Integrated Dell Remote Access Controller 7 (iDRAC7) Version 1.50.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2013 Dell Inc. All Rights Reserved.
Contents 1 Overview.....................................................................................................................................15 Benefits of Using iDRAC7 With Lifecycle Controller...............................................................................................15 Key Features........................................................................................................................................................... 16 New In This Release...................
Enabling or Disabling Default Password Warning Message Using Web Interface.........................................35 Enabling or Disabling Warning Message to Change Default Login Password Using RACADM......................35 3 Setting Up Managed System and Management Station.................................................... 37 Setting Up iDRAC7 IP Address................................................................................................................................
Scheduling Automatic Backup Server Profile................................................................................................. 63 Importing Server Profile..........................................................................................................................................64 Importing Server Profile Using iDRAC7 Web Interface....................................................................................65 Importing Server Profile Using RACADM.............................
SSL Server Certificates.................................................................................................................................... 83 Generating a New Certificate Signing Request............................................................................................... 84 Uploading Server Certificate............................................................................................................................85 Viewing Server Certificate.............................
Switching From Serial Console to RAC Serial................................................................................................107 Switching From RAC Serial to Serial Console................................................................................................107 Communicating With iDRAC7 Using IPMI SOL..................................................................................................... 107 Configuring BIOS For Serial Connection..........................................
Configuring Browser to Enable Active Directory SSO................................................................................... 147 Configuring iDRAC7 SSO Login for Active Directory Users..................................................................................147 Configuring iDRAC7 SSO Login for Active Directory Users Using Web Interface......................................... 148 Configuring iDRAC7 SSO Login for Active Directory Users Using RACADM............................................
Viewing Lifecycle Log Using Web Interface.................................................................................................. 163 Viewing Lifecycle Log Using RACADM.......................................................................................................... 163 Exporting Lifecycle Controller Logs...................................................................................................................... 163 Exporting Lifecycle Controller Logs Using Web Interface..........
Synchronizing Mouse Pointers...................................................................................................................... 180 Passing All Keystrokes Through Virtual Console........................................................................................... 181 13 Managing Virtual Media...................................................................................................... 185 Supported Drives and Devices..........................................................
Downloading Partition Contents.................................................................................................................... 206 Booting to a Partition......................................................................................................................................207 16 Using SMCLP......................................................................................................................... 209 System Management Capabilities Using SMCLP..................
Viewing Post Codes.............................................................................................................................................. 229 Viewing Boot and Crash Capture Videos..............................................................................................................229 Viewing Logs.........................................................................................................................................................
Installing Bare Metal OS Using Attached Virtual Media and Remote File Share.................................................251 Managing Rack Density........................................................................................................................................251 Installing New Electronic License........................................................................................................................
Overview 1 The Integrated Dell Remote Access Controller 7 (iDRAC7) is designed to make server administrators more productive and improve the overall availability of Dell servers. iDRAC7 alerts administrators to server issues, helps them perform remote server management, and reduces the need for physical access to the server. iDRAC7 with Lifecycle controller technology is part of a larger datacenter solution that helps keep business critical applications and workloads available at all times.
Key Features The key features in iDRAC7 include: NOTE: Some of the features are available only with iDRAC7 Enterprise license. For information on the features available for a license, see Managing Licenses. Inventory and Monitoring • View managed server health. • Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents. • View and export system inventory. • View sensor information such as temperature, voltage, and intrusion.
• Set email alerts, IPMI alerts, remote system logs, WS eventing logs, and SNMP traps (v1 and v2c) for events and improved email alert notification. • Capture last system crash image. • View boot and crash capture videos. Secure Connectivity Securing access to critical network resources is a priority. iDRAC7 implements a range of security features that includes: • Custom signing certificate for Secure Socket Layer (SSL) certificate. • Signed firmware updates.
• Export the Lifecycle log entries to a network share or to the local system. • Improved Virtual Media menu options: – Connect or disconnect Virtual Media session from Virtual Media menu. – Specify the location of the image file that is created from the folder. – Create an image from the folder without enabling Virtual Media session. – New interface when Virtual Media is launched in standalone mode.
Supported Web Browsers iDRAC7 is supported on the following browsers: • Internet Explorer • Mozilla Firefox • Google Chrome • Safari For the list of versions, see the Readme available at dell.com/support/manuals. Managing Licenses iDRAC7 features are available based on the purchased license (Basic Management, iDRAC7 Express, or iDRAC7 Enterprise). Only licensed features are available in the interfaces that allow you to configure or use iDRAC7.
NOTE: For a few features, a system restart is required to enable the features. • Export — Export the installed license into an external storage device for backup or to reinstall it again after a part or motherboard replacement. The file name and format of the exported license is .xml. • Delete — Delete the license that is assigned to a component if the component is missing. After the license is deleted, it is not stored in iDRAC7 and the base product functions are enabled.
Licensable Features In iDRAC7 The following table provides the iDRAC7 features that are enabled based on the license purchased. Table 2. iDRAC7 Licensable Features Feature Basic Management with IPMI iDRAC7 Express (Rack and Tower Servers) iDRAC7 iDRAC7 Express (for Enterprise Blade Servers) IPMI 2.
Feature Basic Management with IPMI iDRAC7 Express (Rack and Tower Servers) iDRAC7 iDRAC7 Express (for Enterprise Blade Servers) Serial Over LAN (no proxy) No Yes Yes Yes Crash Screen capture No Yes Yes Yes Crash Video Capture No No No Yes Boot Capture No No No Yes Virtual Media [4] No No Yes Yes Virtual Console [4] No No Yes [5] Yes Console Collaboration [4] No No No Yes Virtual Folder No No No Yes Virtual Console chat No No No Yes Remote File Share No No
[1] iDRAC7 license management and firmware update functionality is always available through iDRAC7 Web interface and RACADM. [2] All blade servers use dedicated NIC for iDRAC7 at all times, but the speed is limited to 100 Mbps. GIGABYTE Ethernet card does not work on blade servers due to limitations of the chassis, but works on rack and tower servers with Enterprise license. Shared LOM is not enabled for blade servers.
Interface or Protocol Description • • • View alerts, iDRAC7 IP or MAC address, user programmable strings. Set DHCP Configure iDRAC7 static IP settings. For blade servers, the LCD is on the chassis front panel and is shared between all the blades. To reset iDRAC without rebooting the server, press and hold the System Identification button for 16 seconds.
Interface or Protocol Description provided by iDRAC7 instrumentation interface mapped to the DMTF profiles and extension profiles. For more information, see the following: • • • • • • Lifecycle Controller-Remote Services User’s Guide available at dell.com/support/manuals. Lifecycle Controller Integration Best Practices Guide available at dell.com/support/ manuals. Lifecycle Controller page on Dell TechCenter — delltechcenter.
Port Number Function 636 LDAP Over SSL (LDAPS) 2049 Network File System (NFS) 123 Network Time Protocol (NTP) 3269 LDAPS for global catalog (GC) * Configurable port Other Documents You May Need In addition to this guide, the following documents available on the Dell Support website at dell.com/support/manuals provides additional information about the setup and operation of iDRAC7 in your system.
• The Owner’s Manual provides information about system features and describes how to troubleshoot the system and install or replace system components. Related Links Contacting Dell Accessing Documents From Dell Support Site Social Media Reference To know more about the product, best practices, and information about Dell solutions and services, you can access the social media platforms such as Dell TechCenter.
– • Client System Management * Enterprise System Management * Remote Enterprise System Management * Serviceability Tools To view the document, click the required product version. Using search engines as follows: – 28 * Type the name and version of the document in the Search box.
Logging into iDRAC7 2 You can log in to iDRAC7 as an iDRAC7 user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. The default user name and password is root and calvin, respectively. You can also log in using Single Sign-On or Smart Card. NOTE: You must have Login to iDRAC privilege to log in to iDRAC7.
5. For an LDAP user, in the Username and Password fields, enter your LDAP user name and password. Domain name is not required for LDAP login. By default, This iDRAC is selected in the drop-down menu. 6. Click Submit. You are logged into iDRAC7 with the required user privileges. If you log in with Configure Users privileges and the default account credentials, and if the default password warning feature is enabled, the Default Password Warning page is displayed allowing you to easily change the password.
NOTE: If you are a local user for whom Enable CRL check for Smart Card Logon is enabled, iDRAC7 attempts to download the CRL and checks the CRL for the user's certificate. The login fails if the certificate is listed as revoked in the CRL or if the CRL cannot be downloaded for some reason.
To login to iDRAC7 using Web interface: 1. Log in to your management station using a valid Active Directory account. 2. In a Web browser, type https://[FQDN address] NOTE: If the default HTTPS port number (port 443) has been changed, type: https://[FQDN address]: [port number] where, [FQDN address] is the iDRAC7 FQDN (iDRAC7dnsname.domain. name) and [port number] is the HTTPS port number. NOTE: If you use IP address instead of FQDN, SSO fails.
Accessing iDRAC7 Using Local RACADM For information to access iDRAC7 using local RACADM, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals. Accessing iDRAC7 Using Firmware RACADM You can use SSH or Telnet interfaces to access iDRAC7 and run firmware RACADM commands. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals.
Changing Default Login Password The warning message that allows you to change the default password is displayed if: • You log in to iDRAC7 with Configure Users privilege. • Default password warning feature is enabled. • Credentials for any currently enabled account are root/calvin. The same warning message is displayed if you log in using Active Directory or LDAP. Active Directory and LDAP accounts are not considered when determining if any (local) account has root/calvin as the credentials.
Changing Default Login Password Using iDRAC Settings Utility To change the default login password using iDRAC Settings Utility: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings.User Configuration page is displayed. 2. In the Change Password field, enter the new password. 3. Click Back, click Finish, and then click Yes. The details are saved.
Setting Up Managed System and Management Station 3 To perform out-of-band systems management using iDRAC7, you must configure iDRAC7 for remote accessibility, set up the management station and managed system, and configure the supported Web browsers. NOTE: In case of blade servers, install CMC and I/O modules in the chassis and physically install the system in the chassis before performing the configurations. Both iDRAC Express and iDRAC Enterprise ship from the factory with a default static IP address.
