Integrated Dell™ Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers Version 2.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. __________________ Information in this document is subject to change without notice. © 2009 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 iDRAC6 Enterprise Overview . . . . . . . . . . 27 . . . . . . . . . . . . . 28 . . . . . . . . . . . . . . . 28 IPv6 Ready Logo Certification . iDRAC6 Security Features . iDRAC6 Enterprise and VFlash Media . Supported Platforms . . . . . . . . . . 29 . . . . . . . . . . . . . . . . . . 31 Supported Operating Systems . . . . . . . . . . . . . . 31 . . . . . . . . . . . . . . . 31 . . . . . . . . 32 . . . . . . . . . . . . . . . . . . . . . . 32 . . . . . . . . . . . .
Configure Platform Events . . . . . . . . . . . . . Enabling or Disabling Local Configuration Access . . . . . . . . . . . . . . . . 43 Configure iDRAC6 Services . . . . . . . . . . . . . 43 Configure Secure Sockets Layer (SSL) . Configure Virtual Media. . . . . . . 44 . . . . . . . . . . . . . . 44 Configure a VFlash Media Card . . . . . . . . . . . 44 . . . . . . . 44 Install the Managed Server Software Configure the Managed Server for the Last Crash Screen Feature . . . . . . .
. . . . . . . . . . . 61 . . . . . . . . . . . . . . 61 Updating the USC Repair Package Configuring iDRAC6 For Use With IT Assistant . . . . . . . Using iDRAC6 Configuration Utility to Enable Discovery and Monitoring . . . . . . . . . . . . Using iDRAC6 Web Interface to Enable Discovery and Monitoring . . . . . . . . Using IT Assistant to View iDRAC6 Status and Events . . . . . . . . . 3 . . . . . . . . 62 . . . . . . . . . . . 64 Configuring the Management Station . . . . . . . . . . . . . . .
Installing iDRAC6 Software on the Management Station . . . . . . . . . . . . . . . . . . . Installing and Uninstalling RACADM on a Management Station . . . . . . . . . . . . . 73 Installing and Uninstalling RACADM on Linux . . . . . . . . . . . . . . . . . . . . . . . 73 Installing a Java Runtime Environment (JRE) . . . . . . 73 . . . . . . . . . . . . . 74 . . . . . . . . . . . . . . . . .
Using Multiple Browser Tabs and Windows . Configuring iDRAC6 NIC . . . . 85 . . . . . . . . . . . . . . . . 86 Configuring the Network, IPMI and VLAN Settings . . . . . . . . . . . . . . . . . 86 . . . . . . 91 . . . . . . . . . . . . . . 92 Configuring Platform Event Filters (PEF) . . . . . . 93 Configuring Platform Event Traps (PET) Configuring IP Filtering and IP Blocking Configuring Platform Events . . . . . . . 94 . . . . . . . . . . . . . 94 . . . . . . . . . . . . . . . 96 . .
. . . . . . . . . . . . . 118 . . . . . . . . . . . . . . 120 . . . . . 121 . . . . . . . . . . . . 122 Configuring iDRAC6 Services Updating iDRAC6 Firmware Updating iDRAC6 Firmware Using CMC iDRAC6 Firmware Rollback 6 Using iDRAC6 Directory Service . . . . . . Using iDRAC6 With Microsoft Active Directory . Prerequisites for Enabling Active Directory Authentication for iDRAC6 . . . 125 . . . . . . . . . 126 Supported Active Directory Authentication Mechanisms . . . . . . . . . . . . . . .
. . . . . 144 . . . . . . . . . . 146 Standard Schema Active Directory Overview Single Domain Versus Multiple Domain Scenarios . . . . . . . Configuring Standard Schema Active Directory to Access iDRAC6 . . . . . Configuring Active Directory With Standard Schema Using iDRAC6 Web Interface . . . . . . . . . . . . . 147 . . . . . . . . . 147 Configuring Active Directory With Standard Schema Using RACADM . Testing Your Configurations . . . . . . . . . 150 . . . . . . . . . . . . . .
7 Configuring Smart Card Authentication . . . . . . . . . . . . . . . . . . . . 169 . . . . . . . 169 . . . . . . . . . 170 . . . . . . . . . . . 171 Configuring Smart Card Login in iDRAC6 Logging Into iDRAC6 Using Active Directory Smart Card Authentication Troubleshooting the Smart Card Logon in iDRAC6 . . . . . . . . . 8 Enabling Kerberos Authentication . . . . 175 . . . . . 176 . . . . . . 178 . . . . . . . .
