Integrated Dell™ Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers Version 2.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. __________________ Information in this document is subject to change without notice. © 2009 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 iDRAC6 Enterprise Overview . . . . . . . . . . 29 . . . . . . . . . . . . . 30 . . . . . . . . . . . . . . . 30 IPv6 Ready Logo Certification . iDRAC6 Security Features . iDRAC6 Enterprise and vFlash Media . Supported Platforms . . . . . . . . . . 31 . . . . . . . . . . . . . . . . . . 33 Supported Operating Systems . Supported Web Browsers . . . . . . . . . . . . . . 34 . . . . . . . . . . . . . . . 34 Supported Remote Access Connections iDRAC6 Ports . . . . . . . . . 34 .
Configure Platform Events . . . . . . . . . . . . . Enabling or Disabling Local Configuration Access . . . . . . . . . . . . . . . . 45 Configure iDRAC6 Services . . . . . . . . . . . . . 45 . . . . . . 46 . . . . . . . . . . . . . . 46 Configure Secure Sockets Layer (SSL) . Configure Virtual Media. Configure a vFlash Media Card . . . . . . . . . . . Install the Managed Server Software . . . . . . . Configure the Managed Server for the Last Crash Screen Feature . . . . . . .
Updating the USC Repair Package Configuring iDRAC6 For Use With IT Assistant . . . . . . . . . . . . . . . . . . 63 . . . . . . . . . . . . . . 63 Using iDRAC6 Configuration Utility to Enable Discovery and Monitoring . . . . . . . . . . Using iDRAC6 Web Interface to Enable Discovery and Monitoring . . . . . . . . Using IT Assistant to View iDRAC6 Status and Events . . . . . . . . . 3 . . . . . . . . 64 . . . . . . . . . . . 66 Configuring the Management Station . . . . . . . . . . . . . . . . .
Installing a Java Runtime Environment (JRE) . . . . . . 75 . . . . . . . . . . . . . 76 . . . . . . . . . . . . . . . . . 76 Installing Telnet or SSH Clients Telnet with iDRAC6 Configuring the Backspace Key For Telnet Sessions . . . . . . . . . . . . . . . . . 77 SSH With iDRAC6 . . . . . . . . . . . . . . . . . . 77 Installing a TFTP Server . . . . . . . . . . . . . . . . . 79 Installing Dell OpenManage IT Assistant . . . . . . . . 79 . . . . . . . . . . 80 . . . . . . . . . . . .
Configuring iDRAC6 NIC . . . . . . . . . . . . . . . . . Configuring the Network, IPMI and VLAN Settings . . . . . . . . . . . . . . . . . 88 . . . . . . 92 . . . . . . . . . . . . . . 94 Configuring IP Filtering and IP Blocking Configuring Platform Events . 88 Configuring Platform Event Filters (PEF) . . . . . . 95 Configuring Platform Event Traps (PET) . . . . . . 95 . . . . . . . . . . . . . 96 . . . . . . . . . . . . . . . 97 Configuring E-Mail Alerts .
Configuring iDRAC6 Services Updating iDRAC6 Firmware . . . . . . . . . . . . . 114 . . . . . . . . . . . . . . 116 Updating iDRAC6 Firmware Using the CMC . . . . . . . iDRAC6 Firmware Rollback 6 . . . . . . . . . . . 118 . . . . . . . . . . . . 118 Using iDRAC6 With Microsoft Active Directory . . . . . . . . . . . . . . . . . . 121 . . . . . . . . . 122 . . . . . . . . . . . . .
Standard Schema Active Directory Overview . . . . . . . . . . . . . . . . . . . . . . . . . Single Domain Versus Multiple Domain Scenarios . . . . . . . . . . . . . . . . . Configuring Standard Schema Active Directory to Access iDRAC6 . . . . . Configuring Active Directory With Standard Schema Using iDRAC6 Web Interface . . . . . . . . . . 142 . . . . . . . 143 . . . . . . . . . 143 Configuring Active Directory With Standard Schema Using RACADM . Testing Your Configurations . 140 . . . . . . . .
7 Configuring Smart Card Authentication . . . . . . . . . . . . . . . . . . . . Configuring Smart Card Login in iDRAC6 . . . . . . . 161 . . . . . . . . . 163 . . . . . . . . . . . 163 Logging Into iDRAC6 Using Active Directory Smart Card Authentication Troubleshooting the Smart Card Logon in iDRAC6 . . . . . . . . . 8 Enabling Kerberos Authentication . . . . 167 . . . . . 168 . . . . . . 170 . . . . . . . .
WWN/MAC . Health . . . . . . . . . . . . . . . . . . . . . . . 176 . . . . . . . . . . . . . . . . . . . . . . . . . . 176 . . . . . . . . . . . . . . . . . . . . . . . 176 . . . . . . . . . . . . . . . . . . . . . . . . 176 iDRAC6 CMC . Batteries Voltages . . . . . . . . . . . . . . . . . . . . 177 . . . . . . . . . . . . . . . . . . . . . . 177 . . . . . . . . . . . . . . . . . 177 . . . . . . . . . . . . . . . . . . . . . . . . . 178 Power Monitoring CPU 177 . . . . . . . . . . . . .
11 Configuring and Using Serial Over LAN . . . . . . . . . . . . . . . . . . . Enabling Serial Over LAN in the BIOS . . . . . . . . . 187 . . . . . . . . . . . . 188 . . . . . . . . . . . . . 191 Configuring Serial Over LAN in iDRAC6 Web GUI . . . . . . . . Using Serial Over LAN (SOL) . Model for Redirecting SOL Over Telnet or SSH . . . . Model for the SOL Proxy . . . . . . . . . . . . 191 . . . . . . . . . . . . . 192 . . . . 192 . . . . . . . . . 192 . . . . . . . . . . . . . .
Using the Video Viewer 213 . . . . . . . . . . . . . . . . . Synchronizing the Mouse Pointers . . . . . . . . 217 . . . . . . . . . . . . . . 218 Disabling or Enabling Local Console . Frequently Asked Questions . 13 Configuring the vFlash Media Card for Use With iDRAC6 . . Installing a vFlash Media Card 223 223 . . . . . . . . . . 224 . . . . . . . . . . . 224 . . . . . . . . . . . . . 224 Configuring the vFlash Media Card Using iDRAC6 Web Interface . . .
Configuring Virtual Media . Running Virtual Media . . . . . . . . . . . . . . . 232 . . . . . . . . . . . . . . . . 233 Disconnecting Virtual Media . . . . . . . . . . . 235 Booting From Virtual Media . . . . . . . . . . . . 235 Installing Operating Systems Using Virtual Media . . . . . . . . . . . . . . . 236 Using Virtual Media When the Server’s Operating System Is Running Frequently Asked Questions . . . . . . . 236 . . . . . . . . . . . . .
Configuring IP Filtering . . . . . . . . . . . . . . . 258 Configuring IP Blocking. . . . . . . . . . . . . . . 259 Configuring iDRAC6 Telnet and SSH Services Using Local RACADM . . Remote and SSH/Telnet RACADM . . . . . . . . . 261 . . . . . . . . . . . 262 Remote RACADM Usage . . . . . . . . . . . . . . 263 Remote RACADM Options . . . . . . . . . . . . . 263 Using an iDRAC6 Configuration File . Creating an iDRAC6 Configuration File . Configuration File Syntax . 264 . . . . . . . . . .
iDRAC6 SM-CLP Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 278 . . . . . . . . . . . . . . . . 278 Server Power Management SEL Management . MAP Target Navigation . . . . . . . . . . . . . . Updating iDRAC6 Firmware Using SM-CLP . . . . . . . . . . . . . . . . . . . 17 Using the WS-MAN Interface . . . . . . . . . . . . . . 283 . . . . . . . . . . . . . . . . 284 . . . . . . . . . . . 287 . . . . . . . . . . . . . . . . . . . 287 . . . . . . . . . . 287 . . . . . . . . . .
Using the Virtual Media Command Line Interface Utility . . . . . . . . 290 . . . . . . . . . . . . 291 . . . . . . . . . . . . . . 292 . . . . . . . . . . . . . . . . 292 Installing the iVMCLI Utility . Command Line Options . iVMCLI Parameters . . . . . . . . . . . . iVMCLI Operating System Shell Options 19 Using iDRAC6 Configuration Utility . . . . . . . . . . . . . . . . . . Overview . 295 . . . . . . . . . . . . . . . 297 297 . . . . . . . . . . . . . . . . . . . . . . . .
Problem Solving Tools . . . . . . . . . . . . . . . . . Checking the System Health . . . . . . . . . . . . . . . . . 313 314 . . . . . 314 . . . . . . . . . . . . 315 Viewing the Last System Crash Screen. Viewing the Most Recent Boot Sequences . . . . . Checking the Server Status Screen for Error Messages . . . . . . . . . Viewing iDRAC6 Log . . . . . . . 316 . . . . . . . . . . . . . . . 324 Viewing System Information . . . . . . . . . . . . . . . . . . . .
racreset . . . . . . . . . . . . . . . . . . . . . . . . . 351 racresetcfg . . . . . . . . . . . . . . . . . . . . . . . . 352 serveraction . . . . . . . . . . . . . . . . . . . . . . . 352 . . . . . . . . . . . . . . . . . . . . . . . . 353 . . . . . . . . . . . . . . . . . . . . . . . . . 355 getsel . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 clrsel . . . . . . . . . . . . . . . . . . . . . . . . . . . 357 getraclog . clrraclog gettracelog . sslcsrgen . . . . . . . . . .
arp . . . . . . . . . . . . . . . . . . . . . . . . . . . coredump . . . . . . . . . . . . . . . . . . . . . . . . coredumpdelete 374 ifconfig . . . . . . . . . . . . . . . . . . . . . . . . . 375 netstat . . . . . . . . . . . . . . . . . . . . . . . . . 376 ping . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 ping6 . . . . . . . . . . . . . . . . . . . . . . . . . . 377 . . . . . . . . . . . . . . . . . . . . . . . . traceroute . . . . . . . . . . . . . . . . . . . . . . .
cfgOobSnmp . . . . . . . . . . . . . . . . . . . . . . . cfgOobSnmpAgentCommunity (Read/Write) . . . . . . . . . . . . . . . . . . . . 386 . . . . . . 386 . . . . . . . . . . . . . . . . . . . 387 cfgOobSnmpAgentEnable (Read/Write) cfgLanNetworking . 386 cfgNicIPv4Enable (Read/Write) . . . . . . . . . . cfgDNSDomainNameFromDHCP (Read/Write) . . . . . . . . . . . . . . . . . . . . 387 . . . . . . . . 388 . . . . . . . . . .
cfgIPv6Address2 (Read Only) . . . . . . . . . . . cfgIPv6DNSServersFromDHCP6 (Read/Write) . . . . . . . . . . . . . . . . . . . . . . . . . . . 397 cfgIPv6DNSServer2 (Read/Write) . . . . . . . . 397 cfgIPv6DNSServer2 (Read/Write) . . . . . . . . 398 . . . . . 398 cfgIPv6LinkLockPrefixLength (Read Only) . . . . . . . . . . . . . . . . . . . . 398 cfgTotalnumberofextended IP (Read/Write) . . . . . . . . . . . . . . . . . . . 398 . . . . . 399 . . . . . . . . 399 . . . . . . . . . .
cfgIPv6Address10 (Read Only) . . . . . . . . . . . . . . . . 404 . . . . . . . . . 404 . . . . . . . . . . 404 cfgIPv6Addr11PrefixLength (Read Only) . cfgIPv6Addr11Length (Read Only) cfgIPv6Address11 (Read Only) . . . . . . 405 . . . . . . . . . 405 . . . . . . . . . . 405 cfgIPv6Addr12PrefixLength (Read Only) . cfgIPv6Addr12Length (Read Only) cfgIPv6Address12 (Read Only) . . . . . . 405 . . . . . . . . . 406 . . . . . . . . . . 406 cfgIPv6Addr13PrefixLength (Read Only) .
cfgSessionManagement . . . . . . . . . . . . . . . . cfgSsnMgtConsRedirMaxSessions (Read/Write) . . . . . . . . . . . . cfgSsnMgtWebserverTimeout (Read/Write) . . . . . . . . . . . . . . . . 413 . . . . . . . . . . 413 . . . . 414 . . . . . 414 . . . . . . . . . . . . . . . . . . . . . . . . 415 cfgSsnMgtSshIdleTimeout (Read/Write) . cfgSsnMgtTelnetTimeout (Read/Write) . cfgSerial cfgSerialSshEnable (Read/Write). . . . . . . . . cfgSerialTelnetEnable (Read/Write) cfgRemoteHosts 416 . . . .
cfgServerPowerPeakPowerConsumption (Read Only) . . . . . . . . . . . . . . . . . . . . . 421 . . . . . . 421 . . . . . . . . 422 cfgServerPowerPeakPowerTimestamp (Read Only) . . . . . . . . . . . . . . . cfgServerPowerConsumptionClear (Write Only) . . . . . . . . . . . . . cfgServerPowerCapWatts (Read Only) . . . . . . 422 cfgServerPowerCapBtuhr (Read Only) . . . . . . . 422 . . . . . 423 . . . . . . . . . . . . . . . . . . . . . .
ifcRacManagedNodeOs . . . . . . . . . . . . . . . . . . . . . . . 431 . . . . . . . . 431 . . . . . . . . . . . . . . . . . . . . 432 ifcRacMnOsHostname (Read Only) . ifcRacMnOsOsName (Read Only) cfgRacSecurity . . . . . . 432 . . . . . . . . . . 432 cfgSecCsrCommonName (Read/Write). cfgSecCsrOrganizationName (Read/Write) . . . . . . . . . . . . . 432 . . . . . . 433 . . . . . . .
cfgIpmiPef . . . . . . . . . . . . . . . . . . . . . . . . 439 cfgIpmiPefName (Read Only) . . . . . . . . . . . . 439 cfgIpmiPefIndex (Read/Write) . . . . . . . . . . . 440 cfgIpmiPefAction (Read/Write) . . . . . . . . . . . 440 cfgIpmiPefEnable (Read/Write) . . . . . . . . . . 441 . . . . . . . . . . . . . . . . . . . . . . . . 441 cfgIpmiPet cfgIpmiPetIndex (Read Only) . . . . . . . . . . . . 441 . . . . . . . 442 . . . . . . . . . . . . . . . . . . . . . .
cfgIpmiSol . . . . . . . . . . . . . . . . . . . . . . . cfgIpmiSolEnable (Read/Write) . . . . . . . . . . cfgIpmiSolBaudRate (Read/Write) . . . . . . . . . . . . . . . . . 451 . . . . . 451 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 Glossary 28 450 450 cfgIpmiSolSendThreshold (Read/Write) Index 450 . . . . . . cfgIpmiSolMinPrivilege (Read/Write) cfgIpmiSolAccumulateInterval (Read/Write) . . . . . . . . . .
iDRAC6 Enterprise Overview The Integrated Dell™ Remote Access Controller (iDRAC6) Enterprise is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for Dell PowerEdge™ systems. iDRAC6 uses an integrated System-on-Chip microprocessor for the remote monitor/control system, and co-exists on the system board with the managed PowerEdge server.
NOTE: Dell recommends that you isolate or separate the chassis management network, used by iDRAC6 and CMC, from your production network(s). Mixing management and production or application network traffic may cause congestion or network saturation resulting in CMC and iDRAC6 communication delays. The delays may cause unpredictable chassis behavior such as CMC displays that iDRAC6 is offline even though it is operating properly. This could cause other unpredictable behavior.
• Session time-out configuration (in seconds) through the Web interface or SM-CLP • Configurable IP ports (where applicable) • Secure Shell (SSH), which uses an encrypted transport layer for higher security • Login failure limits per IP address, with login blocking from that IP address when the limit is exceeded • Configurable client IP address range for clients connecting to iDRAC6 iDRAC6 Enterprise and vFlash Media iDRAC6 Enterprise provides an SD slot for vFlash Media.
Table 1-1.
Table 1-1. iDRAC6 Feature List (continued) Feature iDRAC6 Enterprise vFlash Media Remote File Share Virtual Console Virtual Console Sharing vFlash Monitoring Sensor Monitoring and Alerting Real-time Power Monitoring Real-time Power Graphing Historical Power Counters Logging System Event Log (SEL) RAC Log Trace Log Remote Syslog = Supported; =Not Supported Supported Platforms For the latest supported platforms, see iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.
Supported Operating Systems For the latest information, see iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.dell.com/manuals and on the Dell Systems Management Tools and Documentation DVD that was shipped with your system. Supported Web Browsers For the latest information, see iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.dell.
Table 1-3. iDRAC6 Server Listening Ports Port Number Function 22* Secure Shell (SSH) 23* Telnet 80* HTTP 443* HTTPS 623 RMCP/RMCP+ 3668*, 3669* Virtual Media Service 3670*, 3671* Virtual Media Secure Service 5900* Console Redirection keyboard/mouse 5901* Console Redirection video 5988* Used for WSMAN * Configurable port Table 1-4.
• The Dell Systems Software Support Matrix provides information about the various Dell systems, the operating systems supported by these systems, and the Dell OpenManage™ components that can be installed on these systems. • The Dell OpenManage Installation and Security User's Guide provides complete information on installation procedures and step–by–step instructions for installing, upgrading, and uninstalling Server Administrator for each supported operating system.
The following system documents are also available to provide more information about the system in which iDRAC6 is installed: • The safety instructions that came with your system provide important safety and regulatory information. For additional regulatory information, see the Regulatory Compliance home page at www.dell.com/regulatory_compliance. Warranty information may be included within this document or as a separate document.
iDRAC6 Enterprise Overview
Configuring iDRAC6 Enterprise This section provides information about how to establish access to iDRAC6 and to configure your management environment to use iDRAC6.
The local RACADM CLI is available after you have installed the operating system and the Dell OpenManage software on the managed server. Table 2-1 describes these interfaces. For greater security, access to iDRAC6 configuration through iDRAC6 Configuration Utility or Local RACADM CLI can be disabled by means of a RACADM command (see "RACADM Subcommand Overview") or from the GUI (see "Enabling or Disabling Local Configuration Access").
Table 2-1. Configuration Interfaces (continued) Interface Description Chassis LCD Panel The LCD panel on the chassis containing iDRAC6 can be used to view the high-level status of the servers in the chassis. During initial configuration of the CMC, the configuration wizard allows you to enable DHCP configuration of iDRAC6 networking. Local and Remote RACADM The local RACADM command line interface runs on the managed server.
Table 2-1. Configuration Interfaces (continued) Interface Description SM-CLP SM-CLP is the Server Management Workgroup Server Management-Command Line Protocol (SM-CLP) implementation incorporated in iDRAC6. The SM-CLP command line is accessed by logging in to iDRAC6 using Telnet or SSH and typing smclp at the CLI prompt. SM-CLP commands implement a useful subset of the local RACADM commands. The commands are useful for scripting since they can be executed from a management station command line.
Configuration Tasks This section is an overview of the configuration tasks for the management station, iDRAC6, and the managed server. The tasks to be performed include configuring iDRAC6 so that it can be used remotely, configuring iDRAC6 features you want to use, installing the operating system on the managed server, and installing management software on your management station and the managed server. The configuration tasks that can be used to perform each task are listed beneath the task.