After you configure iDRAC7 IP address: • Make sure to change the default user name and password after setting up the iDRAC7 IP address. • Access it through any of the following interfaces: – iDRAC7 Web interface using a supported browser (Internet Explorer, Firefox, Chrome, or Safari) – Secure Shell (SSH) — Requires a client such as PuTTY on Windows. SSH is available by default in most of the Linux systems and hence does not require a client.
NOTE: For information about the options, see the iDRAC Settings Utility Online Help. 1. Under Enable NIC, select the Enabled option. 2. From the NIC Selection drop-down menu, select one of the following ports based on the network requirement: – Dedicated — Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC).
IPv4 Settings To configure the IPv4 settings: 1. Select Enabled option under Enable IPv4 . 2. Select Enabled option under Enable DHCP , so that DHCP can automatically assign the IP address, gateway, and subnet mask to iDRAC7. Else, select Disabled and enter the values for: 3. – Static IP Address – Static Gateway – Static Subnet Mask Optionally, enable Use DHCP to obtain DNS server address, so that the DHCP server can assign the Static Preferred DNS Server and Static Alternate DNS Server.
NOTE: You must have Chassis Configuration Administrator privilege to set up iDRAC7 network settings from CMC. 1. Log in to CMC Web interface. 2. Go to Server Overview → Setup → iDRAC. The Deploy iDRAC page is displayed. 3. Under iDRAC Network Settings, select Enable LAN and other network parameters as per requirements. For more information, see CMC online help. 4. For additional network settings specific to each blade server, go to Server Overview → . The Server Status page is displayed.
The iDRAC Settings Network page is displayed. 5. Enable NIC. 6. Enable IPv4. NOTE: IPv6 is not supported for auto-discovery. 7. Enable DHCP and get the domain name, DNS server address, and DNS domain name from DHCP. NOTE: Step 7 is optional if the provisioning server IP address (step 3) is provided.
Auto Config Sequence 1. Create or modify the XML file that configures the attributes of Dell servers. 2. Place the XML file in a share location that is accessible by the DHCP server and all the Dell servers that are assigned IP address from the DHCP server. 3. Specify the XML file location in vendor-option 43 field of DHCP server. 4. The iDRAC as part of acquiring IP address advertises vendor class identifier iDRAC. (Option 60) 5.
Configuring Option 60 on Windows To configure option 60 on Windows: 1. On the DHCP server, go to Start → Administration Tools → DHCP to open the DHCP server administration tool. 2. Find the server and expand the items under it. 3. Right-click on IPv4 and choose Define Vendor Classes. 4. Click Add and enter the following: – Display name — iDRAC (read-only) – Description — Vendor Class 5. – Under ASCII, click and enter iDRAC. Click OK. 6.
#default gateway option routers 192.168.0.1; option subnet-mask 255.255.255.0; option nis-domain "domain.org"; option domain-name "domain.org"; option domain-name-servers 192.168.1.1; option time-offset -18000; # Eastern Standard Time # option ntp-servers 192.168.1.1; # option netbios-name-servers 192.168.1.1; # --- Selects point-to-point node (default is hybrid).
To set up the management station: 1. Install a supported operating system. For more information, see the readme. 2. Install and configure a supported Web browser (Internet Explorer, Firefox, Chrome, or Safari). 3. Install the latest Java Runtime Environment (JRE) (required if Java plug-in type is used to access iDRAC7 using a Web browser). 4. From the Dell Systems Management Tools and Documentation DVD, install Remote RACADM and VMCLI from the SYSMGMT folder.
Modifying Local Administrator Account Settings After setting the iDRAC7 IP address, you can modify the local administrator account settings (that is, user 2) using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings User Configuration page is displayed. 2. Specify the details for Username, LAN User Privileges, Serial Port User Privileges, and Password. For information about the options, see the iDRAC Settings Utility Online Help. 3.
• Optimize for performance • Optimize for minimum power • Set the maximum air exhaust temperature • Increase airflow through a fan offset, if required To do this: 1. In the iDRAC Settings utility, go to Thermal. The iDRAC Settings Thermal page is displayed. 2. Specify the thermal, user option, and fan settings: – Thermal Base Algorithm — By default, this is set to Auto, which maps to the profile settings selected under System BIOS → System BIOS Settings. System Profile Settings page.
4. Scroll down to the section labeled ActiveX controls and plug-ins and set the following: NOTE: The settings in the Medium-Low state depend on the IE version.
Under Java (Sun): – Use JRE 1.6.x_yz: selected (optional; version may differ) Under Multimedia: – Enable automatic image resizing: selected – Play animations in Web pages: selected – Play videos in Web pages: selected – Show pictures: selected Under Security: – Check for publishers' certificate revocation: cleared – Check for signatures on downloaded programs: cleared – Check for signatures on downloaded programs: selected – Use SSL 2.0: cleared – Use SSL 3.0: selected – Use TLS 1.
To add iDRAC7 IP address to the list of trusted domains in IE8, do the following: 1. Select Tools → Internet Options → Security → Trusted sites → Sites. 2. Enter iDRAC7 IP address to the Add this website to the zone. 3. Click Add, click OK, and then click Close. 4. Click OK and then refresh your browser. Disabling Whitelist Feature in Firefox Firefox has a "whitelist" security feature that requires user permission to install plug-ins for each distinct site that hosts a plug-in.
• Network Interface Card (NIC) • RAID Controller • Power Supply Unit (PSU) • PCIe Solid State Drives (SSDs) You must upload the required firmware to iDRAC. After the upload is complete, the current version of the firmware installed on the device and the version being applied is displayed. If the firmware being uploaded is not valid, an error message is displayed. Updates that do not require a reboot are applied immediately.
Component Name Firmware Rollback Supported? (Yes or No) Out-of-band—System Restart Required? In-band—System Restart Required? Lifecycle Controller GUI—Restart Required? Enclosures Yes Yes No Yes NIC Yes Yes Yes Yes iDRAC Yes **No *No *No Power Supply Unit Yes Yes Yes Yes CPLD No Yes Yes Yes FC Cards Yes Yes Yes Yes PCIe SSD Yes Yes Yes Yes * Indicates that though a system restart is not required, iDRAC must be restarted to apply the updates.
Updating Single Device Firmware Before updating the firmware using single device update method, make sure that you have downloaded the firmware image to a location on the local system. To update single device firmware using iDRAC7 Web interface: 1. Go to Overview → iDRAC Settings → Update and Rollback . The Firmware Update page is displayed. 2. On the Update tab, select Local as the File Location. 3. Click Browse, select the firmware image file for the required component, and then click Upload. 4.
To update device firmware using a repository: 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Update and Rollback . The Firmware Update page is displayed. 2. On the Update tab, select Network Share as the File Location. 3. In the Catalog Location section, enter the network setting details. For information about the fields, see the iDRAC7 Online Help. 4. Click Check for Update.
NOTE: Any update in the repository that is not applicable to the system or the installed hardware or is not supported is not included in the comparison report. 6. Select the required updates and do one of the following: – For firmware images that do not require a host system reboot, click Install. For example, .d7 firmware file. – For firmware images that require a host system reboot, click Install and Reboot or Install Next Reboot. – To cancel the firmware update, click Cancel.
Scheduling Automatic Firmware Update Using Web Interface To schedule automatic firmware update using Web Interface: NOTE: Do not create the next scheduled occurrence of an automatic update job if a job is already Scheduled. It overwrites the current scheduled job. 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Update and Rollback . The Firmware Update page is displayed. 2. Click the Automatic Update tab. 3. Select the Enable Automatic Update option. 4.
• To view the current firmware update schedule: racadm AutoUpdateScheduler view • To disable automatic firmware update: racadm set lifecycleController.lcattributes.AutoUpdate.Enable 0 • To clear the schedule details: racadm AutoUpdateScheduler clear Updating Firmware Using CMC Web Interface You can update iDRAC7 firmware for blade servers using the CMC Web interface. To update iDRAC7 firmware using the CMC Web interface: 1. Log in to CMC Web interface. 2. Go to Server → Overview → .
– Using update command: racadm -r -u -p update —f FTP server: – Using fwupdate command: racadm -r -u -p fwupdate –f –d where path is the location on the FTP server where firmimg.d7 is stored.
• iDRAC • BIOS • Network Interface Card (NIC) • Power Supply Unit (PSU) • RAID Controller NOTE: You cannot perform firmware rollback for Lifecycle Controller, Diagnostics, Driver Packs, and CPLD. Before you rollback the firmware, make sure that: • You have Configure privilege to rollback iDRAC firmware. • You have Server Control privilege and have enabled Lifecycle Controller to rollback firmware for any other device other than the iDRAC.
– You do not have Server Control privilege to rollback any firmware other than the iDRAC or Configure privilege to rollback iDRAC firmware. – Firmware rollback is already in-progress in another session. – Updates are staged to run or already in running state. If Lifecycle Controller is disabled or in recovery state and you try to perform a firmware rollback for any device other than iDRAC, an appropriate warning message is displayed along with steps to enable Lifecycle Controller.
• Copy firmimg.d7 to the SD card. • Insert the SD card into the server. • Bootloader detects the SD card, turns the flashing LED to solid amber, reads the firmimg.d7, reprograms iDRAC7, and then reboots iDRAC7. Using TFTP Server You can use Trivial File Transfer Protocol (TFTP) server to upgrade or downgrade iDRAC7 firmware or install certificates. It is used in SM-CLP and RACADM command line interfaces to transfer files to and from iDRAC7.
The Backup and Export Server Profile page is displayed. 2. Select one of the following to save the backup file image: – Network to save the backup file image on a CIFS or NFS share. 3. – vFlash to save the backup file image on the vFlash card. Enter the backup file name and encryption passphrase (optional). 4. If Network is selected as the file location, enter the network settings. For information about the fields, see the iDRAC7 Online Help. 5. Click Backup Now.