Integrated Dell Remote Access Controller 6 - Enterprise . . . . WWN/MAC . . . . . . . . . . . 185 . . . . . . . . . . . . . . . . . . . . . . . 187 . . . . . . . . . . . . . . . . . . . . . . 187 Server Health . . . . . . . . . . . . . . . . . . . . . . . 187 . . . . . . . . . . . . . . . . . . . . . . . . 187 . . . . . . . . . . . . . . . . . . . . . . 188 iDRAC6 CMC . Batteries Temperatures . . . . . . . . . . . . . . . . . . . . 188 . . . . . . . . . . . . . . . . . . . . . . 188 . .
Operating System Configuration . . . . . . . . . . . . Linux Enterprise Operating System . Windows 2003 Enterprise . . . . . . . . 204 . . . . . . . . . . . . 209 11 Using GUI Console Redirection . Overview . . . . . . . 211 . . . . . . . . . . . . . . . . . . . . . . . 211 . . . . . . . . . . . . . . 211 . . . . . . . . . . . 212 Using Console Redirection Clear Your Browser’s Cache Supported Screen Resolutions and Refresh Rates . . . . . . . . . . . . . . . . 213 . . . . . .
Configuring the VFlash Media Card Using iDRAC6 Web Interface . . . . SD Card Properties . VFlash Drive . . . . . . . . . . 232 . . . . . . . . . . . . . . . . 232 . . . . . . . . . . . . . . . . . . . . 234 . . . . . . . . . 235 . . . . . . . . . . . . . 235 Viewing the Virtual Flash Key Size Configuring the VFlash Media Card Using RACADM. . . . . . Enabling or Disabling the VFlash Media Card . . . . . . . . . . . . . . . . . . . . . 235 Resetting the VFlash Media Card. . . . . . . . . .
Using the RACADM Command Line Interface . . . . . . . . . . . . . RACADM Subcommands . . . . . . . . 249 . . . . . . . . . . . . . . . 250 . . . . . . . . . . . . 252 . . . . . . . . . . . 254 Supported RACADM Interfaces Using local RACADM Commands . . . 255 . . . . . . . 255 Using the RACADM Utility to Configure iDRAC6 Displaying Current iDRAC6 Settings . . . . . 256 . . . . . . . . . . . . . 257 . . . 257 . . . . . . . .
Using an iDRAC6 Configuration File . . . . . . . . . . . Creating an iDRAC6 Configuration File . Configuration File Syntax . . . . . . . 273 . . . . . . . . . . . . . 273 Modifying iDRAC6 IP Address in a Configuration File . . . . . . . . . . . . . . . . . 275 . . . . 276 . . . . . . . . . . . . . 277 Loading the Configuration File Into iDRAC6 Configuring Multiple iDRAC6s. 15 Power Monitoring and Power Management . . . . . . . . . . . . . . . 279 . . . . . . . . . . . . . . . . . . . .
SM-CLP Features . . . . . . . . . . . . . . . . . . . . 289 . . . . . . . . . 291 . . . . . . . . . . . . . . . . . . . . . . 292 Navigating the MAP Address Space Targets Using the Show Verb . . . . . . . . . . . . . . . . . . Using the -display Option . . . . . . . . . . . . . 292 . . . . . . . . . . . . . . 293 . . . . . . . . . . . . . 293 . . . . . . . . . . . . . . 293 . . . . . . . . . . . 293 . . . . . . . . . . . . . . . .
Preparing for Deployment . . . . . . . . . . . . . . . . Configuring the Remote Systems . Deploying the Operating System . . . . . . . . . 306 . . . . . . . . . . . . 307 Using the Virtual Media Command Line Interface Utility . . . . . . . . Installing the iVMCLI Utility . . . . . . . . . . . . 308 . . . . . . . . . . . . 309 . . . . . . . . . . . . . . 310 . . . . . . . . . . . . . . . . 310 . . . . . . 313 Command Line Options . iVMCLI Parameters .
20 Recovering and Troubleshooting the Managed System . . . . . . . . . . . . . . . 327 . . . . . . . . 327 . . . . . . . . . . . . . . . . . . . 328 . . . . . . . . . . . . . . . . . . 328 Safety First – For You and Your System Trouble Indicators LED Indicators Hardware Trouble Indicators . . . . . . . . . . . 329 . . . . . . . . . . . . . 329 . . . . . . . . . . . . . . . . 330 . . . . . . . . . . . 330 . . . . . . 331 . . . . . . . . . . . .
getsysinfo . . . . . . . . . . . . . . . . . . . . . . . . 360 getractime . . . . . . . . . . . . . . . . . . . . . . . . 364 setniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 365 getniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 367 getsvctag . . . . . . . . . . . . . . . . . . . . . . . . . 368 . . . . . . . . . . . . . . . . . . . . . . . . . 369 racreset racresetcfg . . . . . . . . . . . . . . . . . . . . . . . . 370 serveraction . . . . . . . . . . . . . . . .
localconredirdisable . fwupdate . . . . . . . . . . . . . . . . . 387 . . . . . . . . . . . . . . . . . . . . . . . . 387 krbkeytabupload . . . . . . . . . . . . . . . . . . . . 389 vmkey . . . . . . . . . . . . . . . . . . . . . . . . . . 390 version . . . . . . . . . . . . . . . . . . . . . . . . . 391 . . . . . . . . . . . . . . . . . . . . . . . . . . . 391 arp coredump . . . . . . . . . . . . . . . . . . . . . . . . 392 . . . . . . . . . . . . . . . . . . . . 393 ifconfig . . . .
