Integrated Dell™ Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers Version 2.0 User Guide w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ___________________ Information in this document is subject to change without notice. © 2009 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 iDRAC6 Enterprise Overview . . . . . . . . . . 27 . . . . . . . . . . . . . 28 . . . . . . . . . . . . . . . 29 iDRAC6 Management Features iDRAC6 Security Features . iDRAC6 Firmware Improvements Supported Platforms . . . . . . . . . . . . 30 . . . . . . . . . . . . . . . . . . 30 Supported Operating Systems . Supported Web Browsers . . . . . . . . . . . . . . 30 . . . . . . . . . . . . . . . 31 Supported Remote Access Connections iDRAC6 Ports . . . . . . . . 32 . . . . . .
Configure Platform Events . . . . . . . . . . . . . Enabling or Disabling Local Configuration Access . . . . . . . . . . . . . . . . . . Configure iDRAC6 Services . . . . . 43 . . . . . . . . . . . . 43 . . . . . . 44 . . . . . . . . . . . . . . 44 Configure Secure Sockets Layer (SSL) Configure Virtual Media Configure a VFlash Media Card . . . . . . . . . . Install the Managed Server Software . . . . . . . Configure the Managed Server for the Last Crash Screen Feature . . . . . . .
Configuring iDRAC6 For Use With IT Assistant . Using the iDRAC6 Configuration Utility to Enable Discovery and Monitoring . . . . 3 . . . . 57 . . . . . 58 Using the iDRAC6 Web Interface to Enable Discovery and Monitoring . . . . . . . . . 58 Using IT Assistant to View iDRAC6 Status and Events . . . . . . . . . . . . . . . . . 60 . . . . . . . . . 61 . . . . . . . . . . . 61 Configuring the Management Station . . . . . . . . . . . . . . . . . .
4 Configuring the Managed Server . . . . . . Installing the Software on the Managed Server . . . . 75 . . . . . . 76 . . . . . . . . . . . 77 Configuring the Managed Server to Capture the Last Crash Screen . . . . . . . . . . . . Disabling the Windows Automatic Reboot Option . . . . . . . . . . . 5 Configuring iDRAC6 Enterprise Using the Web Interface . . . . . . . . . . . . . 79 . . . . . . . . . . . . . . 80 Logging In . . . . . . . . . . . . . . . . . . . . . 80 Logging Out . . . . .
Accessing the SSL Main Menu Generating a New Certificate Signing Request . . . . . . . . . . . . . . . . . . . . . . . 97 . . . . . . . . . . 98 . . . . . . . . . . . . 99 Uploading a Server Certificate . Viewing a Server Certificate Configuring and Managing Active Directory Certificates . . . . . . . . . . . . . 101 . . . . . . . . . . . 104 . . . . . . . . . . . . 105 . . . . . . . . . . . . . . 105 Uploading an Active Directory CA Certificate . . . . . . . .
Extended Schema Active Directory Overview Extending the Active Directory Schema . . . . . 115 . . . . . . 115 . . . . . . . 115 Overview of the iDRAC6 Schema Extensions . . . . . . . . . . . . . . . . . . . . . 116 Active Directory Object Overview . . . . . . . . . 116 . . . . . . . . . . 118 Active Directory Schema Extensions Accumulating Privileges Using Extended Schema . . . . . . . Configuring Extended Schema Active Directory to Access iDRAC6 . . . . . . . . . . . .
Using Active Directory to Log In to iDRAC6 Frequently Asked Questions . . . . . . 142 . . . . . . . . . . . . . . 143 Active Directory Log In Issues . . . . . . 146 . . . . . . . . . 146 . . . . . . . . . . . . . . . . . . . 147 Extended and Standard Schema . Miscellaneous 7 Viewing the Configuration and Health of the Managed Server System Summary 149 . . . . . . . . . . . . . . Integrated Dell Remote Access Controller 6 - Enterprise . . . . 149 149 . . . . . . . . . . 150 . . . . . . .
8 Power Monitoring and Power Management . . . . . . . . . . . . . Configuring and Managing Power Power Monitoring 155 . . . . . . . . . . . . . . . . . . . . 156 . . . . . . . . . . . . . 156 . . . . . . . . . . . . . . . . . . . . 158 Viewing Power Budget . . . . . . . . . . . . . . . 159 . . . . . . . . . . . . . . . . . . . . . . 160 Executing Power Control Operations on the Server . 9 . . . . . . . . . . . . . Configuring and Using Serial Over LAN . . . . . . . . . . . . . . . .
Operating System Configuration . . . . . . . . 177 . . . . . . . . . . . . . 182 Linux Enterprise Operating System Windows 2003 Enterprise 10 Using GUI Console Redirection . Overview 177 . . . . . . . . . . . . . . . . . . 185 185 . . . . . . . . . . . . . . . . . . . . . . . . Using Console Redirection Supported Screen Resolutions and Refresh Rates . . . . . . . . . . . 186 . . . . . . . . Configuring the Management Station 186 . . . . . . .
Configuring the VFlash Media Card Using RACADM . . . . . . . . . . . . . . . . . . . . . Enabling or Disabling the VFlash Media Card . . . . . . . . . . . . . . . . . . . . . Formatting the VFlash Media Card 12 Configuring and Using Virtual Media . . . . . . . . Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows-Based Management Station 205 205 206 207 . . . . . . . . . . . . . . . 208 . . . . . . . . . . . . . . . . .
Enabling an iDRAC6 User With Permissions . . . . 224 . . . . . . . . . . . . . 224 . . . . . . . . . . . . . . . 225 Removing an iDRAC6 User Testing E-mail Alerting Testing the iDRAC6 SNMP Trap Alert Feature . . . . 225 . . . . . . . . . . . . . Configuring iDRAC6 Network Properties . . . . . 225 . . . . . . . . . . . . 227 Configuring PEF . . . . . . . . . . . . . . . . . . 229 Configuring PET . . . . . . . . . . . . . . . . . .
Using the Show Verb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 . . . . . . . . . . . . . . . 249 Using the -display Option . Using the -level Option . . . . . . . . . . . . . . 249 . . . . . . . . . . . . . . . 250 Using the -output Option iDRAC6 SM-CLP Examples . . . . . . . . . . . . 250 . . . . . . . . . . . . . . . . . 251 Server Power Management SEL Management . MAP Target Navigation . . . . . . . . . . . . . .
Using the Virtual Media Command Line Interface Utility . . . . . . . 260 . . . . . . . . . . . . 261 . . . . . . . . . . . . . . 262 . . . . . . . . . . . . . . . . 262 Installing the iVMCLI Utility Command Line Options . iVMCLI Parameters . . . . . . . . . . . iVMCLI Operating System Shell Options 16 Using the iDRAC6 Configuration Utility Overview 265 . . . . . . . . . . . . . . . . . . . . 267 267 . . . . . . . . . . . . . . . . . . . . . . . . Starting the iDRAC6 Configuration Utility .
Problem Solving Tools . . . . . . . . . . . . . . . . . . Checking the System Health . . . . . . . . . . . . . . . . . . . 279 279 Viewing the Last System Crash Screen . . . . . . 281 . . . . . . . . 282 . . . . . . . . . . . . . . 290 Checking the Server Status Screen for Error Messages . . . . . . . . . Viewing System Information . . . . . . . . . . . . Identifying the Managed Server in the Chassis . . . . . . . . . . . . . Using the Diagnostics Console . . . . . . . . . 293 294 . . . . .
racresetcfg . . . . . . . . . . . . . . . . . . . . . . . 314 serveraction . . . . . . . . . . . . . . . . . . . . . . . 315 getraclog . . . . . . . . . . . . . . . . . . . . . . . . 316 clrraclog . . . . . . . . . . . . . . . . . . . . . . . . . 317 getsel . . . . . . . . . . . . . . . . . . . . . . . . . . 317 clrsel . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 gettracelog sslcsrgen . . . . . . . . . . . . . . . . . . . . . . . 319 . . . . . . . . . . . . . . . . . . . .
B iDRAC6 Enterprise Property Database Group and Object Definitions . . . . . . . . Displayable Characters idRacInfo . . . . . . . . . . . . . . . . . . . . . . . . . . . 331 . . . . . . . . . . . . . . . . . . . . . . . . 331 idRacProductInfo (Read Only) . . . . . . . . . . . idRacDescriptionInfo (Read Only) idRacBuildInfo (Read Only) . 332 . . . . . . . . . . . 332 333 . . . . . . . . . . . . . . 333 . . . . . . . . . . . . . . . 333 . . . . . . . . . . . . . . . . . . . . . . .
cfgUserAdmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 . . . . . . . . . . 341 cfgUserAdminIndex (Read Only) . cfgUserAdminIpmiLanPrivilege (Read/Write) . . . . . . . . . . cfgUserAdminPrivilege (Read/Write) . . . . . . . 342 . . . . . . . 343 . . . . . . . . . . . . . . . 343 cfgUserAdminPassword (Write Only) . . . . . . . . . . . . . . 344 . . . . . . . . . . . . . . . . . . . . . . 344 cfgUserAdminSolEnable cfgEmailAlert cfgEmailAlertIndex (Read Only) . . . . .
cfgServerPower . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 . . . . . . . . . 350 cfgServerPowerStatus (Read Only) cfgServerPowerServerAllocation (Read Only) . . . . . . . . . . . . cfgServerPowerActualPowerConsumption (Read Only) . . . . . . . . . . . . . . . . . . . . . 350 . . . . . 351 . . . . . . 351 . . . . . . . . 351 cfgServerPowerPeakPowerConsumption (Read Only) . . . . . . . . . . . . . . . . cfgServerPowerPeakPowerTimestamp (Read Only) . . . . . . . . . . . . . . .
cfgRacTuneWebserverEnable (Read/Write) . . . . . . . . . . . . . . . . . . . . 358 cfgRacTuneLocalServerVideo (Read/Write) . . . . . . . . . . . . . . . . . . . . 359 cfgRacTuneLocalConfigDisable (Read/Write) . . . . . . . . . . ifcRacManagedNodeOs . . . . . . . . . . . 359 . . . . . . . . . . . . . . . . 360 . . . . . . . . 360 . . . . . . . . . 360 . . . . . . . . . . . . . . . . . . . . .
cfgADGlobalCatalog1 (Read/Write) . . . . . . . . 368 cfgADGlobalCatalog2 (Read/Write) . . . . . . . . 368 cfgADGlobalCatalog3 (Read/Write) . . . . . . . . 368 . . . . . . . . . . . . . . 369 cfgADType (Read/Write) . . . . . 369 . . . . . . . . . . . . . . . . . . . 369 cfgADCertValidationEnable (Read/Write) cfgStandardSchema cfgSSADRoleGroupIndex (Read Only) . . . . . . . cfgSSADRoleGroupName (Read/Write) . . . . . . 370 . . . . 370 . . . . . . . . . . . . . . . . . . . . . . . .
cfgIpmiPet 376 . . . . . . . . . . . . . . . . . . . . . . . . cfgIpmiPetIndex (Read/Write) . . . . . 377 . . . . . . . 377 cfgIpmiPetAlertDestIpAddr (Read/Write) cfgIpmiPetAlertEnable (Read/Write) . C iDRAC6 SM-CLP Property Database /system1/sp1/account<1-16> userid (Read Only) 376 . . . . . . . . . . . . . . 379 . . . . . . . . . . . . . . 379 . . . . . . . . . . . . . . . . . 379 username (Read/Write) . . . . . . . . . . . . . . oemdell_ipmilanprivileges (Read/Write) .
/system1/sp1/enetport1/lanendpt1/ ipendpt1/dnsendpt1/remotesap1 . . . . . . . . . . . . . . . . . . . . . . 387 . . . . . . . . . . . 388 dnsserveraddress (Read/Write) /system1/sp1/enetport1/lanendpt1/ ipendpt1/dnsendpt1/remotesap2 . . . . . . . . . . . 388 . . . . . . . . . . . 388 dnsserveraddress (Read/Write) /system1/sp1/enetport1/lanendpt1/ ipendpt1/remotesap1 . . . . . . . . . . . . . . 388 . . . . . . . . . . . . . . . .
oemdell_countrycode (Read/Write) . . . . . . . . 395 . . . . . . . 395 . . . . . . . . . . . 396 /system1/sp1/oemdell_ssl1 . . . . . . . . . . . . . . . 396 generate (Read/Write) . . . . . . . . . . . . . . . 396 oemdell_emailaddress (Read/Write) oemdell_keysize (Read/Write) oemdell_status (Read Only) . . . . . . . . . . 397 . . . . . . . . . . . 397 . . . . . . . . . . . . . 397 oemdell_certtype (Read / Write) /system1/sp1/oemdell_vmservice1 enabledstate (Read/Write) 396 . . . . . .
Contents
iDRAC6 Enterprise Overview The Integrated Dell™ Remote Access Controller (iDRAC6) is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for Dell PowerEdge™ systems. iDRAC6 uses an integrated System-on-Chip microprocessor for the remote monitor/control system, and co-exists on the system board with the managed PowerEdge server.
The iDRAC6 network interface is disabled by default. It must be configured before iDRAC6 is accessible. After iDRAC6 is enabled and configured on the network, it can be accessed at its assigned IP address with the iDRAC6 Web interface, telnet or SSH, and supported network management protocols, such as Intelligent Platform Management Interface (IPMI).
• Single Sign-On from CMC Web interface — Once you log into CMC, you can access any IDRAC6 in the chassis without having to log in again • One-To-Many Firmware Update — Enables automated update of more than one iDRAC6 without operator intervention • Intelligent Platform Management Interface (IPMI) support • Secure Sockets Layer (SSL) encryption — Provides secure remote system management through the Web interface • Password-level security management — Prevents unauthorized access to a remote system
iDRAC6 Firmware Improvements In addition, important improvements have been made to the code: • Major improvements in Active Directory lookup performance • Improved responsiveness of TCP-IP networking stack • Improved health status interface between iDRAC6 and CMC • Security improvements using multiple third-party analysis tools Supported Platforms iDRAC6 supports the following PowerEdge systems in the Dell PowerEdge M1000e system enclosure: • PowerEdge M610 • PowerEdge M710 See the iDRAC6 Readme
Table 1-1.
Table 1-2. Supported Web Browsers Operating System Supported Web Browser Windows Internet Explorer® 6.0 with Service Pack 2 (SP2) for Windows XP and Windows 2003 R2 SP2 only Internet Explorer 7.0 for Windows Vista®, Windows XP, Windows 2003 R2 SP2, and Windows Server 2008 only Mozilla Firefox 2.0/3.0 for Windows (Java vKVM/vMedia console only) Linux Mozilla Firefox 2.0/3.
iDRAC6 Ports Table 1-4 lists the ports on which iDRAC6 listens for connections. Table 1-5 identifies the ports that iDRAC6 uses as a client. This information is required when opening firewalls for remote access to an iDRAC6. Table 1-4.
Other Documents You May Need In addition to this User Guide, the following documents provide additional information about the setup and operation of iDRAC6 in your system: • The iDRAC6 online help provides information about using the Web interface. • The Dell Chassis Management Controller Firmware Version 2.0 User Guide and the Dell Chassis Management Controller Firmware Version 2.
• Operating system documentation describes how to install (if necessary), configure, and use the operating system software. • Documentation for any components you purchased separately provides information to configure and install these options. • Updates are sometimes included with the system to describe changes to the system, software, and/or documentation. NOTE: Always read the updates first because they often supersede information in other documents.
iDRAC6 Enterprise Overview
Configuring iDRAC6 Enterprise This section provides information about how to establish access to iDRAC6 and to configure your management environment to use iDRAC6.
Interfaces for Configuring iDRAC6 You can configure iDRAC6 using the iDRAC6 Configuration Utility, the iDRAC6 Web interface, the local RACADM CLI, or the SM-CLP CLI. The local RACADM CLI is available after you have installed the operating system and the Dell OpenManage software on the managed server. Table 2-1 describes these interfaces.
Table 2-1. Configuration Interfaces (continued) Interface Description Chassis LCD Panel The LCD panel on the chassis containing iDRAC6 can be used to view the high-level status of the servers in the chassis. During initial configuration of the CMC, the configuration wizard allows you to enable DHCP configuration of iDRAC6 networking. Local RACADM The local RACADM command line interface runs on the managed server.
Table 2-1. Configuration Interfaces (continued) Interface Description SM-CLP SM-CLP is the Server Management Workgroup Server Management-Command Line Protocol (SM-CLP) implementation incorporated in iDRAC6. The SM-CLP command line is accessed by logging in to iDRAC6 using telnet or SSH. SM-CLP commands implement a useful subset of the local RACADM commands. The commands are useful for scripting since they can be executed from a management station command line.
Configuration Tasks This section is an overview of the configuration tasks for the management station, iDRAC6, and the managed server. The tasks to be performed include configuring iDRAC6 so that it can be used remotely, configuring iDRAC6 features you want to use, installing the operating system on the managed server, and installing management software on your management station and the managed server. The configuration tasks that can be used to perform each task are listed beneath the task.