8. Click Schedule Backup. A recurring job is represented in the job queue with a start date and time of the next scheduled backup operation. Five minutes after the first instance of the recurring job starts, the job for the next time period is created. The backup server profile operation is performed at the scheduled date and time. Scheduling Automatic Backup Server Profile Using RACADM To enable automatic backup use the command: racadm set lifecyclecontroller.lcattributes.
Importing Server Profile Using iDRAC7 Web Interface To import the server profile using iDRAC7 Web interface: 1. Go to Overview → iDRAC Settings → Server Profile → Import. The Import Server Profile page is displayed. 2. 3. 4. Select one of the following to specify the location of the backup file: – Network – vFlash Enter the backup file name and decryption passphrase (optional). If Network is selected as the file location, enter the network settings.
Configuring iDRAC7 4 iDRAC7 enables you to configure iDRAC7 properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC7, make sure that the iDRAC7 network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC7, see Managing Licenses.
Configuring Services Configuring Front Panel Display Setting Up Managed System Location Configuring Time Zone and NTP Setting Up iDRAC7 Communication Configuring User Accounts and Privileges Monitoring and Managing Power Enabling Last Crash Screen Configuring and Using Virtual Console Managing Virtual Media Managing vFlash SD Card Setting First Boot Device Enabling or Disabling OS to iDRAC Pass-through Configuring iDRAC7 to Send Alerts Viewing iDRAC7 Information You can view the basic properties of iDRAC7.
To modify the network settings using iDRAC7 Web interface or RACADM, you must have Configure privileges. NOTE: Changing the network settings may terminate the current network connections to iDRAC7. Modifying Network Settings Using Web Interface To modify the iDRAC7 network settings: 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Network. The Network page is displayed. 2.
racadm racadm racadm racadm racadm racadm set set set set set set iDRAC.IPv4.DNS1 192.168.0.5 iDRAC.IPv4.DNS2 192.168.0.6 iDRAC.Nic.DNSRegister 1 iDRAC.Nic.DNSRacName RAC-EK00002 iDRAC.Nic.DNSDomainFromDHCP 0 iDRAC.Nic.DNSDomainName MYDOMAIN NOTE: If cfgNicEnable or iDRAC.Nic.Enable is set to 0, the iDRAC7 LAN is disabled even if DHCP is enabled.
• – cfgRacTuneIpRangeMask – cfgRacTuneIpBlkEnable – cfgRacTuneIpBlkFailCount – cfgRacTuneIpBlkFailWindow With set command, use the objects in the iDRAC.IPBlocking group: – RangeEnable – RangeAddr – RangeMask – BlockEnable – FailCount – FailWindow – PenaltyTime The cfgRacTuneIpRangeMask or the RangeMask property is applied to both the incoming IP address and to the cfgRacTuneIpRangeAddr or RangeAddr property.
• – Using config command: racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailCount 5 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailWindow 60 – Using set command: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.FailCount 5 racadm set iDRAC.IPBlocking.
• Use the following objects with the config command: – • cfgRacTuneLocalConfigDisable – cfgRacTuneCtrlEConfigDisable – cfgSerialSshEnable – cfgRacTuneSshPort – cfgSsnMgtSshIdleTimeout – cfgSerialTelnetEnable – cfgRacTuneTelnetPort – cfgSsnMgtTelnetIdleTimeout – cfgRacTuneWebserverEnable – cfgSsnMgtWebserverTimeout – cfgRacTuneHttpPort – cfgRacTuneHttpsPort – cfgRacTuneRemoteRacadmEnable – cfgSsnMgtRacadmTimeout – cfgOobSnmpAgentEnable – cfgOobSnmpAgentCommunity Use the obje
Using VNC Client to Manage Remote Server You can use a standard open VNC client to manage the remote server using both desktop and mobile devices such as Dell Wyse PocketCloud. When servers in data centers stop functioning, the iDRAC or the operating system sends an alert to the console on the management station. The console sends an email or SMS to a mobile device with required information and launches VNC viewer application on the management station.
To configure the SSL tunnel application: 1. Configure SSL tunnel to accept connection on :. For example, 127.0.0.1:5930. 2. Configure SSL tunnel to connect to :. For example, 192.168.0.120:5901. 3. Start the tunnel application. To establish connection with the iDRAC VNC server over the SSL encrypted channel, connect the VNC viewer to the localhost (link local IP address) and the local port number (127.0.0.1:).
– System Power – Ambient Temperature – System Model – Host Name – User Defined – None If you select User Defined, enter the required message in the text box. If you select None, home message is not displayed on the server LCD front panel. 3. Enable Virtual Console indication (optional). If enabled, the Live Front Panel Feed section and the LCD panel on the server displays the Virtual console session active message when there is an active Virtual Console session. 4. Click Apply.
– 3. Blink On 1 Month Timeout Click Apply. The LED blinking on the front panel is configured. Configuring System ID LED Setting Using RACADM To configure system ID LED, use the setled command. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals. Configuring Time Zone and NTP You can configure the time zone on iDRAC and synchronize the iDRAC time using Network Time Protocol (NTP) instead of BIOS or host system times.
• Lifecycle Controller • BIOS Boot Manager NOTE: • BIOS Setup (F2), Lifecycle Controller (F10), BIOS Boot Manager (F11) only support boot once enabled. • Virtual Console does not support permanent boot configuration. It is always boot once. • The first boot device setting in iDRAC7 Web Interface overrides the System BIOS boot settings. Setting First Boot Device Using Web Interface To set the first boot device using iDRAC7 Web interface: 1. Go to Overview → Server → Setup → First Boot Device.
For more information, see the Dell OpenManage Server Administrator Installation Guide at dell.com/support/ manuals. 4. 5. Enable the Auto Shutdown and Recovery (ASR) option using one of the following: – Server Administrator — See Dell OpenManage Server Administrator User’s Guide at dell.com/support/manuals. – Local RACADM — Use the command: racadm config -g cfgRacTuning -o cfgRacTuneAsrEnable 1 Enable Automated System Recovery Agent.
Supported Operating Systems for USB NIC Enabling or Disabling OS to iDRAC Pass-through Using Web Interface Enabling or Disabling OS to iDRAC Pass-through Using RACADM Enabling or Disabling OS to iDRAC Pass-through Using iDRAC Settings Utility Supported Cards for OS to iDRAC Pass-through The following table provides a list of cards that support the OS to iDRAC Pass-through feature using LOM. Table 8.
On servers with Windows 2008 SP2 64-bit operating system, the iDRAC Virtual CD USB Device is not discovered automatically (or enabled). You must enable this manually. For more information, see steps recommended by Microsoft to manually update the Remote Network Driver Interface Specification (RNDIS) driver for this device. For Linux operating systems, configure the USB NIC as DHCP on the host operating system before enabling USB NIC.
The output is: Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective. Reboot Required: true VIBs Installed: Dell_bootbank_iDRAC_USB_NIC_1.0.0-799733X03 VIBs Removed: VIBs Skipped: 3. Reboot the server. 4. At the ESXi prompt, run the command: esxcfg-vmknic –l. The output displays the usb0 entry. Enabling or Disabling OS to iDRAC Pass-through Using Web Interface To enable OS to iDRAC Pass-through using Web interface: 1.
– USB NIC — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the internal USB bus. To disable this feature, select Disabled. 3. If you select LOM as the pass-through configuration, and if the server is connected using dedicated mode, enter the IPv4 address of the operating system. The default value is 0.0.0.0. NOTE: If the server is connected in shared LOM mode, then the OS IP Address field is disabled. 4.
An SSL-enabled system can perform the following tasks: • Authenticate itself to an SSL-enabled client • Allow the two systems to establish an encrypted connection The encryption process provides a high level of data protection. iDRAC7 employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America. iDRAC7 Web server has a Dell self-signed unique SSL digital certificate by default.
After the CA approves the CSR and issues the SSL server certificate, it can be uploaded to iDRAC7. The information used to generate the CSR, stored on the iDRAC7 firmware, must match the information contained in the SSL server certificate, that is, the certificate must have been generated using the CSR created by iDRAC7. Related Links SSL Server Certificates Generating CSR Using Web Interface To generate a new CSR: NOTE: Each new CSR overwrites any previous CSR data stored in the firmware.
If the CSR is generated outside of iDRAC with a private key available, then to upload the certificate to iDRAC: 1. Send the CSR to a well-known root CA. CA signs the CSR and the CSR becomes a valid certificate. 2. Upload the private key using the remote racadm sslkeyupload command. 3. Upload the signed certificate to iDRAC using the remote racadm sslcertupload command. iDRAC reboots and the newly uploaded certificate takes effect.
Downloading Custom Signing Certificate To download the custom signing certificate using iDRAC7 Web interface: 1. Go to Overview → iDRAC Settings → Network → SSL. The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, select Download Custom SSL Certificate Signing Certificate and click Next. A pop-up message is displayed that allows you to save the custom signing certificate to a location of your choice.
To configure multiple iDRAC7s using the .cfg file: 1. Query the target iDRAC7 that contains the required configuration using the command: racadm getconfig -f myfile.cfg. The command requests the iDRAC7 configuration and generates the myfile.cfg file. If required, you can configure the file with another name. NOTE: Redirecting the iDRAC7 configuration to a file using getconfig -f is only supported with the local and remote RACADM interfaces. NOTE: The generated .cfg file does not contain user passwords.
cfgUserAdminIpmiSerialPrivilege=15 cfgUserAdminSolEnable=0 – If you have used the get command: [idrac.users.16] Enable=Disabled IpmiLanPrivilege=15 IpmiSerialPrivilege=15 !!Password=******** (Write-Only) Privilege=0x0 SNMPv3AuthenticationType=SHA SNMPv3Enable=Disabled SNMPv3PrivacyType=AES SolEnable=Disabled UserName= • The indexes are read-only and cannot be modified.
• For indexed groups the object anchor must be the first object after the "[ ]" pair. The following are examples of the current indexed groups: [cfgUserAdmin] cfgUserAdminIndex=11 If you type racadm getconfig -f < myexample >.cfg, the command builds a .cfg file for the current iDRAC7 configuration. This configuration file can be used as an example and as a starting point for your unique . cfg file.