B iDRAC6 Enterprise Property Database Group and Object Definitions . . . . . . . . . . . . . . . . 403 . . . . . . . . . . . . . . . . . 403 . . . . . . . . . . . . . . . . . . . . . . . . 404 . . . . . . . . . . . 404 . . . . . . . . . 404 Displayable Characters idRacInfo . . . . . . . . . . idRacProductInfo (Read Only) idRacDescriptionInfo (Read Only) . . . . . . . . . . . 404 . . . . . . . . . . . . 405 idRacVersionInfo (Read Only) idRacBuildInfo (Read Only) . . . . . . . . . . . . . .
cfgNicVLanID (Read Only) . . . . . . . . . . . . cfgNicVLanPriority (Read Only) . cfgIPv6URL . . . . . . . . . . 413 . . . . . . . . . . . . . . . . . . . . . . 414 . . . . . . . . . . 414 cfgIPv6URLstring (Read Only) cfgIPv6LanNetworking. . . . . . . . . . . . . . . . . 414 . . . . . . . . . . . . . . . . . . 414 cfgIPv6Address1 (Read/Write) . . . . . . . . . . 415 cfgIPv6Gateway (Read/Write) . . . . . . . . . . 415 cfgIPv6Enable . . . . . . . . . 415 . . . . . . . . . 416 . . . .
cfgUserAdmin . . . . . . . . . . . . . . . . . . . . . . cfgUserAdminIndex (Read Only) . . . . . . . . . . 421 . . . 421 . . . . . . . 421 cfgUserAdminIpmiLanPrivilege (Read/Write) cfgUserAdminPrivilege (Read/Write) . . . . . . 423 . . . . . . . 423 . . . . . . . . 424 cfgUserAdminUserName (Read/Write) cfgUserAdminPassword (Write Only) cfgUserAdminEnable (Read/Write) . cfgUserAdminSolEnable (Read/Write) . cfgEmailAlert . . . . . . 424 . . . . . . . . . . . . . . . . . . . . . . 424 . .
. . . . . . 432 . . . . . . . . . . . . . . . . . . . . 432 . . . . . . . . 432 . . . . . . . 433 . . . . . . . . . . . . . . . . . . . . 433 . . . . . . . 433 cfgRhostsSyslogServer3 (Read/Write) cfgUserDomain . cfgUserDomainIndex (Read Only) cfgUserDomainName (Read/Write) cfgServerPower cfgServerPowerStatus (Read Only) cfgServerActualPowerConsumption (Read Only) . . . . . . . . . . . . . . cfgServerPeakPowerConsumption (Read Only) . . . . . . . . . . . . . . . . . . . 433 . . . . . . .
cfgRacTuneConRedirEncryptEnable (Read/Write) . . . . . . . . . . . . . . . . . . . . 440 . . . . . . 440 . . . 441 . . . . . . . . 441 cfgRacTuneConRedirPort (Read/Write) cfgRacTuneConRedirVideoPort (Read/Write) cfgRacTuneAsrEnable (Read/Write) cfgRacTuneWebserverEnable (Read/Write) . . . . 441 cfgRacTuneLocalServerVideo (Read/Write) . . . . 442 cfgRacTuneDaylightOffset (Read/Write) . . . . . . 442 cfgRacTuneTimezoneOffset (Read/Write) . . . . . 442 . . . 443 . . . . . . . . . . . .
cfgIpmiLanAlertEnable (Read/Write) . . . . . . . 450 . . . . . . . 450 . . . . 451 . . . . . . . . . . . . . . . . . . . . . 451 cfgIpmiEncryptionKey (Read/Write) cfgIpmiPetCommunityName (Read/Write) cfgIpmiPetIpv6 cfgIpmiPetIPv6Index (Read Only) . cfgIpmiPetIPv6AlertDestIpAddr . . . . . . . . 451 . . . . . . . . . 451 cfgIpmiPetIPv6AlertEnable (Read/Write) . cfgIpmiPef . . . . 452 . . . . . . . . . . . . . . . . . . . . . . . 452 cfgIpmiPefName (Read Only) . . . . . . . . . . .