• Chassis LCD Panel — See the Dell Chassis Management Controller Firmware User Guide • iDRAC6 Configuration Utility — See "Using iDRAC6 Configuration Utility" • CMC Web interface — See "Configuring Networking Using the CMC Web Interface" • Remote and local RACADM — See "cfgLanNetworking" Configure iDRAC6 Users Set up the local iDRAC6 users and permissions. iDRAC6 holds a table of sixteen local users in firmware. You can set usernames, passwords, and roles for these users.
• RACADM — See "Configuring IP Filtering (IP Range)" and "Configuring IP Blocking" Configure Platform Events Platform events occur when iDRAC6 detects a warning or critical condition from one of the managed server’s sensors. Configure Platform Event Filters (PEF) to choose the events you want to detect, such as rebooting the managed server, when an event is detected.
Configure Secure Sockets Layer (SSL) Configure SSL for iDRAC6 Web server. • iDRAC6 Web interface — See "Secure Sockets Layer (SSL)" • RACADM — See "cfgRacSecurity," "sslcsrgen," "sslcertupload," "sslcertdownload," and "sslcertview" Configure Virtual Media Configure the virtual media feature so that you can install the operating system on the PowerEdge server.
Configuring Networking Using the CMC Web Interface NOTE: You must have Chassis Configuration Administrator privilege to set up iDRAC6 network settings from the CMC. NOTE: The default CMC user is root and the default password is calvin. NOTE: The CMC IP address can be found in iDRAC6 Web interface by clicking System→Remote Access→CMC. You can also launch the CMC Web interface from this screen.
Single Sign-On Using the single sign-on feature, you can launch iDRAC6 Web interface from the CMC without having to log in a second time. Single sign-on policies are described below. • CMC user who has Server Administrator set under User Privileges will automatically be logged in to iDRAC6 Web interface using single sign-on. After logging in, the user is automatically granted iDRAC6 Administrator privileges.
Configuring Networking for iDRAC6 1 Click System→Remote Access→iDRAC6. 2 Click the Network/Security tab: To enable or disable Serial Over LAN: a Click Serial Over LAN. The Serial Over LAN screen appears. b Select the Enable Serial Over LAN check box. You may also change the Baud Rate and Channel Privilege Level Limit settings. c Click Apply. To enable or disable IPMI Over LAN: a Click Network. The Network screen appears. b Click IPMI Settings. c Select the Enable IPMI Over LAN check box.
Viewing FlexAddress Mezzanine Card Fabric Connections The M1000e includes FlexAddress, an advanced multilevel, multistandard networking system. FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/MAC) for each managed server port connection. NOTE: In order to avoid errors that may lead to an inability to power on the managed server, you must have the correct type of mezzanine card installed for each port and fabric connection.
FlexAddress MAC for iDRAC6 The FlexAddress feature replaces the server assigned MAC addresses with chassis assigned MAC addresses and is now implemented for iDRAC6 along with blade LOMs, mezzanine cards and I/O modules. iDRAC6 FlexAddress feature supports preservation of slot specific MAC address for iDRAC6s in a chassis. The chassis–assigned MAC address is stored in the CMC non–volatile memory and is sent to iDRAC6 during iDRAC6 boot or if you change the settings in the CMC FlexAddress page.
See the Dell Chassis Management Controller Administrator Reference Guide for more information on CMC RACADM subcommands. Remote Syslog iDRAC6 Remote Syslog feature allows you to remotely write the RAC log and the System Event Log (SEL) to an external syslog server. You can read all logs from the entire server farm from a central log. The Remote Syslog protocol does not need any user authentication.
NOTE: The severity levels defined by the Remote Syslog protocol differ from the standard IPMI System Event Log (SEL) severity levels. Hence all iDRAC6 Remote Syslog entries are reported in the syslog server with severity level as Notice.
A filename that is ending with extension IMG is redirected as a Virtual Floppy and a filename ending with extension ISO is redirected as a Virtual CDROM. Remote file share supports only .IMG and .ISO image file formats. Remote file sharing can be enabled through the remote Web interface: 1 Open a supported Web browser window. 2 Log in to iDRAC6 Web interface. 3 Select System→Remote File Share tab. The Remote File Share screen is displayed. Table 2-3 lists the remote file share settings. Table 2-3.
–s ; display current status CAUTION: All characters including alphanumeric and special characters are allowed as part of username, password, and image_location except the following characters: ’ (single quote), ”(double quote), ,(comma), < (less than), and > (greater than). When using remote file share, the characters listed above are not allowed as part of the user name, password, and image_location. NOTE: The remoteimage RACADM command is not available in OpenManage™ version 6.1 local RACADM.
Executing the Firmware Update NOTE: When iDRAC6 firmware update begins, all existing iDRAC6 sessions are disconnected and new sessions are not permitted until the update process is completed. NOTE: The chassis fans run at 100% during iDRAC6 firmware update. When the update is complete, normal fan speed regulation resumes. This is normal behavior, designed to protect the server from overheating during a time when it cannot send sensor information to the CMC.
Verifying the Digital Signature for Linux DUPs A digital signature is used to authenticate the identity of the signer of a file and to certify that the original content of the file has not been modified since it was signed. If you do not already have it installed on your system, you must install the Gnu Privacy Guard (GPG) to verify a digital signature. To use the standard verification procedure, perform the following steps: 1 Download the Dell Linux public GnuPG key by navigating to lists.us.dell.
at passports, checking fingerprints from different sources, etc.) 1 2 3 4 5 m = = = = = = I don't know or won't say I do NOT trust I trust marginally I trust fully I trust ultimately back to the main menu Your decision? d Enter 5, then press . The following prompt appears: Do you really want to set this key to ultimate trust? (y/N) e Enter y to confirm your choice. f Enter quit to exit the GPG key editor. You must import and validate the public key only once.
The following example illustrates the steps that you should follow to verify a Dell PowerEdge™ M610 iDRAC6 Update Package: 1 Download the following two files from support.dell.com: • IDRAC_FRMW_LX_2.0.BIN.sign • IDRAC_FRMW_LX_2.0.BIN 2 Import the public key by running the following command line: gpg --import The following output message appears: gpg: key 23B66A9D: "Dell Computer Corporation (Linux Systems Group)
The following output message appears: gpg: Signature made Fri Jul 11 15:03:47 2008 CDT using DSA key ID 23B66A9D gpg: Good signature from "Dell, Inc. (Product Group) " NOTE: If you have not validated the key as shown in step 3, you will receive additional messages: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
The default firmware image name is firmimg.imc. 5 Click Upload. The file uploads to iDRAC6. This may take several minutes to complete. NOTE: During the upload process, you abort the firmware upgrade process by clicking Cancel. Clicking Cancel resets iDRAC6 to normal operating mode. When the upload is complete, the Firmware Update - Validation (page 2 of 4) screen displays.
For example: C:\downloads\firmimg.imc 2 Run the following RACADM command: For example: racadm -r -u -p fwupdate -g -u -a where path is the location on the TFTP server where the firmimg.imc is stored. NOTE: The fwupdate local RACADM command is not available in OpenManage™ version 6.1 local RACADM. Using the DOS Update Utility To update iDRAC6 firmware using the DOS update utility, boot the managed server to DOS, and execute the idrac16d command.
Clear Your Browser’s Cache To use the latest iDRAC6 features, clear the browser’s cache to remove/delete any old Web pages that may be stored on the system. Updating the USC Repair Package See the Dell Lifecycle Controller User Guide for information on updating the USC repair package from iDRAC6 Web interface.
4 Toggle LAN Alert Enabled to On using the spacebar. 5 Enter the IP address of your Management Station into Alert Destination 1. 6 Enter a name string into iDRAC6 Name with a consistent naming convention across your data center. The default is iDRAC6-{Service Tag}. Exit iDRAC6 Configuration Utility by pressing , , and then pressing to save your changes. Your server will now boot into normal operation, and it will be discovered during IT Assistant's next scheduled Discovery pass.
The Platform Events screen appears, displaying a list of events for which you can configure iDRAC6 to generate email alerts. 12 Enable email alerts for one or more events by selecting the check box in the Generate Alert column. 13 Click Apply if you made any changes on this screen. 14 Click Trap Settings. The Trap Settings screen appears.
Using IT Assistant to View iDRAC6 Status and Events After discovery is complete, iDRAC6 devices appear in the Servers category of the ITA Devices detail screen, and iDRAC6 information can be seen by clicking on iDRAC6 name. This is different than DRAC5 systems, where the management card shows up in the RAC group. This is due to the fact that iDRAC6 uses IPMI discovery as opposed to SNMP. iDRAC6 error and warning traps can now be seen in the primary Alert Log of IT Assistant.
Configuring the Management Station A management station is a computer used to monitor and manage the PowerEdge™ servers and other modules in the chassis. This section describes software installation and configuration tasks that set up a management station to work with iDRAC6 Enterprise. Before you begin configuring iDRAC6, follow the procedures in this section to ensure that you have installed and configured the tools you will need.
Using iDRAC6 console redirection feature (see "Configuring and Using Serial Over LAN"), you can access the managed server’s console even if you do not have network access to the server’s ports. You can also perform several management functions on the managed server, such as rebooting the computer and using iDRAC6 facilities. To access network and application services hosted on the managed server, however, you may need an additional NIC in the managed server.
5 Select Medium-Low from the drop-down menu and click Reset. Click OK to confirm. You will need to re-enter the Custom Level dialog by clicking its button.
• Allow paste operations via script: Enable • Scripting of Java applets: Enable 7 Select Tools→Internet Options→Advanced.
• Use SSL 3.0: checked • Use TLS 1.0: checked • Warn about invalid site certificates: checked • Warn if changing between secure and not secure mode: checked • Warn if forms submittal is being redirected: checked NOTE: If you choose to alter any of the above settings, Dell recommends that you learn and understand the consequences of doing so. For example, if you choose to block pop-ups, portions of iDRAC6 Web interface will not function properly. 9 Click Apply, then OK.
• Simplified Chinese (zh-cn) The ISO identifiers in parentheses denote the specific language variants which are supported. Use of the interface with other dialects or languages is not supported and may not function as intended. For some supported languages, resizing the browser window to 1024 pixels wide may be necessary in order to view all features. iDRAC6 Web interface is designed to work with localized keyboards for the specific language variants listed above.
LC_MEASUREMENT="zh_CN.UTF-8" LC_IDENTIFICATION="zh_CN.UTF-8" LC_ALL= 3 If the values include zh_CN.UTF-8, no changes are required. If the values do not include zh_CN.UTF-8, go to step 4. 4 Edit the /etc/sysconfig/i18n file with a text editor. 5 In the file, apply the following changes: Current entry: LANG="zh_CN.GB18030" SUPPORTED="zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" Updated entry: LANG="zh_CN.UTF-8" SUPPORTED="zh_CN.UTF8:zh_CN.GB18030:zh_CH.
4 In the Preferences Name column, locate xpinstall.enabled. Ensure that Value is true. If not, double-click xpinstall.enabled to set Value to true. Installing iDRAC6 Software on the Management Station Your system includes the Dell Systems Management Tools and Documentation DVD.
For help with the RACADM command, type racadm help after issuing the previous commands. Uninstalling RACADM To uninstall RACADM, open a command prompt and type: rpm -e where is the rpm package that was used to install iDRAC6 software.
Types tab, highlight .jnlp under Registered file types, and then click Change. For Linux (javaws), start Firefox, and click Edit→Preferences→Downloads, and then click View and Edit Actions. For Linux, once you have installed either JRE or JDK, add a path to the Java bin directory to the front of your system PATH. For example, if Java is installed in /usr/java, add the following line to your local .
Configuring the Backspace Key For Telnet Sessions Depending on the Telnet client, using the key may produce unexpected results. For example, the session may echo ^h. However, most Microsoft and Linux Telnet clients can be configured to use the key. To configure Microsoft Telnet clients to use the key, perform the following steps: 1 Open a command prompt window (if required).
NOTE: OpenSSH should be run from a VT100 or ANSI terminal emulator on Windows. Running OpenSSH at the Windows command prompt does not result in full functionality (that is, some keys do not respond and no graphics are displayed). iDRAC6 supports up to 4 Telnet sessions and 4 SSH sessions simultaneously. However, only one of those 8 potential sessions may use SM-CLP. That is, iDRAC6 supports only one SM-CLP session at a time.
Installing a TFTP Server NOTE: If you use only iDRAC6 Web interface to transfer SSL certificates and upload new iDRAC6 firmware, no TFTP server is required. Trivial File Transfer Protocol (TFTP) is a simplified form of the File Transfer Protocol (FTP). It is used with the SM-CLP and RACADM command line interfaces to transfer files to and from iDRAC6. The only times when you need to copy files to or from iDRAC6 are when you update iDRAC6 firmware or install certificates on iDRAC6.
Installing Dell Management Console Dell Management Console (DMC) is the next generation one-to-many systems management application that provides similar functionality as the Dell OpenManage IT Assistant and also provides enhanced discovery, inventory, monitoring, and reporting features. It is a Web–based GUI, which is installed on a management station in a networked environment. You can install DMC from the Dell Management Console DVD or download and install it from the Dell website at www.dell.
Configuring the Managed Server This section describes tasks to set up the managed server to enhance your remote management capabilities. These tasks include installing the Dell Open Manage Server Administrator software and configuring the managed server to capture the last crash screen. Installing the Software on the Managed Server The Dell management software includes the following features: • RACADM CLI — Allows you to configure and administer iDRAC6.
Configuring the Managed Server to Capture the Last Crash Screen iDRAC6 can capture the last crash screen so that you can view it in the Web interface to help troubleshoot the cause of the managed server crash. Follow these steps to enable the last crash screen feature. 1 Install the managed server software. For more information about installing the managed server software, see the Dell OpenManage Server Administrator User’s Guide.
Disabling the Windows Automatic Reboot Option To ensure that iDRAC6 can capture the last crash screen, disable the Automatic Reboot option on managed servers running Windows Server or Windows Vista®. 1 Open the Windows Control Panel and double-click the System icon. 2 Click the Advanced tab. 3 Under Startup and Recovery, click Settings. 4 Deselect the Automatically Reboot check box. 5 Click OK twice.
Configuring the Managed Server
Configuring iDRAC6 Enterprise Using the Web Interface iDRAC6 provides a Web interface that enables you to configure iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. You would typically use the Web interface to perform your daily system management tasks. This chapter provides information about how to perform common systems management tasks with iDRAC6 Web interface and provides links to related information.
Accessing the Web Interface To access iDRAC6 Web interface, perform the following steps: 1 Open a supported Web browser window. 2 In the Address field, enter https:// and press . If the default HTTPS port number (port 443) has been changed, enter: https://: where iDRAC6-IP-address is the IP address for iDRAC6 and port-number is the HTTPS port number. iDRAC6 Log in window appears.
Logging Out 1 In the upper-right corner of the main window, click Log out to close the session. 2 Close the browser window. NOTE: The Log out button does not appear until you log in. NOTE: Closing the browser without gracefully logging out may cause the session to remain active until the session timeout is reached. Dell recommends that you click the Log out button to end a session.
Table 5-1. User Privilege Behavior in Supported Browsers Browser Tab Behavior Window Behavior Microsoft Internet Explorer 6 Not applicable New session Microsoft IE7 and IE8 From latest session opened New session Firefox 2 and Firefox 3 From latest session opened From latest session opened Configuring iDRAC6 NIC This section assumes that iDRAC6 has already been configured and is accessible on the network. See "Configure iDRAC6 Networking" for help with the initial iDRAC6 network configuration.
Table 5-2. Network Settings (continued) Setting Description MAC Address Displays the Media Access Control (MAC) address that uniquely identifies each node in a network. The MAC address cannot be changed. Enable NIC When checked, indicates that the NIC is enabled and activates the remaining controls in this group. When a NIC is disabled, all communication to and from iDRAC6 through the network is blocked. The default is Unchecked.
Table 5-2. Network Settings (continued) Setting Description Use DHCP to obtain DNS server addresses Select the DHCP Enable option to obtain DNS server addresses by selecting the Use DHCP to obtain DNS server addresses checkbox. When not using DHCP to obtain the DNS server addresses, provide the IP addresses in the Preferred DNS Server and Alternate DNS Server fields. Preferred DNS Server Allows you to enter or edit a static IP address for the preferred DNS server.
Table 5-2. Network Settings (continued) Setting Description Gateway Configures the static IPv6 gateway for the iDRAC6 NIC. To change this setting, you must first disable Autoconfiguration Enable by deselecting the associated checkbox. Use DHCPv6 to Enable DHCP to obtain IPv6 DNS server addresses by selecting obtain DNS Server the Use DHCPv6 to obtain DNS Server addresses checkbox.
Table 5-4. VLAN Settings Button Description Enable VLAN ID Yes—Enabled. No—Disabled. If enabled, only matched Virtual LAN (VLAN) ID traffic is accepted. NOTE: The VLAN settings can only be configured through the CMC Web Interface. iDRAC6 only displays the current enablement status; you can not modify the settings on this screen. VLAN ID VLAN ID field of 802.1g fields. Displays a value from 1 to 4094 except 4001 to 4020. Priority Priority field of 802.1g fields.
The Network Security screen appears. 4 Configure IP filtering and blocking settings as needed. See Table 5-6 for descriptions of the IP filtering and blocking settings. 5 Click Apply. 6 Click the appropriate button to continue. See Table 5-7. Table 5-6. IP Filtering and Blocking Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a range of IP addresses that can access iDRAC6. The default is Disabled.
Table 5-7. Network Security Buttons (continued) Button Description Apply Saves any new settings that you made to the Network Security screen. Go Back to Returns to the Network screen. Network Configuration Page Configuring Platform Events Platform event configuration provides a mechanism for configuring iDRAC6 to perform selected actions on certain event messages.
If the same platform event filter is also configured to perform an action (such as rebooting the system), the action is performed. Configuring Platform Event Filters (PEF) NOTE: Configure platform event filters before you configure the platform event traps or e-mail alert settings. 1 Log in to iDRAC6 Web interface. 2 Click System, and then click the Alert Management tab. The Platform Events screen appears. 3 Select the Generate Alert option beside each event for which you want an alert to be generated.
b Enter an IP address in the appropriate IPv4 or IPv6 Destination IP Address box. NOTE: The destination community string must be the same as iDRAC6 community string. c Click Apply. NOTE: To successfully send a trap, configure the Community String value. The Community String value indicates the community string to use in a Simple Network Management Protocol (SNMP) alert trap sent from iDRAC6. SNMP alert traps are transmitted by iDRAC6 when a platform event occurs.
e To add an additional email alert destination, repeat step a through step d. You may specify up to four email alert destinations. Configuring IPMI Over LAN 1 Log in to iDRAC6 Web interface. 2 Configure IPMI over LAN: a Click System→Remote Access→iDRAC6, and then click the Network/Security tab. The Network screen appears. b Click IPMI Settings. c Select the Enable IPMI Over LAN check box.
NOTE: To redirect the serial console over the LAN, ensure that the SOL Baud Rate is identical to your managed server’s baud rate. e Click Apply. f Configure IP filtering and blocking settings as needed in the Advanced Settings page. Adding and Configuring iDRAC6 Users To manage your system with iDRAC6 and maintain system security, create unique users with specific administrative permissions (or role-based authority).
Table 5-9. General Properties Property Description User ID Contains one of 16 preset User ID numbers. This field cannot be edited. Enable User When Checked, indicates that the user’s access to iDRAC6 is enabled. When Unchecked, user access is disabled. User Name Specifies an iDRAC6 user name with up to 16 characters. Each user must have a unique user name. NOTE: User names on iDRAC6 cannot include the / (forward slash) or . (period) characters and are case sensitive.
