetic. Default “” Description Holds the DNS domain name. This parameter is only valid if oemdell_domainnamefromdhcp is set to 0 (Disabled).
oemdell_dnsracname (Read/Write) Legal Values A string of up to 63 ASCII characters. At least one character must be alphabetic. NOTE: Some DNS servers only register names of up to 31 characters. Default rac-service tag Description Displays the RAC name, which is the RAC service tag by default. This parameter is only valid if oemdell_dnsregisterrac is set to 1 (Registered).
Default 0.0.0.0 Description Specifies the IP address for DNS Server 1. This property is only valid if oemdell_serversfromdhcp is set to 0 (Disabled). /system1/sp1/enetport1/lanendpt1/ipendpt1/dnse ndpt1/remotesap2 dnsserveraddress (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 0.0.0.0 Description Specifies the IP address for DNS Server 2. This property is only valid if oemdell_serversfromdhcp is set to 0 (Disabled).
Description The gateway IP address used for static assignment of the RAC IP address. This property is only valid if oemdell_usedhcp is set to 0 (Disabled). /system1/sp1/group<1-5> These groups contain parameters to configure the Active Directory standard schema settings. oemdell_groupname (Read/Write) Legal Values Any printable text string up to 254 characters with no blank spaces. Default “” Description Holds the name of the Role Group as recorded in the Active Directory forest.
Default “” Description Use the bit mask numbers in Table B-3 to set role-based authority privileges for a Role Group. Table C-3.
Description Enables or disables Active Directory user authentication on the iDRAC. If this property is disabled, only local iDRAC authentication is used for user logins. oemdell_adracname (Read/Write) Legal Values Any printable text string up to 254 characters with no blank spaces. Default "" Description Name of iDRAC as recorded in the Active Directory forest. oemdell_adracdomain (Read/Write) Legal Values Any printable text string up to 254 characters with no blank spaces.
Description The root domain of the Domain Forest. oemdell_timeout (Read/Write) Legal Values 15 – 300 Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out. oemdell_schematype (Read/Write) Legal Values 1 (Extended schema) 2 (Standard schema) Default 1 Description Determines the schema type to use with Active Directory.
Description Enables the user to specify an LDAP or a Global Catalog server. oemdell_addomaincontroller (Read/Write) Legal Values A valid IP address or a fully qualified domain name (FQDN). Default “” Description Value specified by the user that the iDRAC uses to search the LDAP server for usernames. oemdell_adglobalcatalog (Read/Write) Legal Values A valid IP address or an FQDN.
commonname (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Common Name. organizationname (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Organization Name. oemdell_organizationunit (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Organization Unit.
oemdell_localityname (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Locality. oemdell_statename (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR State Name. oemdell_countrycode (Read/Write) Legal Values A string of up to 2 characters. Default "" Description Specifies the CSR Country Code.
oemdell_emailaddress (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Email Address. oemdell_keysize (Read/Write) Legal Values 1024 2048 4096 Default 1024 Description Specifies the SSL asymmetric key size for the CSR. /system1/sp1/oemdell_ssl1 Contains parameters necessary to generate Certificate Signing Requests (CSRs) and view certificates.
Default 0 Description Generates a CSR when set to 1. Set the properties in the oemdell_racsecurity1 target before generating a CSR. oemdell_status (Read Only) Legal values CSR not found CSR generated Default CSR not found Description Shows the status of the previous generate command issued, if any, during the current session.
/system1/sp1/oemdell_vmservice1 This group contains parameters to configure the iDRAC virtual media feature. enabledstate (Read/Write) Legal Values VMEDIA_DETACH VMEDIA_ATTACH VMEDIA_AUTO_ATTACH Default VMEDIA_ATTACH Description Used to attach virtual devices to the system via the USB bus, allowing the server to recognize valid USB mass storage devices attached to the system. This is equivalent to attaching a local USB CDROM/floppy drive to a USB port on the system.
oemdell_floppyemulation (Read/Write) Legal Values 0 (Disabled) 1 (Enabled) Default 0 Description When set to 0, the virtual floppy drive is recognized as a removable disk by Windows operating systems. Windows operating systems will assign a drive letter that is C: or higher during enumeration. When set to 1, the Virtual Floppy drive will be seen as a floppy drive by Windows operating systems.