3. Click Apply. NOTE: If access is disabled, you cannot use Server Administrator or IPMITool to perform iDRAC7 configurations. However, you can use IPMI Over LAN.
Viewing iDRAC7 and Managed System Information 5 You can view iDRAC7 and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.
• CPUs • DIMMs • HDDs • Backplanes • Network Interface Cards (integrated and embedded) • Video card • SD card • Power Supply Units (PSUs) • Fans • Fibre Channel HBAs • USB The Firmware Inventory section displays the firmware version for the following components: • BIOS • Lifecycle Controller • iDRAC • OS driver pack • 32-bit diagnostics • System CPLD • PERC controllers • Batteries • Physical disks • Power supply • NIC • Fibre Channel • Backplane • Enclosure
• CPU — Indicates the health and state of the CPUs in the managed system. It also reports processor automatic throttling and predictive failure. • Memory — Indicates the health and state of the Dual In-line Memory Modules (DIMMs) present in the managed system. • Intrusion— Provides information about the chassis. • Power Supplies (available only for rack and tower servers) — Provides information about the power supplies and the power supply redundancy status.
View Sensor Information For Using Web Interface Temperature Overview → Server → Power/ Thermal → Temperatures Voltage Overview → Server → Power/ Thermal → Voltages Using RACADM Checking the System for Fresh Air Compliance Fresh air cooling directly uses outside air to cool systems in the data center. Fresh air compliant systems can operate above its normal ambient operating range (temperatures up to 113 °F (45 °C)).
You can also configure iDRAC to generate additional events. For more information, see the Setting Alert Recurrence Event section. Viewing Historical Temperature Data Using iDRAC7 Web Interface To view historical temperature data: 1. In the iDRAC7 Web interface, go to Overview → Server → Power / Thermal → Temperatures. The Temperatures page is displayed. 2.
• Go to Overview → Storage → Virtual Disks to view virtual disks information. The Virtual Disks page is displayed. • Go to Overview → Storage → Controllers to view the RAID controller information. The Controllers page is displayed. • Go to Overview → Storage → Enclosures to view the enclosure information. The Enclosures page is displayed. You can also use filters to view specific device information. For more information on the displayed properties and to use the filter options, see iDRAC7 Online Help.
initiator, and storage target attributes after the device is reset and before it is initialized, thus eliminating a second BIOS restart. The device configuration and boot operation occur in a single system start and is optimized for boot time performance. Before enabling I/O identity optimization, make sure that: • You have the Login, Configure, and System Control privileges. • BIOS, iDRAC, and network cards are updated to the latest firmware.
NOTE: I/O Identity Optimization is not supported on the following cards: • Emulex cards • Fibre Channel cards • Intel x520 Mezz 10 GB Supported BIOS Version for I/O Identity Optimization The following table provides the minimum BIOS version supported on the 12th generation PowerEdge servers. Dell PowerEdge 12th Generation Server Minimum Supported BIOS Version R720, R720xd, R620, T620, and M620 2.1.0 R820 2.0.15 R520, R320, R420, T420, T320, M520, and M420 2.0.19 M820 1.7.
Inventory and Monitoring FC HBA Devices You can remotely monitor the health and view the inventory of the Fibre Channel Host Bus Adapters (FC HBA) devices in the managed system. The Emulex and QLogic (except FC8) FC HBAs are supported.
CAUTION: With FlexAddress enabled, if you switch from a server–assigned MAC address to a chassis–assigned MAC address and vice–versa, iDRAC7 IP address also changes. Viewing or Terminating iDRAC7 Sessions You can view the number of users currently logged in to iDRAC7 and terminate the user sessions. Terminating iDRAC7 Sessions Using Web Interface The users who do not have administrative privileges must have Configure iDRAC7 privilege to terminate iDRAC7 sessions using iDRAC7 Web interface.
6 Setting Up iDRAC7 Communication You can communicate with iDRAC7 using any of the following modes: • iDRAC7 Web Interface • Serial connection using DB9 cable (RAC serial or IPMI serial) - For rack and tower servers only • IPMI Serial Over LAN • IPMI Over LAN • Remote RACADM • Local RACADM • Remote Services For an overview of the supported protocols, supported commands, and pre-requisites, see the following table. Table 11.
Communicating With iDRAC7 Using IPMI SOL Communicating With iDRAC7 Using IPMI Over LAN Enabling or Disabling Remote RACADM Disabling Local RACADM Enabling IPMI on Managed System Configuring Linux for Serial Console During Boot Supported SSH Cryptography Schemes Communicating With iDRAC7 Through Serial Connection Using DB9 Cable You can use any of the following communication methods to perform systems management tasks through serial connection to rack and tower servers: • RAC Serial • IPMI Serial — Direc
6. Press to exit System Setup. Enabling RAC Serial Connection After configuring serial connection in BIOS, enable RAC serial in iDRAC7. NOTE: This is applicable only for iDRAC7 on rack and tower servers. Enabling RAC Serial Connection Using Web Interface To enable RAC serial connection: 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Network → Serial. The Serial page is displayed. 2. Under RAC Serial, select Enabled and specify the values for the attributes. 3. Click Apply.
Enabling Serial Connection IPMI Mode Using RACADM To configure the IPMI mode, disable the RAC serial interface and then enable the IPMI mode using any of the following: • Usingconfig command: racadm config -g cfgSerial -o cfgSerialConsoleEnable 0 racadm config -g cfgIpmiSerial -o cfgIpmiSerialConnectionMode < 0 or 1> where, 0 indicates Terminal mode and 1 indicates Basic mode. • Using set command: racadm set iDRAC.Serial.Enable 0 racadm set iDRAC.IPMISerial.
The Serial page is displayed. 2. Enable IPMI serial. 3. Click Terminal Mode Settings. The Terminal Mode Settings page is displayed. 4. Specify the following values: – – – – – – Line editing Delete control Echo Control Handshaking control New line sequence Input new line sequences For information about the options, see the iDRAC7 Online Help. 5. Click Apply. The terminal mode settings are configured. 6.
• Remotely access operating systems with no time-out. • Diagnose host systems on Emergency Management Services (EMS) or Special Administrator Console (SAC) for Windows or Linux shell. • View the progress of a servers during POST and reconfigure the BIOS setup program. To setup the SOL communication mode: 1. Configure BIOS for serial connection. 2. Configure iDRAC7 to Use SOL. 3. Enable a supported protocol (SSH, Telnet, IPMItool).
3. To set the character accumulate interval and the character send threshold, select Advanced Settings. The Serial Over LAN Advanced Settings page is displayed. 4. Specify the values for the attributes and click Apply. The IPMI SOL advanced settings are configured. These values help to improve the performance. For information about the options, see the iDRAC7 Online Help. Configuring iDRAC7 to Use SOL Using RACADM To configure IPMI Serial over LAN (SOL): 1. 2.
To enable IPMI, go to Overview → iDRAC Settings → Network and select Enable IPMI Over LAN. Make sure that the Encryption Key value is all zeroes or press the backspace key to clear and change the value to NULL characters. Enabling Supported Protocol Using RACADM To enable the SSH or Telnet, run the command: • • Telnet: – Using config command: racadm config -g cfgSerial -o cfgSerialTelnetEnable 1 – Using set command: racadm set iDRAC.Telnet.
NOTE: If a SOL session does not terminate, reset iDRAC7 and allow up to two minutes to complete booting. SOL Using SSH or Telnet Protocol Secure Shell (SSH) and Telnet are network protocols used to perform command line communications to iDRAC7. You can parse remote RACADM and SMCLP commands through either of these interfaces. SSH has improved security over Telnet. iDRAC7 only supports SSH version 2 with password authentication, and is enabled by default.
– In Windows, if the Emergency Management System (EMS) console is opened immediately after a host reboot, the Special Admin Console (SAC) terminal may get corrupted. Quit the SOL session, close the terminal, open another terminal, and start the SOL session using the same command.
To use Telnet virtual console: 1. Enable Telnet in Windows Component Services. 2. Connect to the iDRAC7 using the command: telnet < IP address >:< port number >, where IP address is the IP address for the iDRAC7 and port number is the Telnet port number (if you are using a new port). Configuring Backspace Key For Your Telnet Session Depending on the Telnet client, using the key may produce unexpected results. For example, the session may echo ^h.
Configuring IPMI Over LAN Using iDRAC Settings Utility To configure IPMI over LAN: 1. In the iDRAC Settings Utility, go to Network. The iDRAC Settings Network page is displayed. 2. For IPMI Settings, specify the values. For information about the options, see the iDRAC Settings Utility Online Help. 3. Click Back, click Finish, and then click Yes. The IPMI over LAN settings are configured. Configuring IPMI Over LAN Using RACADM To configure IPMI over LAN using set or config command: 1.
3. Click Apply. The remote RACADM is enabled or disabled based on the selection. Enabling or Disabling Remote RACADM Using RACADM The RACADM remote capability is enabled by default. If disabled, type one of the following command: • Using config command: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 1 • Using set command: racadm set iDRAC.Racadm.
# initrd /boot/initrd-version.img #boot=/dev/sda default=0 timeout=10 #splashimage=(hd0,2)/grub/splash.xpm.gz serial --unit=1 --speed=57600 terminal --timeout=10 serial title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.3smp ro root=/dev/sda1 hda=ide-scsi console=ttyS0 console=ttyS1,115200n8r initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 s initrd /boot/initrd-2.
#If power was restored before the shutdown kicked in, cancel it.
Scheme Type Message Integrity Scheme • • • • • • • • RIJNDAEL256-CBC AES192-CBC RIJNDAEL192-CBC AES128-CBC RIJNDAEL128-CBC BLOWFISH-128-CBC 3DES-192-CBC ARCFOUR-128 • • • • HMAC-SHA1-160 HMAC-SHA1-96 HMAC-MD5-128 HMAC-MD5-96 Authentication Password PKA Authentication Public-private key pairs Using Public Key Authentication For SSH iDRAC7 supports the Public Key Authentication (PKA) over SSH. This is a licensed feature.