Table 5-11. Other Privilege Property Description iDRAC6 Group Specifies the user’s maximum iDRAC6 user privilege as one of the following: Administrator, Power User, Guest User, Custom, or None. See Table 5-12 for iDRAC6 Group permissions. Login to iDRAC6 Enables the user to log in to iDRAC6. Configure iDRAC6 Enables the user to configure iDRAC6. Configure Users Enables the user to allow specific users to access the system. Clear Logs Enables the user to clear iDRAC6 logs.
Table 5-12. iDRAC6 Group Permissions (continued) User Group Permissions Granted Custom Selects any combination of the following permissions: Login to iDRAC6, Configure iDRAC6, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands None No assigned permissions Table 5-13. User Configuration Buttons Button Action Print Prints the User Configuration values that appear on the screen.
Secure Sockets Layer (SSL) iDRAC6 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. Built upon public-key and private-key encryption technology, SSL is a widely accepted technology for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.
After the CA approves the CSR and sends the certificate, upload the certificate to iDRAC6 firmware. The CSR information stored on iDRAC6 firmware must match the information contained in the certificate, that is, the certificate must have been generated in response to the CSR created by iDRAC6. Accessing the SSL Main Menu 1 Click System→Remote Access→iDRAC6→Network/Security tab. 2 Click SSL to open the SSL screen. Table 5-14 describes the options available when generating a CSR.
Generating a New Certificate Signing Request NOTE: Each new CSR overwrites any previous CSR data stored in the firmware. The CSR in the firmware must match the certificate returned from the CA. Otherwise, iDRAC6 will not accept the certificate. 1 On the SSL screen, select Generate a New Certificate Signing Request (CSR) and click Next. 2 On the Generate Certificate Signing Request (CSR) screen, enter a value for each CSR attribute.
Table 5-16. Generate Certificate Signing Request (CSR) Options (continued) Field Description Country Code The name of the country where the entity applying for certification is located. Email The e-mail address associated with the CSR. Enter the company’s e-mail address, or any e-mail address associated with the CSR. This field is optional. Key Size The size of the Certificate Signing Request (CSR) Key to be generated. The size may be 1024 KB or 2048 KB. Table 5-17.
Table 5-18. Certificate Upload Buttons Button Description Print Prints the values that appear on the Certificate Upload screen Refresh Reloads the Certificate Upload screen Apply Applies the certificate to iDRAC6 firmware Go Back to SSL Main Returns the user to the SSL Main Menu screen Menu Viewing a Server Certificate 1 On the SSL screen, select View Server Certificate and click Next. Table 5-19 describes the fields and associated descriptions listed in the View Server Certificate window.
Configuring and Managing Active Directory Certificates NOTE: You must have Configure iDRAC permission to configure Active Directory and upload, download, and view an Active Directory certificate. NOTE: For more information about Active Directory configuration and how to configure Active Directory with the standard schema or an extended schema, see "Using iDRAC6 With Microsoft Active Directory.
Table 5-22. Active Directory Buttons Button Definition Print Prints the Active Directory values that appear on the screen. Refresh Reloads the Active Directory screen. Configuring Active Directory (Standard Schema and Extended Schema) 1 On the Active Directory screen, click Configure Active Directory. 2 On the Step 1 of 4 Active Directory screen, you can either enable certificate validation, upload the Active Directory CA certificate in iDRAC6, or view the current Active Directory CA certificate.
Table 5-23. Active Directory Configuration Settings (continued) Setting Description Current Active Directory CA Certificate Displays the Active Directory CA Certificate that was uploaded to iDRAC6. Step 2 of 4 Active Directory Configuration and Management Active Directory Enabled Select this option if you want to enable Active Directory. Enable Smart–Card Login Select this option to enable Smart Card login. You are prompted for a Smart Card logon during any subsequent logon attempts using the GUI.
Table 5-23. Active Directory Configuration Settings (continued) Setting Description Timeout Enter the maximum time (in seconds) to wait for Active Directory queries to complete. Domain Controller Server Address1–3 Enter the IP address or the fully qualified domain name (FQDN) of the Domain Controllers. NOTE: Configuration of at least one of the 3 Domain Controller addresses is required. iDRAC6 attempts to connect to each of the configured addresses in order until a successful connection is made.
Table 5-23. Active Directory Configuration Settings (continued) Setting Description Standard Schema Settings Select this option if you want to use Standard Schema with Active Directory. Click Next to display the Step 4a of 4 Active Directory Configuration and Management page. Global Catalog Server Address 1-3: Enter the fully qualified domain name (FQDN) or the IP address of the Global Catalog server(s). At least one of the 3 addresses is required to be configured.
Table 5-24. Role Group Privileges (continued) Setting Description Configure iDRAC Allows the group permission to configure iDRAC6. Configure Users Allows the group permission to configure users. Clear Logs Allows the group permission to clear logs. Execute Server Control Commands Allows the group permission to execute server control commands. Access Console Redirection Allows the group access to Console Redirection. Access Virtual Media Allows the group access to Virtual Media.
Table 5-25. Role Group Permissions (continued) Property Description None No assigned permissions Viewing an Active Directory CA Certificate On the Active Directory summary page, click Configure Active Directory and then click Next. The Current Active Directory CA Certificate section is displayed. See Table 5-26. Table 5-26. Active Directory CA Certificate Information Field Description Serial Number Certificate serial number. Subject Information Certificate attributes entered by the subject.
Configuring iDRAC6 Services NOTE: To modify these settings, you must have Configure iDRAC6 permission. NOTE: When you apply changes to services, the changes take effect immediately. Existing connections may be terminated without warning. NOTE: There is a known issue with the Telnet client supplied with Microsoft Windows. Use another Telnet client such as HyperTerminal or PuTTY. 1 Click System→Remote Access→iDRAC6, and then click the Network/Security tab.
Table 5-27. Web Server Settings (continued) Setting Description HTTP Port Number The port on which iDRAC6 listens for a browser connection. The default is 80. HTTPS Port Number The port on which iDRAC6 listens for a secure browser connection. The default is 443. Table 5-28. SSH Settings Setting Description Enabled Enables or disables SSH. When Checked, the checkbox indicates that SSH is enabled. Max Sessions The maximum number of simultaneous SSH sessions allowed for this system.
Table 5-29. Telnet Settings (continued) Setting Description Timeout The Telnet idle timeout, in seconds. Timeout range is 60 to 10800 seconds. Enter 0 seconds to disable the Timeout feature. The default is 1800. Port Number The port on which iDRAC6 listens for a Telnet connection. The default is 23. Table 5-30. SNMP Agent Setting Description Enabled Enables or disables email alerts. SNMP Community Name The name of the community that contains the IP address for the SNMP Alert destination.
NOTE: To update the firmware, iDRAC6 must be placed in an update mode. Once in this mode, iDRAC6 will automatically reset, even if you cancel the update process. 3 In the Firmware Update - Upload (page 1 of 4) window, click Browse and select the firmware image. For example: C:\Updates\V2.1\. The default firmware image name is firmimg.imc. 4 Click Upload. The file will be uploaded to iDRAC6. This may take several minutes to complete.
Updating iDRAC6 Firmware Using the CMC Typically, iDRAC6 firmware is updated using iDRAC6 utilities, such as iDRAC6 Web interface or operating system specific update packages downloaded from support.dell.com. You can use the CMC Web interface or CMC RACADM to update iDRAC6 firmware. This feature is available both when iDRAC6 firmware is in Normal mode, as well as when it is corrupted. NOTE: See the Chassis Management Controller Firmware User Guide for instructions for using the CMC Web interface.
3 Click Next to start the firmware rollback process. On the Rollback (Step 3 of 3) page, you see the status of the rollback operation. On successful completion, it shows that the process completed successfully. If the firmware rollback is successful, iDRAC6 will reset automatically. To continue working with iDRAC6 through the web interface, close the current browser and reconnect to iDRAC6 using a new browser window. An appropriate error message is displayed if an error occurs.
Configuring iDRAC6 Enterprise Using the Web Interface
Using iDRAC6 With Microsoft Active Directory A directory service maintains a common database of all information needed for controlling users, computers, printers, etc. on a network. If your company already uses the Microsoft® Active Directory® service software, you can configure the software to provide access to iDRAC6, allowing you to add and control iDRAC6 user privileges to your existing users in your Active Directory software.
Prerequisites for Enabling Active Directory Authentication for iDRAC6 To use the Active Directory authentication feature of iDRAC6, you must have already deployed an Active Directory infrastructure. See the Microsoft website for information on how to set up an Active Directory infrastructure, if you don't already have one.
Extended Schema Active Directory Overview Using the extended schema solution requires the Active Directory schema extension, as described in the following section. Extending the Active Directory Schema Important: The schema extension for this product is different from the previous generations of Dell Remote Management products. You must extend the new schema and install the new Active Directory Users and Computers Microsoft Management Console (MMC) Snap-in on your directory.
Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for our attributes and classes that are added into the directory service. • Dell extension is: dell • Dell base OID is: 1.2.840.113556.1.8000.
Figure 6-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization. Figure 6-1. Typical Setup for Active Directory Objects iDRAC Association Object User(s) Group(s) Privilege Object iDRAC Device Object(s) You can create as many or as few association objects as required.
Users, user groups, or nested user groups from any domain can be added into the Association Object. Extended Schema solutions support any user group type and any user group nesting across multiple domains allowed by Microsoft Active Directory. Accumulating Privileges Using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects.
For example, Priv1 has these privileges: Login, Virtual Media, and Clear Logs and Priv2 has these privileges: Login to iDRAC, Configure iDRAC, and Test Alerts. As a result, User1 now has the privilege set: Login to iDRAC, Virtual Media, Clear Logs, Configure iDRAC, and Test Alerts, which is the combined privilege set of Priv1 and Priv2.
• LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema.
Table 6-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.1 delliDRACAssociation 1.2.840.113556.1.8000.1280.1.7.1.2 dellRAC4Privileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 6-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.7.1.
Table 6-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines the privileges (Authorization Rights) for iDRAC6 Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.2 List of dellRacDevice and DelliDRACDevice Objects that belong to this role.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsVirtualMediaUser 1.2.840.113556.1.8000.1280.1.1.2.9 TRUE TRUE if the user has Virtual Media rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsTestAlertUser 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE if the user has Test Alert User rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.
Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC6 devices, Users and User Groups, iDRAC6 Associations, and iDRAC6 Privileges.
3 Click Add/Remove Snap-in. 4 Select the Active Directory Users and Computers Snap-in and click Add. 5 Click Close and click OK. Adding iDRAC6 Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC6 users and privileges by creating iDRAC6, Association, and Privilege objects.
6 Right-click the privilege object that you created, and select Properties. 7 Click the Remote Management Privileges tab and select the privileges that you want the user or group to have (see Table 5-11). Creating an Association Object NOTE: iDRAC6 Association Object is derived from Group and its scope is set to Domain Local. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→Dell Remote Management Object Advanced. This opens the New Object window. 3 Enter a name for the new object.
Adding iDRAC6 Devices or iDRAC6 Device Groups To add iDRAC6 devices or iDRAC6 device groups: 1 Select the Products tab and click Add. 2 Enter iDRAC6 devices or iDRAC6 device group name and click OK. 3 In the Properties window, click Apply and click OK. Click the Products tab to add one iDRAC6 device connected to the network that is available for the defined users or user groups. You can add multiple iDRAC6 devices to an Association Object.
8 Click Next. The Step 2 of 4 Active Directory Configuration and Management screen appears. 9 Select the Active Directory Enabled check box. NOTE: In this release, the Smart Card based Two Factor Authentication (TFA) and the single sign-on (SSO) features are not supported if the Active directory is configured for Extended Schema. 10 Click Add to enter the User Domain Name. Enter the domain name in the text field, and then click OK. Note that this step is optional.
The main Active Directory Configuration and Management summary page appears. Next, test the Active Directory settings you just configured. 18 Scroll to the bottom of the screen and click Test Settings. The Test Active Directory Settings screen appears. 19 Enter your iDRAC6 user name and password, and then click Start Test. The test results and the test log displays. For additional information, see "Testing Your Configurations.
racadm config -g cfgActiveDirectory -o cfgADDomainController3 NOTE: You must configure at least one of the three addresses. iDRAC6 attempts to connect to each of the configured addresses one-by-one until a successful connection is made. With Extended Schema, these are the FQDN or IP addresses of the domain controllers where this iDRAC6 device is located. Global catalog servers are not used in extended schema mode at all.
racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 4 If you want to configure a list of user domains so that you only need to enter the user name during log in to iDRAC6 Web interface, enter the following command: racadm config -g cfgUserDomain -o cfgUserDomainName -i You can configure up to 40 user domains with index numbers betw
Figure 6-3. Configuration of iDRAC6 with Microsoft Active Directory and Standard Schema Configuration on Active Directory Side Role Group Configuration on iDRAC6 Side Role Group Name and Domain Name Role Definition User On the Active Directory side, a standard group object is used as a role group. A user who has iDRAC6 access will be a member of the role group. To give this user access to a specific iDRAC6 card, the role group name and its domain name need to be configured on the specific iDRAC6 card.
Table 6-9.
Configuring Standard Schema Active Directory to Access iDRAC6 You must perform the following steps to configure Active Directory before an Active Directory user can access iDRAC6: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2 Create a group or select an existing group.
The Step 2 of 4 Active Directory Configuration and Management screen appears. 9 Select the Active Directory Enabled check box. 10 Select Enable Smart–Card Login to enable Smart–Card login. You are prompted for a Smart–Card logon during any subsequent logon attempts using the GUI. 11 Select Enable Single Sign-on if you want to log into iDRAC6 without entering your domain user authentication credentials, such as user name and password. 12 Click Add to enter the User Domain Name.
NOTE: The Global Catalog server is only required for standard schema when the user accounts and role groups are in different domains. And, in this multiple domain case, only the Universal Group can be used. If you use iDRAC6 Web GUI to configure Active Directory, you need to enter a Global Address even though the user and group are in the same domain. 19 Click a Role Group button to add a role group. The Step 4b of 4 Configure Role Group screen appears. 20 Enter the Group Name.
NOTE: You must have a DNS server configured properly on iDRAC6 to support Active Directory log in. Navigate to the Network screen (click System→Remote Access→iDRAC6, and then click the Network/Security→Network tab) to configure DNS server(s) manually or use DHCP to get DNS server(s). You have completed the Active Directory configuration with Standard Schema.
NOTE: Enter the FQDN of the domain controller, not the FQDN of the domain. For example, enter servername.dell.com instead of dell.com. NOTE: At least one of the 3 addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one-by-one until a successful connection is made. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located.
racadm sslcertupload -t 0x2 -f Using the following RACADM command may be optional. See "Importing iDRAC6 Firmware SSL Certificate" for additional information.
After you finish configuring settings in iDRAC6 Web interface, click Test Settings at the bottom of the screen. You will be required to enter a test user's name (for example, username@domain.com) and password to run the test. Depending on your configuration, it may take some time for all of the test steps to complete and display the results of each step. A detailed test log will display at the bottom of the results screen.
NOTE: If you are using a standalone CA, the following steps may vary. 1 Locate the domain controller that is running the Microsoft Enterprise CA service. 2 Click Start→Run. 3 In the Run field, enter mmc and click OK. 4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in. 5 In the Add/Remove Snap-In window, click Add. 6 In the Standalone Snap-In window, select Certificates and click Add. 7 Select Computer account and click Next.
Use the following procedure to import iDRAC6 firmware SSL certificate to all domain controller trusted certificate lists. NOTE: If your system is running Windows 2000, the following steps may vary. NOTE: If iDRAC6 firmware SSL certificate is signed by a well-known CA and the certificate of that CA is already in the domain controller's Trusted Root Certificate Authority list, you are not required to perform the steps in this section.
The login syntax is the same for all three methods: or \ or / where username is an ASCII string of 1–256 bytes. White space and special characters (such as \, /, or @) cannot be used in the user name or the domain name. NOTE: You cannot specify NetBIOS domain names, such as Americas, because these names cannot be resolved.
5 Scroll to the bottom of the screen and click Configure Active Directory. The Step 1 of 4 Active Directory Configuration and Management screen appears. 6 To validate the SSL certificate of your Active Directory servers, select the Certificate Validation Enabled check box under Certificate Settings. If you don’t want to validate the SSL certificate of your Active Directory servers, take no action, and skip to step 8.
13 On 4a of 4 Active Directory page, enter the IP Address of the Global Catalog Server. Add the Role Group information that your valid Active Directory user is a member of by selecting one of the Role Groups (Step 4B of 4). Enter the Role Group name, the Group Domain, and the Role Group Privileges level. Select OK and then Finish. After selecting Done, scroll back to the bottom of the Active Directory page and select Kerberos Keytab Upload. 14 Upload a valid Kerberos Keytab file.
the User is a member of that Group. Now if I try to log in to iDRAC6 using the User present in the child domain, Active Directory Single Sign-On login fails. This may be because of the wrong Group type. There are two kinds of Group types in the Active Directory server: • Security—Security groups allow you to manage user and computer access to shared resources and to filter Group Policy settings • Distribution—Distribution groups are intended to be used only as e–mail distribution lists.
I enabled certificate validation but I failed my Active Directory log in. I ran the diagnostics from the GUI and the test result shows the following error message: ERROR: Can't contact LDAP server, error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: Please check the correct Certificate Authority (CA) certificate has been uploaded to iDRAC.
Most common issues are explained in this section. However, in general, you should check the following: 1 Ensure that you use the correct user domain name during a log in and not the NetBIOS name. 2 If you have a local iDRAC6 user account, log in to iDRAC6 using your local credentials. 3 Check the following settings: a Navigate to the Active Directory Configuration and Management screen. Select System→Remote Access→iDRAC6, click the Network/Security tab, and then click the Active Directory subtab.
Active Directory Certificate Validation I am using an IP address for a Domain Controller Address, and I failed certificate validation. What is the problem? Check the Subject or Subject Alternative Name field of your domain controller certificate. Usually Active Directory uses the hostname, not the IP address, of the domain controller in the Subject or Subject Alternative Name field of the domain controller certificate.
If you are using standard schema, and users and role groups are from different domains, you must configure global catalog address(es). In this case, you can use only Universal Group. If you are using standard schema, and all the users and all the role groups are in the same domain, you are not required to configure global catalog address(es). How does standard schema query work? iDRAC6 connects to the configured domain controller address(es) first.
Using iDRAC6 With Microsoft Active Directory
Configuring Smart Card Authentication iDRAC6 supports the two factor authentication (TFA) feature by enabling Smart Card Logon. The traditional authentication schemes use user name and password to authenticate users. This provides minimal security. TFA, on the other hand, provides a higher-level of security by making the users provide two factors of authentication - what you have and what you know–what you have is the Smart Card, a physical device, and what you know–a secret code like a password or PIN.
6 To validate the SSL certificate of your Active Directory servers, select the Certificate Validation Enabled check box under Certificate Settings. If you do not want to validate the SSL certificate of your Active Directory servers, skip to step 8. 7 Under Upload Active Directory CA Certificate, enter the file path of the certificate or browse to find the certificate file, and then click Upload.
Logging Into iDRAC6 Using Active Directory Smart Card Authentication NOTE: Depending on your browser settings, you may be prompted to download and install the Smart Card reader ActiveX plug-in when using this feature for the first time. 1 Log into iDRAC6 using https. https:// If the default HTTPS port number (port 443) has been changed, type: https://: where IP address is the IP address for iDRAC6 and port number is the HTTPS port number.