Default FALSE Description Indicates that the port has SSL disabled. portnumber (Read/Write) Legal Values 1 – 65535 Default 3670 Description Specifies the port number used for encrypted virtual media connections to the iDRAC. oemdell_sslenabled (Read Only) Legal Value TRUE Default TRUE Description Indicates that the port has SSL enabled.
D RACADM and SM-CLP Equivalencies Table D-1 lists the RACADM groups and objects and, where they exist, SMSLP equivalent locations in the SM-CLP MAP. Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies RACADM Groups/Objects SM-CLP Description idRacInfo idRacName String of up to 15 ASCII characters. Default: iDRAC. idRacProductInfo String of up to 63 ASCII characters. Default: Integrated Dell Remote Access Controller. idRacDescriptionInfo String of up to 255 ASCII characters.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgADEnable enablestate 0 to disable, 1 to enable. Default: 0 cfgADRacName oemdell_adracname String of up to 254 characters. cfgADRacDomain oemdell_adracdomain String of up to 254 characters. cfgADRootDomain oemdell_adrootdomain String of up to 254 characters. cfgADAuthTimeout oemdell_timeout 15 to 300 seconds.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgSSADRoleGroupPrivilege oemdell_groupprivilege Bit mask with values between 0x00000000 and 0x000001ff. cfgLanNetworking /system1/sp1/enetport1 cfgNicMacAddress macaddress The MAC address of the interface. Not editable. /system1/sp1/enetport1/ lanendpt1/ipendpt1 cfgNicEnable oemdell_nicenable 0 to disable NIC, 1 to enable NIC.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgDNSRacName oemdell_dnsracname String of up to 63 ASCII characters. At least one character must be alphabetic. Default: iDRAC- plus the Dell service tag. cfgDNSRegisterRac oemdell_dnsregisterrac Set to 1 to register iDRAC name in DNS. Default: 0 cfgDNSServersFromDHCP oemdell_dnsserversfromdhcp Set to 1 to get DNS server addresses from DHCP.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgVirMediaAttached enabledstate Set to 1 (RACADM)/ VMEDIA_ATTACH (SM-CLP) to attach media. Default: 1 (RACADM)/ VMEDIA_ATTACH (SM-CLP) cfgVirMediaBootOnce oemdell_singleboot Set to 1 to perform next boot from selected media. Default 0. /system1/sp1/oemdell_vmservice1/ tcpendpt1 cfgVirAtapiSvrPort oemdell_sslenabled Set to 1 if SSL is enabled for first virtual media device, 0 if not.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgUserAdminPassword password A string of up to 20 ASCII characters. cfgUserAdminPrivilege oemdell_extendedprivileges Bit mask value between 0x00000000 and 0x000001ff. Default: 0x00000000 cfgUserAdminSolEnable solenabled Set to 1 to allow user to use Serial over LAN. Default: 0 cfgUserAdminUserName username String of up to 16 characters.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgSsnMgtTelnetIdleTimeout Number of seconds idle before a telnet session times out. 0 to disable timeout or 60-1920 seconds. Default: 300 cfgSsnMgtWebserverTimeout Number of seconds idle before a Web interface session times out. 60-1920 seconds. Default: 300 cfgRacTuning cfgRacTuneConRedirEnable Set to 1 to enable console redirection, 0 to disable.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgRacTuneIpBlkFailWindow Time span in seconds during which to count failed login attempts (10 to 65535). Default: 60 cfgRacTuneIpBlkPenaltyTime Time span in seconds that a blocked IP remains blocked (10 to 65535). Default: 300 cfgRacTuneIpRangeAddr Base IP address for IP range filter. Default: 192.168.0.1 cfgRacTuneIpRangeEnable Set to 1 to allow IP range filtering.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgRacSecCsrCommonName commonname Active Directory common name. String of up to 254 characters. cfgRacSecCsrCountryCode oemdell_countrycode Active Directory country code. 2 characters. cfgRacSecCsrEmailAddr oemdell_emailaddress E-mail address to use for Certificate Signing Request. String of up to 254 characters.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgIpmiSolSendThreshold Maximum number of characters to collect before sending SOL data (1 to 255). Default: 255 cfgIpmiSolMinPrivilege Minimum privilege required to use SOL. 2 (user), 3 (operator), or 4 (administrator). Default: 4 cfgIpmiLan cfgIpmiEncryptionKey A string of 0 to 40 hexadecimal digits.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP cfgIpmiPefName Description The name of the platform event, a string of up to 254 characters. Not editable. cfgIpmiPet cfgIpmiPetAlertDestIpAddr IP address of the platform event trap receiver. Default: 0.0.0.0 cfgIpmiPetAlertEnable Set to 1 to enable the platform event trap. Default: 1 cfgIpmiPetIndex Index number (1-4) of the platform event trap. Table D-2.