• Chassis LCD Panel — See the Dell Chassis Management Controller Firmware User Guide • iDRAC6 Configuration Utility — See "Using the iDRAC6 Configuration Utility" • CMC Web interface — See "Configuring Networking Using the CMC Web Interface" • RACADM — See "cfgLanNetworking" Configure iDRAC6 Users Set up the local iDRAC6 users and permissions. iDRAC6 holds a table of sixteen local users in firmware. You can set usernames, passwords, and roles for these users.
Configure Platform Events Platform events occur when iDRAC6 detects a warning or critical condition from one of the managed server’s sensors. Configure Platform Event Filters (PEF) to choose the events you want to detect, such as rebooting the managed server, when an event is detected.
Configure Secure Sockets Layer (SSL) Configure SSL for the iDRAC6 Web server. • iDRAC6 Web interface — See "Secure Sockets Layer (SSL)" • RACADM — See "cfgRacSecurity," "sslcsrgen," "sslcertupload," "sslcertdownload," and "sslcertview" Configure Virtual Media Configure the virtual media feature so that you can install the operating system on the PowerEdge server.
Configuring Networking Using the CMC Web Interface NOTE: You must have Chassis Configuration Administrator privilege to set up iDRAC6 network settings from the CMC. NOTE: The default CMC user is root and the default password is calvin. NOTE: The CMC IP address can be found in the iDRAC6 Web interface by clicking System→ Remote Access→ CMC. You can also launch the CMC Web interface from this screen.
Single Sign-On Using the single sign-on feature, you can launch the iDRAC6 Web-based interface from the CMC without having to log in a second time. Single sign-on policies are described below. • CMC user who has Server Administrator set under User Privileges will automatically be logged in to the iDRAC6 Web-based interface using single sign-on. After logging in, the user is automatically granted iDRAC6 Administrator privileges.
Configuring Networking for iDRAC6 1 Click the System→ Remote Access→ iDRAC. 2 Click the Network/Security tab: To enable or disable Serial Over LAN: a Click Serial Over LAN. The Serial Over LAN screen appears. b Select the Enable Serial Over LAN check box. You may also change the Baud Rate and Channel Privilege Level Limit settings. c Click Apply. To enable or disable IPMI Over LAN: a Click Network. The Network Configuration screen appears. b Click IPMI LAN Settings.
Viewing FlexAddress Mezzanine Card Fabric Connections The M1000e includes FlexAddress, an advanced multilevel, multistandard networking system. FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/MAC) for each managed server port connection. NOTE: In order to avoid errors that may lead to an inability to power on the managed server, you must have the correct type of mezzanine card installed for each port and fabric connection.
Downloading the Firmware or Update Package Download the firmware from support.dell.com. The firmware image is available in several different formats to support the different update methods available. To update iDRAC6 firmware using the iDRAC6 Web interface or SM-CLP, or to recover iDRAC6 using the CMC Web interface, download the binary image, packaged as a self-extracting archive.
You can use the CMC Web interface or CMC RACADM to update the iDRAC6 firmware. This feature is available both when iDRAC6 firmware is in Normal mode, as well as when it is corrupted. See "Updating iDRAC6 Firmware Using the CMC." NOTE: After the CMC updates iDRAC6 firmware, iDRAC6 generates new SHA1 and MD5 keys for the SSL certificate. Because the keys are different from those in the open Web browser, all browser windows that are connected to iDRAC6 must be closed after the firmware update is complete.
Using the iDRAC6 Web Interface CAUTION: If iDRAC6 firmware becomes corrupted, as could occur if the iDRAC6 firmware update progress is interrupted before it completes, you can recover iDRAC6 using the iDRAC6 Web interface. NOTE: The firmware update, by default, retains the current iDRAC6 settings. During the update process, you have the option to reset iDRAC6 configuration to the factory defaults.
NOTE: If you deselect the Preserve Configuration check box, iDRAC6 resets to its default settings. In the default settings, the LAN is disabled, and you cannot log in to the iDRAC6 Web interface. You must reconfigure the LAN settings using the iDRAC6 Configuration Utility during BIOS POST. 6 By default, the Preserve Configuration option is enabled (checked) to preserve the current settings on iDRAC6 after an upgrade.
NOTE: If you enter incorrect arguments to the idrac16d command, or supply the -h option, you may notice an additional option, -nopresconfig in the usage output. This option is used to update the firmware without preserving any configuration information. You should not use this option unless explicitly told to do so by a Dell Support Representative, because it deletes all of your existing iDRAC6 configuration information such as IP addresses, users, and passwords.
c While still in the GPG key editor, enter trust. The following menu appears: Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.) 1 2 3 4 5 m = = = = = = I don't know or won't say I do NOT trust I trust marginally I trust fully I trust ultimately back to the main menu Your decision? d Enter 5, then press .
5 Verify the Update Package: gpg --verify The following example illustrates the steps that you should follow to verify a Dell PowerEdge™ M610 iDRAC Update Package: 1 Download the following two files from support.dell.com: • IDRAC_FRMW_LX_2.0.BIN.sign • IDRAC_FRMW_LX_2.0.BIN 2 Import the public key by running the following command line: gpg --import
4 Verify the PowerEdge M610 iDRAC package digital signature by running the following command: gpg --verify IDRAC_FRMW_LX_2.0.BIN.sign IDRAC_FRMW_LX_2.0.BIN The following output message appears: gpg: Signature made Fri Jul 11 15:03:47 2008 CDT using DSA key ID 23B66A9D gpg: Good signature from "Dell, Inc. (Product Group)
Internet Explorer 7 1 Start Internet Explorer. 2 Click Tools, and then click Internet Options... The Internet Options window appears. 3 Click the General tab. 4 Under Browsing history, click Delete... The Delete Files window appears. 5 Click Delete files next to Temporary Internet Files. 6 Click Close, and then click OK to exit the Internet Options window. Firefox 1 Start Firefox. 2 Click Edit→ Preferences. 3 Click the Privacy tab. 4 Click the Clear Cache Now. 5 Click Close.
Using the iDRAC6 Configuration Utility to Enable Discovery and Monitoring To set up iDRAC6 for IPMI discovery and alert trap sending at the iDRAC6 Configuration Utility level, restart your managed server (blade) and observe its power-up using the iKVM and either a remote monitor and console keyboard or a Serial over LAN (SOL) connection. When Press for Remote Access Setup displays, press . When the iDRAC Configuration Utility screen appears, use the arrow keys to scroll down.
5 Click IPMI LAN Settings. 6 Ensure the Enable IPMI over LAN check box is selected (checked). 7 Select Administrator from the Channel Level Privileges drop-down menu. 8 Enter your site's RMCP+ Encryption Key, if used. 9 Click Apply if you made any changes on this screen. 10 In the system tree, select System. 11 Click the Alert Management tab, and then click Platform Events. The Platform Events screen appears, displaying a list of events for which you can configure iDRAC6 to generate email alerts.
5 In the IPMI LAN Privilege section, ensure that Maximum LAN User Privilege Granted is set to Administrator. 6 Set other user privileges as needed. 7 Click Apply to save the new User settings. Using IT Assistant to View iDRAC6 Status and Events After discovery is complete, the iDRAC6 devices appear in the Servers category of the ITA Devices detail screen, and iDRAC6 information can be seen by clicking on the iDRAC6 name.
Configuring the Management Station A management station is a computer used to monitor and manage the PowerEdge servers and other modules in the chassis. This section describes software installation and configuration tasks that set up a management station to work with iDRAC6 Enterprise. Before you begin configuring iDRAC6, follow the procedures in this section to ensure that you have installed and configured the tools you will need.
Using the iDRAC6 console redirection feature (see "Configuring and Using Serial Over LAN"), you can access the managed server’s console even if you do not have network access to the server’s ports. You can also perform several management functions on the managed server, such as rebooting the computer, using iDRAC6 facilities. To access network and application services hosted on the managed server, however, you may need an additional NIC in the management computer.
3 Select Tools→ Internet Options→ Security→ Local Network. 4 Click the Custom Level. 5 Select Medium-Low from the drop-down menu and click Reset. Click OK to confirm. You will need to re-enter the Custom Level dialog by clicking its button.
In the Scripting section: • Active scripting: Enable • Allow paste operations via script: Enable • Scripting of Java applets: Enable 7 Select Tools→ Internet Options→ Advanced.
• Check for signatures on downloaded programs: checked • Use SSL 2.0: unchecked • Use SSL 3.0: checked • Use TLS 1.0: checked • Warn about invalid site certificates: checked • Warn if changing between secure and not secure mode: checked • Warn if forms submittal is being redirected: checked NOTE: If you choose to alter any of the above settings, Dell recommends that you learn and understand the consequences of doing so.
• Spanish (es) • Japanese (ja) • Simplified Chinese (zh-cn) The ISO identifiers in parentheses denote the specific language variants which are supported. Use of the interface with other dialects or languages is not supported and may not function as intended. For some supported languages, resizing the browser window to 1024 pixels wide may be necessary in order to view all features. The iDRAC6 Web interface is designed to work with localized keyboards for the specific language variants listed above.
3 In the Select a language to add... drop down menu, click to highlight a supported language, and then click Add. 4 Click to select your preferred language, and then click Move Up until the language appears a the top of the list. 5 Click OK to close the Languages window. 6 Click OK to close the Options window. Setting the Locale in Linux The console redirection viewer requires a UTF-8 character set to display correctly. If your display is garbled, check your locale and reset the character set if needed.
5 In the file, apply the following changes: Current entry: LANG="zh_CN.GB18030" SUPPORTED="zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" Updated entry: LANG="zh_CN.UTF-8" SUPPORTED="zh_CN.UTF8:zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" 6 Log out and then log in to the operating system. When you switch from any other language, ensure that this fix is still valid. If not, repeat this procedure.
Installing a Java Runtime Environment (JRE) NOTE: If you use the Internet Explorer browser, an ActiveX control is provided for the console viewer. You can also use the Java console viewer with Internet Explorer if you install a JRE and configure the console viewer in iDRAC6 Web interface before you launch the viewer. See "Configuring Console Redirection and Virtual Media in the iDRAC6 Web Interface" for more information. You can choose to use the Java viewer instead before you launch the viewer.
Installing Telnet or SSH Clients By default, the iDRAC6 telnet service is disabled and the SSH service is enabled. Since telnet is an insecure protocol, you should use it only if you cannot install an SSH client or your network connection is otherwise secured. NOTE: There can be only one active telnet or SSH connection to iDRAC6 at a time. When there is an active connection, other connection attempts are denied.
3 At the prompt, enter: set bsasdel The following message appears: Backspace will be sent as delete. To configure a Linux telnet session to use the key, perform the following steps: 1 Open a shell and enter: stty erase ^h 2 At the prompt, enter: telnet SSH With iDRAC6 Secure Shell (SSH) is a command line connection with the same capabilities as a telnet session, but with session negotiation and encryption to improve security. iDRAC6 supports SSH version 2 with password authentication.
Table 3-1.
You can use the netstat -a command on Windows or Linux operating systems to see if a TFTP server is already listening. Port 69 is the TFTP default port.
Configuring the Management Station
Configuring the Managed Server This section describes tasks to set up the managed server to enhance your remote management capabilities. These tasks include installing the Dell Open Manage Server Administrator software and configuring the managed server to capture the last crash screen. Installing the Software on the Managed Server The Dell management software includes the following features: • Local RACADM CLI — Allows you to configure and administer iDRAC6 from the managed server.
Configuring the Managed Server to Capture the Last Crash Screen iDRAC6 can capture the last crash screen so that you can view it in the Web interface to help troubleshoot the cause of the managed server crash. Follow these steps to enable the last crash screen feature. 1 Install the managed server software. For more information about installing the managed server software, see the Dell OpenManage Server Administrator User’s Guide.
Disabling the Windows Automatic Reboot Option To ensure that iDRAC6 can capture the last crash screen, disable the Automatic Reboot option on managed servers running Windows Server or Windows Vista. 1 Open the Windows Control Panel and double-click the System icon. 2 Click the Advanced tab. 3 Under Startup and Recovery, click Settings. 4 Deselect the Automatically Reboot check box. 5 Click OK twice.
Configuring the Managed Server
Configuring iDRAC6 Enterprise Using the Web Interface iDRAC6 provides a Web interface that enables you to configure iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the iDRAC6 Web interface. This chapter provides information about how to perform common systems management tasks with the iDRAC6 Web interface and provides links to related information.
Accessing the Web Interface To access the iDRAC6 Web interface, perform the following steps: 1 Open a supported Web browser window. See "Supported Web Browsers" for more information. 2 In the Address field, enter https:// and press . If the default HTTPS port number (port 443) has been changed, enter: https://: where iDRAC-IP-address is the IP address for iDRAC6 and port-number is the HTTPS port number. The iDRAC6 Login window appears.
Logging Out 1 In the upper-right corner of the main window, click Logout to close the session. 2 Close the browser window. NOTE: The Logout button does not appear until you log in. NOTE: Closing the browser without gracefully logging out may cause the session to remain open until it times out. It is strongly recommended that you click the logout button to end the session; otherwise, the session may remain active until the session timeout is reached.
Table 5-1. User Privilege Behavior in Supported Browsers Browser Tab Behavior Window Behavior Microsoft Internet Explorer 6 Not applicable New session Microsoft Internet Explorer 7 From latest session opened New session Firefox 2 From latest session opened From latest session opened Configuring the iDRAC6 NIC This section assumes that iDRAC6 has already been configured and is accessible on the network. See "Configure iDRAC6 Networking" for help with the initial iDRAC6 network configuration.
Table 5-2. Network Settings Setting Description Enable NIC When checked, indicates that the NIC is enabled and activates the remaining controls in this group. When a NIC is disabled, all communication to and from iDRAC6 via the network is blocked. The default is off. MAC Address Displays the Media Access Control (MAC) address that uniquely identifies each node in a network. The MAC address cannot be changed.
Table 5-2. Network Settings (continued) Setting Description Static Preferred DNS Server Allows the user to enter or edit a static IP address for the preferred DNS server. To change this setting, first deselect the Use DHCP to obtain DNS server addresses checkbox. Static Alternate DNS Server Uses the secondary DNS server IP address when Use DHCP to obtain DNS server addresses is not selected. Enter an IP address of 0.0.0.0 if there is no alternate DNS server.
Table 5-4. Network Configuration Buttons Button Description Advanced Settings Opens the Network Security screen, allowing the user to enter IP Range, and IP Blocking attributes. Print Prints the Network Configuration values that appear on the screen. Refresh Reloads the Network Configuration screen. Apply Saves any new settings made to the network configuration screen.
Table 5-5. Network Security Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a range of IP addresses that can access iDRAC6. The default is off. IP Range Address Determines the acceptable IP subnet address. The default is 192.168.1.0. IP Range Subnet Mask Defines the significant bit positions in the IP address.
Configuring Platform Events Platform event configuration provides a mechanism for configuring iDRAC6 to perform selected actions on certain event messages. The actions include no action, reboot system, power cycle system, power off system, and generate an alert (Platform Event Trap [PET] and/or e-mail). The filterable platform events are listed in Table 5-7. . Table 5-7.
Configuring Platform Event Filters (PEF) NOTE: Configure platform event filters before you configure the platform event traps or e-mail alert settings. 1 Log in to the iDRAC6 Web interface. 2 Click System, and then click the Alert Management tab. The Platform Events screen appears. 3 Select the Generate Alert check box beside each event for which you want an alert generated.
c Click Apply. NOTE: To successfully send a trap, configure the Community String value on the Network Configuration screen. The Community String value indicates the community string to use in a Simple Network Management Protocol (SNMP) alert trap sent from iDRAC6. SNMP alert traps are transmitted by iDRAC6 when a platform event occurs. The default setting for the Community String is Public. d To test the configured alert, click Send.
Configuring IPMI Over LAN 1 Log in to the iDRAC6 Web interface. 2 Configure IPMI over LAN: a Click System→ Remote Access→ iDRAC, and then click the Network/Security tab. The Network Configuration screen appears. b Click IPMI LAN Settings. c Select the Enable IPMI Over LAN check box. d Update the IPMI LAN channel privileges, if required: NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications.
d Update the IPMI SOL baud rate, if needed, by selecting a data speed from the Baud Rate drop-down menu. NOTE: To redirect the serial console over the LAN, ensure that the SOL baud rate is identical to your managed server’s baud rate. e Click Apply. Adding and Configuring iDRAC6 Users To manage your system with iDRAC6 and maintain system security, create unique users with specific administrative permissions (or role-based authority).
Table 5-8. General Properties Property Description User ID Contains one of 16 preset User ID numbers. This field cannot be edited. Enable User When checked, indicates that the user’s access to iDRAC6 is enabled. When unchecked, user access is disabled. Username Specifies an iDRAC6 user name with up to 16 characters. Each user must have a unique user name. NOTE: User names on iDRAC6 cannot include the / (forward slash) or . (period) characters.