. . . . . . . . . . . . . . 459 cfgADCertValidationEnable (Read/Write) . . . . . 460 cfgADDcSRVLookupEnable (Read/Write) . . . . . 460 cfgADDcSRVLookupbyUserdomain (Read/Write) . . . . . . . . . . . . . . . . . . . . 461 cfgADDcSRVLookupDomainName (Read/Write) . . . . . . . . . . . . . . . . . . . . 461 . . . . . 462 . . . . . . . . 462 . . . . . . . . . . . . . . . . . . . . . . . . . 462 cfgLdapEnable (Read/Write) . . . . . . . . . . . .
cfgIpmiSol . . . . . . . . . . . . . . . . . . . . . . . cfgIpmiSolEnable (Read/Write) . . . . . . . . . . 470 . . . . . . . . 470 . . . . . . 471 cfgIpmiSolBaudRate (Read/Write) cfgIpmiSolMinPrivilege (Read/Write) cfgIpmiSolAccumulateInterval (Read/Write) . . . 471 . . . . . 471 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iDRAC6 Enterprise Overview The Integrated Dell™ Remote Access Controller (iDRAC6) Enterprise is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for Dell PowerEdge™ systems. iDRAC6 uses an integrated system-on-chip microprocessor for the remote monitor/control system, and co-exists on the system board with the managed Dell PowerEdge server.
NOTE: It is recommended that you isolate or separate the chassis management network, used by iDRAC6 and CMC, from your production network(s). Mixing management and production or application network traffic may cause congestion or network saturation resulting in CMC and iDRAC6 communication delays. The delays may cause unpredictable chassis behavior such as CMC displaying that iDRAC6 is offline even though it is operating properly. This may also cause other unpredictable behavior.
• Secure Shell (SSH), which uses an encrypted transport layer for higher security • Login failure limits per IP address, with login blocking from that IP address when the limit is exceeded • Configurable client IP address range for clients connecting to iDRAC6 iDRAC6 Enterprise and VFlash Media iDRAC6 Enterprise provides an SD slot for VFlash Media. For more information about iDRAC6 Enterprise and VFlash Media, see your Hardware Owner’s Manual at support.dell.com/manuals.
Table 1-1.
Table 1-1. iDRAC6 Feature List (continued) Feature iDRAC6 Enterprise iDRAC6 Enterprise with VFlash VFlash Monitoring Sensor Monitoring and Alerting Real-time Power Monitoring Real-time Power Graphing Historical Power Counters Logging System Event Log (SEL) RAC Log Trace Log Remote Syslog = Supported; =Not Supported Supported Platforms For the latest supported platforms, see iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.dell.com/manuals.
NOTE: Support for SSL 2.0 has been discontinued because of security flaws. Ensure that your browser is configured to enable SSL 3.0. Supported Remote Access Connections Table 1-2 lists the connection features. Table 1-2. Supported Remote Access Connections Connection Features iDRAC6 NIC • 10Mbps/100Mbs/1Gbps Ethernet via CMC Gb Ethernet port. • DHCP support. • SNMP traps and e-mail event notification.
Table 1-3. iDRAC6 Server Listening Ports (continued) Port Number Function 3670, 3671 Virtual Media Secure Service 5900* Console Redirection keyboard/mouse 5901* Console Redirection video 5988* Used for WSMAN * Configurable port Table 1-4.
• The Dell OpenManage Management Station Software Installation Guide contains instructions to help you install Dell OpenManage management station software that includes Baseboard Management Utility, DRAC Tools, and Active Directory Snap-In. • The Dell Chassis Management Controller User Guide and the Dell Chassis Management Controller Administrator Reference Guide provide information about using the controller that manages all modules in the chassis containing your Dell PowerEdge server.
The following system documents are also available to provide more information about the system in which iDRAC6 is installed: • The safety instructions that came with your system provide important safety and regulatory information. For additional regulatory information, see the Regulatory Compliance home page at www.dell.com/regulatory_compliance. Warranty information may be included within this document or as a separate document.
iDRAC6 Enterprise Overview
Configuring iDRAC6 Enterprise This section provides information about how to establish access to iDRAC6 and to configure your management environment to use iDRAC6.
For greater security, access to iDRAC6 configuration through iDRAC6 Configuration Utility or the local RACADM CLI can be disabled by means of a RACADM command (see "RACADM Subcommand Overview") or from the GUI (see "Enabling or Disabling Local Configuration Access"). NOTE: Using more than one configuration interface at the same time may generate unexpected results. Table 2-1.
Table 2-1. Configuration Interfaces (continued) Interface Description Chassis LCD Panel The LCD panel on the chassis containing iDRAC6 can be used to view the high-level status of the servers in the chassis. During initial configuration of CMC, the configuration wizard allows you to enable DHCP configuration of iDRAC6 networking. Local and Remote RACADM The local RACADM command line interface runs on the managed server.