Tip: As a general check to see if the Smart Card CSPs are present on a particular client, insert the Smart Card in the reader at the Windows logon (Ctrl-Alt-Del) screen and check to see if Windows detects the Smart Card and displays the PIN dialog-box. Incorrect Smart Card PIN Check to see if the Smart Card has been locked out due to too many attempts with an incorrect PIN. In such cases, the issuer of the Smart Card in the organization will be able to help you get a new Smart Card.
Table 7-1. Distributed Versions of the C++ Redistributable Package (continued) Redistributable Version Package File Name Release Date vcredist_x86.exe November 7, 2007 1.73 MB MS Redistributable 2008 • 9.0.21022.8 Size Description Ensure that iDRAC6 time and the domain controller time at the domain controller server are within 5 minutes of each other for Kerberos authentication to work.
Configuring Smart Card Authentication
Enabling Kerberos Authentication Kerberos is a network authentication protocol that allows systems to communicate securely over a non-secure network. It achieves this by allowing the systems to prove their authenticity. To keep with the higher authentication enforcement standards, iDRAC6 now supports Kerberos based Active Directory® authentication to support Active Directory Smart Card and single sign-on (SSO) logins.
Prerequisites for single sign-on and Active Directory Authentication Using Smart Card • Configure iDRAC6 for Active Directory login. • Register iDRAC6 as a computer in the Active Directory root domain. a Click System→Remote Access→iDRAC6→Network/Security→ Network subtab. b Provide a valid Preferred/Alternate DNS Server IP address. This value is the IP address of the DNS that is part of the root domain, which authenticates the Active Directory accounts of the users. c Select Register iDRAC6 on DNS.
(Active Directory server) where you want to map iDRAC6 to a user account in Active Directory. For example, use the following ktpass command to create the Kerberos keytab file: C:\> ktpass.exe -princ HTTP/idracname.domainname.com@DOMAINNAME.COM mapuser DOMAINNAME\username -mapOp set -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass +DesOnly -out c:\krbkeytab NOTE: If you find any issues with the iDRAC6 user the keytab file is created for, create a new user and a new keytab file.
• iDRAC6 time should be synchronized with the Active Directory domain controller. Configuring iDRAC6 for single sign-on and Active Directory Authentication Using Smart Card Upload the keytab obtained from the Active Directory root domain, to the iDRAC6: 1 Click System→Remote Access→iDRAC6→Network/Security→Active Directory 2 At the bottom of the page, click Kerberos Keytab Upload. 3 On the Kerberos Keytab Upload page, select the keytab file to upload and click Apply.
1 Log into your system using a valid Active Directory account. 2 Provide the iDRAC6 name in the address bar of your browser in the following format: https://idracname.domainname.com (for example, https://idrac–test.domain.com). NOTE: Depending on your browser settings, you may be prompted to download and install single sign-on plug-in when using this feature for the first time.
CAUTION: To log into iDRAC6, ensure that you have the latest runtime components of Microsoft Visual C++ 2005 libraries installed (32-bit C++ library). Else, the Smart Card plug–in will not load and you will not be able to login to iDRAC6. For more information, see the Microsoft website at www.microsoft.com.
Viewing the Configuration and Health of the Managed Server System Summary Click System→Properties tab→System Summary to obtain information about the Main System Enclosure and iDRAC6.
• Connection — Lists the I/O Mezzanine card(s) installed on the managed server • Card Type — The physical type of the installed Mezzanine card/connection • Model Name — The model number, type, or description of the installed Mezzanine card(s) Integrated Storage Card This section of iDRAC6 Web interface provides information about the integrated Storage Controller Card installed on the managed server: • Card Type — Displays the model name of the installed storage card Auto Recovery This section of i
• Firmware Updated — Displays the date and time of the last successful iDRAC6 firmware update • MAC Address — Displays the MAC address associated with the LOM (LAN on Motherboard) Network Interface Controller of iDRAC6 IPv4 Settings • Enabled — Displays whether IPv4 protocol support is enabled or disabled NOTE: The IPv4 protocol option is enabled by default.
NOTE: This information is also available at iDRAC6→Properties→Remote Access Information. WWN/MAC Click System→Properties tab→WWN/MAC to view the current configuration of installed I/O Mezzanine cards and their associated network fabrics. If the FlexAddress feature is enabled in CMC, the globally assigned (Chassis-Assigned) persistent MAC addresses supersede the hardwired values of each LOM.
Batteries The Batteries screen displays the status of the system board coin-cell battery that maintains the Real-Time Clock (RTC) and CMOS configuration data storage of the managed system. Temperatures The Temperatures screen displays the status and readings of the on–board ambient temperature probe. Minimum and maximum temperature thresholds for warning and failure states are shown, along with the current health status of the probe.
NOTE: Power and Amperage are measured in AC. CPU The CPU screen reports the health of each CPU on the managed server. This health status is a roll-up of a number of individual thermal, power, and functional tests. POST The Post Code screen displays the last system post code (in hexadecimal) prior to booting the operating system of the managed server.
Power Monitoring and Power Management Dell™ PowerEdge™ systems incorporate many new and enhanced power management features. The entire platform, from hardware to firmware to systems management software, has been designed with a focus on power efficiency, power monitoring, and power management. NOTE: iDRAC6 power management logic utilizes a Complex Programmable Logic Device (CPLD) present in the blade server. Updates to CPLD devices are available at the Dell Support website at support.dell.
• View power budget information for the server, including the minimum and maximum potential power consumption. See "Viewing Power Budget." • View power budget threshold for the server. See "Power Budget Threshold." • Execute power control operations on the server (for example, power on, power off, system reset, power cycle, and graceful shutdown). See "Executing Power Control Operations on the Server." Power Monitoring iDRAC6 monitors the power consumption in PowerEdge servers continuously.
• Reading: The current power consumption in AC Amps Power Tracking Statistics and Peak Statistics • Statistic: – Cumulative System Power displays the current cumulative energy consumption (in kWh) for the server. The value represents the total energy used by the system. You can reset this value to 0 by clicking Reset at the end of the table row. – System Peak Power specifies the system peak value in AC Watts. System Peak Amperage specifies the system peak amperage.
Power Consumption • Average Power Consumption: Average over previous minute, previous hour, previous day, and previous week. • Max Power Consumption and Min Power Consumption: The maximum and minimum power consumptions observed within the given time interval. • Max Power Time and Min Power Time: The times (by minute, hour, day, and week) when the maximum and minimum power consumptions occurred.
Viewing Power Budget The server provides power budget status overviews of the power subsystem on the Power Budget screen. Using the Web Interface NOTE: To perform power management actions, you must have Administrative privilege. 1 Log in to iDRAC6 Web interface. 2 In the system tree, select System. 3 Click the Power Management tab, and then click Power Budget. The Power Budget screen appears.
Using the Web Interface 1 Log in to iDRAC6 Web interface. 2 In the system tree, select System. 3 Click the Power Management tab, and then click Power Budget. The Power Budget screen appears. 4 Click Power Budget Threshold. NOTE: Power budget threshold is read-only and cannot be enabled or configured in iDRAC6. The Power Budget Threshold table displays the power limit information for the system: • Enabled indicates whether the system enforces the power budget threshold.
Power Control iDRAC6 enables you to remotely perform a power-on, power off, reset, graceful shutdown, non-masking interruption (NMI), or power cycle. Use the Power Control screen to perform an orderly shutdown through the operating system when rebooting and powering on or off. Executing Power Control Operations on the Server NOTE: To perform power management actions, you must have Administrator privilege. iDRAC6 enables you to remotely perform a power-on, reset, graceful shutdown, NMI, or power cycle.
– Reset System (warm boot) reboots the system without powering off. This option is disabled if the system is already powered off. – Power Cycle System (cold boot) powers off and then reboots the system. This option is disabled if the system is already powered off. 5 Click Apply. A dialog box appears requesting confirmation. 6 Click OK to execute the power management action you selected.
Configuring and Using Serial Over LAN Serial Over LAN (SOL) is an IPMI feature that allows a managed server’s text based console data that would traditionally be sent to the serial I/O port to be redirected over the iDRAC’s dedicated Out of Band Ethernet management network. The SOL out-of-band console enables system administrators to remotely manage the blade server’s text-based console from any location with network access.
Serial communication is off by default in BIOS. In order to redirect the host text console data to Serial over LAN, you must enable console redirection via COM1. To change the BIOS setting, perform the following steps: 1 Boot the managed server. 2 Press to enter the BIOS setup utility during POST. 3 Scroll down to Serial Communication and press .
NOTE: Ensure that the SOL baud rate is identical to the Failsafe Baud Rate that was set in BIOS. 5 Click Apply if you have made any changes. Table 11-1. Serial Over LAN Configuration Settings Setting Description Enable Serial Over LAN When selected, the checkbox indicates that Serial Over LAN is enabled. Baud Rate Indicates the data speed. Select a data speed of 9600 bps, 19.2 kbps, 57.6 kbps, or 115.2 kbps. Channel Privilege Level Limit Select a privilege level limit for Serial Over LAN.
Table 11-3. Serial Over LAN Configuration Advanced Settings Setting Description Character Accumulate Interval The typical amount of time iDRAC6 waits before sending a partial SOL data packet. This parameter is specified in milliseconds. Character Send Threshold Specifies the number of characters per SOL data packet.
8 Click Services to open the Services screen. NOTE: SSH and Telnet programs both provide access on a remote machine. 9 Click Enabled on either SSH or Telnet as required. 10 Click Apply. NOTE: SSH is a recommended method due to better security and encryption mechanisms. NOTE: SSH/Telnet session duration can be infinite as long as the timeout value is set to 0. The default timeout value is 1800 seconds.
Model for the SOL Proxy Telnet Client (port 623) ←→WAN connection ←→SOL Proxy ←→iDRAC6 server When the SOL Proxy communicates with the Telnet client on a management station, it uses the TCP/IP protocol. However, SOL proxy communicates with the managed server's iDRAC6 over the RMCP/IPMI/SOL protocol, which is a UDP-based protocol. Therefore if you communicate with your managed system's iDRAC6 from SOL Proxy over a WAN connection, you may experience network performance issues.
NOTE: If a SOL session is not closed successfully in the utility, more SOL sessions may not be available. The way to resolve this situation is to terminate the command line console in the Web GUI under System→Remote Access→iDRAC6→ Network/Security→Sessions. Using SOL over PuTTY To start SOL from PuTTY on a Windows management station, follow these steps: NOTE: If required, you can change the default SSH/Telnet timeout at System→ Remote Access→iDRAC6→Network/Security→Services.
3 Enter the following command at the command prompt to start SOL: connect 4 To quit a SOL session from Telnet on Linux, press +] (hold down the control key, press the right-square-bracket key, and then release). A Telnet prompt displays. Enter quit to exit Telnet. Using SOL over OpenSSH with Linux OpenSSH is an open source utility for using the SSH protocol.
2 Ensure the Encryption Key is all zeroes at System→Remote Access→ iDRAC6→Network/Security→Network→IPMI Settings. 3 Enter the following command in the Windows command prompt or in the Linux shell prompt to start SOL from iDRAC: ipmitool -H -I lanplus -U -P sol activate This connects you to the managed server's serial port. 4 To quit a SOL session from IPMItool, press <~> and <.> (press the tilde and period keys in sequence, one after the other).
NOTE: HyperTerminal and Telnet settings must be consistent with the settings on the managed system. For example, the baud rates and terminal modes should match. NOTE: The Windows telnet command that is run from a MS-DOS® prompt supports ANSI terminal emulation, and the BIOS needs to be set for ANSI emulation to display all the screens correctly. Before Using SOL proxy Before using SOL proxy, see the Baseboard Management Controller Utilities User's Guide to learn how to configure your management stations.
3 Locate DSM_BMU_SOLProxy in the list of services and right-click to start the service. Depending on the console you use, there are different steps for accessing SOL Proxy. Throughout this section, the management station where the SOL Proxy is running is referred as the SOL Proxy Server. For Linux The SOL Proxy will start automatically during system startup. Alternatively, you can go to directory /etc/init.
NOTE: Whether your host operating system is Windows or Linux, if the SOL Proxy server is running on a different machine than your management station, input SOL Proxy server IP address instead of localhost. telnet 623 Using HyperTerminal with SOL Proxy 1 From the remote station, open HyperTerminal.exe. 2 Choose TCPIP(Winsock). 3 Enter host address localhost and port number 623.
NOTE: If required, extend SOL session duration to infinite by changing the Telnet Timeout value to zero in iDRAC6 Web GUI under System→Remote Access→iDRAC6→Network/Security→Services. 4 Provide the IPMI encryption key if it was configured in the iDRAC. NOTE: You can locate the IPMI encryption key in iDRAC6 GUI on System→ Remote Access→iDRAC6→Network/Security→Network→IPMI Settings→ Encryption Key. NOTE: The default IPMI encryption key is all zeros.
While the managed system reboots, you can enter BIOS system setup program to view or configure BIOS settings. 8 Select Help (option 5) in the main menu to display a detailed description for each option. 9 Select Exit (option 6) in the main menu to end your Telnet session and disconnect from SOL Proxy. NOTE: If a user does not terminate the SOL session correctly, issue the following command to reboot iDRAC. Allow iDRAC6 1-2 minutes to complete booting. Refer to "RACADM Subcommand Overview" for more details.
4:2345:respawn:/sbin/migetty tty1 5:2345:respawn:/sbin/migetty tty1 6:2345:respawn:/sbin/migetty tty1 # Run xdm in runlevel 5 x:5:respawn:/etc/X11/prefdm -nodaemon ______________________________________________________________ Example of modified /etc/inittab: ______________________________________________________________ # # inittab This file describes how the INIT process should set up # the system in a certain run-level.
vc/1 vc/2 vc/3 vc/4 SKIP the rest of file ______________________________________________________________ Example of modified /etc/securetty: ______________________________________________________________ Console ttyS0 vc/1 vc/2 vc/3 vc/4 SKIP the rest of file ______________________________________________________________ 3 Edit the /boot/grub/grub.conf or /boot/grub/menu.
NOTE: /boot/grub/grub.conf in Red Hat Enterprise Linux 5 is a symbolic link to /boot/grub/menu.list. You can change the settings in either one of them. Example of original /boot/grub/grub.conf in RHEL 5: ______________________________________________________________ # grub.conf generated by anaconda # # Note that you do not have to return grub after making changes to this # file # NOTICE: You have a /boot partition. This means that # eg.
# NOTICE: You have a /boot partition. This means that # eg. all kernel and initrd paths are relative to /boot/, # root (hd0,0) # kernel /vmlinux-version ro root= /dev/VolGroup00/LogVol00 # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 #splashimage=(hd0,0)/grub/splash.xpm/gz hiddenmenu # Redirect the OS boot via SOL title Red Hat Enterprise Linux 5 SOL redirection root (hd0,0) kernel /vmlinuz-2.6.18-8.
initrd /boot/initrd-2.6.16.46-0.12-bigsmp ______________________________________________________________ Example of modified /boot/grub/menu.list in SLES 10: ______________________________________________________________ #Modified by YaST2. Last modification on Sat Oct 11 21:52:09 UTC 2008 Default 0 Timeout 8 #gfxmenu (hd0.5)/boot/message ###Don't change this comment - YaST2 identifier: Original name: linux### title SUSE Linux Enterprise Server 10 SP1 SOL redirection root (hd0,5) kernel /boot/vmlinux-2.6.
Example of original bootcfg setting: ______________________________________________________________ Boot Loader Settings -------------------timeout:30 default:multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Boot Entries -----------Boot entry ID: 1 Os Friendly Name: Winodws Server 2003, Enterprise Path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS OS Load Options: /redirect /nonexecute=optout /fastdetect /usepmtimer ______________________________________________________________ Example of modified bootcfg s
Using GUI Console Redirection This section provides information about using iDRAC6 console redirection feature. Overview iDRAC6 console redirection feature enables you to remotely access local consoles in graphic or text mode, allowing you to control one or more iDRAC6-enabled systems from a single location.
second user. During the time that two sessions are concurrently active, each user sees a message in the upper-right corner of the screen that identifies the other user with an active session. If the neither the first or second user has administrator privileges, termination of the first user's active session automatically results in termination of the second user's session.
Configuring Console Redirection and Virtual Media in iDRAC6 Web Interface To configure console redirection in iDRAC6 Web interface, perform the following steps: 1 Click System and then click the Console/Media tab. 2 Click Configuration to open the Configuration screen. 3 Configure the console redirection properties. Table 12-2 describes the settings for console redirection. 4 When completed, click Apply. 5 Click the appropriate button to continue. See Table 12-3. Table 12-2.
Table 12-2. Console Redirection Configuration Properties (continued) Property Description Video Encryption Enabled Selected indicates that video encryption is enabled. All traffic going to the video port is encrypted. Deselected indicates that video encryption is disabled. Traffic going to the video port is not encrypted. The default is Encrypted. Disabling encryption can improve performance on slower networks. Mouse Mode Choose Windows if the managed server is running on a Windows® operating system.
The buttons in Table 12-5 are available on the Console Redirection Configuration screen. Table 12-3.
Table 12-4. Console Redirection Information (continued) Property Description Max Sessions Displays the maximum number of supported Console Redirection sessions. Active Sessions Displays the current number of active console redirection sessions. Mouse Mode Displays the mouse acceleration currently in effect. Mouse Mode should be chosen based on the type of operating system installed on the managed server. Console Plug-in Type Shows the plug-in type currently configured.
Table 12-5. Console Redirection Buttons (continued) Button Definition Launch Viewer Opens a console redirection session on the targeted remote system Print Prints the Console Redirection Configuration screen 3 If a console redirection session is available, click Launch Viewer. NOTE: Multiple message boxes may appear after you launch the application. To prevent unauthorized access to the application, you must navigate through these message boxes within three minutes.
Table 12-6. Viewer Menu Bar Selections Menu Item Item Description Video Pause Temporarily pauses console redirection. Resume Resumes console redirection. Refresh Redraws the viewer screen image. Capture Captures the current remote system screen to a .bmp Current Screen file on Windows or a .png file on Linux. A dialog box is displayed that allows you to save the file to a specified location.
Table 12-6. Menu Item Viewer Menu Bar Selections (continued) Item Description Macros When you select a macro, or enter the hotkey specified for the macro, the action is executed on the remote system.
Table 12-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Options Color Mode Allows you to select a color depth to improve performance over the network. For example, if you are installing software from virtual media, you can choose the lowest color depth, so that less network bandwidth is used by the console viewer leaving more bandwidth for transferring data from the media. The color mode can be set to 15-bit color and 7-bit color.
Synchronizing the Mouse Pointers When you connect to a remote PowerEdge system using Console Redirection, the mouse acceleration speed on the remote system may not synchronize with the mouse pointer on your management station, causing two mouse pointers to appear in the Video Viewer window. To synchronize the mouse pointers click Mouse→Synchronize cursor or press . The Synchronize cursor menu item is a toggle.
4 If you want to enable (turn on) local video on the server, in the Configuration screen, select Local Server Video Enabled and then click Apply. The Console Redirection screen displays the status of the Local Server Video. Frequently Asked Questions Table 12-7 lists frequently asked questions and answers. Table 12-7.
Table 12-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Does switching off the Yes. local video also switch off the local keyboard and mouse? Does turning off the local console turn off the video on the remote console session? No, turning the local video on or off is independent of the remote console session. What privileges are Any user with iDRAC6 configuration privileges can turn the needed for an iDRAC6 local console on or off.