5. Enter a passphrase to secure the key. 6. Save the public and private key. Generating Public Keys for Linux To use the ssh-keygen application to create the basic key, open a terminal window and at the shell prompt, enter sshkeygen –t rsa –b 1024 –C testing where: • -t is either dsa or rsa. • –b specifies the bit encryption size between 768 and 4096. • –C allows modifying the public key comment and is optional. NOTE: The options are case-sensitive. Follow the instructions.
• For local RACADM: racadm sshpkauth -i <2 to 16> -k <1 to 4> -f • From remote RACADM using Telnet or SSH: racadm sshpkauth -i <2 to 16> -k <1 to 4> -t For example, to upload a valid key to iDRAC7 User ID 2 in the first key space using a file, run the following command: $ racadm sshpkauth -i 2 -k 1 -f pkkey.key NOTE: The -f option is not supported on telnet/ssh/serial RACADM. Viewing SSH Keys You can view the keys that are uploaded to iDRAC7.
Configuring User Accounts and Privileges 7 You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC7 and maintain system security. By default iDRAC7 is configured with a local administrator account. This default user name is root and the password is calvin. As an administrator, you can setup user accounts to allow other users to access iDRAC7.
Configuring Local Users Using RACADM NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system. You can configure single or multiple iDRAC7 users using RACADM. To configure multiple iDRAC7 users with identical configuration settings, perform one of the following procedures: • Use the RACADM examples in this section as a guide to create a batch file of RACADM commands and then execute the batch file on each managed system.
Adding iDRAC7 User Using RACADM To add a new user to the RAC configuration, perform the following: 1. Set the user name. 2. Set the password. 3. Set the following user privileges: 4. – iDRAC7 – LAN – Serial Port – Serial Over LAN Enable the user. Example: The following example describes how to add a new user named "John" with a "123456" password and LOGIN privileges to the RAC.
NOTE: For a list of valid bit mask values for specific user privileges, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals. The default privilege value is 0, which indicates the user has no privileges enabled.
Prerequisites for Using Active Directory Authentication for iDRAC7 Supported Active Directory Authentication Mechanisms Prerequisites for Using Active Directory Authentication for iDRAC7 To use the Active Directory authentication feature of iDRAC7, make sure that you have: • Deployed an Active Directory infrastructure. See the Microsoft website for more information. • Integrated PKI into the Active Directory infrastructure.
3. Enter mmc and click OK. 4. In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in. 5. In the Add/Remove Snap-In window, click Add. 6. In the Standalone Snap-In window, select Certificates and click Add. 7. Select Computer and click Next. 8. Select Local Computer, click Finish, and click OK. 9. In the Console 1 window, go to Certificates Personal Certificates folder. 10.
Related Links Standard Schema Active Directory Overview Extended Schema Active Directory Overview Standard Schema Active Directory Overview As shown in the following figure, using standard schema for Active Directory integration requires configuration on both Active Directory and iDRAC7. Figure 1. Configuration of iDRAC7 with Active Directory Standard Schema In Active Directory, a standard group object is used as a role group. A user who has iDRAC7 access is a member of the role group.
Role Groups Default Privilege Level Permissions Granted Bit Mask Role Group 5 None No assigned permissions 0x00000000 NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM. Single Domain Versus Multiple Domain Scenarios If all the login users and role groups, including the nested groups, are in the same domain, then only the domain controllers’ addresses must be configured on iDRAC7. In this single domain scenario, any group type is supported.
9. Click a Role Group to configure the control authorization policy for users under the standard schema mode. The Active Directory Configuration and Management Step 4b of 4 page is displayed. 10. Specify the privileges and click Apply. The settings are applied and the Active Directory Configuration and Management Step 4a of 4 page is displayed. 11. Click Finish. The Active Directory settings for standard schema is configured.
At least one of the three addresses is required to be configured. iDRAC7 attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located. The Global Catalog server is only required for standard schema when the user accounts and role groups are in different domains. In multiple domain case, only the Universal Group can be used.
You can configure up to 40 user domains with index numbers between 1 and 40. Extended Schema Active Directory Overview Using the extended schema solution requires the Active Directory schema extension. Active Directory Schema Extensions The Active Directory data is a distributed database of attributes and classes. The Active Directory schema includes the rules that determine the type of data that can be added or included in the database.
Figure 2. Typical Setup for Active Directory Objects You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one iDRAC7 Device Object for each iDRAC7 device on the network that you want to integrate with Active Directory for Authentication and Authorization with iDRAC7. The Association Object allows for as many or as few users and/or groups as well as iDRAC7 Device Objects.
Figure 3. Privilege Accumulation for a User The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC72 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC72. User1 has Priv1 privileges on iDRAC71 only.
NOTE: Extending the new schema has no impact on previous versions of the product. You can extend your schema using one of the following methods: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit is not added to the schema.
OID 1.2.840.113556.1.8000.1280.1.7.1.1 Directory Access Protocol (LDAP) queries to Active Directory. Class Type Structural Class SuperClasses dellProduct Attributes dellSchemaVersion dellRacType Table 18. delliDRACAssociationObject Class OID 1.2.840.113556.1.8000.1280.1.7.1.2 Description Represents the Dell Association Object. The Association Object provides the connection between the users and the devices.
Table 21. dellProduct Class OID 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived. Class Type Structural Class SuperClasses Computer Attributes dellAssociationMembers Table 22. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember List of dellPrivilege Objects that belong to this Attribute. 1.2.840.113556.1.8000.1280.1.1.2.
Attribute Name/Description Assigned OID/Syntax Object Identifier TRUE if the user has Debug Command Admin rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellSchemaVersion The Current Schema Version is used to update the schema. 1.2.840.113556.1.8000.1280.1.1.2.12 Case Ignore String (LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.
Creating iDRAC7 Device Object To create iDRAC7 device object: 1. In the MMC Console Root window, right-click a container. 2. Select New → Dell Remote Management Object Advanced. The New Object window is displayed. 3. Enter a name for the new object. The name must be identical to iDRAC7 name that you enter while configuring Active Directory properties using iDRAC7 Web interface. 4. Select iDRAC Device Object and click OK.
Adding Objects to Association Object Using the Association Object Properties window, you can associate users or user groups, privilege objects, and iDRAC7 devices or iDRAC7 device groups. You can add groups of users and iDRAC7 devices. Related Links Adding Users or User Groups Adding Privileges Adding iDRAC7 Devices or iDRAC7 Device Groups Adding Users or User Groups To add users or user groups: 1. Right-click the Association Object and select Properties. 2. Select the Users tab and click Add. 3.
The Active Directory Configuration and Management Step 2 of 4 page is displayed. 5. Specify the location information about Active Directory (AD) servers and user accounts. Also, specify the time iDRAC7 must wait for responses from AD during login process. NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that DNS is configured correctly under Overview → iDRAC Settings → Network. 6. Click Next.
– Using config command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 1 – Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 1 In this case, you must upload a CA certificate: racadm sslcertupload -t 0x2 -f NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that DNS is configured correctly under Overview → iDRAC Settings → Network.
3. Enter a test user's name (for example, username@domain.com) and password and click Start Test. A detailed test results and the test log displays. If there is a failure in any step, examine the details in the test log to identify the problem and a possible solution. NOTE: When testing Active Directory settings with Enable Certificate Validation checked, iDRAC7 requires that the Active Directory server be identified by the FQDN and not an IP address.
6. Click Next. The Generic LDAP Configuration and Management Step 3a of 3 page is displayed. 7. Click Role Group. The Generic LDAP Configuration and Management Step 3b of 3 page is displayed. 8. Specify the group distinguished name, the privileges associated with the group, and click Apply. NOTE: If you are using Novell eDirectory and if you have used these characters—#(hash), "(double quotes), ; (semi colon), > (greater than), , (comma), or <(lesser than)—for the Group DN name, they must be escaped.
Configuring iDRAC7 for Single Sign-On or Smart Card Login 8 This section provides information to configure iDRAC7 for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC7 supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
The Network page is displayed. 2. Provide a valid Preferred/Alternate DNS Server IP address. This value is a valid DNS server IP address that is part of the root domain. 3. Select Register iDRAC on DNS. 4. Provide a valid DNS Domain Name. 5. Verify that network DNS configuration matches with the Active Directory DNS information. For more information about the options, see the iDRAC7 Online Help.
Creating Active Directory Objects and Providing Privileges Perform the following steps for Active Directory Extended schema based SSO login: 1. Create the device object, privilege object, and association object in the Active Directory server. 2. Set access privileges to the created privilege object. It is recommended not to provide administrator privileges as this could bypass some security checks. 3. Associate the device object and privilege object using the association object. 4.
Configuring Active Directory With Extended Schema Using iDRAC7 Web Interface Configuring Active Directory With Extended Schema Using RACADM Configuring iDRAC7 SSO Login for Active Directory Users Using Web Interface To configure iDRAC7 for Active Directory SSO login: NOTE: For information about the options, see the iDRAC7 Online Help. 1. Verify whether the iDRAC7 DNS name matches the iDRAC7 Fully Qualified Domain Name.
3. Under Smart Card Configurations, select Upload User Certificate and click Next. The User Certificate Upload page is displayed. 4. Browse and select the Base64 user certificate, and click Apply. Uploading Smart Card User Certificate Using RACADM To upload smart card user certificate, use the usercertupload object. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals.
Configuring Active Directory With Extended Schema Using iDRAC7 Web Interface Configuring Active Directory With Extended Schema Using RACADM Enabling or Disabling Smart Card Login Before enabling or disabling smart card login for iDRAC7, make sure that: • You have configure iDRAC7 permissions. • iDRAC7 local user configuration or Active Directory user configuration with the appropriate certificates is complete.
Configuring iDRAC7 to Send Alerts 9 You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, or WS events), then an alert is sent to one or more configured destinations.