Table 2-1. Configuration Interfaces (continued) Interface Description SM-CLP SM-CLP is the Server Management Workgroup Server Management-Command Line Protocol (SM-CLP) implementation incorporated in iDRAC6. The SM-CLP command line is accessed by logging in to iDRAC6 using Telnet or SSH and typing smclp at the CLI prompt. SM-CLP commands implement a useful subset of the local RACADM commands. The commands are useful for scripting since they can be executed from a management station command line.
Configuration Tasks This section is an overview of the configuration tasks for the management station, iDRAC6, and the managed server. The tasks to be performed include configuring iDRAC6 so that it can be accessed remotely, configuring iDRAC6 features you want to use, installing the operating system on the managed server, and installing management software on your management station and the managed server. The configuration tasks that can be used to perform each task are listed beneath the task.
• Chassis LCD Panel — See the Dell Chassis Management Controller Firmware User Guide • iDRAC6 Configuration Utility — See "Using iDRAC6 Configuration Utility" • CMC Web interface — See "Configuring Networking Using CMC Web Interface" • Remote and local RACADM — See "cfgLanNetworking" Configure iDRAC6 Users Set up the local iDRAC6 users and permissions. iDRAC6 holds a table of sixteen local users in firmware. You can set usernames, passwords, and roles for these users. NOTE: <, >, and \ are not allow
• RACADM — See "Configuring IP Filtering (IP Range)" and "Configuring IP Blocking" Configure Platform Events Platform events occur when iDRAC6 detects a warning or critical condition from one of the managed server’s sensors. Configure Platform Event Filters (PEF) to choose the events you want to detect, such as rebooting the managed server, when an event is detected.
Configure Secure Sockets Layer (SSL) Configure SSL for iDRAC6 Web server. • iDRAC6 Web interface — See "Secure Sockets Layer (SSL)" • RACADM — See "cfgRacSecurity," "sslcsrgen," "sslcertupload," "sslcertdownload," and "sslcertview" Configure Virtual Media Configure the virtual media feature so that you can install the operating system on the Dell PowerEdge server.
Configuring Networking Using CMC Web Interface NOTE: You must have Chassis Configuration Administrator privilege to set up iDRAC6 network settings from CMC. NOTE: The default CMC username is root and the default password is calvin. NOTE: CMC IP address can be found in iDRAC6 Web interface by clicking System→ Remote Access→CMC. You can also launch CMC Web interface from this screen. Launching iDRAC6 Web Interface From CMC CMC provides limited management of individual chassis components, such as servers.
Single Sign-On Using the single sign-on feature, you can launch iDRAC6 Web interface from CMC without having to log in a second time. Single sign-on policies are described below. • CMC user who has Server Administrator set under User Privileges is automatically logged in to iDRAC6 Web interface using single sign-on. After logging in, the user is automatically granted iDRAC6 Administrator privileges.
Configuring Networking for iDRAC6 1 Click System→Remote Access→iDRAC6. 2 Click the Network/Security tab: To enable or disable Serial Over LAN: a Click Serial Over LAN. The Serial Over LAN screen appears. b Select the Enable Serial Over LAN check box. You may also change the Baud Rate and Channel Privilege Level Limit settings. c Click Apply. To enable or disable IPMI Over LAN: a Click Network. The Network screen appears. b Click IPMI Settings. c Select the Enable IPMI Over LAN check box.
Viewing FlexAddress Mezzanine Card Fabric Connections The M1000e includes FlexAddress, an advanced multilevel, multistandard networking system. FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/MAC) for each managed server port connection. NOTE: In order to avoid errors that may lead to an inability to power on the managed server, you must have the correct type of mezzanine card installed for each port and fabric connection.
The chassis–assigned MAC address is stored in CMC non–volatile memory and is sent to iDRAC6 during an iDRAC6 boot or when CMC FlexAddress page settings are changed.
See the Dell Chassis Management Controller Administrator Reference Guide for more information on CMC RACADM subcommands. Remote Syslog iDRAC6 Remote Syslog feature allows you to remotely write the RAC log and the System Event Log (SEL) to an external syslog server. You can read all logs from the entire server farm from a central log. The Remote Syslog protocol does not need any user authentication.
NOTE: The severity levels defined by the Remote Syslog protocol differ from the standard IPMI System Event Log (SEL) severity levels. Hence all iDRAC6 Remote Syslog entries are reported in the syslog server with severity level as Notice.
If a username contains a domain name, then the username must be entered in the form of @. For example, user1@dell.com is a valid username whereas dell\user1 is not. A filename that ends with the IMG extension is redirected as a Virtual Floppy and a filename ending with the ISO extension is redirected as a Virtual CDROM. Remote file share supports only .IMG and .ISO image file formats. The RFS feature utilizes the underlying virtual media implementation in iDRAC6.
Table 2-3. Remote File Server Settings (continued) Attribute Description Status Connected: The file is shared. Not Connected: The file is not shared. Connecting... : Busy connecting to the share Click Connect to establish a file share connection. The Connect button is disabled after successfully establishing a connection. NOTE: Even if you have configured remote file sharing, the GUI does not display this information due to security reasons.