Table 12-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why do I get a blank screen on the managed server when loading the Windows 2000 operating system? The managed server does not have the correct ATI video driver. Update the video driver. Why doesn’t the mouse sync in DOS when performing Console Redirection? The Dell BIOS is emulating the mouse driver as a PS/2 mouse.
Table 12-7. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why doesn’t the Num Lock indicator on my management station reflect the status of the Num Lock on the remote server? When accessed through iDRAC6, the Num Lock indicator on the management station does not necessarily coincide with the state of the Num Lock on the remote server.
Using GUI Console Redirection
Configuring the vFlash Media Card for Use With iDRAC6 The vFlash media card is a Secure Digital (SD) card that plugs into the optional iDRAC6 Enterprise card slot at the back corner of the system. It provides storage space that behaves like a common USB Flash Key device. Installing a vFlash Media Card NOTE: Dell-branded vFlash media is required for the vFlash partition. 1 Remove the blade from the chassis. 2 Locate the vFlash media slot at the back corner of the system.
3 With the label side facing up, insert the contact-pin end of the SD card into the card slot on the module. NOTE: The slot is keyed to ensure correct insertion of the card. 4 Press inward on the card to lock it into the slot. 5 Place the blade back in the chassis. Removing a vFlash Media Card To remove the vFlash media, push inward on the card to release it, and pull the card from the card slot.
Formatting the vFlash Media Card NOTE: The Format option is active only if a vFlash card is present. Also, the SD card can be formatted only if vFlash is disabled. 1 Log in to iDRAC6 Web interface. 2 In the system tree, select System. 3 Click the vFlash tab. The vFlash screen appears. 4 Ensure that vFlash is disabled. Clear the vFlash Enable check box. 5 Click Format to create the vFlash image file, ManagedStore.IMG, on the SD card. The text file ManagedStore.
Click Upload. A status bar is displayed, indicating upload progress. If you upload a bootable image, you can boot the server to that image. Currently iDRAC6 does not support .iso image through vFlash. The only image that is currently supported is .img like bootable floppy image. iDRAC6 emulates the vFlash device as a floppy device to the BIOS/operating system. To boot from vFlash, do the following: 1 Format the vFlash. 2 Upload the new .img file. Ensure that the vFlash is not connected.
Resetting the vFlash Media Card Open a Telnet/SSH text console to the server, log in, and enter: racadm vmkey reset CAUTION: Resetting the vFlash media card with the RACADM command resets the size of the key to 256MB and deletes all existing data. NOTE: For more information about vmkey, see "vmkey." The RACADM command functions only if a vFlash media card is present.
Configuring the vFlash Media Card for Use With iDRAC6
Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the console redirection viewer, provides the managed server access to media connected to a remote system on the network. Figure 14-1 shows the overall architecture of Virtual Media. Figure 14-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps. Virtual media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
Depending on your version of Internet Explorer, a custom security setting for ActiveX may be required: 1 Start Internet Explorer. 2 Click Tools→Internet Options, and then click the Security tab. 3 Under Select a Web content zone to specify its security settings, click to select the desired zone. 4 Under Security level for this zone, click Custom Level. The Security Settings window appears.
Configuring Virtual Media 1 Log in to iDRAC6 Web interface. 2 Click System→Console/Media→Configuration. 3 In the Virtual Media section, select values for the settings. See Table 14-2 for information on Virtual Media configuration values. 4 Click Apply to save your settings. An alert dialog appears with the following message: You are about to change device configuration. All existing redirection sessions will be closed. Do you want to continue? 5 Click OK to continue.
Table 14-2. Virtual Media Configuration Values (continued) Attribute Value Floppy Emulation Indicates whether the Virtual Media appears as a floppy drive or as a USB key to the server. If Floppy Emulation is selected, the Virtual Media device appears as a floppy device on the server. If it is deselected, it appears as a USB Key drive.
NOTE: Virtual Media may not function properly on Windows operating system clients that are configured with Internet Explorer Enhanced Security. To resolve this issue, see your Microsoft operating system documentation or contact your administrator. 4 Click Launch Viewer. NOTE: On Linux, the file jviewer.jnlp is downloaded to your desktop and a dialog box will ask what to do with the file.
The media is connected and the Status window is updated. 10 Click Close. Disconnecting Virtual Media 1 Select Media→Virtual Media Wizard. The Media Redirection Wizard appears. 2 Click Disconnect next to the media you wish to disconnect. The media is disconnected and the Status window is updated. 3 Click Close. NOTE: When you launch the iDRACview and then log out of the Web GUI, iDRACView does not terminate and remains active.
Installing Operating Systems Using Virtual Media This section describes a manual, interactive method to install the operating system on your management station that may take several hours to complete. A scripted operating system installation procedure using Virtual Media may take fewer than 15 minutes to complete. See "Deploying the Operating System" for more information. 1 Verify the following: • The operating system installation DVD/CD is inserted in the management station’s DVD/CD drive.
Table 14-3. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my Virtual Media client connection drop. Why? When a network time-out occurs, iDRAC6 firmware drops the connection, disconnecting the link between the server and the Virtual Drive. If the Virtual Media configuration settings are changed in iDRAC6 Web interface or by local RACADM commands, any connected media is disconnected when the configuration change is applied.
Table 14-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer An installation of the Windows operating system seems to take too long. Why? If you are installing the Windows operating system and have a slow network connection, the installation procedure may require an extended amount of time to access iDRAC6 Web interface due to network latency. While the installation window does not indicate the installation progress, the installation procedure is in progress.
Table 14-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer How can I make my USB key bootable? Search support.dell.com for the Dell Boot Utility, a Windows program you can use to make your Dell USB key bootable. You can also boot with a Windows 98 startup disk and copy system files from the startup disk to your USB key. For example, from the DOS prompt, enter the following command: sys a: x: /s where x: is the USB key you want to make bootable.
Table 14-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy device on a system running Red Hat® Enterprise Linux® or the SUSE® Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
Using the RACADM Command Line Interface The RACADM command line interface (CLI) provides access to iDRAC6 management features on the managed server. RACADM provides access to most of the features on iDRAC6 Web interface. RACADM can be used in scripts to ease configuration of multiple servers, instead of using the Web interface, which, is more useful for interactive management.
CAUTION: The latest iDRAC6 firmware supports only the latest RACADM version. You may encounter errors if you use an older version of RACADM to query iDRAC6 with the latest firmware. Install the RACADM version shipped with your latest Dell™ OpenManage™ DVD media. RACADM Subcommands Table 15-1 provides a description of each RACADM subcommand that you can run in RACADM. For a detailed listing of RACADM subcommands including syntax and valid entries, see "RACADM Subcommand Overview." Table 15-1.
Table 15-1. RACADM Subcommands (continued) Command Description gettracelog Displays iDRAC6 trace log. If used with -i, the command displays the number of entries in iDRAC6 trace log. help Lists iDRAC6 subcommands. help Lists usage statement for the specified subcommand. ifconfig Displays the contents of the network interface table. krbkeytabupload Uploads a Kerberos keytab file. localconredirdisable Performs local kVM disable from the local system.
Table 15-1. RACADM Subcommands (continued) Command Description sslcsrgen Generates and downloads the SSL CSR. testemail Forces iDRAC6 to send an e-mail over iDRAC6 NIC. testtrap Forces iDRAC6 to send an SNMP alert over iDRAC6 NIC. traceroute Traces the network path of routers that packets take as they are forwarded from your system to a destination IPv4 address. traceroute6 Traces the network path of routers that packets take as they are forwarded from your system to a destination IPv6 address.
Table 15-2.
Table 15-2. RACADM Subcommand Interface Support (continued) Subcommand Telnet/SSH Local RACADM Remote RACADM setniccfg sshpkauth sslcertdownload sslcertupload sslcertview sslcsrgen (can only generate, not download) sslkeyupload testemail testtrap traceroute traceroute6 usercertupload usercertview version vmdisconnect vmkey = Supported; =Not supported Using local RACADM Commands You run RACADM commands locally (on the managed server) from a command prompt or shell prompt.
Log in to the managed server, start a command shell, and enter local RACADM commands in one of the following formats: • racadm [parameters] • racadm [-g ] [-o
For example, to display a list of all cfgLanNetworking group object settings, enter the following command: racadm getconfig -g cfgLanNetworking Managing iDRAC6 Users with RACADM NOTE: Use caution when using the racresetcfg command, as all configuration parameters are reset to the original defaults. Any previous changes are lost. NOTE: If you are configuring a new iDRAC6 or if you ran the racadm racresetcfg command, the only current user is root with the password calvin.
Adding an iDRAC6 User To add a new user to iDRAC6, perform the following steps: 1 Set the user name. 2 Set the password. 3 Set the Login to iDRAC6 user privilege. 4 Enable the user.
Table 15-3.
racadm testemail -i 2 (-i 2 is for the index entry #2 in the e–mail alert table) NOTE: Ensure that the SMTP and E-mail Alert settings are configured before testing the e-mail alert feature. See "Configuring E-Mail Alerts" for more information. Testing iDRAC6 SNMP Trap Alert Feature iDRAC6 SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed server. The following example shows how a user can test the SNMP trap alert feature.
racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.255.0 racadm config -g cfgLanNetworking -o cfgNicGateway 192.168.0.120 racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 192.168.0.5 racadm config -g cfgLanNetworking -o cfgDNSServer2 192.168.0.
where is one of the following: • 2 (User) • 3 (Operator) • 4 (Administrator) For example, to set the IPMI LAN channel privilege to 2 (User), enter the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanPrivilegeLimit 2 b Set the IPMI LAN channel encryption key, if required, using a command such as the following: NOTE: iDRAC6 IPMI supports the RMCP+ protocol. See the IPMI 2.0 specifications for more information.
For example, to configure the IPMI privileges to 2 (User), enter the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolMinPrivilege 2 NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate is identical to your managed server’s baud rate. b Update the IPMI SOL baud rate using the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolBaudRate where is 19200, 57600, or 115200 bps.
racadm config -g cfgIpmiPef -o cfgIpmiPefAction -i where is the PEF index (Table 5-8), and is a value from Table 15-4.
Configuring E-mail Alerts 1 Enable global alerts by entering the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 2 Enable e-mail alerts by entering the following commands: racadm config -g cfgEmailAlert -o cfgEmailAlertEnable -i <0|1> where is the e-mail destination index and 0 disables the e-mail alert or 1 enables the alert. The e-mail destination index can be a value from 1 through 4.
Configuring IP Filtering (IP Range) IP address filtering (or IP Range Checking) allows iDRAC6 access only from clients or management workstations whose IP addresses are within a user-specified range. All other login requests are denied.
Table 15-5. IP Address Filtering (IPRange) Properties (continued) Property Description cfgRacTuneIpRangeMask Defines the significant bit positions in the IP address. The mask should be in the form of a netmask, where the more significant bits are all 1’s with a single transition to all zeros in the lower-order bits. Configuring IP Filtering To configure IP filtering in the Web interface, follow these steps: 1 Click System→Remote Access→iDRAC6→Network/Security.
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.252 The last byte of the range mask is set to 252, the decimal equivalent of 11111100b. IP Filtering Guidelines Use the following guidelines when enabling IP filtering: • Ensure that cfgRacTuneIpRangeMask is configured in the form of a netmask, where all most significant bits are 1’s (which defines the subnet in the mask) with a transition to all 0’s in the low-order bits.
"Log In Retry Restriction (IP Blocking) Properties" lists the user-defined parameters. Table 15-6. Log In Retry Restriction (IP Blocking) Properties Property Definition cfgRacTuneIpBlkEnable Enables the IP blocking feature. When consecutive failures (cfgRacTuneIpBlkFailCount) from a single IP address are encountered within a specific amount of time (cfgRacTuneIpBlkFailWindow), all further attempts to establish a session from that address are rejected for a certain time span (cfgRacTuneIpBlkPenaltyTime).
The following example prevents more than three failed attempts within one minute, and prevents additional login attempts for an hour.
For a complete list of available RACADM CLI commands, see "Using the RACADM Command Line Interface." Remote and SSH/Telnet RACADM Remote RACADM is a client side utility, which can be executed from a management station through the out of band network interface. A remote capability option (-r) is provided that allows you to connect to the managed system and execute RACADM subcommands from a remote console or management station.
NOTE: The RACADM remote capability is supported only on management stations.
Table 15-7. RACADM Command Options (continued) Option Description -u Specifies the user name that is used to authenticate the command transaction. If the -u option is used, the -p option must be used, and the -i option (interactive) is not allowed. -p Specifies the password used to authenticate the command transaction. If the -p option is used, the -i option is not allowed. -S Specifies that RACADM should check for invalid certificate errors.
This command creates the file myconfig.cfg in the current directory. Configuration File Syntax NOTE: Edit the configuration file with a plain text editor, such as Notepad on Windows or vi on Linux. The racadm utility parses ASCII text only. Any formatting confuses the parser and may corrupt iDRAC6 database. This section describes the format of the configuration file. • Lines that start with # are comments. A comment must start in the first column of the line.
• The parser ignores an index object entry. You cannot specify which index is used. If the index already exists, it is either used or the new entry is created in the first available index for that group. The racadm getconfig -f command places a comment in front of index objects, allowing you to see the included comments. NOTE: You can create an indexed group manually using the following command: racadm config -g -o -i .
modified. If an index is not present, the first available index is used. This method allows flexibility when adding indexed entries where you do not need to make exact index matches between all the RACs being managed. New users are added to the first available index. A configuration file that parses and runs correctly on one iDRAC6 may not run correctly on another if all indexes are full and you must add a new user.
Loading the Configuration File Into iDRAC6 The command racadm config -f parses the configuration file to verify that valid group and object names are present and that syntax rules are followed. If the file is error-free the command then updates iDRAC6 database with the contents of the file. NOTE: To verify the syntax only and not update iDRAC6 database, add the -c option to the config subcommand.
The below example shows how you can use remote RACADM commands to configure multiple iDRAC6s. Create a batch file on the management station and call remote racadm commands from the batch file. For example: racadm -r -u -p config -f myconfig.cfg racadm -r -u -p config -f myconfig.cfg ... See "Creating an iDRAC6 Configuration File" for more information.
Using the RACADM Command Line Interface
Using iDRAC6 Enterprise SM-CLP Command Line Interface This section provides information about the Server Management Workgroup (SMWG) Server Management-Command Line Protocol (SM-CLP) that is incorporated in iDRAC6. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SMWG SM-CLP specifications. For more information on these specifications, see the Distributed Management Task Force (DMTF) website at www.dmtf.org.
System Management With SM-CLP iDRAC6 SM-CLP enables you to manage the following system features from a command line: • Server Power Management — Turn on, shutdown, or reboot the system • System Event Log (SEL) Management — Display or clear the SEL records • iDRAC6 user account management • Active Directory configuration • iDRAC6 LAN configuration • SSL Certificate Signature Request (CSR) generation • Virtual media configuration iDRAC6 SM-CLP Support SM-CLP is hosted from iDRAC6 firmware, and s
telnet $; (the CLI prompt is displayed) $smclp; (in the CLI prompt, type smclp) SM-CLP Features The SM-CLP specification provides a common set of standard SM-CLP verbs that can be used for simple systems management through the CLI. SM-CLP promotes the concept of verbs and targets to provide system configuration capabilities through the CLI. The verb indicates the operation to perform and the target is the entity (or object) on which the operation is performed.
Table 16-1. Supported SM-CLP CLI Verbs (continued) Verb Description load Moves a binary image to the MAP from a URI. –examine, –help, –output, –source, Syntax: –version load -source [options] [target] reset Resets the target. Syntax: Options –examine, –help, –output, –version reset [options] [target] set Sets the properties of a target Syntax: –examine, –help, –output, –version set [options] [target] = show Displays the target properties, verbs, and subtargets.
Table 16-2 describes the SM-CLP options. Some options have abbreviated forms, as shown in the table. Table 16-2. Supported SM-CLP Options SM-CLP Option Description -all, -a Instructs the verb to perform all possible functions. -destination Specifies the location to store an image in the dump command. Syntax: –destination -display, -d Filters the command output.
Navigating the MAP Address Space NOTE: The slash (/) and backslash (\) are interchangeable in SM-CLP address paths. However, a backslash at the end of a command line continues the command on the next line and is ignored when the command is parsed. Objects that can be managed with SM-CLP are represented by targets arranged in a hierarchical space called the Manageability Access Point (MAP) address space. An address path specifies the path from the root of the address space to an object in the address space.
/admin1/system1/sp1/oemdcim_mfaaccount1 show -display properties,targets To list only certain properties, qualify them, as in the following command: show –d properties=(userid,name) /admin1/system1/sp1/oemdcim_mfaaccount1 If you only want to show one property, you can omit the parentheses. Using the -level Option The show -level option executes show over additional levels beneath the specified target. To see all targets and properties in the address space, use the -l all option.
• Display system properties Server Power Management Table 16-3 provides examples of using SM-CLP to perform power management operations on a managed server. Enter "smclp" to start the SM-CLP console. Table 16-3. Server Power Management Operations Operation Syntax Logging in to iDRAC6 using the SSH interface >ssh 192.168.0.120 >login: root >password: Enter "smclp" to start the SM–CLP console.
Table 16-4. SEL Management Operations Operation Syntax Viewing the SEL ->show -d targets,properties,verbs /admin1/system1/logs1/log1 Might return: Targets: record1/ record2/...
Table 16-4. SEL Management Operations (continued) Operation Syntax Viewing the SEL record ->show /admin1/system1/logs1/log1/record4 Might return: ufip=/admin1/system1/logs1/log1/record4 Associations:LogManagesRecord= >/admin1/system1/logs1/log1 Properties: RecordData=*0.0.65*4 2*1245152621*65 65*4*31*0*true*111*1*255*255* RecordFormat= *IPMI_SensorNumber.IPMI_OwnerLUN.
Table 16-4. SEL Management Operations (continued) Operation Syntax Verbs: show exit version cd help delete Clearing the SEL ->delete /admin1/system1/logs1/log1/record* Returns: Records deleted successfully. Table 16-5. Map Target Navigation Operations Operation Syntax Navigate to the system target and reboot ->cd admin1/system1 ->reset NOTE: The current default target is /.
Updating iDRAC6 Firmware Using SM-CLP To update iDRAC6 firmware using SM-CLP, you must know the TFTP URI for the Dell update package. Follow these steps to update the firmware using SM-CLP: 1 Log in to iDRAC6 using Telnet or SSH. 2 Enter "smclp" to start the SM-CLP console.
Using the WS-MAN Interface Web Services for Management (WS–MAN) is a Simple Object Access Protocol (SOAP)–based protocol used for systems management. WS–MAN provides an interoperable protocol for devices to share and exchange data across networks. iDRAC6 uses WS–MAN to convey Distributed Management Task Force (DMTF) Common Information Model (CIM)–based management information; the CIM information defines the semantics and information types that can be manipulated in a managed system.
• EXECUTE specific management methods with strongly typed input and output parameters Supported CIM Profiles Table 17-1. Supported CIM Profiles Standard DMTF 1 Base Server Defines CIM classes for representing the host server. 2 Base Metrics Defines CIM classes for providing the ability to model and control metrics captured for managed elements. 3 Service Processor Defines CIM classes for modeling service processors.
Table 17-1. Supported CIM Profiles (continued) 10 DHCP Client Defines CIM classes for representing a DHCP client and its associated capabilities and configuration. 11 DNS Client Defines CIM classes for representing a DNS client in a managed system. 12 Record Log Defines CIM classes for representing different type of logs. iDRAC6 uses this profile to represent the System Event Log (SEL) and iDRAC6 RAC Log. 13 Software Inventory Defines CIM classes for inventory of installed or available software.