Table 5-10. iDRAC6 User Privileges Property Description iDRAC Group Specifies the user’s maximum iDRAC6 user privilege as one of the following: Administrator, Power User, Guest User, Custom, or None. See Table 5-11 for iDRAC6 Group permissions. Login to iDRAC Enables the user to log in to iDRAC6. Configure iDRAC Enables the user to configure iDRAC6. Configure Users Enables the user to allow specific users to access the system. Clear Logs Enables the user to clear the iDRAC6 logs.
Table 5-11. iDRAC6 Group Permissions (continued) User Group Permissions Granted Custom Selects any combination of the following permissions: Login to iDRAC, Configure iDRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands None No assigned permissions Table 5-12. User Configuration Buttons Button Action Print Prints the User Configuration values that appear on the screen.
Secure Sockets Layer (SSL) iDRAC6 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. Built upon public-key and private-key encryption technology, SSL is a widely accepted technology for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.
After the CA approves the CSR and sends the certificate, upload the certificate to the iDRAC6 firmware. The CSR information stored on iDRAC6 firmware must match the information contained in the certificate. Accessing the SSL Main Menu 1 Click System→ Remote Access→ iDRAC, then click the Network/ Security tab. 2 Click SSL to open the SSL Main Menu screen. Use the SSL Main Menu screen to generate a CSR to send to a CA. The CSR information is stored on the iDRAC6 firmware.
Table 5-14. SSL Main Menu Buttons Button Description Print Prints the SSL Main Menu values that appear on the screen. Refresh Reloads the SSL Main Menu screen. Next Processes the information on the SSL Main Menu screen and continues to the next step. Generating a New Certificate Signing Request NOTE: Each new CSR overwrites any previous CSR data stored in the firmware. The CSR in the firmware must match the certificate returned from the CA. Otherwise, iDRAC6 will not accept the certificate.
Table 5-15. Generate Certificate Signing Request (CSR) Options (continued) Field Description Organization Unit The name associated with an organizational unit, such as a department (for example, Information Technology). Only alphanumeric characters, hyphens, underscores, periods, and spaces are valid. Locality The city or other location of the entity being certified (for example, Round Rock). Only alphanumeric characters and spaces are valid.
1 In the SSL Main Menu screen, select Upload Server Certificate and click Next. The Certificate Upload screen appears. 2 In the File Path field, enter the path to the certificate or click Browse to navigate to the certificate file. NOTE: The File Path value displays the file path of the certificate you are uploading. You must enter the file path, which includes the full path and the complete file name and file extension. 3 Click Apply. 4 Click the appropriate button to continue. See Table 5-17. Table 5-17.
Table 5-19. View Server Certificate Buttons Button Description Print Prints the View Server Certificate values that appear on the screen. Refresh Reloads the View Server Certificate screen. Go Back to SSL Main Menu Return to the SSL Main Menu screen. Configuring and Managing Active Directory Certificates NOTE: You must have Configure iDRAC permission to configure Active Directory and upload, download, and view an Active Directory certificate.
Table 5-21. Active Directory Main Menu Buttons Button Definition Print Prints the Active Directory Main Menu values that appear on the screen. Refresh Reloads the Active Directory Main Menu screen. Next Processes the information on the Active Directory Main Menu screen and continues to the next step. Configuring Active Directory (Standard Schema and Extended Schema) 1 On the Active Directory Main Menu screen, select Configure Active Directory and click Next.
Table 5-22. Active Directory Configuration Settings (continued) Setting Description Timeout The time, in seconds, to wait for Active Directory queries to complete. Minimum value is equal to or greater than 15 seconds. The default value is 120. Use Standard Schema Uses standard schema with Active Directory. Use Extended Schema Uses the extended schema with Active Directory. iDRAC Name The name that uniquely identifies iDRAC6 in Active Directory. This default is blank.
Table 5-24. Role Group Privileges Setting Description Role Group Privilege Level Specifies the user’s maximum iDRAC6 user privilege as one of the following: Administrator, Power User, Guest User, None, or Custom. See Table 5-25 for Role Group permissions. Login to iDRAC Allows the group log in access to iDRAC6. Configure iDRAC Allows the group permission to configure iDRAC6. Configure Users Allows the group permission to configure users. Clear Logs Allows the group permission to clear logs.
Table 5-25.
Viewing an Active Directory CA Certificate Use the Active Directory Main Menu screen to view a CA server certificate for iDRAC6. 1 On the Active Directory Main Menu screen, select View Active Directory CA Certificate and click Next. Table 5-27 describes the fields and associated descriptions listed in the Certificate window. 2 Click the appropriate button to continue. See Table 5-28. Table 5-27. Active Directory CA Certificate Information Field Description Serial Number Certificate serial number.
3 Click Apply. 4 Click the appropriate button to continue. See Table 5-34. Disabling Local Configuration Access 1 Click System→ Remote Access→ iDRAC→ Network/Security. 2 Under Local Configuration, click to check Disable iDRAC local USER Configuration Updates to disable access. 3 Click Apply. 4 Click the appropriate button to continue. See Table 5-34. Configuring iDRAC6 Services NOTE: To modify these settings, you must have Configure iDRAC permission.
Table 5-29. Web Server Settings Setting Description Enabled Enables or disables the iDRAC6 Web server. When checked, indicates that the Web server is enabled. The default value is enabled. Max Sessions The maximum number of simultaneous sessions allowed for this system. This field is not editable. There can be four simultaneous sessions. Current Sessions The number of current sessions on the system, less than or equal to the Max Sessions. This field is not editable.
Table 5-31. Telnet Settings Setting Description Enabled Enables or disables telnet. When checked, telnet is enabled. The default value is disabled. Max Sessions The maximum number of simultaneous sessions allowed for this system. Only one session is supported. Active Sessions The number of current sessions on the system. Timeout The telnet idle timeout, in seconds. Timeout range is 60 to 10800 seconds. Enter 0 seconds to disable the Timeout feature. The default is 1800.
Updating iDRAC6 Firmware NOTE: If iDRAC6 firmware becomes corrupted, as could occur if the iDRAC6 firmware update progress is interrupted before it completes, you can recover iDRAC6 using the CMC. See your CMC Firmware User Guide for instructions. NOTE: The firmware update, by default, retains the current iDRAC6 settings. During the update process, you have the option to reset iDRAC6 configuration to the factory defaults.
6 In the Firmware Update - Validation (page 2 of 4) window, you will see the results of the validation performed on the image file you uploaded. • If the image file uploaded successfully and passed all verification checks, a message will appear indicating that the firmware image has been verified. OR • If the image did not upload successfully, or it did not pass the verification checks, the firmware update will return to the Firmware Update - Upload (page 1 of 4) window.
Updating iDRAC6 Firmware Using the CMC Typically, iDRAC6 firmware is updated using iDRAC6 utilities, such as the iDRAC6 Web interface or operating system specific update packages downloaded from support.dell.com. You can use the CMC Web interface or CMC RACADM to update the iDRAC6 firmware. This feature is available both when iDRAC6 firmware is in Normal mode, as well as when it is corrupted. See "Updating iDRAC6 Firmware Using the CMC.
Configuring iDRAC6 Enterprise Using the Web Interface
Using iDRAC6 With Microsoft Active Directory A directory service maintains a common database of all information needed for controlling users, computers, printers, etc. on a network. If your company already uses the Microsoft® Active Directory® service software, you can configure the software to provide access to iDRAC6, allowing you to add and control iDRAC6 user privileges to your existing users in your Active Directory software.
Prerequisites for Enabling Active Directory Authentication for iDRAC6 To use the Active Directory authentication feature of iDRAC6, you must have already deployed an Active Directory infrastructure. See the Microsoft website for information on how to set up an Active Directory infrastructure, if you don't already have one.
Extended Schema Active Directory Overview Using the extended schema solution requires the Active Directory schema extension, as described in the following section. Extending the Active Directory Schema Important: The schema extension for this product is different from the previous generations of Dell Remote Management products. You must extend the new schema and install the new Active Directory Users and Computers Microsoft Management Console (MMC) Snap-in on your directory.
Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for our attributes and classes that are added into the directory service. • Dell extension is: dell • Dell base OID is: 1.2.840.113556.1.8000.
Figure 6-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization. Figure 6-1. Typical Setup for Active Directory Objects iDRAC Association Object User(s) Group(s) Privilege Object iDRAC Device Object(s) You can create as many or as few association objects as required.
Accumulating Privileges Using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.
Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this configuration, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both iDRAC1 and iDRAC2. In addition, this figure shows that User1 can be in a different domain and can be a member of a group.
The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: • DVD drive:\SYSMGMT\ManagementStation\support\OMActiveDirectory_ Tools\Remote_Management_Advanced\LDIF_Files • :\SYSMGMT\ManagementStation\support\OMActiveDirecto ry_Tools\Remote_Management_Advanced\Schema Extender To use the LDIF files, see the instructions in the readme included in the LDIF_Files directory.
Table 6-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.1 delliDRACAssociation 1.2.840.113556.1.8000.1280.1.7.1.2 dellRAC4Privileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 6-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.7.1.
Table 6-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines the privileges (Authorization Rights) for iDRAC6 Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.2 List of dellRacDevice and DelliDRACDevice Objects that belong to this role.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsVirtualMediaUser 1.2.840.113556.1.8000.1280.1.1.2.9 TRUE TRUE if the user has Virtual Media rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsTestAlertUser 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE if the user has Test Alert User rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.
Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC6 devices, Users and User Groups, iDRAC6 Associations, and iDRAC6 Privileges.
3 Click Add/Remove Snap-in. 4 Select the Active Directory Users and Computers Snap-in and click Add. 5 Click Close and click OK. Adding iDRAC6 Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC6 users and privileges by creating iDRAC6, Association, and Privilege objects.
5 Click OK. 6 Right-click the privilege object that you created, and select Properties. 7 Click the Remote Management Privileges tab and select the privileges that you want the user or group to have (see Table 5-10). Creating an Association Object NOTE: The iDRAC6 Association Object is derived from Group and its scope is set to Domain Local. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→ Dell Remote Management Object Advanced. This opens the New Object window.
Adding iDRAC6 Devices or iDRAC6 Device Groups To add iDRAC6 devices or iDRAC6 device groups: 1 Select the Products tab and click Add. 2 Enter iDRAC6 devices or iDRAC6 device group name and click OK. 3 In the Properties window, click Apply and click OK. Click the Products tab to add one iDRAC6 device connected to the network that is available for the defined users or user groups. You can add multiple iDRAC6 devices to an Association Object.
8 Click Next. The Step 2 of 4 Active Directory Configuration and Management screen appears. 9 Select the Enable Active Directory check box. 10 Click Add to enter the user domain name, enter the user domain name in the text field, and then click OK. 11 Type the user domain name in the prompt and click OK. Note that this step is optional. If you configure a list of user domains, the list will be available in the Web-based interface login screen.
19 Scroll to the bottom of the screen and click Test Settings. The Test Active Directory Settings screen appears. 20 Enter your iDRAC6 user name and password, and then click Start Test. Test results and the test log display. For additional information, see "Testing Your Configurations." NOTE: You must have a DNS server configured properly on iDRAC6 to support Active Directory log in.
NOTE: You must configure at least one of the three addresses. iDRAC6 attempts to connect to each of the configured addresses one-by-one until a successful connection is made. With Extended Schema, these are the FQDN or IP addresses of the domain controllers where this iDRAC6 device is located. Global catalog servers are not used in extended schema mode at all.
4 If you want to configure a list of user domains so that you only need to enter the user name during log in to the iDRAC6 Web-based interface, enter the following command: racadm config -g cfgUserDomain -o cfgUserDomainName -i You can configure up to 40 user domains with index numbers between 1 and 40. See "Using Active Directory to Log In to iDRAC6" for details about user domains. 5 Press Enter to complete the Active Directory configuration with Extended Schema.
On the Active Directory side, a standard group object is used as a role group. A user who has iDRAC6 access will be a member of the role group. To give this user access to a specific iDRAC6 card, the role group name and its domain name need to be configured on the specific iDRAC6 card. Unlike the extended schema solution, the role and the privilege level is defined on each iDRAC6 card, not in the Active Directory. Up to five role groups can be configured and defined in each iDRAC6.
Single Domain Versus Multiple Domain Scenarios If all of the login users and role groups, as well as the nested groups, are in the same domain, then only the domain controllers’ addresses must be configured on iDRAC6. In this single domain scenario, any group type is supported. If all of the login users and role groups, or any of the nested groups, are from multiple domains, then Global Catalog server addresses are required to be configured on iDRAC6.
7 Under Upload Active Directory CA Certificate, enter the file path of the certificate or browse to find the certificate file, and then click Upload. NOTE: You must enter the absolute file path, which includes the full path and the complete file name and file extension. The certificate information for the Active Directory CA certificate that you uploaded appears in the Current Active Directory CA Certificate section. 8 Click Next.
18 Enter the Group Name. The group name identifies the role group in the Active Directory associated with iDRAC6. 19 Enter the Group Domain. The Group Domain is the fully qualified root domain name for the forest. 20 In the Role Group Privileges section, set the group privileges. Refer to Table 5-11 on page 93 for information on role group privileges.
Configuring Active Directory With Standard Schema Using RACADM Use the following commands to configure the iDRAC6 Active Directory Feature with Standard Schema using the RACADM CLI instead of the Web-based interface.
racadm config -g cfgActiveDirectory -o cfgGlobal Catalog1 racadm config -g cfgActiveDirectory -o cfgGlobal Catalog2 racadm config -g cfgActiveDirectory -o cfgGlobal Catalog3 NOTE: The Global Catalog server is only required for standard schema when the user accounts and role groups are in different domain
2 If DHCP is enabled on iDRAC6 and you want to use the DNS provided by the DHCP server, enter the following RACADM commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 3 If DHCP is disabled on iDRAC6 or you want manually to input your DNS IP address, enter the following RACADM commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2
If there is a failure in any step, examine the details in the test log to identify the problem and a possible solution. For most common errors, see "Frequently Asked Questions." If you need to make changes to your settings, click the Active Directory tab and change the configuration step-by-step. Enabling SSL on a Domain Controller When iDRAC6 authenticates users against an Active Directory domain controller, it starts an SSL session with the domain controller.
4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in. 5 In the Add/Remove Snap-In window, click Add. 6 In the Standalone Snap-In window, select Certificates and click Add. 7 Select Computer account and click Next. 8 Select Local Computer and click Finish. 9 Click OK. 10 In the Console 1 window, expand the Certificates folder, expand the Personal folder, and click the Certificates folder.
The iDRAC6 SSL certificate is the identical certificate used for the iDRAC6 Web server. All iDRAC6 controllers are shipped with a default self-signed certificate. To download the iDRAC6 SSL certificate, run the following RACADM command: racadm sslcertdownload -t 0x1 -f 1 On the domain controller, open an MMC Console window and select Certificates→ Trusted Root Certification Authorities. 2 Right-click Certificates, select All Tasks and click Import.
White space and special characters (such as \, /, or @) cannot be used in the user name or the domain name. NOTE: You cannot specify NetBIOS domain names, such as Americas, because these names cannot be resolved. If you log in from the Web-based interface and you have configured user domains, the Web-based interface log in screen will list all the user domains in the pull-down menu for your to choose. If you select a user domain from the pull-down menu, you should only enter the user name.
I enabled certificate validation but I failed my Active Directory log in. I ran the diagnostics from the GUI and the test result shows the following error message: ERROR: Can't contact LDAP server, error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: Please check the correct Certificate Authority (CA) certificate has been uploaded to iDRAC.
What should I check if I cannot log in to iDRAC6 using Active Directory? First, diagnose the problem using the Test Settings feature. For directions, see "My Active Directory log in failed. What do I do?" Then, fix the specific problem indicated by the test results. For additional information, see "Testing Your Configurations." Most common issues are explained in this section.
Active Directory Certificate Validation I'm using an IP address for a Domain Controller Address, and I failed certificate validation. What's the problem? Check the Subject or Subject Alternative Name field of your domain controller certificate. Usually Active Directory uses the hostname, not the IP address, of the domain controller in the Subject or Subject Alternative Name field of the domain controller certificate.
If you are using standard schema, and users and role groups are from different domains, you must configure global catalog address(es). In this case, you can use only Universal Group. If you are using standard schema, and all the users and all the role groups are in the same domain, you are not required to configure global catalog address(es). How does standard schema query work? iDRAC6 connects to the configured domain controller address(es) first.
Using iDRAC6 With Microsoft Active Directory
Viewing the Configuration and Health of the Managed Server System Summary Click System→ Properties→ Summary to obtain information about the Main System Enclosure and the Integrated Dell Remote Access Controller.
Integrated Storage Card This section of the iDRAC6 Web interface provides information about the integrated Storage Controller Card installed on the Managed Server: • Card Type — shows the model name of the installed storage card Auto Recovery This section of the iDRAC6 Web interface details the current mode of operation of the Auto Recovery feature of the managed server as set by Open Manage Server Administrator: • Recovery Action — Action to be performed when a system fault or hang is detected.