3. – Select Enable to enable alert generation or perform an event action. – Select Disable to disable alert generation or disable an event action. Click Apply to save the setting. Enabling or Disabling Alerts Using RACADM To enable or disable generating alerts or event actions using config command: racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 To enable or disable generating alerts or event actions using set command: racadm set iDRAC.IPMILan.
4. Click Apply. The Alert Results section displays the results based on the selected category and severity. Filtering Alerts Using RACADM To filter the alerts, use the eventfilters command. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals. Setting Event Alerts You can set event alerts such as e-mail alerts, IPMI alerts, SNMP traps, remote system logs, operating system logs, and WS events to be sent to configured destinations.
Setting Alert Recurrence Event You can configure iDRAC to generate additional events at specific intervals if the system continues to operate at a temperature which is greater than the inlet temperature threshold limit. The default interval is 30 days. The valid range is 0 to 365 days. A value of ‘0’ indicates that the event recurrence is disabled. NOTE: You must have Configure iDRAC privilege to set the alert recurrence value.
• eventfilters command. • cfgIpmiPefAction object with config command. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/ support/manuals. Configuring Email Alert, SNMP Trap, or IPMI Trap Settings The management station uses Simple Network Management Protocol (SNMP) and Intelligent Platform Management Interface (IPMI) traps to receive data from iDRAC7.
Configuring IP Alert Destinations Using RACADM To configure the trap alert settings: 1. To enable traps: – For IPv4 address: racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i (index) (0|1) – For IPv6 address: racadm config -g cfgIpmiPetIpv6 -o cfgIpmiPetIpv6AlertEnable -i (index) (0|1) where, (index) is the destination index and 0 or 1 disables or enables the trap, respectively.
NOTE: Email alerts support both IPv4 and IPv6 addresses. The DRAC DNS Domain Name must be specified when using IPv6. Related Links Configuring SMTP Email Server Address Settings Configuring Email Alert Settings Using Web Interface To configure the email alert settings using Web interface: 1. Go to Overview → Server → Alerts → SNMP and Email Settings . 2. Select the State option to enable the email address to receive the alerts and type a valid email address.
– Using set command: racadm set iDRAC.EmailAlert.CustomMsg.[index] [custom-message] where [index] is the email destination index and[custom-message] is the custom message. 4. To test the configured email alert, if required: racadm testemail -i [index] where [index] is the email destination index to test. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/ support/manuals.
Table 23.
Message ID Description RDU Redundancy RED FW Download RFL IDSDM Media RFLA IDSDM Absent RFM FlexAddress SD RRDU IDSDM Redundancy RSI Remote Service SEC Security Event SEL Sys Event Log SRD Software RAID SSD PCIe SSD STOR Storage SUP FW Update Job SWC Software Config SWU Software Change SYS System Info TMP Temperature TST Test Alert UEFI UEFI Event USR User Tracking VDR Virtual Disk VF vFlash SD card VFL vFlash Event VFLA vFlash Absent VLT Voltage VME Virt
Managing Logs 10 iDRAC7 provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC7 Web interface, RACADM, and WS-MAN interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
For more information, see RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/ manuals. Viewing System Event Log Using iDRAC Settings Utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utililty, go to System Event Log. The iDRAC Settings.System Event Log displays the Total Number of Records. 2. To clear the records, select Yes. Else, select No. 3.
Viewing Lifecycle Log Using Web Interface To view the Lifecycle Logs, click Overview → Server → Logs → Lifecycle Log.The Lifecycle Log page is displayed. For more information about the options, see the iDRAC7 Online Help. Filtering Lifecycle Logs You can filter logs based on category, severity, keyword, or date range. To filter the lifecycle logs: 1. 2. In the Lifecycle Log page, under the Log Filter section, do any or all of the following: – Select the Log Type from the drop-down list.
Exporting Lifecycle Controller Logs Using RACADM To export the Lifecycle Controller logs using RACADM, use the lclog export command. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals or dell.com/ esmmanuals. Adding Work Notes Each user who logs in to iDRAC7 can add work notes and this is stored in the lifecycle log as an event. You must have iDRAC7 logs privilege to add work notes.
Monitoring and Managing Power 11 You can use iDRAC7 to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: • Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
Executing Power Control Operations iDRAC7 enables you to remotely perform a power-on, power off, reset, graceful shutdown, Non-Masking Interrupt (NMI), or power cycle using the Web interface or RACADM. You can also perform these operations using Lifecycle Controller Remote Services or WS-Management. For more information, see the Lifecycle Controller Remote Services Quick Start Guide available at dell.com/support/manuals and the Dell Power State Management profile document available at delltechcenter.com.
If there is not enough power allocated, the blade server does not power on. If the blade has been allocated enough power, the iDRAC7 turns on the system power. Viewing and Configuring Power Cap Policy When power cap policy is enabled, it enforces user-defined power limits for the system. If not, it uses the hardware power protection policy that is implemented by default. This power protection policy is independent of the user defined policy.
– System.Power.Cap.Percent For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/ support/manuals. Configuring Power Cap Policy Using iDRAC Settings Utility To view and configure power policies: 1. In iDRAC Settings utility, go to Power Configuration. NOTE: The Power Configuration link is available only if the server power supply unit supports power monitoring. The iDRAC Settings Power Configuration page is displayed. 2.
• System.Power.RedundancyPolicy • System.Power.Hotspare.Enable • System.Power.Hotspare.PrimaryPSU • System.Power.PFC.Enable For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/ support/manuals. Configuring Power Supply Options Using iDRAC Settings Utility To configure the power supply options: 1. In iDRAC Settings utility, go to Power Configuration.
Configuring and Using Virtual Console 12 You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: • A maximum of four simultaneous Virtual Console sessions are supported. All the sessions view the same managed server console simultaneously.
NOTE: If you have an active Virtual Console session and a lower resolution monitor is connected to the Virtual Console, the server console resolution may reset if the server is selected on the local console. If the system is running a Linux operating system, an X11 console may not be viewable on the local monitor. Press at the iDRAC7 Virtual Console to switch Linux to a text console. Configuring Web Browsers to Use Virtual Console To use Virtual Console on your management station: 1.
To configure IE to use ActiveX plug-in: 1. Clear the browser’s cache. 2. Add iDRAC7 IP or hostname to the Trusted Sites list. 3. Reset the custom settings to Medium-low or change the settings to allow installation of signed ActiveX plug-ins. 4. Enable the browser to download encrypted content and to enable third-party browser extensions.
Clearing Earlier ActiveX Versions in IE7 To clear earlier versions of Active-X viewer for IE7, do the following: 1. Close the Video Viewer and Internet Explorer browser. 2. Open the Internet Explorer browser again and go to Internet Explorer → Tools → Manage Add-ons and click Enable or Disable Add-ons. The Manage Add-ons window is displayed. 3. Select Add-ons that have been used by Internet Explorer from the Show drop-down menu. 4. Delete the Video Viewer add-on.
Importing CA Certificate to ActiveX Trusted Certificate Store You must use the OpenSSL command line tool to create the certificate Hash using Secure Hash Algorithm (SHA). It is recommended to use OpenSSL tool 1.0.x and later since it uses SHA by default. The CA certificate must be in Base64 encoded PEM format. This is one-time process to import each CA certificate. To import the CA certificate to the ActiveX trusted certificate store: 1. Open the OpenSSL command prompt. 2.
Previewing Virtual Console Before launching the Virtual Console, you can preview the state of the Virtual Console on the System → Properties → System Summary page. The Virtual Console Preview section displays an image showing the state of the Virtual Console. The image is refreshed every 30 seconds. This is a licensed feature. NOTE: The Virtual Console image is available only if you have enabled Virtual Console.
The Virtual Console Viewer displays the remote system’s desktop. Using this viewer, you can control the remote system’s mouse and keyboard functions from your management station. Multiple message boxes may appear after you launch the application. To prevent unauthorized access to the application, navigate through these message boxes within three minutes. Otherwise, you are prompted to relaunch the application. If one or more Security Alert windows appear while launching the viewer, click Yes to continue.
4. Click Browse Path, specify the location to store the user’s certificate, click Apply, click OK, and exit from the viewer. 5. Launch Virtual Console again. 6. In the certificate warning message, select the Always trust this certificate option, and then click Continue. 7. Exit from the viewer. 8. When you re-launch Virtual Console, the warning message is not displayed.
NOTE: This is not applicable for managed systems running Windows operating system since they support Absolute Positioning. When using the Virtual Console to connect to a managed system with a recent Linux distribution operating system installed, you may experience mouse synchronization problems. This may be due to the Predictable Pointer Acceleration feature of the GNOME desktop. For correct mouse synchronization in the iDRAC7 Virtual Console, this feature must be disabled.
Java-based Virtual Console Session running on Windows Operating System • Ctrl+Alt+Del key is not sent to the managed system, but always interpreted by the management station.
– If SysRq is enabled on the management station, then or resets the management station irrespective of the system’s state. – If SysRq is disabled on the management station, then the or keys resets the operating system on the managed system. – Other SysRq key combinations (example, , , and so on) are passed to the managed system irrespective of the SysRq keys enabled or not on the management station.
Managing Virtual Media 13 Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: • Remotely access media connected to a remote system over the network • Install applications • Update drivers • Install an operating system on the managed system This is a licensed feature for rack and tower servers.
Supported Drives and Devices The following table lists the drives supported through virtual media. Table 25. Supported Drives and Devices Drive Virtual Optical Drives Virtual floppy drives USB flash drives Supported Storage Media • • • • • Legacy 1.44 floppy drive with a 1.
Configuring Virtual Media Using iDRAC Settings Utility You can attach, detach, or auto-attach virtual media using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to Virtual Media. The iDRAC Settings Virtual Media page is displayed. 2. Select Detach, Attach, or Auto attach based on the requirement. For more information about the options, see iDRAC Settings Utility Online Help. 3. Click Back, click Finish, and then click Yes. The Virtual Media settings are configured.
NOTE: On Linux, Java is the default plug-in type for accessing the Virtual Console. On Windows, open the.jnlp file to launch the Virtual Console using Java. 3. Click Virtual Media → Connect Virtual Media. The Virtual Media session is established and the Virtual Media menu displays the list of devices available for mapping. NOTE: The Virtual Console Viewer window must remain active while you access the Virtual Media. .