Table 17-1. Supported CIM Profiles (continued) 2 Dell Virtual Media Defines CIM and Dell extension classes for configuring iDRAC6 Virtual Media. Extends USB Redirection Profile. 3 Dell OS Deployment Defines CIM and Dell extension classes for representing the configuration of OS Deployment features. It extends the management capability of referencing profiles by adding the capability to support OS deployment activities by manipulating OS Deployment features provided by the service processor.
Deploying Your Operating System Using iVMCLI The Integrated Virtual Media Command Line Interface (iVMCLI) utility is a command-line interface that provides virtual media features from the management station to iDRAC6 in the remote system. Using iVMCLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the iVMCLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using iDRAC6 Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Windows systems. Creating an Image File for Linux Systems Use the Data Duplicator (dd) utility to create a bootable image file for your Linux system.
When you create the image file, do the following: • Follow standard network-based installation procedures. • Mark the deployment image as "read only" to ensure that each target system boots and executes the same deployment procedure. 4 Perform one of the following procedures: • Integrate IPMItool and the Virtual Media command line interface (iVMCLI) into your existing operating system deployment application. Use the sample ivmdeploy script as a guide to using the utility.
• is the password for iDRAC6 user—for example, calvin • is the path to an ISO9660 image of the operating system installation CD or DVD • is the path to the device containing the operating system installation CD or DVD The ivmdeploy script passes its command line options to the iVMCLI utility. See "Command Line Options" for details about these options. The script processes the -r option slightly differently than the iVMCLI -r option.
If your operating system supports administrator privileges or an operating system-specific privilege or group membership, administrator privileges are also required to run the iVMCLI command. The client system’s administrator controls user groups and privileges, thereby controlling the users who can run the utility. For Windows systems, you must have Power User privileges to run the iVMCLI utility.
Command Line Options The iVMCLI interface is identical on both Windows and Linux systems. The utility uses options that are consistent with the RACADM utility options. For example, an option to specify iDRAC6 IP address requires the same syntax for both RACADM and iVMCLI utilities. The iVMCLI command format is as follows: iVMCLI [parameter] [operating_system_shell_options] Command-line syntax is case sensitive. See "iVMCLI Parameters" for more information.
The must have the following attributes: • Valid user name • iDRAC6 Virtual Media User permission If iDRAC6 authentication fails, an error message displays and the command terminates. iDRAC6 User Password -p This parameter provides the password for the specified iDRAC6 user. If iDRAC6 authentication fails, an error message displays and the command terminates.
Omit this parameter from the command line if you are not virtualizing floppy media. If an invalid value is detected, an error message displays and the command terminates. CD/DVD Device or Image File -c { | } where is a valid CD/DVD drive letter (Windows systems) or a valid CD/DVD device file name (Linux systems) and is the file name and path of a valid ISO-9660 image file.
Help Display -h This parameter displays a summary of the iVMCLI utility parameters. If no other non-switch options are provided, the command terminates without error. Manual Display -m This parameter displays a detailed “man page” for the iVMCLI utility, including descriptions of all of the possible options. Encrypted Data -e When this parameter is included in the command line, iVMCLI will use an SSL-encrypted channel to transfer data between the management station and iDRAC6 in the remote system.
The latter technique is useful in script programs, as it allows the script to proceed after a new process is started for the iVMCLI command (otherwise, the script would block until the iVMCLI program terminates). When multiple iVMCLI instances are started in this way, and one or more of the command instances must be manually terminated, use the operating system-specific facilities for listing and terminating processes.
Using iDRAC6 Configuration Utility Overview iDRAC6 Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for iDRAC6 and for the managed system.
Starting iDRAC6 Configuration Utility You must use an iDRAC6 KVM-connected console to access iDRAC6 Configuration Utility initially or after resetting iDRAC6 to the default settings. 1 At the keyboard connected to iDRAC6 KVM console, press to display iDRAC6 KVM On Screen Configuration and Reporting (OSCAR) menu. Use and to highlight the slot containing your server, then press .
• The bottom line of the screen displays instructions for the current item. You can press to display help for the current item. • When you have finished using iDRAC6 Configuration Utility, press to view the exit menu, where you can choose to save or discard your changes or return to the utility. The following sections describe iDRAC6 Configuration Utility menu items. iDRAC6 LAN Use the left-arrow and right-arrow keys and the spacebar to select between On and Off.
LAN Parameters Press to display the LAN Parameters submenu. When you have finished configuring the LAN parameters, press to return to the previous menu. Table 19-1. LAN Parameters Item Description Common Settings MAC Address This is the non-editable MAC address of iDRAC6 network interface. VLAN Enable Displays On/Off. On will enable the Virtual LAN filtering for iDRAC6. VLAN ID Displays any any VLAN ID value between 1-4094.
Table 19-1. LAN Parameters (continued) Item Description Alert Destination 1 if LAN Alert Enabled is set to On, enter the IP address where PET LAN alerts will be forwarded. IPv4 Settings Enable or disable support for the IPv4 connection. IPv4 Select Enabled or Disabled IPv4 protocol support. The default is enabled. RMCP+ Encryption Press to edit the value and when finished. Key The RMCP+ Encryption key is a 40-character hexadecimal string (characters 0-9, a-f, and A-F).
Table 19-1. LAN Parameters (continued) Item Description DNS Server 1 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the second DNS server. IPv6 Settings IPv6 Enable or disable support for the IPv6 connection. IPv6 Address Source Select between AutoConfig and Static. When AutoConfig is selected, the IPv6 Address 1, Prefix Length, and Default Gateway fields are obtained from DHCP.
Table 19-1. LAN Parameters (continued) Item Description DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. Virtual Media Configuration Virtual Media Use the left-arrow and right-arrow keys to select Attached or Detached. • If you select Attached, the virtual media devices are attached to the USB bus, making them available for use during Console Redirection sessions.
System Services System Services Use the left-arrow and right-arrow keys to select Enabled or Disabled. If enabled, certain iDRAC6 features can be configured through the Lifecycle Controller. For more information, see the Lifecycle Controller User Guide, available on the Dell Support Website at support.dell.com/manuals. NOTE: Modifying this option restarts the server when you Save and Exit to apply the new settings. Cancel System Services Use the left-arrow and right-arrow keys to select Yes or No.
Table 19-2. Lan User Configuration Screen Item Description Auto–Discovery The auto discovery feature enables automated discovery of unprovisioned systems on the network; further, it securely establishes initial credentials so that these discovered systems can be managed. This feature enables iDRAC6 to locate the provisioning server. iDRAC6 and provisioning service server mutually authenticate each other.
Table 19-2. Lan User Configuration Screen (continued) Item Description Auto–Discovery (continued...) Before adding your Dell system to the network and using the auto–discovery feature, ensure that: • Dynamic Host Configuration Protocol (DHCP) server/Domain Name System (DNS) are configured. • Provisioning Web services is installed, configured, and registered. Account Access Select Enabled to enable the administrator account. Select Disabled to disable the administrator account.
Press to select the item. The following warning message appears: Resetting to factory defaults will restore remote NonVolatile user settings. Continue? < NO (Cancel) > < YES (Continue) > To reset iDRAC6 to the defaults, select YES and press . System Event Log Menu The System Event Log Menu allows you to view System Event Log (SEL) messages and to clear the log messages. Press to display the System Event Log Menu.
Using iDRAC6 Configuration Utility
Recovering and Troubleshooting the Managed System This section explains how to perform tasks related to diagnosing and troubleshooting a remote managed system using iDRAC6 utilities.
Trouble Indicators This section describes indications that there may be a problem with your system. LED Indicators LEDs on the chassis or on components installed in the chassis are generally the first indicators of system trouble. The following components and modules have status LEDs: • Chassis LCD display • Servers • Fans • CMCs • I/O modules • Power supplies The single LED on the chassis LCD summarizes the status of all of the components in the system.
Hardware Trouble Indicators Indications that a module has a hardware problem include the following: • Failure to power up • Noisy fans • Loss of network connectivity • Battery, temperature, voltage, or power monitoring sensor alerts • Hard drive failures • USB media failure • Physical damage caused by dropping, water, or other external stress When these kinds of problems occur, you can try to correct the problem using these strategies: • Reseat the module and restart it • Try inserting the
Problem Solving Tools This section describes iDRAC6 utilities you can use to diagnose problems with your system, especially when you are trying to solve problems remotely.
Click any component on the Health screen to see information about the component. Sensor readings are displayed for batteries, temperatures, voltages, and power monitoring, helping to diagnose some types of problems. iDRAC6 and CMC information screens provide useful current status and configuration information. Checking the System Event Log (SEL) The SEL Log screen displays messages for events that occur on the managed server.
Checking the Post Codes The Post Codes screen displays the last system post code prior to booting the operating system. Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from Power on Reset, and allow you to diagnose any faults related to system boot-up. NOTE: View the text for POST code message numbers in the LCD display or in the Hardware Owner’s Manual.
Table 20-6. Last Crash Screen Buttons Button Action Print Prints the Last Crash Screen screen. Save Opens a pop-up window that enables you to save the Last Crash Screen to a directory of your choice. Delete Deletes the Last Crash Screen screen. Refresh Reloads the Last Crash Screen screen. NOTE: Due to fluctuations in the Auto Recovery timer, the Last Crash Screen may not be captured when the System Reset Timer is configured with a value that is too high. The default setting is 480 seconds.
Table 20-7. Boot Capture Options (continued) Button/Option Description Save As Creates a compressed .zip file that contains all boot capture images of the current sequence. The user must have administrator privileges to perform this action. Previous Screen Takes you to previous screen, if any, in the replay console. Play Starts the screenplay from current screen in the replay console. Pause Pauses the screenplay on the current screen being displayed in the replay console.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-9. iDRAC6 Log Information Field Description Date/Time The date and time (for example, Dec 19 16:55:47). iDRAC6 sets its clock from the managed server’s clock. When iDRAC6 initially starts and is unable to communicate with the managed server, the time is displayed as the string System Boot. Source The interface that caused the event. Description A brief description of the event and the user name that logged in to iDRAC6.
To access the system information, click System→Properties→System Summary. See "Recovering and Troubleshooting the Managed System" for information on the main system enclosure and iDRAC6. Identifying the Managed Server in the Chassis The PowerEdge M1000e chassis holds up to sixteen servers. To locate a specific server in the chassis, you can use iDRAC6 Web interface to turn on a blue flashing LED on the server.
Table 20-11 describes the commands that can be entered on the Diagnostics Console screen. Enter a command and click Submit. The debugging results appear in the Diagnostics Console screen. Click the Clear button to clear the results displayed by the previous command. To refresh the Diagnostics Console screen, click Refresh. Table 20-11. Diagnostic Commands Command Description arp Displays the contents of the Address Resolution Protocol (ARP) table. ARP entries may not be added or deleted.
NOTE: You must have Execute Server Action Commands permission to perform power management actions. See "Adding and Configuring iDRAC6 Users" for help configuring user permissions. 1 Click System, then click the Power Management→Power Control tab. 2 Select a Power Control Operation, for example Reset System (warm boot). Table 20-12 provides information about Power Control Actions. 3 Click Apply to perform the selected action. Table 20-12.
Troubleshooting and Frequently Asked Questions Table 20-13 contains frequently asked questions about troubleshooting issues. Table 20-13. Frequently Asked Questions/Troubleshooting Question Answer The LED on the server is blinking amber. Check the SEL for messages and then clear the SEL to stop the blinking LED.
Table 20-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer For example: $ racadm getniccfg -m server-1 DHCP Enabled IP Address Subnet Mask Gateway = = = = 1 192.168.0.1 255.255.255.0 192.168.0.1 From local RACADM: Enter the following command at a command prompt: racadm getsysinfo From the LCD: 1 On the Main Menu, highlight Server and press the check button. 2 Select the server whose IP address you seek and press the check button.
Table 20-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of CMC? From iDRAC6 Web interface: • Click System→Remote Access→CMC. The CMC IP address is displayed on the CMC Summary screen. From the iKVM: • Select the "Dell CMC" console in the OSCAR to log in to the CMC through a local serial connection. CMC RACADM commands can be issued from this connection.
Table 20-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer I have forgotten iDRAC6 administrative user name and password. You must restore iDRAC6 to its default settings. 1 Reboot the server and press when prompted to enter iDRAC6 Configuration Utility. 2 On iDRAC6 Configuration Utility menu, highlight Reset to Default and press . NOTE: You can also reset iDRAC6 from local RACADM by issuing racadm racresetcfg. For more information, see "Reset to Default.
Table 20-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer When attempting to boot the managed server, the power indicator is green, but there is no POST or no video at all. This can happen if any of the following conditions is true: • Memory is not installed or is inaccessible. • The CPU is not installed or is inaccessible. • The video riser card is missing or improperly connected. Also, look for error messages in iDRAC6 log from iDRAC6 Web interface or from the LCD.
Recovering and Troubleshooting the Managed System
RACADM Subcommand Overview This section provides descriptions of the subcommands that are available in the RACADM command line interface. CAUTION: The latest iDRAC6 firmware supports only the latest RACADM version. You may encounter errors if you use an older version of RACADM to query iDRAC6 with the latest firmware. Install the RACADM version shipped with your latest Dell™ OpenManage™ DVD media. CAUTION: Some RACADM commands described in this chapter are not available with OpenManage™ version 6.1 release.
Output The racadm help command displays a complete list of subcommands. The racadm help command displays information for the specified subcommand only. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM config Table A-2 describes the config subcommand. Table A-2. config/getconfig Subcommand Definition config Configures iDRAC6.
NOTE: See "iDRAC6 Enterprise Property Database Group and Object Definitions" for information on the group and object to be used with this command. Input Table A-3 describes the config subcommand options. Table A-3. config Subcommand Options and Descriptions Option Description -f The -f option causes config to read the contents of the file specified by and configure iDRAC6. The file must contain data in the format specified in "Configuration File Syntax" on page 265.
Examples • racadm config -g cfgLanNetworking -o cfgNicIpAddress 10.35.10.110 Sets the cfgNicIpAddress configuration parameter (object) to the value 10.35.10.110. This IP address object is contained in the group cfgLanNetworking. • racadm config -f myrac.cfg Configures or reconfigures iDRAC6. The myrac.cfg file may be created with the getconfig command. The myrac.cfg file may also be edited manually as long as the parsing rules are followed. NOTE: The myrac.cfg file does not contain passwords.
Table A-4. getconfig Subcommand Options (continued) Option Description -g The -g , or group, option can be used to display the configuration for a single group. The groupName is the name for the group used in the racadm.cfg files. If the group is an indexed group, use the -i option. -h The -h, or help, option displays a list of all available configuration groups that you can use. This option is useful when you do not remember exact group names.
• racadm getconfig -f myrac.cfg Saves all group configuration objects from iDRAC6 to myrac.cfg. • racadm getconfig -h Displays a list of the available configuration groups on iDRAC6. • racadm getconfig -u root Displays the configuration properties for the user named root. • racadm getconfig -g cfgUserAdmin -i 2 -v Displays the user group instance at index 2 with extensive information for the property values.
Synopsis racadm getssninfo [-A] [-u | *] Description The getssninfo command returns a list of users that are connected to iDRAC6.
Table A-7. getssninfo Subcommand Output Example User IP Address Type Consoles root 192.168.0.10 Telnet Virtual KVM • racadm getssninfo -A "root" 143.166.174.19 "Telnet" "NONE" • racadm getssninfo -A -u * "root" "143.166.174.19" "Telnet" "NONE" • "bob" "143.166.174.19" "GUI" "NONE" getsysinfo Table A-8 describes the racadm getsysinfo subcommand. Table A-8. getsysinfo Command Definition getsysinfo Displays information related to iDRAC6.
Table A-9. getsysinfo Subcommand Options Option Description -d Displays iDRAC6 information. -s Displays system information -w Displays watchdog information -A Eliminates the printing of headers/labels. –4 Displays iDRAC6 IPv4 information. –6 Displays iDRAC6 IPv6 information. Output The getsysinfo subcommand displays information related to iDRAC6, the managed server, and the watchdog configuration.
IPv4 settings: Enabled = 1 Current IP Address = 10.35.0.64 Current IP Gateway = 10.35.0.1 Current IP Netmask = 255.255.255.0 DHCP Enabled = 1 Current DNS Server 1 = 10.32.60.4 Current DNS Server 2 = 10.32.60.
Current IP Address 14 = :: Current IP Address 15 = :: DNS Servers from DHCPv6 = 0 Current DNS Server 1 = :: Current DNS Server 2 = :: System Information: System Model = System BIOS Version = BMC Firmware Version = 02.
Examples • racadm getsysinfo -A -s "System Information:" "PowerEdge M600" "0.2.1" "0.32" "48192" "dell-x92i38xc2n" "" "ON" • racadm getsysinfo -w -s System Information: System Model System BIOS Version BMC Firmware Version Service Tag Host Name OS Name Power Status = PowerEdge M600 = 0.2.1 = 0.
Synopsis racadm getractime [-d] Description With no options, the getractime subcommand displays the time in a common readable format. With the -d option, getractime displays the time in the format, yyyymmddhhmmss.mmmmmms, which is the same format returned by the UNIX® date command. Output The getractime subcommand displays the output on one line. Sample Output racadm getractime Thu Dec 8 20:15:26 2005 racadm getractime -d 20071208201542.
Synopsis racadm setniccfg -d racadm setniccfg -s [ ] racadm setniccfg -o [ ] Description The setniccfg subcommand sets iDRAC6 IP address. • The -d option enables DHCP for the NIC (default is DHCP enabled). • The -s option enables static IP settings. The IP address, netmask, and gateway can be specified. Otherwise, the existing static settings are used. , , and must be entered as dotseparated strings.
getniccfg Table A-12 describes the getniccfg subcommand. Table A-12. getniccfg Subcommand Definition getniccfg Displays the current IP configuration for iDRAC6. Synopsis racadm getniccfg Description The getniccfg subcommand displays the current NIC settings. Sample Output The getniccfg subcommand will display an appropriate error message if the operation is not successful.
IP Address 2 = :: IP Address 3 = :: IP Address 4 = :: IP Address 5 = :: IP Address 6 = :: IP Address 7 = :: IP Address 8 = :: IP Address 9 = :: IP Address 10 = :: IP Address 11 = :: IP Address 12 = :: IP Address 13 = :: IP Address 14 = :: IP Address 15 = :: NOTE: IPv6 information is displayed only if iDRAC6 supports IPv6.
Description The getsvctag subcommand displays the service tag of the host system. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM racreset Table A-14 describes the racreset subcommand. Table A-14. racreset Subcommand Definition racreset Resets iDRAC6. NOTE: When you issue a racreset subcommand, iDRAC6 may require up to two minutes to return to a usable state. Synopsis racadm racreset Description The racreset subcommand issues a reset to iDRAC6.
racresetcfg Table A-15 describes the racresetcfg subcommand. Table A-15. racresetcfg Subcommand Definition racresetcfg Resets the entire iDRAC6 configuration to factory default values. NOTE: The racresetcfg subcommand does not reset the cfgDNSRacName object. Synopsis racadm racresetcfg Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM Description The racresetcfg command removes all user-configured database property entries.
Synopsis racadm serveraction Description The serveraction subcommand enables users to perform power management operations on the host system. Table A-17 describes the serveraction power control options. Table A-17. serveraction Subcommand Options String Definition Specifies the action. The string options are: • powerdown — Powers down the managed server. • powerup — Powers up the managed server. • powercycle — Issues a power-cycle operation on the managed server.