• DHCP Enabled — Enabled if iDRAC6 is set to fetch its IP address and associated info from a DHCP server • Preferred DNS Address 1 — Set to the currently active primary DNS server • Alternate DNS Address 2 — Set to the alternate DNS server address NOTE: This information is also available at iDRAC→ Properties→ iDRAC Information. WWN/MAC Summary Click System→ Properties→ WWN/MAC to view the current configuration of installed I/O Mezzanine cards and their associated network fabrics.
Batteries The Batteries screen displays the status and values of the system board coin-cell battery that maintains the Real-Time Clock (RTC) and CMOS configuration data storage of the managed system. Temperatures The Temperature Probes Information screen displays the status and readings of the on-board ambient temperature probe. Minimum and maximum temperature thresholds for warning or failure states are shown, along with the current health status of the probe.
POST The Post Code screen displays the last system post code (in hexadecimal) prior to booting the operating system of the managed server. Misc Health The Misc Health screen provides access to the following system logs: • System Event Log — Displays system-critical events that occur on the managed system. • Post Code — Displays the last system post code (in hexadecimal) prior to booting the operating system of the managed server. • Last Crash — Displays the most recent crash screen and time.
Viewing the Configuration and Health of the Managed Server
Power Monitoring and Power Management Dell™ PowerEdge™ systems incorporate many new and enhanced power management features. The entire platform, from hardware to firmware to systems management software, has been designed with a focus on power efficiency, power monitoring, and power management. PowerEdge systems provide many features for monitoring and managing power: • Power Monitoring: iDRAC6 collects a history of power measurements and calculates running averages, peaks, and so on.
• View power budget threshold for the server. See "Viewing Power Budget Threshold." • Execute power control operations on the server (for example, power on, power off, system reset, power cycle). See "Executing Power Control Operations on the Server." Power Monitoring iDRAC6 monitors the power consumption in PowerEdge servers continuously.
Power Tracking Statistics • Statistic: – Cumulative System Power displays the current cumulative energy consumption (in KWh) for the server. The value represents the total energy used by the system. You can reset this value to 0 by clicking Reset at the end of the table row. – System Peak Power specifies the system peak value in Watts within the interval specified by the Measurement Start Time and Measure Current Time. You can reset this value to 0 by clicking Reset at the end of the table row.
Power Consumption • Average Power Consumption: Average over previous minute, previous hour, previous day and previous week. • Max Power Consumption and Min Power Consumption: The maximum and minimum power consumptions observed within the given time interval. • Max Power Time and Min Power Time: The times (by minute, hour, day, and week) when the maximum and minimum power consumptions occurred.
The Power Budget Information table displays the minimum and maximum limits of power thresholds for the current system configuration. These cover the range of AC power consumptions a thresholded system under heavy workload will present to the datacenter. • Minimum Potential Power Consumption represents the lowest Power Budget Threshold value. • Maximum Potential Power Consumption represents the highest Power Budget Threshold value.
The Power Budget Threshold table displays the power limit information for the system: • Enabled indicates whether the system enforces the power budget threshold. • Threshold in Watts and Threshold in BTU/hr display the limit in Watts and BTU/hr, respectively. • Threshold Percentage displays the percentage of power range.
3 Click the Power Management tab. The Power Control screen displays. 4 Select one of the following Power Control Operations by clicking its radio button: – Power On System turns on the server (the equivalent of pressing the power button when the server power is off). This option is disabled if the system is already powered on. – Power Off System turns off the server. This option is disabled if the system is already powered off. – NMI (Non-Masking Interrupt) generates an NMI to halt system operation.
Power Monitoring and Power Management
Configuring and Using Serial Over LAN Serial Over LAN (SOL) is an IPMI feature that allows a managed server’s text based console data that would traditionally be sent to the serial I/O port to be redirected over the iDRAC’s dedicated Out of Band Ethernet management network. The SOL out-of-band console enables system administrators to remotely manage the blade server’s text-based console from any location with network access.
Serial communication is off by default in BIOS. In order to redirect the host text console data to Serial over LAN, you must enable console redirection via COM1. To change the BIOS setting, perform the following steps: 1 Boot the managed server. 2 Press to enter the BIOS setup utility during POST. 3 Scroll down to Serial Communication and press .
4 Click Apply if you have made any changes. Table 9-1. Serial Over LAN Configuration Settings Setting Description Enable Serial Over LAN When selected, the checkbox indicates that Serial Over LAN is enabled. Baud Rate Indicates the data speed. Select a data speed of 19.2 kbps, 57.6 kbps, or 115.2 kbps. Table 9-2. Serial Over LAN Configuration Buttons Button Description Print Prints the Serial Over LAN Configuration values that appear on the screen.
Table 9-3. Serial Over LAN Configuration Advanced Settings Setting Description Character Accumulate Interval The typical amount of time iDRAC6 waits before sending a partial SOL data packet. This parameter is specified in milliseconds and increments by 10 milliseconds. Character Send Threshold Specifies the number of characters per SOL data packet.
NOTE: SSH protocol is enable by default. Telnet protocol is disabled by default. 7 Click Services to open the SSH and Telnet Configuration screen. NOTE: SSH and Telnet programs both provide access on a remote machine. 8 Click Enable on either SSH or Telnet as required. 9 Click Apply. NOTE: SSH is a recommended method due to better security and encryption mechanisms. NOTE: SSH/Telnet session duration can be infinite as long as the timeout value is set to 0. The default timeout value is 1800 seconds.
Model for the SOL Proxy Telnet Client (port 623) ←→ WAN connection ←→ SOL Proxy ←→ iDRAC6 server When the SOL Proxy communicates with the Telnet client on a management station, it uses the TCP/IP protocol. However, SOL proxy communicates with the managed server's iDRAC6 over the RMCP/IPMI/SOL protocol, which is a UDP-based protocol. Therefore if you communicate with your managed system's iDRAC6 from SOL Proxy over a WAN connection, you may experience network performance issues.
When you are ready to quit SOL redirection from SM-CLP, press , , and then (press the keys in sequence, one after the other). The SOL session will close. NOTE: If a SOL session is not closed successfully in the utility, more SOL sessions may not be available. The way to resolve this situation is to delete the SMASH console in the Web GUI under System→Remote Access→iDRAC→ Network/ Security→Sessions.
Using SOL over Telnet with Linux To start SOL from Telnet on a Linux management station, follow these steps: NOTE: If required, you can change the default Telnet timeout at System→ Remote Access→ iDRAC→ Network/Security→ Services. 1 Start a shell. 2 Connect to iDRAC6 with the following command: telnet NOTE: If you have changed the port number for the Telnet service from the default (port 23), add the port number to the end of the telnet command.
Using SOL over IPMItool The Dell Systems Management Tools and Documentation DVD provides IPMItool, which can be installed on various operating systems. To start SOL with IPMItool on a management station, follow these steps: NOTE: If required, you can change the default SOL timeout at System→ Remote Access→ iDRAC→ Network/Security→ Services. 1 Locate IPMItool.exe under the proper directory. The default path in Windows is C:\Program Files\Dell\SysMgt\bmc.
NOTE: All versions of the Windows operating system include HyperTerminal terminal emulation software. However, the included version does not provide many functions required during console redirection. Instead, you can use any terminal emulation software that supports VT100 or ANSI emulation mode. One example of a full VT100 or ANSI terminal emulator that supports console redirection on your system is HyperTerminal Private Edition 6.1 or later.
Initiating the SOL Proxy session For Windows 2003 To start the SOL Proxy service on Windows system after installation, you can reboot the system (SOL Proxy automatically starts on a reboot). Or, you can start the SOL Proxy service manually by completing the following steps: 1 Right-click My Computer and click Manage. The Computer Management window is displayed. 2 Click Services and Applications and then click Services. Available services are displayed to the right.
Using Telnet with SOL Proxy This assumes that the SOL Proxy service is already up and running on the management station. For Windows 2003: 1 Open a Command Prompt window on your management station. 2 Enter the telnet command in the command-line and provide localhost as the IP address if the SOL Proxy server is running in the same machine and the port number that you specified in the SOL Proxy installation (the default value is 623).
3. Activate Console Redirection 4. Reboot and Activate Console Redirection 5. Help 6. Exit NOTE: While multiple SOL sessions can be active at the same time, only one console redirection session can be active at any given time for a managed system. NOTE: To exit an active SOL session, use the <~><.> character sequence. This sequence terminates SOL and returns you to the top-level menu. 1 Select option 1 in the main menu. 2 Enter the iDRAC IP Address of the remote managed system.
5 Select Configure the Serial-Over-LAN for the Remote Server (option 2) in the main menu. The SOL configuration menu appears. According to the current SOL status, the content of the SOL configuration menu varies: • If SOL is already enabled, the current settings are displayed and you are presented with three choices: 1. Disable Serial-Over-LAN 2. Change Serial-Over-LAN settings 3.
Operating System Configuration Complete the steps below to configure generic Unix-like operating systems. This configuration is based on default installations of Red Hat Enterprise Linux 5.0, SUSE Linux Enterprise Server 10 SP1, and Windows 2003 Enterprise. Linux Enterprise Operating System 1 Edit the /etc/inittab file to enable hardware flow control and to allow users to log in through the SOL console. Add the line below to the end of #Run gettys in standard runlevels section.
Example of modified /etc/inittab: ______________________________________________________________ # # inittab This file describes how the INIT process should set up # the system in a certain run-level.
Example of modified /etc/securetty: ______________________________________________________________ Console ttyS0 vc/1 vc/2 vc/3 vc/4 SKIP the rest of file ______________________________________________________________ 3 Edit the /boot/grub/grub.conf or /boot/grub/menu.list file to add boot options for SOL: a b Comment out the graphical display lines in the various Unix-like operating systems: • splashimage=(had0,0)/grub/splash.xpm.
Example of original /boot/grub/grub.conf in RHEL 5: ______________________________________________________________ # grub.conf generated by anaconda # # Note that you do not have to return grub after making changes to this # file # NOTICE: You have a /boot partition. This means that # eg. all kernel and initrd paths are relative to /boot/, # root (hd0,0) # LogVol00 kernel /vmlinux-version ro root=/dev/VolGroup00/ # initrd /initrd-version.
# eg. all kernel and initrd paths are relative to /boot/, # root (hd0,0) # LogVol00 kernel /vmlinux-version ro root=/dev/VolGroup00/ # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 #splashimage=(hd0,0)/grub/splash.xpm/gz hiddenmenu # Redirect the OS boot via SOL title Red Hat Enterprise Linux 5 SOL redirection root (hd0,0) kernel /vmlinuz-2.6.18-8.el5 ro root=/dev/VolGroup00/ LogVol00 rhgb quiet console=tty1 console=ttyS0,115200 initrd /initrd-2.6.18-8.el5.
Example of modified /boot/grub/menu.list in SLES 10: ______________________________________________________________ #Modified by YaST2. Last modification on Sat Oct 11 21:52:09 UTC 2008 Default 0 Timeout 8 #gfxmenu (hd0.5)/boot/message ###Don't change this comment - YaST2 identifier: Original name: linux### title SUSE Linux Enterprise Server 10 SP1 SOL redirection root (hd0,5) kernel /boot/vmlinux-2.6.16-46-0.
Example of original bootcfg setting: ______________________________________________________________ Boot Loader Settings -------------------timeout:30 default:multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Boot Entries -----------Boot entry ID: 1 Os Friendly Name: Winodws Server 2003, Enterprise Path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS OS Load Options: redirect /nonexecute=optout /fastdetect /usepmtimer / ______________________________________________________________ Example of modified bootcfg
Configuring and Using Serial Over LAN
Using GUI Console Redirection This section provides information about using the iDRAC6 console redirection feature. Overview The iDRAC6 console redirection feature enables you to remotely access local consoles in graphic or text mode, allowing you to control one or more iDRAC6-enabled systems from a single location. Using Console Redirection NOTE: When you open a console redirection session, the managed server does not indicate that the console has been redirected.
each user sees a message in the upper-right corner of the screen that identifies the other user with an active session. A third active session is not permitted. If a third user requests a console redirection session, access is denied without interruption to the first or second user’s session. If the neither the first or second user has administrator privileges, termination of the first user's active session automatically results in termination of the second user's session.
Configuring Console Redirection and Virtual Media in the iDRAC6 Web Interface To configure console redirection in the iDRAC6 Web interface, perform the following steps: 1 Click System and then click the Console tab. 2 Click Configuration to open the Console Redirection Configuration screen. 3 Configure the console redirection properties. Table 10-2 describes the settings for console redirection. 4 When completed, click Apply. 5 Click the appropriate button to continue. See Table 10-3. Table 10-2.
Table 10-2. Console Redirection Configuration Properties (continued) Property Description Video Encryption Enabled Checked indicates that video encryption is enabled. All traffic going to the video port is encrypted. Unchecked indicates that video encryption is disabled. Traffic going to the video port is not encrypted. The default is Encrypted. Disabling encryption can improve performance on slower networks. Mouse Mode Choose Windows if the managed server is running on a Windows operating system.
The buttons in Table 10-5 are available on the Console Redirection Configuration screen. Table 10-3.
Table 10-4. Console Redirection Information (continued) Property Description Mouse Mode Displays the mouse acceleration currently in effect. Mouse Acceleration mode should be chosen based on the type of operating system installed on the managed server. Console Plug-in Type Shows the plug-in type currently configured. ActiveX — An Active-X viewer will be launched. Active-X viewer will only work on Internet Explorer while running on a Windows Operating System. Java — A Java viewer will be launched.
3 If a console redirection session is available, click Launch Viewer. NOTE: Multiple message boxes may appear after you launch the application. To prevent unauthorized access to the application, you must navigate through these message boxes within three minutes. Otherwise, you will be prompted to relaunch the application. NOTE: If one or more Security Alert windows appear in the following steps, read the information in the window and click Yes to continue.
Table 10-6. Viewer Menu Bar Selections Menu Item Item Description Video Pause Temporarily pauses console redirection. Resume Resumes console redirection. Refresh Redraws the viewer screen image. Capture Captures the current remote system screen to a .bmp Current Screen file on Windows or a .png file on Linux. A dialog box is displayed that allows you to save the file to a specified location.
Table 10-6. Menu Item Viewer Menu Bar Selections (continued) Item Description Macros When you select a macro, or enter the hotkey specified for the macro, the action is executed on the remote system.
Table 10-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Media Virtual Media Wizard The Media menu provides access to the Virtual Media Wizard, which allows you to redirect to a device or image such as a: • Floppy drive • CD • DVD • Image in ISO format • USB Flash drive For information about the Virtual Media feature, see "Configuring and Using Virtual Media." You must keep the Console Viewer window active when using Virtual Media. Help N/A Activates the Help menu.
Disabling or Enabling Local Console You can configure iDRAC6 to disallow iKVM connections using the iDRAC6 Web interface. When the local console is disabled, a yellow status dot appears in the list of servers (OSCAR) to indicate that the console is locked in iDRAC6. When the local console is enabled, the status dot is green.
Frequently Asked Questions Table 10-7 lists frequently asked questions and answers. Table 10-7. Using Console Redirection: Frequently Asked Questions Question Answer Can a new remote console video session be started when the local video on the server is turned off? Yes. Why does it take It gives a local user an opportunity to take any action before 15 seconds to turn off the video is switched off.
Table 10-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer What privileges are Any user with iDRAC6 configuration privileges can turn the needed for an iDRAC6 local console on or off. user to turn on or off the local server video? How can I get the current status of the local server video? The status is displayed on the Console Redirection Configuration screen of the iDRAC6 Web interface.
Table 10-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why doesn’t the mouse sync in DOS when performing Console Redirection? The Dell BIOS is emulating the mouse driver as a PS/2 mouse. By design, the PS/2 mouse uses relative position for the mouse pointer, which causes the lag in syncing. iDRAC6 has a USB mouse driver, which allows absolute position and closer tracking of the mouse pointer.
Table 10-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why doesn’t the Num Lock indicator on my management station reflect the status of the Num Lock on the remote server? When accessed through iDRAC6, the Num Lock indicator on the management station does not necessarily coincide with the state of the Num Lock on the remote server.
Using GUI Console Redirection
Configuring a VFlash Media Card for Use With iDRAC6 The VFlash media card is a Secure Digital (SD) card that plugs into the optional iDRAC6 Enterprise card slot at the back corner of the system. It provides storage space that behaves like a common USB Flash Key device. Installing a VFlash Media Card NOTE: Dell-branded vFlash media is required for the virtual flash partition. 1 Remove the blade from the chassis. 2 Locate the VFlash media slot at the back corner of the system.
3 With the label side facing up, insert the contact-pin end of the SD card into the card slot on the module. NOTE: The slot is keyed to ensure correct insertion of the card. 4 Press inward on the card to lock it into the slot. 5 Place the blade back in the chassis. Removing a VFlash Media Card To remove the VFlash media, push inward on the card to release it, and pull the card from the card slot.
Formatting the VFlash Media Card NOTE: The Format option is active only if a VFlash card is present. 1 Log in to the iDRAC6 Web interface. 2 In the system tree, select System. 3 Click the VFlash tab. The VFlash screen appears. 4 Ensure that VFlash is disabled. The VFlash Enable check box should be cleared (unchecked). 5 Click Format. An alert box appears, warning that any existing image on the card will be erased during formatting and requesting confirmation. Click OK to continue.