Adding Virtual Media Images You can create a media image of the remote folder and mount it as a USB attached device to the server’s operating system. To add Virtual Media images: 1. Click Virtual Media → Create Image.... 2. In the Source Folder field, click Browse and browse to the folder or directory to be used as the source for the image file. The image file is on the management station or the C: drive of the managed system. 3.
NOTE: While using ActiveX-based Virtual Media, you must have administrative privileges to map an operating system DVD or a USB flash drive (that is connected to the management station.) To map the drives, launch IE as an administrator or add the iDRAC7 IP address to the list of trusted sites. 1. To establish a Virtual Media session, from the Virtual Media menu, click Connect Virtual Media. For each device available for mapping from the host server, a menu item appears under the Virtual Media menu.
Mapping Virtual Drive Unmapping Virtual Drive To ummap the virtual drive: 1. From the Virtual Media menu, do any of the following: – Click the device that you want to unmap. – Click Disconnect Virtual Media. A message appears asking for confirmation. 2. Click Yes. The check mark for that menu item does not appear indicating that it is not mapped to the host server.
3. Turn on the managed system and press during boot. 4. Change the boot sequence to boot from the remote Virtual Media device. 5. Reboot the server. The managed system boots once from the Virtual Media.
Installing and Using VMCLI Utility 14 The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC7 on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network. NOTE: You can run the VMCLI utility only on the management station that is installed with 32–bit operating system.
The parameter enables VMCLI to connect to the specified server, access iDRAC7, and map to the specified virtual media. NOTE: VMCLI syntax is case-sensitive. To ensure security, it is recommended to use the following VMCLI parameters: • vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users.
• stderr/stdout redirection — Redirects any printed utility output to a file. For example, using the greater-than character (>) followed by a filename overwrites the specified file with the printed output of the VMCLI utility. NOTE: The VMCLI utility does not read from standard input (stdin). Hence, stdin redirection is not required. • Background execution — By default, the VMCLI utility runs in the foreground. Use the operating system's command shell features for the utility to run in the background.
Managing vFlash SD Card 15 The vFlash SD card is a Secure Digital (SD) card that plugs into the vFlash SD card slot in the system. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. If the card is not available in the system's vFlash SD card slot, the following error message is displayed in the iDRAC7 Web interface at Overview → Server → vFlash: SD card not detected.
Viewing vFlash SD Card Properties Using RACADM To view the vFlash SD card properties using RACADM, use one of the following: • • Use the cfgvFlashSD object with the getconfig command. The following read-only properties are displayed: – cfgVFlashSDSize – cfgVFlashSDLicensed – cfgVFlashSDAvailableSize – cfgVFlashSDHealth – cfgVFlashSDEnable – cfgVFlashSDWriteProtect – cfgVFlashSDInitialized Use the following objects with the get command: – iDRAC.vflashsd.AvailableSize – iDRAC.vflashsd.
– • To disable vFlash: racadm config -g cfgvFlashsd -o cfgvflashSDEnable 0 Using set command: – To enable vFlash: racadm set iDRAC.vflashsd.Enable 1 – To disable vFlash: racadm set iDRAC.vflashsd.Enable 0 NOTE: The RACADM command functions only if a vFlash SD card is present. If a card is not present, the following message is displayed: ERROR: SD Card not present. Enabling or Disabling vFlash Functionality Using iDRAC Settings Utility To enable or disable the vFlash functionality: 1.
Initializing vFlash SD Card Using iDRAC Settings Utility To initialize the vFlash SD card using iDRAC Settings utility: 1. In the iDRAC Settings utility, go to vFlash Media. The iDRAC Settings vFlash Media page is displayed. 2. Click Initialize vFlash. 3. Click Yes. The initialization operation starts. 4. Click Back and navigate to the same iDRAC Settings vFlash Media page to view the successful message.
Creating an Empty Partition An empty partition, when attached to the system, is similar to an empty USB flash drive. You can create empty partitions on a vFlash SD card. You can create partitions of type Floppy or Hard Disk. The partition type CD is supported only while creating partitions using images. Before creating an empty partition, make sure that: • You have Access Virtual Media privilege. • The card is initialized. • The card is not write-protected.
NOTE: The uploaded image and the emulation type must match. There are issues when iDRAC7 emulates a device with incorrect image type. For example, if the partition is created using an ISO image and the emulation type is specified as Hard Disk, then the BIOS cannot boot from this image. • Image file size is less than or equal to the available space on the card. • Image file size is less than or equal to 4 GB as the maximum partition size supported is 4 GB.
To format vFlash partition: 1. In iDRAC7 Web interface, go to Overview → Server → vFlash → Format. The Format Partition page is displayed. 2. Enter the required information and click Apply. For information about the options, see the iDRAC7 Online Help. A warning message indicating that all the data on the partition will be erased is displayed. 3. Click OK. The selected partition is formatted to the specified file system type. An error message is displayed if: – The card is write-protected.
The Manage Partitions page is displayed. 2. In the Read-Only column: – Select the checkbox for the partition(s) and click Apply to change to read-only. – Clear the checkbox for the partition(s) and click Apply to change to read-write. The partitions are changed to read-only or read-write, based on the selections. NOTE: If the partition is of type CD, the state is read-only. You cannot change the state to read-write. If the partition is attached, the check box is grayed-out.
Attaching or Detaching Partitions Using Web Interface To attach or detach partitions: 1. In the iDRAC7 Web interface, go to Overview → Server → vFlash → Manage. The Manage Partitions page is displayed. 2. In the Attached column: – Select the checkbox for the partition(s) and click Apply to attach the partition(s). – Clear the checkbox for the partition(s) and click Apply to detach the partition(s). The partitions are attached or detached, based on the selections.
• The card is not write-protected. • The partition is not attached. • An initialize operation is not being performed on the card. Deleting Existing Partitions Using Web Interface To delete an existing partition: 1. In the iDRAC7 Web interface, go to Overview → Server → vFlash → Manage. The Manage Partitions page is displayed. 2. In the Delete column, click the delete icon for the partition that you want to delete. A message is displayed indicating that this action permanently deletes the partition.
Booting to a Partition You can set an attached vFlash partition as the boot device for the next boot operation. Before booting a partition, make sure that: • The vFlash partition contains a bootable image (in the .img or .iso format) to boot from the device. • The vFlash functionality is enabled. • You have Access Virtual Media privileges. Booting to a Partition Using Web Interface To set the vFlash partition as a first boot device, see Setting First Boot Device.
Using SMCLP 16 The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
• yx2x blade, rack, and tower servers use admin->. where, y is a alpha-numeric character such as M (for blade servers), R (for rack servers), and T (for tower servers) and x is a number. This indicates the generation of Dell PowerEdge servers. NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers.
Target Definitions admin1/system1/logs1/log1 System Event Log (SEL) record entry admin1/system1/logs1/log1/record* An individual SEL record instance on the managed system admin1/system1/settings1 Managed system SMASH collection settings admin1/system1/capacities1 Managed system capacities SMASH collection admin1/system1/consoles1 Managed system consoles SMASH collection admin1/system1/sp1 Service Processor admin1/system1/sp1/timesvc1 Service Processor time service admin1/system1/sp1/capabili
Target Definitions admin1/sysetm1/sp1/account1-16/ identity2 IPMI identity (LAN) account admin1/sysetm1/sp1/account1-16/ identity3 IPMI identity (Serial) account admin1/sysetm1/sp1/account1-16/ identity4 CLP identity account admin1/system1/sp1/acctsvc1 Local user account management service admin1/system1/sp1/acctsvc2 IPMI account management service admin1/system1/sp1/acctsvc3 CLP account management service admin1/system1/sp1/rolesvc1 Local Role Base Authorization (RBA) service admin1/system1
Using Show Verb To learn more about a target use the show verb. This verb displays the target’s properties, sub-targets, associations, and a list of the SM-CLP verbs that are allowed at that location. Using the -display Option The show –display option allows you to limit the output of the command to one or more of properties, targets, associations, and verbs.
• To switch on the server: start /system1 The following message is displayed: system1 has been started successfully • To reboot the server: reset /system1 The following message is displayed: system1 has been reset successfully SEL Management The following examples show how to use the SMCLP to perform SEL-related operations on the managed system.
Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.000000-000 Description= FAN 7 RPM: fan sensor, detected a failure ElementName= IPMI SEL Record Commands: cd show help exit version • To clear the SEL: delete /system1/logs1/log1/record* The following output is displayed: All records deleted successfully MAP Target Navigation The following examples show how to use the cd verb to navigate the MAP.
Using iDRAC Service Module 17 iDRAC monitoring currently depends on OpenManage Server Administrator to provide information about the host, such as the operating system and host name. The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system.
Replicate Lifecycle Logs to OS Log You can replicate the Lifecycle Controller Logs to the OS logs from the time when the feature is enabled in iDRAC. This is similar to the System Event Log (SEL) replication performed by OpenManage Server Administrator. All events that have the OS Log option selected as the target (in the Alerts page, or in the equivalent RACADM or WSMAN interfaces) are replicated in the OS log using the iDRAC Service Module.
* Power Cycle System This option is disabled if OpenManage Server Administrator is installed on the system. Using iDRAC Service Module From RACADM To use the iDRAC Service Module from RACADM, use the objects in the ServiceModule group. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals.
Deploying Operating Systems 18 You can use any of the following utilities to deploy operating systems to managed systems: • Virtual Media Command Line Interface (CLI) • Virtual Media Console • Remote File Share Related Links Deploying Operating System Using VMCLI Deploying Operating System Using Remote File Share Deploying Operating System Using Virtual Media Deploying Operating System Using VMCLI Before you deploy the operating system using the vmdeploy script, make sure that: • VMCLI utility is
vmdeploy.bat -r -u -p [ -f { | < device-name>} | -c { |} ] [-i ] NOTE: vmdeploy does not support IPv6, since IPv6 does not support the IPMI tool. NOTE: The vmdeploy script processes the -r option slightly differently than the vmcli -r option.