Table A-18. getraclog Command Definition getraclog -i Displays the number of entries in iDRAC6 log. getraclog Displays iDRAC6 log entries. Synopsis racadm getraclog -i racadm getraclog [-A] [-o] [-c count] [-s startrecord] [-m] Description The getraclog -i command displays the number of entries in iDRAC6 log. NOTE: If no options are provided, the entire log is displayed. The following options allow the getraclog command to read entries: Table A-19.
Sample Output Record: Date/Time: Source: Description: 1 Dec 8 08:10:11 login[433] root login from 143.166.157.103 Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM clrraclog Synopsis racadm clrraclog Description The clrraclog subcommand removes all existing records from iDRAC6 log. A new single record is created to record the date and time when the log was cleared. getsel Table A-20 describes the getsel command. Table A-20.
racadm getsel [-E] [-R] [-A] [-o] [-c count] [-s count] [-m] Description The getsel -i command displays the number of entries in the SEL. The following getsel options (without the -i option) are used to read entries. NOTE: If no arguments are specified, the entire log is displayed. Table A-21. getsel Subcommand Options Option Description -A Specifies output with no display headers or labels. -c Provides the maximum count of entries to be returned. -o Displays the output in a single line.
• telnet/ssh RACADM clrsel Synopsis racadm clrsel Description The clrsel command removes all existing records from the System Event Log (SEL). Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM gettracelog Table A-22 describes the gettracelog subcommand. Table A-22. gettracelog Command Definition gettracelog -i Displays the number of entries in the iDRAC trace log. gettracelog Displays the iDRAC trace log.
Table A-23. gettracelog Subcommand options Option Description -i Displays the number of entries in the iDRAC trace log. -m Displays one screen at a time and prompts the user to continue (similar to the UNIX more command). -o Displays the output in a single line. -c specifies the number of records to display. -s specifies the starting record to display. -A do not display headers or labels. Output The default output display shows the record number, timestamp, source, and description.
sslcsrgen Table A-24 describes the sslcsrgen subcommand. Table A-24. sslcsrgen Subcommand Description sslcsrgen Generates and downloads an SSL certificate signing request (CSR) from the RAC. Synopsis racadm sslcsrgen [-g] [-f ] racadm sslcsrgen -s Description The sslcsrgen subcommand can be used to generate a CSR and download the file to the client’s local file system. The CSR can be used for creating a custom SSL certificate that can be used for SSL transactions on the RAC.
The sslcsrgen -s subcommand returns one of the following status codes: • CSR was generated successfully. • CSR does not exist. • CSR generation in progress. NOTE: Before a CSR can be generated, the CSR fields must be configured in the RACADM cfgRacSecurity group. For example: racadm config -g cfgRacSecurity -o cfgRacSecCsrCommonName MyCompany Examples racadm sslcsrgen -s or racadm sslcsrgen -g -f c:\csr\csrtest.
Options Table A-27 describes the sslcertupload subcommand options. Table A-27. sslcertupload Subcommand Options Option Description -t Specifies the type of certificate to upload, either the CA certificate or server certificate. 1 = server certificate 2 = CA certificate -f Specifies the file name of the certificate to be uploaded. If the file is not specified, the sslcert file in the current directory is selected.
Options Table A-29 describes the sslcertdownload subcommand options. Table A-29. sslcertdownload Subcommand Options Option Description -t Specifies the type of certificate to download, either the Microsoft® Active Directory® certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -f Specifies the file name of the certificate to be downloaded. If the -f option or the filename is not specified, the sslcert file in the current directory is selected.
Options Table A-31 describes the sslcertview subcommand options. Table A-31. sslcertview Subcommand Options Option Description -t Specifies the type of certificate to view, either the Microsoft Active Directory certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -A Prevents printing headers/labels.
Valid From Valid To : Jul : Jul 8 16:21:56 2005 GMT 7 16:21:56 2010 GMT racadm sslcertview -t 1 -A 00 US Texas Round Rock Dell Inc. Remote Access Group iDRAC default certificate US Texas Round Rock Dell Inc. Remote Access Group iDRAC default certificate Jul 8 16:21:56 2005 GMT Jul 7 16:21:56 2010 GMT Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM testemail Table A-32 describes the testemail subcommand. Table A-32.
Synopsis racadm testemail -i Description Sends a test e-mail from iDRAC6 to a specified destination. Prior to executing the testemail command, ensure that the SMTP server is configured and the specified index in the RACADM cfgEmailAlert group is enabled and configured properly. Table A-33 provides an example of commands for the cfgEmailAlert group. Table A-33.
Table A-34. testemail Subcommand Option Option Description -i Specifies the index of the e-mail alert to test. Output Success: Test email sent successfully Failure: Unable to send test email Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM testtrap Table A-35 describes the testtrap subcommand. Table A-35. testtrap Subcommand Description testtrap Tests iDRAC6 SNMP trap-alerting feature.
Table A-36. cfg e-mail Alert Commands Action Command Enable the alert racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i 1 1 Set the destination e-mail IP address racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIpAddr -i 1 192.168.0.110 View the current test trap racadm getconfig -g cfgIpmiPet -i settings where is a number from 1 to 4 Input Table A-37 describes the testtrap subcommand options. Table A-37.
The vmdisconnect subcommand enables iDRAC6 user to disconnect all active virtual media sessions. The active virtual media sessions can be displayed in iDRAC6 Web interface or by using the RACADM getsysinfo subcommand.
Legal Values 0 = Enable 1 = Disable Supported Interfaces • Local RACADM fwupdate NOTE: To use this command, you must have Configure iDRAC6 permission. Table A-38 describes the fwupdate subcommand. Table A-38.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM Input Table A-39 describes the fwupdate subcommand options. NOTE: The -p option is not supported with the remote or the Telnet/SSH console. The -p option is also not supported on Linux Operating Systems. Table A-39. fwupdate Subcommand Options Option Description -u The update option performs a checksum of the firmware update file and starts the actual update process. This option may be used along with the -g or -p options.
Examples • racadm fwupdate -g -u - a 143.166.154.143 -d In this example, the -g option tells the firmware to download the firmware update file from a location (specified by the -d option) on the TFTP server at a specific IP address (specified by the -a option). After the image file is downloaded from the TFTP server, the update process begins. When completed, iDRAC6 is reset. • racadm fwupdate -s This option reads the current status of the firmware update.
Example racadm krbkeytabupload -f c:\keytab\krbkeytab.tab Supported Interfaces • Remote RACADM • Local RACADM vmkey Synopsis racadm vmkey [ reset ] Description The vmkey subcommand resets the virtual media key to the default size of 256MB.
Supported Interfaces • Remote RACADM • Local RACADM • ssh/telnet RACADM arp NOTE: To use this command, you must have Administrator privilege. Table A-42 describes the arp command. Table A-42. arp Command Command Definition arp Displays the contents of the ARP table. ARP table entries cannot be added or deleted. Synopsis racadm arp Description Display the Address Resolution Protocol (ARP) table.
Table A-43. coredump Subcommand Definition coredump Displays the last iDRAC6 core dump. Synopsis racadm coredump Description The coredump subcommand displays detailed information related to any recent critical issues that have occurred with iDRAC6. The coredump information can be used to diagnose these critical issues.
Table A-44. coredumpdelete coredumpdelete Deletes the core dump stored in iDRAC6. Synopsis racadm coredumpdelete Description The coredumpdelete subcommand can be used to clear any currently resident coredump data stored in iDRAC6. NOTE: If a coredumpdelete command is issued and a coredump is not currently stored in iDRAC6, the command will display a success message. This behavior is expected. See the coredump subcommand for more information on viewing a coredump.
Supported Interfaces • Remote RACADM • telnet/ssh RACADM netstat NOTE: To use this command, you must have Execute Diagnostic Commands permission. Table A-46 describes the netstat subcommand. Table A-46. netstat Subcommand Definition netstat Displays the routing table and the current connections. Synopsis racadm netstat Supported Interfaces • Remote RACADM • telnet/ssh RACADM ping NOTE: To use this command, you must have Execute Diagnostic Commands or Configure iDRAC6 permission.
Synopsis racadm ping Supported Interfaces • Remote RACADM • telnet/ssh RACADM ping6 NOTE: To use this command, you must have Execute Diagnostic Commands or Configure iDRAC6 permission. Table A-48 describes the ping6 subcommand. Table A-48. ping6 Subcommand Definition ping6 Verifies that the destination IPv6 address is reachable from iDRAC6 with the current routing-table contents. A destination IPv6 address is required.
Table A-49. racdump racdump Displays status and general iDRAC6 information. Synopsis racadm racdump Description The racdump subcommand provides a single command to get dump, status, and general iDRAC6 board information.
Synopsis racadm traceroute racadm traceroute 192.168.0.1 traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 40 byte packets 1 192.168.0.1 (192.168.0.1) 0.801 ms 0.246 ms 0.253 ms Description Traces a route using IPv4 to a destination on the network. Supported Interfaces • Remote RACADM • telnet/ssh RACADM traceroute6 NOTE: To use this command, you must have Administrator permission. Table A-51 describes the traceroute6 subcommand. Table A-51.
Description Traces a route using IPv6 to a destination on the network. Supported Interfaces • Remote RACADM • telnet/ssh RACADM remoteimage NOTE: To use this command, you must have Administrator permission. Table A-52 describes the remoteimage subcommand. Table A-52. remoteimage Subcommand Definition remoteimage Connects, disconnects, or deploys a media file on a remote server.
Description Connects, disconnects, or deploys a media file on a remote server.
RACADM Subcommand Overview
iDRAC6 Enterprise Property Database Group and Object Definitions iDRAC6 property database contains the configuration information for iDRAC6. Data is organized by associated object, and objects are organized by object group. The IDs for the groups and objects that the property database supports are listed in this section. Use the group and object IDs with the RACADM utility to configure iDRAC6. The following sections describe each object and indicate whether the object is readable, writable, or both.
idRacInfo This group contains display parameters to provide information about the specifics of iDRAC6 being queried. One instance of the group is allowed. The following subsections describe the objects in this group. idRacProductInfo (Read Only) Legal Values String of up to 63 ASCII characters. Default Integrated Dell Remote Access Controller. Description A text string that identifies the product. idRacDescriptionInfo (Read Only) Legal Values String of up to 255 ASCII characters.
Default None Description A string containing the current product firmware version. idRacBuildInfo (Read Only) Legal Values String of up to 16 ASCII characters. Default The current RAC firmware build version. For example, 05.12.06. Description A string containing the current product build version. idRacName (Read Only) Legal Values String of up to 15 ASCII characters. Default iDRAC Description A user assigned name to identify this controller.
Description Identifies the remote access controller type as iDRAC6. cfgOobSnmp This group contains parameters to configure the SNMP agent and trap capabilities of the iDRAC. One instance of the group is allowed. The following subsections describe the objects in this group. cfgOobSnmpAgentCommunity (Read/Write) Legal Values String. Maximum length = 31 Default public Description Specifies the SNMP Community Name used for SNMP traps.
cfgLanNetworking This group contains parameters to configure iDRAC6 NIC. One instance of the group is allowed. All objects in this group will require iDRAC6 NIC to be reset, which may cause a brief loss in connectivity. Objects that change iDRAC6 NIC IP address settings will close all active user sessions and require users to reconnect using the updated IP address settings. NOTE: For any network property changes on iDRAC6 to be successfully executed through RACADM, you must first enable iDRAC6 NIC.
Description Specifies that iDRAC6 DNS domain name should be assigned from the network DHCP server. cfgDNSDomainName (Read/Write) Legal Values String of up to 254 ASCII characters. At least one of the characters must be alphabetic. Characters are restricted to alphanumeric, hyphens, and periods. NOTE: Microsoft® Active Directory® only supports Fully Qualified Domain Names (FQDN) of 64 characters or fewer length. Default (blank) Description The DNS domain name.
cfgDNSRegisterRac (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Registers iDRAC6 name on the DNS server. cfgDNSServersFromDHCP (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies that the DNS server IP addresses should be assigned from the DHCP server on the network. cfgDNSServer1 (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 0.0.0.
Description Specifies the IP address for DNS server 1. This property is only valid if cfgDNSServersFromDHCP is set to 0 (FALSE). NOTE: cfgDNSServer1 and cfgDNSServer2 may be set to identical values while swapping addresses. cfgDNSServer2 (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 0.0.0.0 Description Retrieves the IP address for DNS server 2. This parameter is only valid if cfgDNSServersFromDHCP is set to 0 (FALSE).
cfgNicIpAddress (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 192.168.0.n where n is 120 plus the server slot number. Description Specifies the static IP address to assign to the RAC. This property is only valid if cfgNicUseDhcp is set to 0 (FALSE).
Default 192.168.0.1 Description The gateway IP address used for static assignment of the RAC IP address. This property is only valid if cfgNicUseDhcp is set to 0 (FALSE). cfgNicUseDhcp (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies whether DHCP is used to assign iDRAC6 IP address. If this property is set to 1 (TRUE), then iDRAC6 IP address, subnet mask, and gateway are assigned from the DHCP server on the network.
cfgNicVLanEnable (Read Only) NOTE: VLAN settings can be configured through the CMC Web Interface. iDRAC6 displays only the current VLAN settings and you cannot modify the settings from iDRAC6. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the VLAN capabilities of iDRAC6 from CMC. cfgNicVLanID (Read Only) Legal Values 1-4094 Default 1 Description Specifies the VLAN ID for the network VLAN configuration in CMC.
Description Specifies the VLAN Priority for the network VLAN configuration in CMC. This property is only valid if cfgNicVLanEnable is set to 1 (enabled). cfgIPv6URL This group specifies properties used to configure the iDRAC6 IPv6 URL. cfgIPv6URLstring (Read Only) Legal Values A string of up to 80 characters. Default Description The iDRAC6 IPv6 URL. cfgIPv6LanNetworking This group is used to configure the IPv6 over LAN networking capabilities.
Description Enables or disables iDRAC6 IPv6 stack. cfgIPv6Address1 (Read/Write) Legal Values A string representing a valid IPv6 entry. Default :: Description An iDRAC6 IPv6 address. cfgIPv6Gateway (Read/Write) Legal Values A string representing a valid IPv6 entry. Default :: Description iDRAC6 gateway IPv6 address. cfgIPv6PrefixLength (Read/Write) Legal Values 1-128 Default 0 Description The prefix length for iDRAC6 IPv6 address 1.
cfgIPv6AutoConfig (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IPv6 AutoConfig option. cfgIPv6LinkLocalAddress (Read Only) Legal Values A string representing a valid IPv6 entry. Default :: Description iDRAC6 IPv6 link local address. cfgIPv6Address2 (Read Only) Legal Values A string representing a valid IPv6 entry. Default :: Description An iDRAC6 IPv6 address.
cfgIPv6DNSServersFromDHCP6 (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies whether cfgIPv6DNSServer1 and cfgIPv6DNSServer2 are static or DHCP IPv6 addresses. cfgIPv6DNSServer1 (Read/Write) Legal Values A string representing a valid IPv6 entry. Default :: Description An IPv6 DNS server address. cfgIPv6DNSServer2 (Read/Write) Legal Values A string representing a valid IPv6 entry. Default :: Description An IPv6 DNS server address.
cfgIPv6DNSServer2 (Read/Write) Legal Values A string representing a valid IPv6 entry. Default :: Description An IPv6 DNS server address. cfgIPv6Addr2PrefixLength (Read Only) Legal Values 1-128 Default 0 Description The prefix length for iDRAC6 IPv6 address 2.
Default cfgIPv6Addr3PrefixLength (Read Only) Legal Values 1-128 Default cfgIPv6Addr3Length (Read Only) Legal Values 1-40 Default cfgIPv6Address3 (Read Only) Legal Values String representing a valid IPv6 entry.
cfgIPv6Addr4Length (Read Only) Legal Values 1-40 Default cfgIPv6Address4 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Addr5PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr5Length (Read Only) Legal Values 1-40 Default cfgIPv6Address5 (Read Only) Legal Values String representing a valid IPv6 entry.
Default cfgIPv6Addr6PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr6Length (Read Only) Legal Values 1-40 Default cfgIPv6Address6 (Read Only) Legal Values String representing a valid IPv6 entry.
cfgIPv6Addr7Length (Read Only) Legal Values 1-40 Default cfgIPv6Address7 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Addr8PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr8Length (Read Only) Legal Values 1-40 Default cfgIPv6Address8 (Read Only) Legal Values String representing a valid IPv6 entry.
Default cfgIPv6Addr9PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr9Length (Read Only) Legal Values 1-40 Default cfgIPv6Address9 (Read Only) Legal Values String representing a valid IPv6 entry.
cfgIPv6Addr10Length (Read Only) Legal Values 1-40 Default cfgIPv6Address10 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Addr11PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr11Length (Read Only) Legal Values 1-40 Default cfgIPv6Address11 (Read Only) Legal Values String representing a valid IPv6 entry.
Default cfgIPv6Addr12PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr12Length (Read Only) Legal Values 1-40 Default cfgIPv6Address12 (Read Only) Legal Values String representing a valid IPv6 entry.
cfgIPv6Addr13Length (Read Only) Legal Values 1-40 Default cfgIPv6Address13 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Addr14PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr14Length (Read Only) Legal Values 1-40 Default cfgIPv6Address14 (Read Only) Legal Values String representing a valid IPv6 entry.
Default cfgIPv6Addr15PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr15Length (Read Only) Legal Values 1-40 Default cfgIPv6Address15 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgUserAdmin This group provides configuration information about the users who are allowed to access the RAC through the available remote interfaces. Up to 16 instances of the user group are allowed.
cfgUserAdminIndex (Read Only) Legal Values This parameter is populated based on the existing instances. Default 1 – 16 Description The unique index of a user. cfgUserAdminIpmiLanPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) 15 (No access) Default 4 (User 2) 15 (All others) Description The maximum privilege on the IPMI LAN channel.
Description This property specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values. Table B-1 describes the user privilege bit values that can be combined to create bit masks. Table B-1.
Table B-2. Sample Bit Masks for User Privileges (continued) User Privilege(s) Privilege Bit Mask The user may login to RAC, access virtual media, and access console redirection. 0x00000001 + 0x00000040 + 0x00000080 = 0x000000C1 cfgUserAdminUserName (Read/Write) Legal Values String. Maximum length = 16 Default (blank) Description The name of the user for this index. The user index is created by writing a string into this name field if the index is empty.
cfgUserAdminEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables an individual user. cfgUserAdminSolEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Serial Over LAN (SOL) user access. cfgEmailAlert This group contains parameters to configure the RAC e-mail alerting capabilities. The following subsections describe the objects in this group. Up to four instances of this group are allowed.
Default This parameter is populated based on the existing instances. Description The unique index of an alert instance. cfgEmailAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies the destination email address for email alerts. For example, user1@company.com. cfgEmailAlertAddress (Read/Write) Legal Values E-mail address format, with a maximum length of 64 ASCII characters. Default (blank) Description The e-mail address of the alert source.
Default (blank) Description Specifies a custom message that is sent with the alert. cfgSessionManagement This group contains parameters to configure the number of sessions that can connect to iDRAC6. One instance of the group is allowed. The following subsections describe the objects in this group. cfgSsnMgtConsRedirMaxSessions (Read/Write) Legal Values 1–2 Default 2 Description Specifies the maximum number of console redirection sessions allowed on iDRAC6.