• Dell Update Package (for Linux or Microsoft Windows) • DOS iDRAC6 firmware update utility • CMC Web interface Downloading the Firmware or Update Package Download the firmware from support.dell.com. The firmware image is available in several different formats to support the different update methods available. To update iDRAC6 firmware using iDRAC6 Web interface or to recover iDRAC6 using CMC Web interface, download the binary image packaged as a self-extracting archive.
You can use CMC Web interface or CMC RACADM to update iDRAC6 firmware. This feature is available when iDRAC6 firmware is in Normal mode, as well as when it is corrupted. See "Updating iDRAC6 Firmware Using CMC." NOTE: If the configuration is not preserved during firmware update, iDRAC6 generates new SHA1 and MD5 keys for the SSL certificate.
pub 1024D/23B66A9D 2001-04-16 Dell, Inc. (Product Group) Primary key fingerprint: 4172 E2CE 955A 1776 A5E6 1BB7 CA77 951D 23B6 6A9D If the fingerprint of your imported key is the same as above, you have a correct copy of the key. c While still in the GPG key editor, enter trust. The following menu appears: Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.
extension. For example, iDRAC6 firmware image has an associated .sign file (IDRAC_FRMW_LX_2.2.BIN.sign), which is included in the self-extracting archive with the firmware image (IDRAC_FRMW_LX_2.2.BIN). To download the files, right-click the Download link and use the Save Target As option.
4 Verify the Dell PowerEdge M610 iDRAC6 package digital signature by running the following command: gpg --verify IDRAC_FRMW_LX_2.2.BIN.sign IDRAC_FRMW_LX_2.2.BIN The following output message appears: gpg: Signature made Fri Jul 11 15:03:47 2008 CDT using DSA key ID 23B66A9D gpg: Good signature from "Dell, Inc. (Product Group)
4 In the Upload (Step 1 of 4) section, click Browse to locate the firmware image that you downloaded. You can also enter the path in the text field. For example: C:\Updates\V2.2\. The default firmware image name is firmimg.imc. 5 Click Upload. The file uploads to iDRAC6. This may take several minutes to complete. NOTE: During the upload process, you abort the firmware upgrade process by clicking Cancel. Clicking Cancel resets iDRAC6 to normal operating mode.
Updating iDRAC6 Firmware Using RACADM You can update iDRAC6 firmware using remote RACADM. 1 Download iDRAC6 firmware image from the Dell Support website at support.dell.com to the managed system. For example: C:\downloads\firmimg.imc 2 Run the following RACADM command: For example: racadm -r -u -p fwupdate -g -u -a where path is the location on the TFTP server where firmimg.imc is stored.
Clear Your Browser’s Cache To use the latest iDRAC6 features, clear the browser’s cache to remove/delete any old Web pages that may be stored on the system. Updating the USC Repair Package See the Dell Lifecycle Controller User Guide for information on updating the USC repair package from iDRAC6 Web interface.
4 Toggle LAN Alert Enabled to On using the spacebar. 5 Enter the IP address of your Management Station into Alert Destination 1. 6 Enter a name string into iDRAC6 Name with a consistent naming convention across your data center. The default is iDRAC6-{Service Tag}. Exit iDRAC6 Configuration Utility by pressing , , and then pressing to save your changes. Your server will now boot into normal operation, and it will be discovered during IT Assistant's next scheduled Discovery pass.
The Platform Events screen appears, displaying a list of events for which you can configure iDRAC6 to generate e-mail alerts. 12 Enable e-mail alerts for one or more events by selecting the check box in the Generate Alert column. 13 Click Apply if you made any changes on this screen. 14 Click Trap Settings. The Trap Settings screen appears.
Using IT Assistant to View iDRAC6 Status and Events After discovery is complete, iDRAC6 devices appear in the Servers category of the ITA Devices detail screen, and iDRAC6 information can be seen by clicking the iDRAC6 name. This is different from DRAC 5 systems, where the management card shows up in the RAC group. iDRAC6 error and warning traps can now be seen in the primary Alert Log of IT Assistant. They display in the Unknown category, but the trap description and severity will be accurate.
Configuring the Management Station A management station is a computer used to monitor and manage the Dell PowerEdge™ servers and other modules in the chassis. This section describes software installation and configuration tasks that set up a management station to work with iDRAC6 Enterprise. Before you begin configuring iDRAC6, follow the procedures in this section to ensure that you have installed and configured the tools you will need.
Using iDRAC6 console redirection feature (see "Configuring and Using Serial Over LAN"), you can access the managed server’s console even if you do not have network access to the server’s ports. You can also perform several management functions on the managed server, such as rebooting the computer and using iDRAC6 facilities. To access network and application services hosted on the managed server, however, you may need an additional NIC in the managed server.