Configuring the VFlash Media Card Using RACADM Enabling or Disabling the VFlash Media Card Open a local console to the server, log in, and enter: racadm cfgRacVirtual cfgVirMediaKeyEnable [ 1 or 0 ] where 1 is enabled and 0 is disabled. NOTE: For more information about cfgRacVirtual, including output details, see "cfgRacVirtual.
Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the console redirection viewer, provides the managed server access to media connected to a remote system on the network. Figure 12-1 shows the overall architecture of Virtual Media. Figure 12-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps. Virtual media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
Depending on your version of Internet Explorer, a custom security setting for ActiveX may be required: 1 Start Internet Explorer. 2 Click Tools→ Internet Options, and then click the Security tab. 3 Under Select a Web content zone to specify its security settings, click to select the desired zone. 4 Under Security level for this zone, click Custom Level. The Security Settings window appears.
Configuring Virtual Media 1 Log in to the iDRAC6 Web interface. 2 Click the Console/Media tab. 3 Click Configuration, and then click Virtual Media. The Console Redirection Configuration screen appears. 4 Click Virtual Media. 5 In the Virtual Media section, select values for the settings. See Table 12-2 for information on Virtual Media configuration values. 6 Click Apply to save your settings. An alert dialog appears with the following message: You are about to change device configuration.
Table 12-2. Virtual Media Configuration Values (continued) Attribute Value Virtual Media Encryption Enabled Enables (checked) or disables (not checked) encryption on Virtual Media connections. Virtual Media Port Number The network port number used for connecting to the Virtual Media service without encryption. Two consecutive ports starting from the port number specified are used to connect to the Virtual Media service.
3 Click the Console/Media tab. The Console Redirection and Virtual Media screen appears. To change the values of any of the displayed attributes, see "Configuring Virtual Media." NOTE: The Floppy Image File under Floppy Drive (if applicable) may appear, as this device can be virtualized as a virtual floppy. You can select one optical drive and one floppy at the same time, or a single drive.
8 Click the Connect button next to each selected media type. The media is connected and the Status window is updated. 9 Click Close. Disconnecting Virtual Media 1 Select Media → Virtual Media Wizard… The Media Redirection Wizard appears. 2 Click Disconnect next to the media you wish to disconnect. The media is disconnected and the Status window is updated. 3 Click Close. Booting From Virtual Media The system BIOS enables you to boot from virtual optical drives or virtual floppy drives.
Installing Operating Systems Using Virtual Media This section describes a manual, interactive method to install the operating system on your management station that may take several hours to complete. A scripted operating system installation procedure using Virtual Media may take fewer than 15 minutes to complete. See "Deploying the Operating System" for more information. 1 Verify the following: • The operating system installation DVD/CD is inserted in the management station’s DVD/CD drive.
Frequently Asked Questions Table 12-3 lists frequently asked questions and answers. Table 12-3. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my Virtual Media client connection drop. Why? When a network time-out occurs, iDRAC6 firmware drops the connection, disconnecting the link between the server and the Virtual Drive.
Table 12-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer An installation of the Windows operating system seems to take too long. Why? If you are installing the Windows operating system using the Dell PowerEdge Installation and Server Management CD and a slow network connection, the installation procedure may require an extended amount of time to access the iDRAC6 Web interface due to network latency.
Table 12-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer What types of media can I boot iDRAC6 allows you to boot from the following from? bootable media: • CDROM/DVD Data media • ISO 9660 image • 1.44 Floppy disk or floppy image • A USB key that is recognized by the operating system as a removable disk (minimum size 128 MB) • A USB key image How can I make my USB key bootable? Search support.dell.
Table 12-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy device on a system running Red Hat® Enterprise Linux® or the SUSE® Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
Table 12-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer What file system types are supported on my Virtual Floppy Drive? Your Virtual Floppy Drive supports FAT16 or FAT32 file systems. When I performed a firmware update remotely using the iDRAC6 Web interface, my virtual drives at the server were removed. Why? Firmware updates cause iDRAC6 to reset, drop the remote connection, and unmount the virtual drives. The drives will reappear when the iDRAC6 reset is complete.
Configuring and Using Virtual Media
Using the Local RACADM Command Line Interface The local RACADM command line interface (CLI) provides access to iDRAC6 management features from the managed server. RACADM provides access to the same features as the iDRAC6 Web interface. However, RACADM can be used in scripts to ease configuration of multiple servers and iDRACs, where the Web interface is more useful for interactive management. Local RACADM commands do not use network connections to access iDRAC6 from the managed server.
The subcommand list includes all commands that are supported by iDRAC6. To get help for a subcommand, enter: racadm help The command displays the syntax and command-line options for the subcommand. RACADM Subcommands Table 13-1 provides a description of each RACADM subcommand that you can run in RACADM. For a detailed listing of RACADM subcommands including syntax and valid entries, see "RACADM Subcommand Overview." Table 13-1.
Table 13-1. RACADM Subcommands (continued) Command Description localconredirdisable Performs local kVM disable from the local system. racreset Resets iDRAC6. racresetcfg Resets iDRAC6 to the default configuration. serveraction Performs power management operations on the managed server. setniccfg Sets the IP configuration for the controller. sslcertdownload Downloads a CA certificate. sslcertupload Uploads a CA certificate or server certificate to iDRAC6.
For example, to display a list of all cfgLanNetworking group object settings, enter the following command: racadm getconfig -g cfgLanNetworking Managing iDRAC6 Users with RACADM NOTE: Use caution when using the racresetcfg command, as all configuration parameters are reset to the original defaults. Any previous changes are lost. NOTE: If you are configuring a new iDRAC6 or if you ran the racadm racresetcfg command, the only current user is root with the password calvin.
If the cfgUserAdminUserName object has no value, that index number, which is indicated by the cfgUserAdminIndex object, is available for use. If a name appears after the =, that index is assigned to that user name. NOTE: Users and groups created for Active Directory environments must conform to the Active Directory naming convention. Adding an iDRAC6 User To add a new user to iDRAC6, perform the following steps: 1 Set the user name. 2 Set the password. 3 Set the Login to iDRAC6 user privilege.
Enabling an iDRAC6 User With Permissions To grant a user a specific administrative (role-based) permissions, set the cfgUserAdminPrivilege property to a bitmask constructed from the values show in Table 13-2: Table 13-2.
A null string of double quote characters ("") instructs iDRAC6 to remove the user configuration at the specified index and reset the user configuration to the original factory defaults. Testing E-mail Alerting The iDRAC6 e-mail alert feature allows users to receive e-mail alerts when a critical event occurs on the managed server. The following example shows how to test the e-mail alert feature to ensure that iDRAC6 can properly send e-mail alerts across the network.
The following is an example of how the command may be used to configure desired LAN network properties. racadm config -g cfgLanNetworking -o cfgNicEnable 1 racadm config -g cfgLanNetworking -o cfgNicIpAddress 192.168.0.120 racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.255.0 racadm config -g cfgLanNetworking -o cfgNicGateway 192.168.0.
Configuring IPMI Over LAN 1 Configure IPMI over LAN by entering the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications.
2 Configure IPMI Serial over LAN (SOL) using the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1 NOTE: The IPMI SOL minimum privilege level determines the minimum privilege required to activate IPMI SOL. For more information, see the IPMI 2.0 specification.
Configuring PEF You can configure the action you wish iDRAC6 to take for each platform alert. Table 13-3 lists the possible actions and the value to identify them in RACADM. Table 13-3. Platform Event Action Action Value No action 0 Power off 1 Reboot 2 Power Cycle 3 1 Configure PEF actions using the following command: racadm config -g cfgIpmiPef -o cfgIpmiPefAction -i where is the PEF index (Table 5-7), and is a value from Table 13-3.
3 Configure your PET policy using the following command: racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIPAddr -i where is the PET destination index and is the destination IP address of the system that receives the platform event alerts. 4 Configure the Community Name string. At the command prompt, enter: racadm config -g cfgIpmiLan -o cfgIpmiPetCommunityName where is the PET Community Name.
4 To configure a custom message, enter the following command: racadm config -g cfgEmailAlert -o cfgEmailAlertCustomMsg -i where is the e-mail destination index and is the custom message. 5 Test the configured e-mail alert, if desired, by entering the following command: racadm testemail -i where is the e-mail destination index to test.
Table 13-4. IP Address Filtering (IPRange) Properties Property Description cfgRacTuneIpRangeEnable Enables the IP range checking feature. cfgRacTuneIpRangeAddr Determines the acceptable IP address bit pattern, depending on the 1’s in the subnet mask. This property is bitwise anded with cfgRacTuneIpRangeMask to determine the upper portion of the allowed IP address. Any IP address that contains this bit pattern in its upper bits is allowed to log in.
Following are examples using local RACADM to set up IP filtering. NOTE: See "Using the Local RACADM Command Line Interface" for more information about RACADM and RACADM commands. 1 The following RACADM commands block all IP addresses except 192.168.0.57: racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.57 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.
Configuring IP Blocking IP blocking dynamically determines when excessive login failures occur from a particular IP address and blocks (or prevents) the address from logging in to iDRAC6 for a preselected time span.
Table 13-5. Log In Retry Restriction (IP Blocking) Properties (continued) Property Definition cfgRacTuneIpBlkFailWindow The time frame in seconds during which the failure attempts are counted. When the failures exceed this limit, they are dropped from the counter. cfgRacTuneIpBlkPenaltyTime Defines the time span in seconds that login attempts from an IP address with excessive failures are rejected.
Configuring iDRAC6 Telnet and SSH Services Using Local RACADM The telnet/SSH console can be configured locally (on the managed server) using RACADM commands. NOTE: You must have Configure iDRAC6 permission to execute the commands in this section. NOTE: When you reconfigure telnet or SSH settings in iDRAC6, any current sessions are terminated without warning.
Creating an iDRAC6 Configuration File The configuration file is a plain text file. You can use any valid file name; however, the .cfg file extension is the recommended convention.
The configuration data is organized into groups as defined in "iDRAC6 Enterprise Property Database Group and Object Definitions." The following example displays a group name, object, and the object’s property value. Example: [cfgLanNetworking] (group name) cfgNicIpAddress=143.154.133.121 (object name) • Parameters are specified as object=value pairs with no white space between the object, =, and value. White space that is included after the value is ignored.
• For indexed groups the object anchor must be the first object after the [ ] pair. The following are examples of the current indexed groups: [cfgUserAdmin] cfgUserAdminUserName= • If the parser encounters an indexed group, it is the value of the anchored object that differentiates the various indexes. The parser reads in all of the indexes from iDRAC6 for that group. Any objects within that group are simple modifications when iDRAC6 is configured.
This file will be updated as follows: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.9.143 # comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 Loading the Configuration File Into iDRAC6 The command racadm config -f parses the configuration file to verify that valid group and object names are present and that syntax rules are followed. If the file is error-free the command then updates the iDRAC6 database with the contents of the file.
Configuring Multiple iDRACs Using a configuration file, you can configure other iDRACs with identical properties. Follow these steps to configure multiple iDRACs: 1 Create the configuration file from the iDRAC6 settings you want to replicate to the others. At a command prompt on the managed server, enter the following command: racadm getconfig -f where is the name of a file to save the iDRAC6 properties, such a myconfig.cfg.
Using the Local RACADM Command Line Interface
Using iDRAC6 Enterprise SM-CLP Command Line Interface This section provides information about the Server Management Workgroup (SMWG) Server Management-Command Line Protocol (SM-CLP) that is incorporated in iDRAC6. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SMWG SM-CLP specifications. For more information on these specifications, see the Distributed Management Task Force (DMTF) website at www.dmtf.org.
• Active Directory configuration • iDRAC6 LAN configuration • SSL Certificate Signature Request (CSR) generation • Virtual media configuration • Serial over LAN (SOL) redirection over Telnet or SSH iDRAC6 SM-CLP Support SM-CLP is hosted from iDRAC6 firmware, and supports telnet and SSH connections. The iDRAC6 SM-CLP interface is based on the SM-CLP Specification Version 1.0 provided by the DMTF organization.
Table 14-1 provides a list of the verbs the iDRAC6 CLI supports, the syntax of each command, and a list of the options the verb supports. Table 14-1. Supported SM-CLP CLI Verbs Verb Description cd Navigates through the managed system address –default, –examine, – help, –output, –version space using the shell. Options Syntax: cd [options] [target] delete Deletes an object instance. Syntax: –examine, –help, – output, –version delete [options] target dump Moves a binary image from the MAP to a URI.
Table 14-1. Supported SM-CLP CLI Verbs (continued) Verb Description Options show Displays the target properties, verbs, and subtargets. -all, -default, –display, – examine, –help, –level, –output, –version Syntax: show [options] [target] = start Starts a target. Syntax: –examine, –force, – help, –output, –version start [options] [target] stop Shuts down a target. Syntax: stop [options] [target] version Displays the version attributes of a target.
Table 14-2. Supported SM-CLP Options (continued) SM-CLP Option Description -examine, -x Instructs the command processor to validate the command syntax without executing the command. –help, –h Displays help for the verb. –level, -l Instructs the verb to operate on targets at additional levels beneath the specified target. Syntax: -level –output, –o Specifies the format for the output. Syntax: -output -source Specifies the location of an image in a load command.
Enter the cd verb with no target to find your current location in the address space. The .. and . abbreviations work as they do in Windows and Linux: .. refers to the parent level and . refers to the current level. Targets Table 14-3 provides a list of targets available through the SM-CLP. Table 14-3. SM-CLP Targets Target Definition /system1/ The managed system target. /system1/sp1 The service processor. /system1/sol1 Serial over LAN target.
Using the Show Verb To learn more about a target use the show verb. This verb displays the target’s properties, sub-targets, and a list of the SM-CLP verbs that are allowed at that location. Using the -display Option The show –display option allows you to limit the output of the command to one or more of properties, targets, and verbs.
containing a response XML element. The DMTF has specified the clpcsv and clpxml formats and their specifications can be found on the DMTF website at www.dmtf.org.
SEL Management Table 14-5 provides examples of using the SM-CLP to perform SEL-related operations on the managed system. Table 14-5.
Table 14-5.
MAP Target Navigation Table 14-6 provides examples of using the cd verb to navigate the MAP. In all examples, the initial default target is assumed to be /. Table 14-6. Map Target Navigation Operations Operation Syntax Navigate to the system target and reboot ->cd system1 ->reset NOTE: The current default target is /. Navigate to the SEL ->cd system1 target and display the ->cd sp1 log records ->cd logs1 ->show ->cd system1/sp1/logs1 ->show Display current target ->cd . Move up one level ->cd ..
Whenever the commit property has the value of 1, the current settings of the properties are active. When you change any of the properties, the commit property is reset to 0 to indicate that the values have not been committed. NOTE: The commit property only affects the properties at the /system1/sp1/ enetport1/lanendpt1/ipendpt1 MAP location. All other SM-CLP commands take effect immediately.
Updating iDRAC6 Firmware Using SM-CLP To update iDRAC6 firmware using SM-CLP, you must know the TFTP URI for the Dell update package. Follow these steps to update the firmware using SM-CLP: 1 Log in to iDRAC6 using telnet or SSH.
Using iDRAC6 Enterprise SM-CLP Command Line Interface
Deploying Your Operating System Using iVMCLI The Integrated Virtual Media Command Line Interface (iVMCLI) utility is a command-line interface that provides virtual media features from the management station to iDRAC6 in the remote system. Using iVMCLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the iVMCLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using the iDRAC6 Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Windows systems.
When you create the image file, do the following: • Follow standard network-based installation procedures. • Mark the deployment image as "read only" to ensure that each target system boots and executes the same deployment procedure. 4 Perform one of the following procedures: • Integrate IPMItool and the Virtual Media command line interface (iVMCLI) into your existing operating system deployment application. Use the sample ivmdeploy script as a guide to using the utility.
• is the path to an ISO9660 image of the operating system installation CD or DVD • is the path to the device containing the operating system installation CD or DVD The ivmdeploy script passes its command line options to the iVMCLI utility. See "Command Line Options" for details about these options. The script processes the -r option slightly differently than the iVMCLI -r option.
If your operating system supports administrator privileges or an operating system-specific privilege or group membership, administrator privileges are also required to run the iVMCLI command. The client system’s administrator controls user groups and privileges, thereby controlling the users who can run the utility. For Windows systems, you must have Power User privileges to run the iVMCLI utility.
Command Line Options The iVMCLI interface is identical on both Windows and Linux systems. The utility uses options that are consistent with the RACADM utility options. For example, an option to specify the iDRAC6 IP address requires the same syntax for both RACADM and iVMCLI utilities. The iVMCLI command format is as follows: iVMCLI [parameter] [operating_system_shell_options] Command-line syntax is case sensitive. See "iVMCLI Parameters" for more information.
The must have the following attributes: • Valid user name • iDRAC6 Virtual Media User permission If iDRAC6 authentication fails, an error message appears and the command is terminated. iDRAC6 User Password -p This parameter provides the password for the specified iDRAC6 user. If iDRAC6 authentication fails, an error message displays and the command terminates.