To deploy an operating system using RFS: 1. Using Remote File Share (RFS), mount the ISO or IMG image file to the managed system through NFS or CIFS. 2. Go to Overview → Setup → First Boot Device . 3. Set the boot order in the First Boot Device drop-down list to Remote File Share. 4. Select the Boot Once option to enable the managed system to reboot using the image file for the next instance only. 5. Click Apply. 6.
Configuring Remote File Share Using Web Interface To enable remote file sharing: 1. In iDRAC7 Web interface, go to Overview → Server → Attached Media. The Attached Media page is displayed. 2. Under Attached Media, select Attach or Auto Attach. 3. Under Remote File Share, specify the image file path, domain name, user name, and password. For information about the fields, see the iDRAC7 Online Help.
–p : password to access the network share –l : image location on the network share; use double quotes around the location.
4. Deploy the embedded operating system and follow the operating system installation instructions. Related Links About IDSDM Enabling SD Module and Redundancy in BIOS Enabling SD Module and Redundancy in BIOS To enable SD module and redundancy in BIOS: 1. Press during boot. 2. Go to System Setup → System BIOS Settings → Integrated Devices. 3. Set the Internal USB Port to On. If it is set to Off, the IDSDM is not available as a boot device. 4.
19 Troubleshooting Managed System Using iDRAC7 You can diagnose and troubleshoot a remote managed system using: • Diagnostic console • Post code • Boot and crash capture videos • Last system crash screen • System event logs • Lifecycle logs • Front panel status • Trouble indicators • System health Related Links Using Diagnostic Console Scheduling Remote Automated Diagnostics Viewing Post Codes Viewing Boot and Crash Capture Videos Viewing Logs Viewing Last System Crash Screen Viewing Fron
You can also run diagnostics using the appropriate WSMAN command(s). For more information, see the WSMAN documentation. You must have iDRAC7 Express license to use remote automated diagnostics. You can perform the diagnostics immediately or schedule it on a particular day and time, specify the type of diagnostics, and the type of reboot. For the schedule, you can specify the following: • Start time – Run the diagnostic at a future day and time.
Viewing Post Codes Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from poweron-reset, and allows you to diagnose any faults related to system boot-up. The Post Codes page displays the last system post code prior to booting the operating system. To view the Post Codes, go to Overview → Server → Troubleshooting → Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code.
• Batteries • Fans • Intrusion • Power Supplies • Removable Flash Media • Temperatures • Voltages You can view the status of the front panel of the managed system: • For rack and tower servers: LCD front panel and system ID LED status or LED front panel and system ID LED status. • For blade servers: Only system ID LEDs.
• Hard drive failure • USB media failure • Physical damage Based on the problem, use the following methods to correct the problem: • Reseat the module or component and restart the system • In case of a blade server, insert the module into a different bay in the chassis • Replace hard drives or USB flash drives • Reconnect or replace the power and network cables If problem persists, see the Hardware Owner’s Manual for specific troubleshooting information about the hardware device.
operating system or iDRAC. You can send the report from an alternate system and be certain that the data collected from your server is not viewable by non-authorized individuals during the transmission to Tech Support. You can generate a health report of the server and then export the report to a location on the management station (local) or to a shared network location such as Common Internet File System (CIFS) or Network File Share (NFS). You can then share this report directly with the Tech Support.
• Soft restart — Using iDRAC7 Web interface or RACADM. Resetting iDRAC7 Using iDRAC7 Web Interface To restart iDRAC7, do one of the following in the iDRAC7 Web interface: • Go to Overview → Server → Summary. Under Quick Launch Tasks, click Reset iDRAC. • Go to Overview → Server → Troubleshooting → Diagnostics. Click Reset iDRAC. Resetting iDRAC7 Using RACADM To restart iDRAC7, use the racreset command. For more information, see the RACADM Reference Guide for iDRAC7 and CMC available at dell.
Frequently Asked Questions 20 This section lists the frequently asked questions for the following: • System Event Log • Network Security • Active Directory • Single Sign On • Smart Card Login • Virtual Console • Virtual Media • vFlash SD Card • SNMP Authentication • Storage Devices • RACADM • Miscellaneous System Event Log While using iDRAC7 Web interface through Internet Explorer, why does SEL not save using the Save As option? This is due to a browser setting. To resolve this: 1.
When accessing the iDRAC7 Web-based interface, a security warning is displayed stating that the SSL certificate host name does not match the iDRAC7 host name. iDRAC7 includes a default iDRAC7 server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. When this certificate is used, the Web browser displays a security warning because the default certificate that is issued to iDRAC7 does not match the iDRAC7 host name (for example, the IP address).
• • iDRAC7 date is not within the validity period of the server certificate or CA certificate. Check the iDRAC7 time and the validity period of your certificate. The domain controller addresses configured in iDRAC7 does not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP address, read the next question. If you are using FQDN, make sure you are using the FQDN of the domain controller and not the domain. For example, servername.example.
The Active Directory is configured for a domain present in Windows Server 2008 Active Directory. A child or sub domain is present for the domain, the user and group is present in the same child domain, and the user is a member of that group. When trying to log in to iDRAC7 using the user present in the child domain, Active Directory Single Sign-On login fails. This may be because of the an incorrect group type.
9. Name the new key as SuppressExtendedProtection. 10. Right-click SuppressExtendedProtection and click Modify. 11. In the Value data field, type 1 and click OK. 12. Close the Registry Editor window. You can now log in to iDRAC7 using SSO. If you have enabled SSO for iDRAC7 and you are using Internet Explorer to log in to iDRAC7, SSO fails and you are prompted to enter your user name and password.
Any user with iDRAC7 configuration privileges can turn on or turn off the local console. How to get the current status of the local server video? The status is displayed on the Virtual Console page. Use the RACADM command racadm getconfig –g cfgRacTuning to display the status in the object cfgRacTuneLocalServerVideo. Or, use the following RACADM command from a Telnet, SSH, or a remote session: racadm -r (iDRAC IP) -u -p getconfig -g cfgRacTuning The status is also seen on the Virtual Console OSCAR display.
It is recommended to have a 5 MBPS connection for good performance. A 1 MBPS connection is required for minimal performance. What are the minimum system requirements for the management station to run Virtual Console? The management station requires an Intel Pentium III 500 MHz processor with at least 256 MB of RAM. Why doe Virtual Console Viewer window sometimes displays No Signal message? You may see this message because the iDRAC7 Virtual Console plug-in is not receiving the remote server desktop video.
The Linux SysRq key behavior is different when using Virtual Console from Internet Explorer. To send the SysRq key, press the Print Screen key and release while holding the Ctrl and Alt keys. To send the SysRq key to a remote Linux server though iDRAC7, while using Internet Explorer: 1. Activate the magic key function on the remote Linux server. You can use the following command to activate it on the Linux terminal: echo 1 > /proc/sys/kernel/sysrq 2.
• A USB key image How to make the USB key a bootable device? Search support.dell.com for the Dell Boot Utility You can also boot with a Windows 98 startup disk and copy system files from the startup disk to the USB key. For example, from the DOS prompt, type the following command: sys a: x: /s where, x: is the USB key that is required to be set as a bootable device. The Virtual Media is attached and connected to the remote floppy.
Virtual media devices and vFlash devices are connected as a composite USB device to the Host USB BUS, and they share a common USB port. Whenever any virtual media or vFlash USB device is connected to or disconnected from the host USB bus, all the Virtual Media and vFlash devices are disconnected momentarily from the host USB bus, and then they are re-connected. If the host operating system uses a virtual media device, do not attach or detach one or more virtual media or vFlash devices.
Storage Devices Information for all the storage devices connected to the system are not displayed and OpenManage Storage Management displays more storage devices that iDRAC7. Why? iDRAC7 displays information for only the Comprehensive Embedded Management (CEM) supported devices. RACADM After performing an iDRAC7 reset (using the racadm racreset command), if any command is issued, the following message is displayed.
This occurs because the create partition operation is in-progress. However, the partition is deleted after sometime and a message that the partition is deleted is displayed. If not, wait until the create partition operation is completed and then delete the partition. Miscellaneous How to find an iDRAC IP address for a blade server? You can find the iDRAC IP address using any of the following methods: Using CMC Web interface: Go to Chassis → Servers → Setup → Deploy.
iDRAC7 network connection is not working. For blade servers: • Make sure that the LAN cable is connected to CMC. • Make sure that NIC settings, IPv4 or IPv6 settings, and either Static or DHCP is enabled for your network. For rack and tower servers: • In shared mode, make sure the LAN cable is connected to the NIC port where the wrench symbol is present. • In Dedicated mode, make sure the LAN cable is connected to the iDRAC LAN port.
Use Case Scenarios 21 This section helps you in navigating to specific sections in the guide to perform typical use case scenarios. Troubleshooting An Inaccessible Managed System After receiving alerts from OpenManage Essentials, Dell Management Console, or a local trap collector, five servers in a data center are not accessible with issues such as hanging operating system or server. Need to identify the cause to troubleshoot and bring up the server using iDRAC7.
Obtaining System Information and Assess System Health To obtain system information and assess system health: • In iDRAC7 Web interface, go to Overview → Server → System Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan. • You can also configure the chassis locator LED and based on the color, assess the system health.
Performing Graceful Shutdown To perform graceful shutdown, in iDRAC7 Web interface, go to one of the following locations: • Overview → Server → Power/Thermal → Power Configuration → Power Control. The Power Control page is displayed. Select Graceful Shutdown and click Apply. • Overview → Server → Power/Thermal → Power Monitoring. From the Power Control drop-down menu, select Graceful Shutdown and click Apply. For more information, see the iDRAC7 Online Help.
To assess the capacity of a rack to add additional servers: 1. View the current power consumption data and historical power consumption data for the servers. 2. Based on the data, power infrastructure and cooling system limitations, enable the power cap policy and set the power cap values. NOTE: It is recommended that you set a cap close to the peak, and then use that capped level to determine how much capacity is remaining in the rack for adding more servers.