Table D-2. RACADM Subcommands and SM-CLP Equivalencies RACADM Subcommand SM-CLP Description sslcertupload -t 2 set /system1/sp1/oemdell_ssl1 oemdell_certtype=AD Uploads the Active Directory Certificate onto the iDRAC.
Glossary Active Directory Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. AGP Abbreviation for accelerated graphics port, which is a bus specification that allows graphics cards faster access to main system memory.
CA A certificate authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains.
DLL Abbreviation for Dynamic Link Library, which is a library of small programs, any of which can be called when needed by a larger program that is running in the system. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (or file). DDNS Abbreviation for Dynamic Domain Name System. DMTF Abbreviation for Distributed Management Task Force. DNS Abbreviation for Domain Name System.
GRUB Acronym for GRand Unified Bootloader, a new and commonly-used Linux loader. GUI Abbreviation for graphical user interface, which refers to a computer display interface that uses elements such as windows, dialog boxes, and buttons as opposed to a command prompt interface, in which all user interaction is displayed and typed in text. hardware log Records events generated by the iDRAC and the CMC.
IPMI Abbreviation for Intelligent Platform Management Interface, which is a part of systems management technology. IMPItool A utility for managing and configuring devices that support IMPI version 1.5 and version 2.0. Kbps Abbreviation for kilobits per second, which is a data transfer rate. LAN Abbreviation for local area network. LDAP Abbreviation for Lightweight Directory Access Protocol. LED Abbreviation for light-emitting diode. LOM Abbreviation for Local area network On Motherboard.
Mbps Abbreviation for megabits per second, which is a data transfer rate. MIB Abbreviation for management information base. MII Abbreviation for Media Independent Interface. NAS Abbreviation for network attached storage. NIC Abbreviation for network interface card. An adapter circuit board installed in a computer to provide a physical connection to a network. OID Abbreviation for Object Identifiers. OpenSSH An open source utility for using the SSH protocol.
PuTTY A terminal emulator application that acts as a client for the SSH, Telnet, rlogin, and raw TCP computing protocols. RAM Acronym for random-access memory. RAM is general-purpose readable and writable memory on systems and the iDRAC. RAM disk A memory-resident program which emulates a hard drive. The iDRAC maintains a RAM disk in its memory. RAC Abbreviation for remote access controller.
SMTP Abbreviation for Simple Mail Transfer Protocol, which is a protocol used to transfer electronic mail between systems, usually over an Ethernet. SMWG Abbreviation for Systems Management Working Group. SNMP trap A notification (event) generated by the iDRAC or the CMC that contains information about state changes on the managed server or about potential hardware problems.
TFTP Abbreviation for Trivial File Transfer Protocol, which is a simple file transfer protocol used for downloading boot code to diskless devices or systems. UPS Abbreviation for uninterruptible power supply. USB Abbreviation for Universal Serial Bus. UTC Abbreviation for Universal Coordinated Time. See GMT. VLAN Abbreviation for Virtual Local Area Network. VNC Abbreviation for virtual network computing.