Omit this parameter from the command line if you are not virtualizing floppy media. If an invalid value is detected, an error message displays and the command terminates. CD/DVD Device or Image File -c { | } where is a valid CD/DVD drive letter (Windows systems) or a valid CD/DVD device file name (Linux systems) and is the file name and path of a valid ISO-9660 image file.
Help Display -h This parameter displays a summary of the iVMCLI utility parameters. If no other non-switch options are provided, the command terminates without error. Manual Display -m This parameter displays a detailed “man page” for the iVMCLI utility, including descriptions of all of the possible options. Encrypted Data -e When this parameter is included in the command line, iVMCLI will use an SSL-encrypted channel to transfer data between the management station and iDRAC6 in the remote system.
The latter technique is useful in script programs, as it allows the script to proceed after a new process is started for the iVMCLI command (otherwise, the script would block until the iVMCLI program is terminated). When multiple iVMCLI instances are started in this way, and one or more of the command instances must be manually terminated, use the operating system-specific facilities for listing and terminating processes.
Using the iDRAC6 Configuration Utility Overview The iDRAC6 Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for iDRAC6 and for the managed server.
Starting the iDRAC6 Configuration Utility You must use an iDRAC6 KVM-connected console to access the iDRAC6 Configuration Utility initially or after a resetting iDRAC6 to the default settings. 1 At the keyboard connected to the iDRAC6 KVM console, press to display the iDRAC6 KVM On Screen Configuration and Reporting (OSCAR) menu. Use and to highlight the slot containing your server, then press .
• The bottom line of the screen displays instructions for the current item. You can press to display help for the current item. • When you have finished using the iDRAC6 Configuration Utility, press to view the exit menu, where you can choose to save or discard your changes or return to the utility. The following sections describe the iDRAC6 Configuration Utility menu items. iDRAC6 LAN Use the left-arrow and right-arrow keys and the spacebar to select between Enabled and Disabled.
LAN Parameters Press to display the LAN Parameters submenu. When you have finished configuring the LAN parameters, press to return to the previous menu. Table 16-1. LAN Parameters Item Description RMCP+ Encryption Key Press to edit the value, when finished. The RMCP+ Encryption key is a 40-character hexadecimal string (characters 0-9, a-f, and A-F). RMCP+ is an IPMI extension that adds authentication and encryption to IPMI. The default value is a string of 40 zeroes.
Table 16-1. LAN Parameters (continued) Item Description Default Gateway If the IP Address Source is set to DHCP, this field displays the IP address of the default gateway obtained from DHCP. If the IP Address Source is set to Static, enter the IP address of the default gateway. The default is 192.168.0.1. LAN Alert Enabled Select On to enable the Platform Event Trap (PET) LAN alert. Alert Policy Entry 1 Select Enable or Disable to activate the first alert destination.
Virtual Media Configuration Virtual Media Use the left-arrow and right-arrow keys to select Attached or Detached. • If you select Attached, the virtual media devices are attached to the USB bus, making them available for use during Console Redirection sessions. • If you select Detached, users cannot access virtual media devices during Console Redirection sessions.
Cancel System Services Use the left-arrow and right-arrow keys to select Yes or No. When you select Yes, all Unified Server Configurator sessions are closed, and the server restarts when you Save and Exit to apply the new settings. LAN User Configuration The LAN user is the iDRAC6 administrator account, which is root by default. Press to display the LAN User Configuration submenu. When you have finished configuring the LAN user, press to return to the previous menu. Table 16-2.
Press to select the item. The following warning message appears: Resetting to factory defaults will restore remote NonVolatile user settings. Continue? < NO (Cancel) > < YES (Continue) > To reset iDRAC6 to the defaults, select YES and press . System Event Log Menu The System Event Log Menu allows you to view System Event Log (SEL) messages and to clear the log messages. Press to display the System Event Log Menu.
Recovering and Troubleshooting the Managed Server This section explains how to perform tasks related to diagnosing and troubleshooting a remote managed server using iDRAC6 utilities.
Trouble Indicators This section describes indications that there may be a problem with your system. LED Indicators LEDs on the chassis or on components installed in the chassis are generally the first indicators of system trouble. The following components and modules have status LEDs: • Chassis LCD display • Servers • Fans • CMCs • I/O modules • Power supplies The single LED on the chassis LCD summarizes the status of all of the components in the system.
Hardware Trouble Indicators Indications that a module has a hardware problem include the following: • Failure to power up • Noisy fans • Loss of network connectivity • Battery, temperature, voltage, or power monitoring sensor alerts • Hard drive failures • USB media failure • Physical damage caused by dropping, water, or other external stress When these kinds of problems occur, you can try to correct the problem using these strategies: • Reseat the module and restart it • Try inserting the
Problem Solving Tools This section describes iDRAC6 utilities you can use to diagnose problems with your system, especially when you are trying to solve problems remotely.
Checking the System Event Log (SEL) The SEL Log screen displays messages for events that occur on the managed server. To view the System Event Log, perform the following steps: 1 Click System and then click the Logs tab. 2 Click System Event Log to display the System Event Log screen. The System Event Log screen displays a system health indicator (see Table 17-3), a time stamp, and a description of the event. 3 Click the appropriate System Event Log button to continue (see Table 17-4). Table 17-4.
To view the Post Codes, perform the following steps: 1 Click System, the Logs tab, and then Post Codes. The Post Codes screen displays a system health indicator (see Table 17-3), a hexadecimal code, and a description of the code. 2 Click the appropriate Post Code button to continue (see Table 17-5). Table 17-5. Post Code Buttons Button Action Print Prints the Post Codes screen. Refresh Reloads the Post Codes screen.
Table 17-6. Last Crash Screen Buttons Button Action Print Prints the Last Crash Screen screen. Save Opens a pop-up window that enables you to save the Last Crash Screen to a directory of your choice. Delete Deletes the Last Crash Screen screen. Refresh Reloads the Last Crash Screen screen. NOTE: Due to fluctuations in the Auto Recovery timer, the Last Crash Screen may not be captured when the System Reset Timer is configured with a value that is too high. The default setting is 480 seconds.
Table 17-7. Boot Capture Options (continued) Button/Option Description Previous Screen Takes you to previous screen, if any, in the replay console. Play Starts the screenplay from current screen in the replay console. Pause Pauses the screenplay on the current screen being displayed in the replay console. Stop Stops the screenplay and loads the first screen of that boot sequence. Next Screen Takes you to next screen, if any, in the replay console.
Table 17-8.
Table 17-8.
Table 17-8.
Table 17-8.
Table 17-8.
Table 17-8.
Table 17-8.
Table 17-8.
Table 17-9. iDRAC6 Log Information Field Description Date/Time The date and time (for example, Dec 19 16:55:47). iDRAC6 sets its clock from the managed server’s clock. When iDRAC6 initially starts and is unable to communicate with the managed server, the time is displayed as the string System Boot. Source The interface that caused the event. Description A brief description of the event and the user name that logged in to iDRAC6.
Main System Enclosure Table 17-11 and Table 17-12 describe the main system enclosure properties. Table 17-11. System Information Fields Field Description Description Provides a system description. BIOS Version Lists the system BIOS version. Service Tag Lists the system Service Tag number. Host Name Provides the host system’s name. OS Name Lists the operating system running on the system. Table 17-12.
Table 17-13. iDRAC6 Information Fields (continued) Field Description IP Address The 32-bit address that identifies the network interface. The value is displayed in a dot separated format, such as 143.166.154.127. Gateway The IP Address of the gateway that acts as a bridge to other networks. This value is in a dot separated format, such as 143.166.150.5. Subnet Mask The subnet mask identifies the parts of the IP Address that make up the Extended Network Prefix and the Host Number.
If you entered 0 to leave the LED flashing, follow these steps to disable it: 1 Click System→ Remote Access→ iDRAC→ Troubleshooting. 2 On the Identify screen, uncheck Identify Server. 3 Click Apply. Using the Diagnostics Console iDRAC6 provides a standard set of network diagnostic tools (see Table 17-14) that are similar to the tools included with Microsoft® Windows® or Linux-based systems. Using the iDRAC6 Web interface, you can access the network debugging tools.
Managing Power on a Remote System iDRAC6 enables you to remotely perform several power management actions on the managed server. Use the Power Management screen to perform an orderly shutdown through the operating system when rebooting and powering on and off. NOTE: You must have Execute Server Action Commands permission to perform power management actions. See "Adding and Configuring iDRAC6 Users" for help configuring user permissions. 1 Click System, then click the Power Management tab.
Table 17-15. Power Control Actions (continued) Reset System (warm boot) Reboots the system without powering off (warm boot). Power Cycle System Powers off, then reboots the system (cold boot). Table 17-16. Power Management Buttons Button Action Print Prints the Power Management values that appear on the screen. Refresh Reloads the Power Management screen. Apply Saves any new settings that you make while viewing the Power Management screen.
Table 17-17. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of iDRAC6? From the CMC Web interface: 1 Click Chassis→ Servers, then click the Setup tab. 2 Click Deploy. 3 Read the IP address for your server from the table that is displayed. From the iKVM: • Reboot the server and enter the iDRAC6 Configuration Utility by pressing . OR • Watch for the IP address to display during BIOS POST.
Table 17-17. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of the CMC? From the iDRAC6 Web interface: • Click System→ Remote Access→ CMC. The CMC IP address is displayed on the Summary screen. OR • Select the "Dell CMC" console in the OSCAR to log in to the CMC through a local serial connection. CMC RACADM commands can be issued from this connection. Refer to the CMC Firmware User Guide for a complete list of the CMC RACADM subcommands.
Table 17-17. Frequently Asked Questions/Troubleshooting (continued) Question Answer I have forgotten the iDRAC6 administrative user name and password. You must restore iDRAC6 to its default settings. 1 Reboot the server and press when prompted to enter the iDRAC6 Configuration Utility. 2 On the Configuration Utility menu, highlight Reset to Default and press . For more information, see "Reset to Default.
Table 17-17. Frequently Asked Questions/Troubleshooting (continued) Question Answer iDRAC6 does not Remove and reinsert the server. boot. Check the CMC Web interface to see if iDRAC6 appears as an upgradable component. If it does, follow the instructions in "Updating iDRAC6 Firmware Using the CMC." If this does not correct the problem, contact Technical Support. When attempting to boot the managed server, the power indicator is green, but there is no POST or no video at all.
RACADM Subcommand Overview This section provides descriptions of the subcommands that are available in the RACADM command line interface. help Table A-1 describes the help command. Table A-1. Help Command Command Definition help Lists all of the subcommands available to use with racadm and provides a short description for each.
config Table A-2 describes the config and getconfig subcommands. Table A-2. config/getconfig Subcommand Definition config Configures iDRAC6. getconfig Gets iDRAC6 configuration data. Synopsis racadm config [-c|-p] -f racadm config -g -o [-i ] Supported Interfaces • Local RACADM Description The config subcommand allows you to set iDRAC6 configuration parameters individually or to batch them as part of a configuration file.
Table A-3. config Subcommand Options and Descriptions (continued) Option Description -o The -o , or object, option must be used with the -g option. This option specifies the object name that is written with the string . -i The -i , or index, option is only valid for indexed groups and can be used to specify a unique group. The index is specified here by the index value, not a "named" value.
getconfig The getconfig subcommand allows you to retrieve iDRAC6 configuration parameters individually, or all the iDRAC6 configuration groups may be retrieved and saved into a file. Input Table A-4 describes the getconfig subcommand options. NOTE: The -f option without a file specification will output the contents of the file to the terminal screen. Table A-4.
Output This subcommand generates error output upon encountering either of the following: • Invalid syntax, group name, object name, index, or other invalid database members • RACADM CLI transport failures If errors are not encountered, this subcommand displays the contents of the specified configuration. Examples • racadm getconfig -g cfgLanNetworking Displays all of the configuration properties (objects) that are contained in the group cfgLanNetworking. • racadm getconfig -f myrac.
getssninfo Table A-5 describes the getssninfo subcommand. Table A-5. getssninfo Subcommand Subcommand Definition getssninfo Retrieves session information for one or more currently active or pending sessions from the Session Manager's session table. Synopsis racadm getssninfo [-A] [-u | *] Description The getssninfo command returns a list of users that are connected to iDRAC6.
Examples • racadm getssninfo Table A-7 provides an example of output from the racadm getssninfo command. Table A-7. getssninfo Subcommand Output Example User IP Address Type Consoles root 192.168.0.10 Telnet Virtual KVM • racadm getssninfo -A "root" 143.166.174.19 "Telnet" "NONE" • racadm getssninfo -A -u * "root" "143.166.174.19" "Telnet" "NONE" • "bob" "143.166.174.19" "GUI" "NONE" getsysinfo Table A-8 describes the racadm getsysinfo subcommand. Table A-8.
Input Table A-9 describes the getsysinfo subcommand options. Table A-9. getsysinfo Subcommand Options Option Description -d Displays iDRAC6 information. -s Displays system information -w Displays watchdog information -A Eliminates the printing of headers/labels. Output The getsysinfo subcommand displays information related to iDRAC6, the managed server, and the watchdog configuration.
System Information: System Model System BIOS Version BMC Firmware Version Service Tag Host Name OS Name Power Status = = = = = = = Watchdog Information: Recovery Action Present countdown value Initial countdown value = None = 0 seconds = 0 seconds PowerEdge M600 0.2.1 0.32 48192 dell-x92i38xc2n OFF Examples • racadm getsysinfo -A -s "System Information:" "PowerEdge M600" "0.2.1" "0.
Restrictions The Hostname and OS Name fields in the getsysinfo output display accurate information only if Dell OpenManage is installed on the managed server. If OpenManage is not installed on the managed server, these fields may be blank or inaccurate. getractime Table A-10 describes the getractime subcommand. Table A-10. getractime Subcommand Definition getractime Displays the current time from the remote access controller.
Supported Interfaces • Local RACADM setniccfg Table A-11 describes the setniccfg subcommand. Table A-11. setniccfg Subcommand Definition setniccfg Sets the IP configuration for the controller. Synopsis racadm setniccfg -d racadm setniccfg -s [ ] racadm setniccfg -o [ ] Description The setniccfg subcommand sets the iDRAC6 IP address. • The -d option enables DHCP for the NIC (default is DHCP enabled).
Supported Interfaces • Local RACADM getniccfg Table A-12 describes the getniccfg subcommand. Table A-12. getniccfg Subcommand Definition getniccfg Displays the current IP configuration for iDRAC6. Synopsis racadm getniccfg Description The getniccfg subcommand displays the current NIC settings. Sample Output The getniccfg subcommand will display an appropriate error message if the operation is not successful.
getsvctag Table A-13 describes the getsvctag subcommand. Table A-13. getsvctag Subcommand Definition getsvctag Displays a service tag. Synopsis racadm getsvctag Description The getsvctag subcommand displays the service tag of the host system. Example Enter getsvctag at the command prompt. The output is displayed as follows: Y76TP0G The command returns 0 on success and nonzero on errors. Supported Interfaces • Local RACADM racreset Table A-14 describes the racreset subcommand. Table A-14.
Description The racreset subcommand issues a reset to iDRAC6. The reset event is written into the iDRAC6 log. Examples • racadm racreset Start the iDRAC6 soft-reset sequence. Supported Interfaces • Local RACADM racresetcfg Table A-15 describes the racresetcfg subcommand. Table A-15. racresetcfg Subcommand Definition racresetcfg Resets the entire RAC configuration to factory default values.
serveraction Table A-16 describes the serveraction subcommand. Table A-16. serveraction Subcommand Definition serveraction Executes a managed server reset or power-on/off/cycle. Synopsis racadm serveraction Description The serveraction subcommand enables users to perform power management operations on the host system. Table A-17 describes the serveraction power control options. Table A-17. serveraction Subcommand Options String Definition Specifies the action.
Supported Interfaces • Local RACADM getraclog Table A-18 describes the racadm getraclog command. Table A-18. getraclog Command Definition getraclog -i Displays the number of entries in the iDRAC6 log. getraclog Displays the iDRAC6 log entries. Synopsis racadm getraclog -i racadm getraclog [-A] [-o] [-c count] [-s startrecord] [-m] Description The getraclog -i command displays the number of entries in the iDRAC6 log. NOTE: If no options are provided, the entire log is displayed.
Output The default output display shows the record number, time stamp, source, and description. The timestamp begins at midnight, January 1 and increases until the managed server boots. After the managed server boots, the managed server’s system time is used for the timestamp. Sample Output Record: Date/Time: Source: Description: 1 Dec 8 08:10:11 login[433] root login from 143.166.157.
Synopsis racadm getsel -i racadm getsel [-E] [-R] [-A] [-o] [-c count] [-s count] [-m] Description The getsel -i command displays the number of entries in the SEL. The following getsel options (without the -i option) are used to read entries. NOTE: If no arguments are specified, the entire log is displayed. Table A-21. getsel Subcommand Options Option Description -A Specifies output with no display headers or labels. -c Provides the maximum count of entries to be returned.