5 Select Medium-Low from the drop-down menu and click Reset. Click OK to confirm. You will need to re-enter the Custom Level dialog by clicking its button.
• Allow paste operations via script: Enable • Scripting of Java® applets: Enable 7 Select Tools→Internet Options→Advanced.
• Use SSL 3.0: checked • Use TLS 1.0: checked • Warn about invalid site certificates: checked • Warn if changing between secure and not secure mode: checked • Warn if forms submittal is being redirected: checked NOTE: If you choose to alter any of the above settings, It is recommended that you learn and understand the consequences of doing so. For example, if you choose to block pop-ups, portions of iDRAC6 Web interface will not function properly. 9 Click Apply, then OK.
5 Click Close. 6 Click OK and then refresh your browser. When you launch vKVM for the first time through IE8 with Active-X plug-in, a "Certificate Error: Navigation Blocked" message may be displayed. 1 Click Continue to this website. 2 Click Install to install Active-X controls on the Security Warning window. The vKVM session is launched.
Setting the Locale in Linux The console redirection viewer requires a UTF-8 character set to display correctly. If your display is garbled, check your locale and reset the character set if needed. To set the character set on a Linux client with a Simplified Chinese GUI: 1 Open a command terminal. 2 Enter locale and press . Output similar to the following output appears: LANG=zh_CN.UTF-8 LC_CTYPE="zh_CN.UTF-8" LC_NUMERIC="zh_CN.UTF-8" LC_TIME="zh_CN.UTF-8" LC_COLLATE="zh_CN.UTF-8" LC_MONETARY="zh_CN.
6 Log out and then log in to the operating system. When you switch from any other language, ensure that this fix is still valid. If not, repeat this procedure. Disabling the Whitelist Feature in Firefox Firefox has a "whitelist" security feature that requires user permission to install plugins for each distinct site that hosts a plugin. If enabled, the whitelist feature requires you to install a console redirection viewer for each iDRAC6 you visit, even though the viewer versions are identical.
Installing and Uninstalling RACADM on a Management Station To use the remote RACADM functions, install RACADM on a management station. See the Dell OpenManage Management Station Software Installation Guide available at support.dell.com/manuals for information on how to install DRAC Tools on a management station running Microsoft Windows operating system. Installing and Uninstalling RACADM on Linux 1 Log on as root to the system where you want to install the management station components.
If you use the Firefox browser you must install a JRE (or a Java Development Kit [JDK]) to use the console redirection feature. The console viewer is a Java application that is downloaded to the management station from iDRAC6 Web interface and then launched with Java Web Start on the management station. Go to java.sun.com to install a JRE or JDK. Version 1.6 (Java 6.0) or higher is recommended. The Java Web Start program is automatically installed with the JRE or JDK. The file jviewer.
Telnet with iDRAC6 Telnet is included in Windows and Linux operating systems, and can be run from a command shell. You may also choose to install a commercial or freely available Telnet client with more convenience features than the standard version included with your operating system. If your management station is running Windows XP SP1 or Windows 2003, you may experience an issue with the characters in an iDRAC6 Telnet session.
To configure a Linux Telnet session to use the key, perform the following steps: 1 Open a shell and enter: stty erase ^h 2 At the prompt, enter: telnet SSH With iDRAC6 Secure Shell (SSH) is a command line connection with the same capabilities as a Telnet session, but with session negotiation and encryption to improve security. iDRAC6 supports SSH version 2 with password authentication. SSH is enabled by default on iDRAC6.
Table 3-1.
You can use the netstat -a command on Windows or Linux operating systems to see if a TFTP server is already listening. Port 69 is the TFTP default port. If no server is running, you have the following options: • Find another computer on the network running a TFTP service. • If you are using Linux, install a TFTP server from your distribution. • If you are using Windows, install a commercial or free TFTP server.
Configuring the Managed Server This section describes tasks to set up the managed server to enhance your remote management capabilities. These tasks include installing the Dell Open Manage Server Administrator software and configuring the managed server to capture the last crash screen. Installing the Software on the Managed Server The Dell management software includes the following features: • RACADM CLI — Allows you to configure and administer iDRAC6.
Configuring the Managed Server to Capture the Last Crash Screen iDRAC6 can capture the last crash screen so that you can view it in the Web interface to help troubleshoot the cause of the managed server crash. Follow these steps to enable the last crash screen feature. 1 Install the managed server software. For more information, see the Dell OpenManage Server Administrator Installation Guide and the Dell OpenManage Management Station Software Installation Guide.
Disabling the Windows Automatic Reboot Option To ensure that iDRAC6 can capture the last crash screen, disable the Automatic Reboot option on managed servers running Windows Server or Windows Vista®. 1 Open the Windows Control Panel and double-click the System icon. 2 Click the Advanced tab. 3 Under Startup and Recovery, click Settings. 4 Deselect the Automatically Reboot check box. 5 Click OK twice.