Glossary
Index A Active Directory about the extended schema, 104-118 about the standard schema, 122 accessing the iDRAC with, 109 adding iDRAC users to, 116 configuring extended schema with RACADM, 120 configuring extended schema with SM-CLP, 121 configuring extended schema with the web interface, 119 configuring standard schema with RACADM, 126 configuring standard schema with SM-CLP, 127 configuring standard schema with the web interface, 124 extended schema classes and attributes, 111 logging in to the iDRAC with
configuring iDRAC during initialization, 36 IP address, locating, 40 web Interface, 34 CMC Web interface locating the iDRAC IP address, 269 CMC web interface configuring iDRAC network properties, 39 community string, SNMP, 74, 342 configuration file creating, 208 configuring task overview, 36-39 Distributed Management Task Force (DMTF), 215 documents you may need, 29 E e-mail alerts configuring with RACADM, 202 configuring with the web interface, 78 extended schema.
table of, 83 I iDRAC creating a configuration file, 208 log, viewing, 262 recovering firmware, 100 resetting to factory defaults, 245 securing communications, 83 system information, 264 updating the firmware, 41 iDRAC configuration utility about, 239 configuring IPMI, 241 configuring LAN user, 244 configuring network properties, 241-242 configuring virtual media, 244 starting, 240 iDRAC service ports, 28 ifconfig command, diagnostics console, 266 iKVM disabling during console redirection, 166, 171 displayi
J Java console redirection plug-in, 59, 166 K key, verify, 45, 47 L last crash screen capturing on the managed server, 66 viewing, 252 Lightweight Directory Access Protocol (LDAP).
O On Screen Configuration and Reporting. See OSCAR OpenSSH, SSH client for Linux, 61 operating system installing (manual method), 184 installing (scripted method), 229 OSCAR displaying, 240 P password changing, 81 lost, 245 PEF configuring with RACADM, 200 configuring with the web interface, 77 PET configuring with RACADM, 201 configuring with the web interface, 76, 78, 201 filterable platform events table, 76 ping command, diagnostics console, 266 Platform Event Filter. See PEF Platform Event Trap.
configuring IP blocking, 205 configuring IP filtering, 203 configuring IPMI, 198 configuring multiple iDRACS, 212 configuring network properties, 197 configuring PEF, 200 configuring PET, 201 configuring Serial Over LAN, 199 configuring SSH service, 207 configuring telnet service, 207 subcommands, 275 using, 191 RACADM subcommands clrraclog, 192, 292 clrsel, 192, 294 config, 66, 192, 276 getconfig, 173, 192, 208, 278 getniccfg, 192, 287 getraclog, 192, 291 getractime, 192, 284 getsel, 293 getssninfo, 192, 2
Serial Over LAN configuration settings, 143 configuring in iDRAC Web GUI, 142 configuring with RACADM, 199 configuring with the web interface, 79 disconnecting in SM-CLP, 146 enabling in BIOS, 141 Linux operating system configuration, 154 opening with SOL Proxy, 149 operating system configuration, 154 over IMPItool, 146, 148 over OpenSSH with Linux, 148 over PuTTY, 147 over SSH, 145 over Telnet, 145 over Telnet with Linux, 147 overview, 141 SOL Proxy, 146 Windows 2003 Enterprise operating system configurati
using Telnet with, 151 SOL. See Serial Over LAN SSH client installation, 60 configuring iDRAC service with RACADM, 207 configuring service with the web interface, 96 OpenSSH software for Linux, 61 PuTTY client for Windows, 61 SSL about, 84 enabling on a domain controller, 129 importing the firmware certificate, 131 standard schema. See Active Directory System Event Log.
digital signature, 44-47 public key, 45, 47 video viewer using, 167 virtual media about, 177 booting, 183 command line, 232 configuring with the iDRAC configuration utility, 244 configuring with the web interface, 180 installing the operating system, 184 running, 182 configuring IPMI LAN properties, 72, 79 configuring network properties, 71 configuring PEF, 77 configuring PET, 76, 78, 201 configuring SOL, 79 configuring telnet service, 96 configuring the SSH service, 96 configuring the web server service,
Index