Supported Interfaces • Local RACADM clrsel Synopsis racadm clrsel Description The clrsel command removes all existing records from the System Event Log (SEL). Supported Interfaces • Local RACADM gettracelog Table A-22 describes the gettracelog subcommand. Table A-22. gettracelog Command Definition gettracelog -i Displays the number of entries in the iDRAC trace log. gettracelog Displays the iDRAC trace log.
Description The gettracelog (without the -i option) command reads entries. The following gettracelog entries are used to read entries: Table A-23. gettracelog Subcommand options Option Description -i Displays the number of entries in the iDRAC trace log. -m Displays one screen at a time and prompts the user to continue (similar to the UNIX more command). -o Displays the output in a single line. -c specifies the number of records to display. -s specifies the starting record to display.
sslcsrgen Table A-24 describes the sslcsrgen subcommand. Table A-24. sslcsrgen Subcommand Description sslcsrgen Generates and downloads an SSL certificate signing request (CSR) from the RAC. Synopsis racadm sslcsrgen [-g] [-f ] racadm sslcsrgen -s Description The sslcsrgen subcommand can be used to generate a CSR and download the file to the client’s local file system. The CSR can be used for creating a custom SSL certificate that can be used for SSL transactions on the RAC.
The sslcsrgen -s subcommand returns one of the following status codes: • CSR was generated successfully. • CSR does not exist. • CSR generation in progress. NOTE: Before a CSR can be generated, the CSR fields must be configured in the RACADM cfgRacSecurity group. For example: racadm config -g cfgRacSecurity -o cfgRacSecCsrCommonName MyCompany Examples racadm sslcsrgen -s or racadm sslcsrgen -g -f c:\csr\csrtest.
Options Table A-27 describes the sslcertupload subcommand options. Table A-27. sslcertupload Subcommand Options Option Description -t Specifies the type of certificate to upload, either the CA certificate or server certificate. 1 = server certificate 2 = CA certificate -f Specifies the file name of the certificate to be uploaded. If the file is not specified, the sslcert file in the current directory is selected.
Options Table A-29 describes the sslcertdownload subcommand options. Table A-29. sslcertdownload Subcommand Options Option Description -t Specifies the type of certificate to download, either the Microsoft® Active Directory® certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -f Specifies the file name of the certificate to be downloaded. If the -f option or the filename is not specified, the sslcert file in the current directory is selected.
Options Table A-31 describes the sslcertview subcommand options. Table A-31. sslcertview Subcommand Options Option Description -t Specifies the type of certificate to view, either the Microsoft Active Directory certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -A Prevents printing headers/labels.
Valid From Valid To : Jul : Jul 8 16:21:56 2005 GMT 7 16:21:56 2010 GMT racadm sslcertview -t 1 -A 00 US Texas Round Rock Dell Inc. Remote Access Group iDRAC default certificate US Texas Round Rock Dell Inc. Remote Access Group iDRAC default certificate Jul 8 16:21:56 2005 GMT Jul 7 16:21:56 2010 GMT Supported Interfaces • Local RACADM testemail Table A-32 describes the testemail subcommand. Table A-32.
Description Sends a test e-mail from iDRAC6 to a specified destination. Prior to executing the testemail command, ensure that the specified index in the RACADM cfgEmailAlert group is enabled and configured properly. Table A-33 provides an example of commands for the cfgEmailAlert group. Table A-33.
Supported Interfaces • Local RACADM testtrap Table A-35 describes the testtrap subcommand. Table A-35. testtrap Subcommand Description testtrap Tests the iDRAC6 SNMP trap-alerting feature. Synopsis racadm testtrap -i Description The testtrap subcommand tests the iDRAC6 SNMP trap-alerting feature by sending a test trap from iDRAC6 to a specified destination trap listener on the network.
Input Table A-37 describes the testtrap subcommand options. Table A-37. testtrap Subcommand Options Option Description -i Specifies the index of the trap configuration to use for the test Valid values are from 1 to 4. Supported Interfaces • Local RACADM vmdisconnect Synopsis racadm vmdisconnect Description The vmdisconnect subcommand disconnects any virtual media connections.
Description Perform local kVM disable from the local system Legal Values 0 = Enable 1 = Disable vmkey Synopsis racadm vmkey [ reset ] Description The vmkey subcommand resets the virtual media key to the default size of 256MB.
iDRAC6 Enterprise Property Database Group and Object Definitions The iDRAC6 property database contains the configuration information for iDRAC6. Data is organized by associated object, and objects are organized by object group. The IDs for the groups and objects that the property database supports are listed in this section. Use the group and object IDs with the RACADM utility to configure iDRAC6. The following sections describe each object and indicate whether the object is readable, writable, or both.
idRacProductInfo (Read Only) Legal Values String of up to 63 ASCII characters Default Integrated Dell Remote Access Controller Description A text string that identifies the product idRacDescriptionInfo (Read Only) Legal Values String of up to 255 ASCII characters Default This system component provides a complete set of remote management functions for Dell PowerEdge servers.
idRacBuildInfo (Read Only) Legal Values String of up to 16 ASCII characters Default The current RAC firmware build version. For example, 05.12.06.
cfgOobSnmp This group contains parameters to configure the SNMP agent and trap capabilities of the iDRAC. One instance of the group is allowed. The following subsections describe the objects in this group. cfgOobSnmpAgentCommunity (Read/Write) Legal Values String.
cfgLanNetworking This group contains parameters to configure the iDRAC6 NIC. One instance of the group is allowed. All objects in this group will require the iDRAC6 NIC to be reset, which may cause a brief loss in connectivity. Objects that change the iDRAC6 NIC IP address settings will close all active user sessions and require users to reconnect using the updated IP address settings.
cfgDNSRacName (Read/Write) Legal Values String of up to 63 ASCII characters. At least one character must be alphabetic. NOTE: Some DNS servers only register names of 31 characters or fewer. Default idrac-service tag Description Displays the RAC name, which is idrac-service tag by default. This parameter is only valid if cfgDNSRegisterRac is set to 1 (TRUE).
Description Specifies that the DNS server IP addresses should be assigned from the DHCP server on the network cfgDNSServer1 (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 0.0.0.0 Description Specifies the IP address for DNS server 1. This property is only valid if cfgDNSServersFromDHCP is set to 0 (FALSE). NOTE: cfgDNSServer1 and cfgDNSServer2 may be set to identical values while swapping addresses.
cfgNicEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the iDRAC6 network interface controller. If the NIC is disabled, the remote network interfaces to iDRAC6 will no longer be accessible, and iDRAC6 will only be available through the local RACADM interface. cfgNicIpAddress (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid IP address. For example: 192.168.0.
Legal Values A string representing a valid subnet mask. For example: 255.255.255.0. Default 255.255.255.0 Description The subnet mask used for static assignment of the iDRAC6 IP address. This property is only valid if cfgNicUseDhcp is set to 0 (FALSE). cfgNicGateway (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid gateway IP address. For example: 192.168.0.1. Default 192.168.0.
Description Specifies whether DHCP is used to assign the iDRAC6 IP address. If this property is set to 1 (TRUE), then the iDRAC6 IP address, subnet mask, and gateway are assigned from the DHCP server on the network. If this property is set to 0 (FALSE), the static IP address, subnet mask, and gateway is assigned from the cfgNicIpAddress, cfgNicNetmask, and cfgNicGateway properties.
cfgUserAdminIpmiLanPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) 15 (No access) Default 4 (User 2) 15 (All others) Description The maximum privilege on the IPMI LAN channel cfgUserAdminPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff, and 0x0 Default 0x00000000 Description This property specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values.
Table B-1. Bit Masks for User Privileges (continued) User Privilege Privilege Bit Mask Clear Logs 0x0000008 Execute Server Control Commands 0x0000010 Access Console Redirection 0x0000020 Access Virtual Media 0x0000040 Test Alerts 0x0000080 Execute Debug Commands 0x0000100 Examples Table B-2 provides sample privilege bit masks for users with one or more privileges. Table B-2.
Description The name of the user for this index. The user index is created by writing a string into this name field if the index is empty. Writing a string of double quotes ("") deletes the user at that index. You cannot change the name. You must delete and then recreate the name. The string must not contain / (forward slash), \ (backslash), . (period), @ (at symbol) or quotation marks. NOTE: This property value must be unique among user names.
cfgUserAdminSolEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Serial Over LAN (SOL) user access cfgEmailAlert This group contains parameters to configure the RAC e-mail alerting capabilities. The following subsections describe the objects in this group. Up to four instances of this group are allowed. cfgEmailAlertIndex (Read Only) Legal Values 1–4 Default This parameter is populated based on the existing instances.
Default 0 Description Specifies the destination email address for email alerts. For example, user1@company.com.
cfgSsnMgtConsRedirMaxSessions (Read/Write) Legal Values 1–4 Default 4 Description Specifies the maximum number of console redirection sessions allowed on iDRAC6 cfgSsnMgtWebserverTimeout (Read/Write) Legal Values 60 – 10800 Default 1800 Description Defines the Web server time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached.
Default 1800 Description Defines the secure shell idle time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session; you must log out and log in again to make the new settings effective.
cfgSerial This group contains configuration parameters for iDRAC6 services. One instance of the group is allowed. The following subsections describe the objects in this group.
cfgRhostsSmtpServerIpAddr (Read/Write) Legal Values A string representing a valid SMTP server IP address. For example: 192.168.0.56. Default 0.0.0.0 Description The IP address of the network SMTP server. The SMTP server transmits e-mail alerts from the RAC if the alerts are configured and enabled. cfgUserDomain This group is used to configure the Active Directory user domain names. A maximum of 40 domain names can be configured at any given time.
Description Specifies the Active Directory user domain name cfgServerPower This group provides several power management features.
Default (blank) Description Represents the power consumed by the server at the current time cfgServerPowerPeakPowerConsumption (Read Only) Legal Values String of up to 32 characters Default (blank) Description Represents the maximum power consumed by the server until the current time cfgServerPowerPeakPowerTimestamp (Read Only) Legal Values String of up to 32 characters Default (blank) Description Time when the maximum power consumption was recorded cfgServerPowerConsumptionClear (Write Only) Leg
Default 0 Description Resets the cfgServerPeakPowerConsumption property to 0 and the cfgServerPeakPowerConsumptionTimestamp property to the current iDRAC6 time cfgServerPowerCapWatts (Read Only) Legal Values String of up to 32 characters Default (blank) Description Represents the server power threshold in Watts cfgServerPowerCapBtuhr (Read Only) Legal Values String of up to 32 characters Default (blank) Description Represents the server power threshold in BTU/hr cfgServerPowerCapPercent (Read Onl
Default (blank) Description Represents the server power threshold in percentage cfgRacTuning This group is used to configure various iDRAC6 configuration properties, such as valid ports and security port restrictions.
cfgRacTuneIpRangeEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP Address Range validation feature of iDRAC6 cfgRacTuneIpRangeAddr Legal Values An IP address-formatted string. For example, 192.168.0.44. Default 192.168.1.
cfgRacTuneIpBlkEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP address blocking feature of the RAC cfgRacTuneIpBlkFailCount Legal Values 2 – 16 Default 5 Description The maximum number of login failures to occur within the window (cfgRacTuneIpBlkFailWindow) before login attempts from the IP address are rejected cfgRacTuneIpBlkFailWindow Legal Values 10 – 65535 Default 60 iDRAC6 Enterprise Property Database Group and Object Definitions 355
Description Defines the time span in seconds that the failed attempts are counted. When failure attempts age beyond this limit, they are dropped from the count.
Description Enables or disables console redirection cfgRacTuneTelnetPort (Read/Write) Legal Values 1 – 65535 Default 23 Description Specifies the port number used for the iDRAC6 telnet interface cfgRacTuneConRedirEncryptEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Encrypts the video in a console redirection session cfgRacTuneConRedirPort (Read/Write) Legal Values 1 – 65535 Default 5900 iDRAC6 Enterprise Property Database Group and Object Definitions 357
Description Specifies the port to be used for keyboard and mouse traffic during console redirection activity with iDRAC6 cfgRacTuneConRedirVideoPort (Read/Write) Legal Values 1 – 65535 Default 5901 Description Specifies the port to be used for video traffic during console redirection activity with iDRAC6 NOTE: This object requires an iDRAC6 reset before it becomes active.
Default 1 Description Enables and disables the iDRAC6 Web server. If this property is disabled, iDRAC6 will not be accessible using client Web browsers. This property has no effect on the telnet/SSH or local RACADM interfaces.
ifcRacManagedNodeOs This group contains properties that describe the Managed Server operating system. One instance of the group is allowed. The following subsections describe the objects in this group.
cfgSecCsrCommonName (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR Common Name (CN) cfgSecCsrOrganizationName (Read/Write) Legal Values A string of up to 254 characters Default (blank) Description Specifies the CSR Organization Name (O) cfgSecCsrOrganizationUnit (Read/Write) Legal Values A string of up to 254 characters Default (blank) Description Specifies the CSR Organization Unit (OU) cfgSecCsrLocalityName (Read/Write) Legal Values A string of
Default (blank) Description Specifies the CSR Locality (L) cfgSecCsrStateName (Read/Write) Legal Values A string of up to 254 characters Default (blank) Description Specifies the CSR State Name (S) cfgSecCsrCountryCode (Read/Write) Legal Values A two-character string Default (blank) Description Specifies the CSR Country Code (CC) cfgSecCsrEmailAddr (Read/Write) Legal Values A string of up to 254 characters Default (blank) 362 iDRAC6 Enterprise Property Database Group and Object Definitions
Description Specifies the CSR Email Address. cfgSecCsrKeySize (Read/Write) Legal Values 512 1024 2048 Default 1024 Description Specifies the SSL asymmetric key size for the CSR cfgRacVirtual This group contains parameters to configure the iDRAC6 virtual media feature. One instance of the group is allowed. The following subsections describe the objects in this group.
Description This object is used to attach virtual devices to the system via the USB bus. When the devices are attached the server will recognize valid USB mass storage devices attached to the system. This is equivalent to attaching a local USB CDROM/floppy drive to a USB port on the system. When the devices are attached you then can connect to the virtual devices remotely using the iDRAC6 Web interface or the CLI. Setting this object to 0 will cause the devices to detach from the USB bus.
Description Enables or disables the virtual media key feature of the iDRAC cfgFloppyEmulation (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description When set to 0, the virtual floppy drive is recognized as a removable disk by Windows operating systems. Windows operating systems will assign a drive letter that is C: or higher during enumeration. When set to 1, the Virtual Floppy drive will be seen as a floppy drive by Windows operating systems.
cfgADRacName (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default (blank) Description Name of iDRAC6 as recorded in the Active Directory forest cfgADEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Active Directory user authentication on iDRAC6. If this property is disabled, local iDRAC6 authentication is used for user logins instead.
Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out. cfgADDomainController1 (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN) Default No default value Description iDRAC6 uses the value you specify to search the LDAP server for user names.
cfgADGlobalCatalog1 (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN) Default No default value Description iDRAC6 uses the value you specify to search the Global Catalog server for user names. cfgADGlobalCatalog2 (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN) Default No default value Description iDRAC6 uses the value you specify to search the Global Catalog server for user names.
cfgADType (Read/Write) Legal Values 1 = Enables Active Directory with the extended schema 2 = Enables Active Directory with the standard schema Default 1 Description Determines the schema type to use with Active Directory cfgADCertValidationEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables Active Directory certificate validation cfgStandardSchema This group contains parameters to configure the Active Directory standard schema settings.
Description Index of the Role Group as recorded in the Active Directory cfgSSADRoleGroupName (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default (blank) Description Name of the Role Group as recorded in the Active Directory forest cfgSSADRoleGroupDomain (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters.
Description Use the bit mask numbers in Table B-3 to set role-based authority privileges for a Role Group. Table B-3.
cfgIpmiSolBaudRate (Read/Write) Legal Values 9600, 19200, 57600, 115200 Default 115200 Description The baud rate for serial communication over LAN cfgIpmiSolMinPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the minimum privilege level required for SOL access cfgIpmiSolAccumulateInterval (Read/Write) Legal Values 1 – 255 Default 10 Description Specifies the typical amount of time that iDRAC6 waits before transmitting a partial SOL charac
cfgIpmiSolSendThreshold (Read/Write) Legal Values 1 – 255 Default 255 Description The SOL threshold limit value. Specifies the maximum number of bytes to buffer before sending an SOL data packet. cfgIpmiLan This group is used to configure the IPMI over LAN capabilities of the system.
Default 4 Description Specifies the maximum privilege level allowed for IPMI over LAN access cfgIpmiLanAlertEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 0 Description Enables or disables global e-mail alerting. This property overrides all individual e-mail alerting enable/disable properties.
Default public Description The SNMP community name for traps cfgIpmiPef This group is used to configure the platform event filters available on the managed server. The event filters can be used to control policy related to actions that are triggered when critical events occur on the managed server.
cfgIpmiPefAction (Read/Write) Legal Values 0 (None) 1 (Power Down) 2 (Reset) 3 (Power Cycle) Default 0 Description Specifies the action that is performed on the managed server when the alert is triggered cfgIpmiPefEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables a specific platform event filter. cfgIpmiPet This group is used to configure platform event traps on the managed server.