Description Defines the Web server time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session; you must log out and log in again to make the new settings effective. An expired Web server session logs out the current session.
Default 1800 Description Defines the Telnet idle time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session (you must log out and log in again to make the new settings effective).
cfgSerialTelnetEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the Telnet console interface on iDRAC6. cfgRemoteHosts This group provides properties that allow configuration of the SMTP server for e-mail alerts. cfgRhostsSmtpServerIpAddr (Read/Write) Legal Values A string representing a valid SMTP server IP address. For example: 192.168.0.56. Default 0.0.0.0 Description The IP address of the network SMTP server.
Default 1 Description Enables or disables the iDRAC6 firmware update from a network TFTP server. cfgRhostsFwUpdateIpAddr (Read/Write) Legal Values A string representing a valid IP address. Default 0.0.0.0 Description Specifies the network TFTP server IP address that is used for TFTP iDRAC6 firmware update operations. cfgRhostsFwUpdatePath (Read/Write) Legal Values A string with a maximum length of 255 ASCII characters.
cfgRhostsSyslogEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables remote syslog. cfgRhostsSyslogPort (Read/Write) Legal Values 0 — 65535 Default 514 Description Remote syslog port number. cfgRhostsSyslogServer1 (Read/Write) Legal Values String from 0 to 511 characters. Default Description Name of remote syslog server.
cfgRhostsSyslogServer2 (Read/Write) Legal Values String from 0 to 511 characters. Default Description Name of remote syslog server. cfgRhostsSyslogServer3 (Read/Write) Legal Values String from 0 to 511 characters. Default Description Name of remote syslog server. cfgUserDomain This group is used to configure the Active Directory user domain names. A maximum of 40 domain names can be configured at any given time.
Description Represents a specific domain. cfgUserDomainName (Read/Write) Legal Values A string of up to 255 characters. Default (blank) Description Specifies the Active Directory user domain name. cfgServerPower This group provides several power management features. cfgServerPowerStatus (Read Only) Legal Values 1 = TRUE 0 = FALSE Default 0 Description Represents the server power state, either ON or OFF. cfgServerPowerServerAllocation (Read Only) Legal Values String of up to 32 characters.
Default (blank) Description Represents the available power supply for server usage. cfgServerPowerActualPowerConsumption (Read Only) Legal Values String of up to 32 characters. Default (blank) Description Represents the power consumed by the server at the current time. cfgServerPowerPeakPowerConsumption (Read Only) Legal Values String of up to 32 characters. Default (blank) Description Represents the maximum power consumed by the server until the current time.
Default (blank) Description Time when the maximum power consumption was recorded. cfgServerPowerConsumptionClear (Write Only) Legal Values 0, 1 Default 0 Description Resets the cfgServerPeakPowerConsumption property to 0 and the cfgServerPeakPowerConsumptionTimestamp property to the current iDRAC6 time. cfgServerPowerCapWatts (Read Only) Legal Values String of up to 32 characters. Default (blank) Description Represents the server power threshold in Watts.
Default (blank) Description Represents the server power threshold in BTU/hr. cfgServerPowerCapPercent (Read Only) Legal Values String of up to 32 characters. Default (blank) Description Represents the server power threshold in percentage. cfgRacTuning This group is used to configure various iDRAC6 configuration properties, such as valid ports and security port restrictions.
cfgRacTuneHttpsPort (Read/Write) Legal Values 10 – 65535 Default 443 Description Specifies the port number to use for HTTPS network communication with iDRAC6. cfgRacTuneIpRangeEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP Address Range validation feature of iDRAC6. cfgRacTuneIpRangeAddr Legal Values An IP address-formatted string. For example, 192.168.0.44. Default 192.168.1.
cfgRacTuneIpRangeMask Legal Values Standard IP mask values with left-justified bits. Default 255.255.255.0 Description An IP address-formatted string. For example, 255.255.255.0. cfgRacTuneIpBlkEnable Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP address blocking feature of the RAC.
cfgRacTuneIpBlkFailWindow Legal Values 10 – 65535 Default 60 Description Defines the time span in seconds that the failed attempts are counted. When failure attempts age beyond this limit, they are dropped from the count. cfgRacTuneIpBlkPenaltyTime Legal Values 10 – 65535 Default 300 Description Defines the time span in seconds that session requests from an IP address with excessive failures are rejected.
cfgRacTuneConRedirEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables console redirection. cfgRacTuneTelnetPort (Read/Write) Legal Values 1 – 65535 Default 23 Description Specifies the port number used for iDRAC6 Telnet interface. cfgRacTuneConRedirEncryptEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Encrypts the video in a console redirection session.
cfgRacTuneConRedirPort (Read/Write) Legal Values 1 – 65535 Default 5900 Description Specifies the port to be used for keyboard and mouse traffic during console redirection activity with iDRAC6. cfgRacTuneConRedirVideoPort (Read/Write) Legal Values 1 – 65535 Default 5901 Description Specifies the port to be used for video traffic during console redirection activity with iDRAC6. NOTE: This object requires an iDRAC6 reset before it becomes active.
Description Enables or disables iDRAC6 last-crash-screen capture feature. NOTE: This object requires an iDRAC6 reset before it becomes active. cfgRacTuneWebserverEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables and disables iDRAC6 Web server. If this property is disabled, iDRAC6 will not be accessible using client Web browsers. This property has no effect on the Telnet/SSH or local RACADM interfaces.
Default 0 Description Specifies the daylight savings offset (in minutes) to use for the RAC Time. cfgRacTuneTimezoneOffset (Read/Write) Legal Values –720 – 780 Default 0 Description Specifies the timezone offset (in minutes) from GMT/UTC to use for the RAC Time. Some common timezone offsets for timezones in the United States are shown below: –480 (PST — Pacific Standard Time) –420 (MST — Mountain Standard Time) –360 (CST — Central Standard Time) –300 (EST — Eastern Standard Time).
Description Disables write access to iDRAC6 configuration data. The default is for access to be enabled. NOTE: Access can be disabled using the Local RACADM or iDRAC6 Web interface; however, once disabled, access can be re-enabled only through iDRAC6 Web interface. ifcRacManagedNodeOs This group contains properties that describe the managed server operating system. One instance of the group is allowed. The following subsections describe the objects in this group.
cfgRacSecurity This group is used to configure settings related to iDRAC6 SSL certificate signing request (CSR) feature. The properties in this group must be configured before generating a CSR from iDRAC6. See the RACADM sslcsrgen subcommand details for more information on generating certificate signing requests. cfgSecCsrCommonName (Read/Write) Legal Values A string of up to 254 characters. Default Description Specifies the CSR Common Name (CN).
Description Specifies the CSR Organization Unit (OU). cfgSecCsrLocalityName (Read/Write) Legal Values A string of up to 254 characters. Default (blank) Description Specifies the CSR Locality (L). cfgSecCsrStateName (Read/Write) Legal Values A string of up to 254 characters. Default (blank) Description Specifies the CSR State Name (S). cfgSecCsrCountryCode (Read/Write) Legal Values A two-character string. Default (blank) Description Specifies the CSR Country Code (CC).
cfgSecCsrEmailAddr (Read/Write) Legal Values A string of up to 254 characters. Default (blank) Description Specifies the CSR Email Address. cfgSecCsrKeySize (Read/Write) Legal Values 512 1024 2048 Default 1024 Description Specifies the SSL asymmetric key size for the CSR. cfgRacVirtual This group contains parameters to configure iDRAC6 virtual media feature. One instance of the group is allowed. The following subsections describe the objects in this group.
2 = Auto Attach Default 0 Description This object is used to attach virtual devices to the system via the USB bus. When the devices are attached the server will recognize valid USB mass storage devices attached to the system. This is equivalent to attaching a local USB CDROM/floppy drive to a USB port on the system. When the devices are attached you then can connect to the virtual devices remotely using iDRAC6 Web interface or the CLI.
Default 0 Description Enables or disables the vFlash media key of iDRAC6. cfgVirtualFloppyEmulation (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description When set to 0, the virtual floppy drive is recognized as a removable disk by Windows operating systems. Windows operating systems will assign a drive letter that is C: or higher during enumeration. When set to 1, the Virtual Floppy drive will be seen as a floppy drive by Windows operating systems.
Description Enables or disables the IPMI over LAN interface. cfgIpmiLanPrivLimit (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the maximum privilege level allowed for IPMI over LAN access. cfgIpmiLanAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables global e-mail alerting. This property overrides all individual e-mail alerting enable/disable properties.
Default 0000000000000000000000000000000000000000 Description The IPMI encryption key. cfgIpmiPetCommunityName (Read/Write) Legal Values A string of up to 18 characters Default public Description The SNMP community name for traps. cfgIpmiPetIpv6 This group is used to configure IPv6 platform event traps on the managed server. cfgIpmiPetIPv6Index (Read Only) Legal Values 1–4 Default Description Unique identifier for the index corresponding to the trap.
cfgIpmiPetIPv6AlertDestIpAddr Legal Values String representing a valid IPv6 address. Default Description Configures the IPv6 alert destination IP address for the trap. cfgIpmiPetIPv6AlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IPv6 alert destination for the trap. cfgIpmiPef This group is used to configure the platform event filters available on the managed server.
Default The name of the index filter. Description Specifies the name of the platform event filter. cfgIpmiPefIndex (Read/Write) Legal Values 1 – 17 Default The index value of a platform event filter object. Description Specifies the index of a specific platform event filter. cfgIpmiPefAction (Read/Write) Legal Values 0 (None) 1 (Power Down) 2 (Reset) 3 (Power Cycle) Default 0 Description Specifies the action that is performed on the managed server when the alert is triggered.
cfgIpmiPefEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables a specific platform event filter. cfgIpmiPet This group is used to configure platform event traps on the managed server. cfgIpmiPetIndex (Read Only) Legal Values 1–4 Default The index value of a specific platform event trap. Description Unique identifier for the index corresponding to the trap. cfgIpmiPetAlertDestIpAddr (Read/Write) Legal Values A string representing a valid IPv4 address.
Description Specifies the destination IPv4 address for the trap receiver on the network. The trap receiver receives an SNMP trap when an event is triggered on the managed server. cfgIpmiPetAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables a specific trap. cfgSmartCard This group specifies properties used to support access to iDRAC6 using a smart card.
cfgSmartCardCRLEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the Certificate Revocation List (CRL). cfgActiveDirectory This group contains parameters to configure iDRAC6 Active Directory feature. cfgADSSOEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Active Directory single sign-on authentication on iDRAC6. cfgADRacDomain (Read/Write) Legal Values Any printable text string with no white space.
Default (blank) Description Active Directory Domain in which the DRAC resides. cfgADRacName (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default (blank) Description Name of iDRAC6 as recorded in the Active Directory forest. cfgADEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Active Directory user authentication on iDRAC6.
Legal Values 15 – 300 Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out. cfgADDomainController1 (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN). The maximum number of characters is 254. Default No default value Description iDRAC6 uses the value you specify to search the LDAP server for user names.
cfgADDomainController3 (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN). The maximum number of characters is 254. Default No default value. Description iDRAC6 uses the value you specify to search the LDAP server for user names. cfgADGlobalCatalog1 (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN). The maximum number of characters is 254. Default No default value.
Description iDRAC6 uses the value you specify to search the Global Catalog server for user names. cfgADGlobalCatalog3 (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN). The maximum number of characters is 254. Default No default value. Description iDRAC6 uses the value you specify to search the Global Catalog server for user names. cfgADType (Read/Write) Legal Values 1 = Enables Active Directory with the extended schema.
Default Description Enables or disables Active Directory certificate validation. cfgStandardSchema This group contains parameters to configure the Active Directory standard schema settings. cfgSSADRoleGroupIndex (Read Only) Legal Values 1–5 Description Index of the Role Group as recorded in the Active Directory. cfgSSADRoleGroupName (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters.
Default Description Active Directory Domain in which the Role Group resides. cfgSSADRoleGroupPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff Default Description Use the bit mask numbers in Table B-3 to set role-based authority privileges for a Role Group. Table B-3.
cfgIpmiSol This group is used to configure the Serial Over LAN (SOL) capabilities of the system. cfgIpmiSolEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables SOL. cfgIpmiSolBaudRate (Read/Write) Legal Values 9600, 19200, 57600, 115200 Default 115200 Description The baud rate for serial communication over LAN.
Default 4 Description Specifies the minimum privilege level required for SOL access. cfgIpmiSolAccumulateInterval (Read/Write) Legal Values 1 – 255 Default 10 Description Specifies the typical amount of time that iDRAC6 waits before transmitting a partial SOL character data packet. This value is 1-based 5ms increments. cfgIpmiSolSendThreshold (Read/Write) Legal Values 1 – 255 Default 255 Description The SOL threshold limit value.
iDRAC6 Enterprise Property Database Group and Object Definitions
Glossary Active Directory Active Directory® is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. AGP Abbreviation for accelerated graphics port, which is a bus specification that allows graphics cards faster access to main system memory.
CA A certificate authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains.
DHCP Abbreviation for Dynamic Host Configuration Protocol, which is a protocol that provides a means to dynamically allocate IP addresses to computers on a local area network. DLL Abbreviation for Dynamic Link Library, which is a library of small programs, any of which can be called when needed by a larger program that is running in the system. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (or file).
GPIO Abbreviation for general purpose input/output. GRUB Acronym for GRand Unified Bootloader, a new and commonly-used Linux loader. GUI Abbreviation for graphical user interface, which refers to a computer display interface that uses elements such as windows, dialog boxes, and buttons as opposed to a command prompt interface, in which all user interaction is displayed and entered in text. hardware log Records events generated by iDRAC6 and the CMC.
IPMI Abbreviation for Intelligent Platform Management Interface. IPMI defines a set of common interfaces to computer hardware and firmware which system administrators can use to monitor system health and manage the system. IPMI operates independently of the operating system and allows administrators to manage a system remotely even in the absence of the operating system or the system management software, or even if the monitored system is not powered on.
MAP Abbreviation for Manageability Access Point. Mbps Abbreviation for megabits per second, which is a data transfer rate. MIB Abbreviation for management information base. MII Abbreviation for Media Independent Interface. NAS Abbreviation for network attached storage. NIC Abbreviation for network interface card. An adapter circuit board installed in a computer to provide a physical connection to a network. OID Abbreviation for Object Identifiers.
RAM Acronym for random-access memory. RAM is general-purpose readable and writable memory on systems and iDRAC6. RAM disk A memory-resident program which emulates a hard drive. iDRAC6 maintains a RAM disk in its memory. RAC Abbreviation for remote access controller. ROM Acronym for read-only memory, which is memory from which data may be read, but to which data cannot be written.
SNMP trap A notification (event) generated by iDRAC6 or the CMC that contains information about state changes on the managed server or about potential hardware problems. SSH Abbreviation for Secure Shell. SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses Public key Cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.
USB Abbreviation for Universal Serial Bus. UTC Abbreviation for Universal Coordinated Time. See GMT. VLAN Abbreviation for Virtual Local Area Network. VNC Abbreviation for virtual network computing. VT-100 Abbreviation for Video Terminal 100, which is used by the most common terminal emulation programs. WAN Abbreviation for wide area network.
Glossary
Index A C Active Directory adding DRAC 5 users, 134 configuring access to the DRAC 5, 127 logging in to the DRAC 5, 151 managing certificates, 107 objects, 124 schema extensions, 123 using with extended schema, 123 using with standard schema, 140 using with the DRAC 5, 121 Certificate Signing Request. See CSR ActiveX console redirection plug-in, 212 alert management.
using with Active Directory, 123 configuring Local iDRAC6 users for Smart Card logon, 163 configuring multiple iDRACs with RACADM, 268 F configuring Smart Card Login, 161 Firefox tab behavior, 87 console redirection configuring, 209 opening a session, 211 using, 187, 207 firewall, opening ports, 34 CSR about, 102 generating, 104 D diagnostics console, 326 digital signature, verify, 57-60 Distributed Management Task Force (DMTF), 271 documents you may need, 35 firmware recovering with CMC, 60, 116 u
configuring with the web interface, 91 enabling, 260 updating the firmware, 55 iDRAC configuration utility configuring LAN user, 304 iDRAC KVM displaying OSCAR, 298 iDRAC service ports, 34 iDRAC6 resetting to factory defaults, 306 SSH, 77 iDRAC6 configuration utility, 40 configuring IPMI, 299 configuring network properties, 299 configuring virtual media, 303 starting, 298 iDRAC6 firmware rollback, 118 iDRAC6 web interface, 40, 60 ifconfig command, diagnostics console, 327 iKVM disabling during console redi
K configuring for console redirection, 208 installing the software, 79-80 network requirements, 67 key, verify, 58, 60 L last crash screen capturing on the managed server, 82 viewing, 314 Lifecycle Controller User Guide, 304 local RACADM, 41 localization, browser setup, 71 logs iDRAC, 324 post codes, 314 See also SEL server, 81 lost administrative password, 306 M Manageability Access Point.
OpenSSH, SSH client for Linux, 77 operating system installing (manual method), 236 installing (scripted method), 287 OSCAR displaying, 298 P password changing, 99 lost, 306 PEF configuring with RACADM, 254 configuring with the web interface, 95 PET configuring with RACADM, 255 configuring with the web interface, 94-95, 255 filterable platform events table, 94 ping command, diagnostics console, 327 post codes, viewing, 314 power management using SM-CLP, 278 using the web interface, 327 property database gr
configuring multiple iDRACS, 268 configuring network properties, 251 configuring PEF, 254 configuring PET, 255 configuring SOL, 253 configuring SSH service, 261 configuring telnet service, 261 installing and removing, 74 subcommands, 335 supported interfaces, 244 using, 241 RACADM subcommands arp, 373 clrraclog, 242, 355 clrsel, 242, 357 config, 82, 242, 336 coredump, 373 coredumpdelete, 374 fwupdate, 369 getconfig, 219, 242, 264, 338 getniccfg, 242, 349 getraclog, 242, 353 getractime, 242, 346 getsel, 355
See RACADM output formats, 277 power management, 278 syntax, 273 targets, 276 updating iDRAC firmware, 278 using the show verb, 276 SEL managing with SM-CLP, 278 managing with the iDRAC6 configuration utility, 306-307 managing with the web interface, 313 snap-in installing the Dell extension, 133 server instrumentation, 81 logs, 81 SNMP community string, 438 testing trap alert, 251 server certificate uploading, 105 viewing, 106 SOL configuring with RACADM, 253 configuring with the web interface, 97
T telnet backspace configuration, 77 client installation, 76 configuring iDRAC service with RACADM, 261 configuring iDRAC service with the web interface, 114 TFTP server, installing, 79 traceroute, 327 traceroute6, 327 Trivial File Transfer Protocol, see TFTP troubleshooting indications, 310 trusted domains list, adding iDRAC, 71 Two-factor-authentication TFA, 161 U Unified Server Configurator System Services, 304 configuring LAN user with the iDRAC configuration utility, 304 utilities dd, 288 iVMCLI, 287
web interface accessing, 86 browser configuration, 68 configuring ASR service, 114 configuring e-mail alerts, 96 configuring iDRAC services, 114 configuring IP blocking, 91 configuring IP filtering, 91 configuring IPMI LAN properties, 88, 97 configuring network properties, 88 configuring PEF, 95 configuring PET, 94-95, 255 configuring SOL, 97 configuring telnet service, 114 configuring the SSH service, 114 configuring the web server service, 114 logging in, 86 logging out, 87 updating firmware, 116 web serv
Index