Default The appropriate index value Description Unique identifier for the index corresponding to the trap cfgIpmiPetAlertDestIpAddr (Read/Write) Legal Values String representing a valid IP address. For example, 192.168.0.67. Default 0.0.0.0 Description Specifies the destination IP address for the trap receiver on the network. The trap receiver receives an SNMP trap when an event is triggered on the managed server.
iDRAC6 Enterprise Property Database Group and Object Definitions
iDRAC6 SM-CLP Property Database /system1/sp1/account<1-16> This target provides configuration information about the local users who are allowed to access the RAC through available remote interfaces. Up to 16 instances of the user group are allowed. Each instance <1-16> represents the configuration for an individual local user. userid (Read Only) Legal values 1-16 Default Depends on the account instance being accessed. Description Specifies the instance ID or the local user ID.
Description A text string that contains the name of the local user for this account. The string must not contain a forward slash (/), period (.), at symbol (@), or quotation marks ("). Deleting the user is done by deleting the account. (delete account<1-16>). NOTE: This property value must be unique among usernames.
enabledstate (Read/Write) Legal Values 0 (Disabled) 1 (Enabled) Default 0 Description Helps enable or disable an individual user. solenabled (Read/Write) Legal Values 0 (Disabled) 1 (Enabled) Default 0 Description Enables or disables Serial Over LAN (SOL) user access.
Description Specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values. Table C-1 describes the user privilege bit values that can be combined to create bit masks. Table C-1.
/system1/sp1/enetport1/* This group contains parameters to configure the iDRAC6 NIC. One instance of the group is allowed. All objects in this group require the iDRAC6 NIC to be reset, which may cause a brief loss in connectivity. Objects that change the iDRAC6 NIC IP address settings close all active user sessions and require users to reconnect using the updated IP address settings. macaddress (Read Only) Legal Values A string representing the RAC NIC MAC address.
ipaddress (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 192.168.0.n (where n is 120 plus the server slot number) Description Specifies the static IP address to assign to the RAC. This property is only valid if oemdell_usedhcp is set to 0 (Disabled). subnetmask (Read/Write) Legal Values A string representing a valid subnet mask. For example: 255.255.255.0. Default 255.255.255.
Description Specifies whether DHCP is used to assign the iDRAC6 IP address. If this property is set to 1 (Enabled), the iDRAC6 IP address, subnet mask, and gateway are assigned from the DHCP server on the network. If this property is set to 0 (Disabled), the static IP address, subnet mask, and gateway gain values inserted manually by the user.
Description Specifies that the iDRAC6 DNS domain name should be assigned from the network DHCP server. oemdell_dnsdomainname (Read/Write) Legal Values A string of up to 254 ASCII characters. At least one of the characters must be alphabetic. Default “” Description Holds the DNS domain name. This parameter is only valid if oemdell_domainnamefromdhcp is set to 0 (Disabled).
Default rac-service tag Description Displays the RAC name, which is the RAC service tag by default. This parameter is only valid if oemdell_dnsregisterrac is set to 1 (Registered). oemdell_serversfromdhcp (Read/Write) Legal Values 0 (Disabled) 1 (Enabled) Default 0 Description Specifies that the DNS server IP addresses should be assigned from the DHCP server on the network.
/system1/sp1/enetport1/lanendpt1/ipendpt1/ dnsendpt1/remotesap2 dnsserveraddress (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 0.0.0.0 Description Specifies the IP address for DNS Server 2. This property is only valid if oemdell_serversfromdhcp is set to 0 (Disabled). /system1/sp1/enetport1/lanendpt1/ipendpt1/ remotesap1 defaultgatewayaddress (Read/Write) Legal Values A string representing a valid gateway IP address. For example: 192.168.0.1.
oemdell_groupname (Read/Write) Legal Values Any printable text string up to 254 characters with no blank spaces. Default “” Description Holds the name of the Role Group as recorded in the Active Directory forest. oemdell_groupdomain (Read/Write) Legal Values Any printable text string up to 254 characters with no blank spaces. Default “” Description Holds the Active Directory domain in which the Role Group resides.
Table C-3. Bit Masks for Role Group Privileges Role Group Privilege Bit Mask Login to iDRAC6 0x00000001 Configure iDRAC6 0x00000002 Configure Users 0x00000004 Clear Logs 0x00000008 Execute Server Control Commands 0x00000010 Access Console Redirection 0x00000020 Access Virtual Media 0x00000040 Test Alerts 0x00000080 Execute Debug Commands 0x00000100 /system1/sp1/oemdell_adservice1 This group contains parameters to configure the iDRAC6 Active Directory feature.
oemdell_adracname (Read/Write) Legal Values Any printable text string up to 254 characters with no blank spaces. Default "" Description Name of iDRAC6 as recorded in the Active Directory forest. oemdell_adracdomain (Read/Write) Legal Values Any printable text string up to 254 characters with no blank spaces. Default "" Description The Active Directory Domain in which iDRAC6 resides. oemdell_adrootdomain (Read/Write) Legal Values Any printable text string up to 254 characters with no blank spaces.
oemdell_timeout (Read/Write) Legal Values 15 – 300 Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out. oemdell_schematype (Read/Write) Legal Values 1 (Extended schema) 2 (Standard schema) Default 1 Description Determines the schema type to use with Active Directory.
oemdell_addomaincontroller (Read/Write) Legal Values A valid IP address or a fully qualified domain name (FQDN). Default “” Description Value specified by the user that iDRAC6 uses to search the LDAP server for usernames. oemdell_adglobalcatalog (Read/Write) Legal Values A valid IP address or an FQDN. Default No default value Description Value specified by the user that iDRAC6 uses to search the Global Catalog server for usernames.
Default "" Description Specifies the CSR Common Name. organizationname (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Organization Name. oemdell_organizationunit (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Organization Unit. oemdell_localityname (Read/Write) Legal Values A string of up to 254 characters.
Description Specifies the CSR Locality. oemdell_statename (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR State Name. oemdell_countrycode (Read/Write) Legal Values A string of up to 2 characters. Default "" Description Specifies the CSR Country Code. oemdell_emailaddress (Read/Write) Legal Values A string of up to 254 characters. Default "" Description Specifies the CSR Email Address.
oemdell_keysize (Read/Write) Legal Values 1024 2048 4096 Default 1024 Description Specifies the SSL asymmetric key size for the CSR. /system1/sp1/oemdell_ssl1 Contains parameters necessary to generate Certificate Signing Requests (CSRs) and view certificates. generate (Read/Write) Legal Values 0 (Do not generate) 1 (Generate) Default 0 Description Generates a CSR when set to 1. Set the properties in the oemdell_racsecurity1 target before generating a CSR.
Default CSR not found Description Shows the status of the previous generate command issued, if any, during the current session. oemdell_certtype (Read / Write) Legal values SSL AD CSR Default SSL Description Specifies the type of certificate to be viewed (AD or SSL) and helps generate a CSR with the help of the generate property. /system1/sp1/oemdell_vmservice1 This group contains parameters to configure the iDRAC6 virtual media feature.
Description Used to attach virtual devices to the system via the USB bus, allowing the server to recognize valid USB mass storage devices attached to the system. This is equivalent to attaching a local USB CDROM/floppy drive to a USB port on the system. When the devices are attached, you then can connect to the virtual devices remotely using the iDRAC6 Web interface or the CLI. Setting this property to 0 causes the devices to detach from the USB bus.
Description When set to 0, the virtual floppy drive is recognized as a removable disk by Windows operating systems. Windows operating systems will assign a drive letter that is C: or higher during enumeration. When set to 1, the Virtual Floppy drive will be seen as a floppy drive by Windows operating systems.
portnumber (Read/Write) Legal Values 1 – 65535 Default 3670 Description Specifies the port number used for encrypted virtual media connections to iDRAC6. oemdell_sslenabled (Read Only) Legal Value TRUE Default TRUE Description Indicates that the port has SSL enabled.
RACADM and SM-CLP Equivalencies Table D-1 lists the RACADM groups and objects and, where they exist, SM-SLP equivalent locations in the SM-CLP MAP. Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies RACADM Groups/Objects SM-CLP Description idRacInfo idRacName String of up to 15 ASCII characters. Default: iDRAC. idRacProductInfo String of up to 63 ASCII characters. Default: Integrated Dell Remote Access Controller. idRacDescriptionInfo String of up to 255 ASCII characters.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgActiveDirectory /system1/sp1/ oemdell_adservice1 cfgADEnable enablestate 0 to disable, 1 to enable Default: 0 cfgADRacName oemdell_adracname String of up to 254 characters. cfgADRacDomain oemdell_adracdomain String of up to 254 characters.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP cfgLanNetworking /system1/sp1/enetport1 cfgNicMacAddress macaddress Description The MAC address of the interface.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgDNSRacName oemdell_dnsracname String of up to 63 ASCII characters. At least one character must be alphabetic. Default: iDRAC- plus the Dell service tag.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgVirMediaAttached enabledstate Set to 1 (RACADM)/ VMEDIA_ATTACH (SM-CLP) to attach media. Default: 1 (RACADM)/ VMEDIA_ATTACH (SM-CLP) cfgVirMediaBootOnce oemdell_singleboot Set to 1 to perform next boot from selected media Default 0. /system1/sp1/oemdell_vmservice1/ tcpendpt1 cfgVirAtapiSvrPort oemdell_sslenabled Set to 1 if SSL is enabled for first virtual media device, 0 if not.
Table D-1.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgSsnMgtSshIdleTimeout Number of seconds idle before a SSH session times out. 0 to disable timeout or 60-1920 seconds Default: 300 cfgSsnMgtTelnetIdleTimeout Number of seconds idle before a telnet session times out. 0 to disable timeout or 60-1920 seconds Default: 300 cfgSsnMgtWebserverTimeout Number of seconds idle before a Web interface session times out.
Table D-1.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgRacTuneTelnetPort Port to use for the telnet service Default: 23 cfgRacTuneWebserverEnable Set to 1 to enable the iDRAC6 Web interface Default: 1 ifcRacManagedNodeOS ifcRacMnOsHostname Host name of the managed server. String of up to 255 characters ifcRacMnOsOsName Name of the managed server operating system.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgRacSecCsrOrganizationUnit oemdell_organizationunit Active Directory organization unit name. String of up to 254 characters cfgRacSecCsrStateName oemdell_statename Activity Directory state name.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued) RACADM Groups/Objects SM-CLP Description cfgIpmiLanAlertEnable Set to 1 to enable IPMI LAN alerts Default: 0 cfgIpmiLanEnable Set to 1 to enable the IPMI over LAN interface Default: 0 cfgIpmiPetCommunityName A string of up to 18 characters Default: public cfgIpmiPef cfgIpmiPefAction The action to take when event is detected.
Table D-2.
Glossary Active Directory Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. AGP Abbreviation for accelerated graphics port, which is a bus specification that allows graphics cards faster access to main system memory.
CA A certificate authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains.
DLL Abbreviation for Dynamic Link Library, which is a library of small programs, any of which can be called when needed by a larger program that is running in the system. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (or file). DDNS Abbreviation for Dynamic Domain Name System. DMTF Abbreviation for Distributed Management Task Force. DNS Abbreviation for Domain Name System.
GRUB Acronym for GRand Unified Bootloader, a new and commonly-used Linux loader. GUI Abbreviation for graphical user interface, which refers to a computer display interface that uses elements such as windows, dialog boxes, and buttons as opposed to a command prompt interface, in which all user interaction is displayed and entered in text. hardware log Records events generated by iDRAC6 and the CMC.
IPMI Abbreviation for Intelligent Platform Management Interface, which is a part of systems management technology. Kbps Abbreviation for kilobits per second, which is a data transfer rate. LAN Abbreviation for local area network. LDAP Abbreviation for Lightweight Directory Access Protocol. LED Abbreviation for light-emitting diode. LOM Abbreviation for Local area network On Motherboard.
MIB Abbreviation for management information base. MII Abbreviation for Media Independent Interface. NAS Abbreviation for network attached storage. NIC Abbreviation for network interface card. An adapter circuit board installed in a computer to provide a physical connection to a network. OID Abbreviation for Object Identifiers. OSCAR Acronym for On Screen Configuration and Reporting. OSCAR is the menu displayed by the Avocent iKVM when you press .
RAM disk A memory-resident program which emulates a hard drive. iDRAC6 maintains a RAM disk in its memory. RAC Abbreviation for remote access controller. ROM Acronym for read-only memory, which is memory from which data may be read, but to which data cannot be written. RPM Abbreviation for Red Hat® Package Manager, which is a package-management system for the Red Hat Enterprise Linux® operating system that helps installation of software packages. It is similar to an installation program.
SSH Abbreviation for Secure Shell. SSL Abbreviation for secure sockets layer. standard schema A solution used with Active Directory to determine user access to iDRAC6; uses Active Directory group objects only. TAP Abbreviation for Telelocator Alphanumeric Protocol, which is a protocol used for submitting requests to a pager service.
VNC Abbreviation for virtual network computing. VT-100 Abbreviation for Video Terminal 100, which is used by the most common terminal emulation programs. WAN Abbreviation for wide area network.
Glossary
Index A C Active Directory adding DRAC 5 users, 126 configuring access to the DRAC 5, 119 logging in to the DRAC 5, 142 managing certificates, 100 objects, 116 schema extensions, 115 using with extended schema, 115 using with standard schema, 132 using with the DRAC 5, 113 Certificate Signing Request. See CSR ActiveX console redirection plug-in, 190 alert management.
configuring multiple iDRACs with RACADM, 241 console redirection configuring, 187 opening a session, 189 using, 163, 185 CSR about, 95 generating, 97 D diagnostics console, 294 digital signature, verify, 53-56 Distributed Management Task Force (DMTF), 243 F Firefox tab behavior, 81 viewing localized version, 66 firewall, opening ports, 33 firmware recovering with CMC, 51, 109 updating, 48 updating with SM-CLP, 251 updating with the web interface, 109 frequently asked questions using console redirection, 1
iDRAC configuration utility configuring LAN user, 273 configuring network properties, 270 iDRAC KVM displaying OSCAR, 268 iDRAC service ports, 33 iDRAC6 resetting to factory defaults, 273 SSH, 71 iDRAC6 configuration utility, 38 configuring IPMI, 269 configuring network properties, 269 configuring virtual media, 272 starting, 268 iDRAC6 web interface, 38, 51 ifconfig command, diagnostics console, 294 iKVM disabling during console redirection, 195 finding the iDRAC IP address, 297 viewing status of the local
J Java console redirection plug-in, 69, 190 K key, verify, 54, 56 L last crash screen capturing on the managed server, 76 viewing, 280 local RACADM, 39 localization, browser setup, 65 logs iDRAC, 290 post codes, 279 See also SEL server, 75 lost administrative password, 273 M Manageability Access Point.
O Platform Event Filter. See PEF On Screen Configuration and Reporting. See OSCAR Platform Event Trap.
R RACADM configuring e-mail alerts, 230 configuring IP blocking, 234 configuring IP filtering, 231 configuring IPMI, 227 configuring multiple iDRACS, 241 configuring network properties, 225 configuring PEF, 229 configuring PET, 229 configuring SOL, 228 configuring SSH service, 236 configuring telnet service, 236 subcommands, 301 using, 219 RACADM subcommands clrraclog, 220, 317 clrsel, 220, 319 config, 76, 220, 302 getconfig, 197, 220, 237, 304 getniccfg, 220, 312 getraclog, 220, 316 getractime, 220, 310 ge
SEL managing with SM-CLP, 251 managing with the iDRAC6 configuration utility, 273-274 managing with the web interface, 279 server instrumentation, 75 logs, 75 server certificate uploading, 98 viewing, 99 server features, integrated instrumentation, 75 logs, 75 Server Management Command Line Protocol. See SM-CLP server storage management, 75 services configuring with the web interface, 106 signature, verify, 53-56 Simple Network Management Protocol.
T telnet backspace configuration, 70 client installation, 70 configuring iDRAC service with RACADM, 236 configuring iDRAC service with the web interface, 106 TFTP server, installing, 72 Trivial File Transfer Protocol, see TFTP troubleshooting indications, 276 trusted domains list, adding iDRAC, 65 U Unified Server Configurator, 272 System Services, 272 Update Packages verifying the digital signature, 53-56 utilities dd, 258 iVMCLI, 257 video viewer, 191 V verify digital signature, 53-56 public key, 54, 5
web interface accessing, 80 browser configuration, 62 configuring ASR service, 106 configuring e-mail alerts, 89 configuring iDRAC services, 106 configuring IP blocking, 85 configuring IP filtering, 85 configuring IPMI LAN properties, 82, 90 configuring network properties, 82 configuring PEF, 88 configuring PET, 87-88, 229 configuring SOL, 90 configuring telnet service, 106 configuring the SSH service, 106 configuring the web server service, 106 logging in, 80 logging out, 81 updating firmware, 109 web serv
Index