Configuring the Managed Server
Configuring iDRAC6 Enterprise Using the Web Interface iDRAC6 provides a Web interface that enables you to configure iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. You would typically use the Web interface to perform your daily system management tasks. This chapter provides information about how to perform common systems management tasks with iDRAC6 Web interface and provides links to related information.
Accessing the Web Interface To access iDRAC6 Web interface, perform the following steps: 1 Open a supported Web browser window. 2 In the Address field, enter https:// and press . If the default HTTPS port number (port 443) has been changed, enter: https://: where iDRAC6-IP-address is the IP address for iDRAC6 and port-number is the HTTPS port number. iDRAC6 Log in window appears.
3 Click OK or press . Logging Out 1 In the upper-right corner of the main window, click Log out to close the session. 2 Close the browser window. NOTE: The Log out button does not appear until you log in. NOTE: Closing the browser without gracefully logging out may cause the session to remain active until the session timeout is reached. It is recommended that you click the Log out button to end a session.
Table 5-1. User Privilege Behavior in Supported Browsers Browser Tab Behavior Window Behavior Microsoft Internet Explorer 6 Not applicable New session Microsoft IE7 and IE8 From latest session opened New session Firefox 2 and Firefox 3 From latest session opened From latest session opened Configuring iDRAC6 NIC This section assumes that iDRAC6 has already been configured and is accessible on the network. See "Configure iDRAC6 Networking" for help with the initial iDRAC6 network configuration.
Table 5-2. Network Settings (continued) Setting Description MAC Address Displays the Media Access Control (MAC) address that uniquely identifies each node in a network. The MAC address cannot be changed. Enable NIC When checked, indicates that the NIC is enabled and activates the remaining controls in this group. When a NIC is disabled, all communication to and from iDRAC6 through the network is blocked. The default is Unchecked.
Table 5-2. Network Settings (continued) Setting Description Use DHCP to obtain DNS server addresses Select the DHCP Enable option to obtain DNS server addresses by selecting the Use DHCP to obtain DNS server addresses check box. When not using DHCP to obtain the DNS server addresses, provide the IP addresses in the Preferred DNS Server and Alternate DNS Server fields. Preferred DNS Server Allows you to enter or edit a static IP address for the preferred DNS server.
Table 5-2. Network Settings (continued) Setting Description Gateway Configures the static IPv6 gateway for iDRAC6 NIC. To change this setting, you must first disable Autoconfiguration Enable by deselecting the associated check box. Use DHCPv6 to Enable DHCP to obtain IPv6 DNS server addresses by selecting obtain DNS Server the Use DHCPv6 to obtain DNS Server addresses check box.
Table 5-4. VLAN Settings Button Description Enable VLAN ID Yes—Enabled. No—Disabled. If enabled, only matched Virtual LAN (VLAN) ID traffic is accepted. NOTE: The VLAN settings can only be configured through CMC Web Interface. iDRAC6 only displays the current enablement status; you can not modify the settings on this screen. VLAN ID VLAN ID field of 802.1g fields. Displays a value from 1 to 4094 except 4001 to 4020. Priority Priority field of 802.1g fields.
Configuring IP Filtering and IP Blocking NOTE: You must have Configure iDRAC6 privilege to perform the following steps. 1 Click System→Remote Access→iDRAC6. 2 Click the Network/Security tab. The Network screen appears. 3 Click Advanced Settings. The Network Security screen appears. 4 Configure IP filtering and blocking settings as needed. See Table 5-6 for descriptions of the IP filtering and blocking settings. 5 Click Apply. 6 Click the appropriate button to continue. See Table 5-7. Table 5-6.
Table 5-6. IP Filtering and Blocking Settings (continued) Settings Description IP Blocking Penalty The time span in seconds that login attempts from an Time IP address with excessive failures are rejected. The default is 3600. Table 5-7. Network Security Buttons Button Description Print Prints the Network Security values that appear on the screen. Refresh Reloads the Network Security screen. Apply Saves any new settings that you made to the Network Security screen.
Table 5-8. Filterable Platform Events (continued) Index Platform Event 7 Processor Absent 8 Hardware Log Failure 9 Automatic System Recovery 10 SD Card Failure 11 Redundancy Lost When a platform event occurs (for example, a Battery Probe Warning), a system event is generated and recorded in the System Event Log (SEL).
Configuring Platform Event Traps (PET) NOTE: You must have Configure iDRAC permission to add or enable/disable an SNMP alert. The following options will not be available if you do not have Configure iDRAC permission. 1 Log in to iDRAC6 Web interface. 2 Ensure that you followed the procedures in "Configuring Platform Event Filters (PEF)." 3 Click System, and then click the Alert Management tab. The Platform Events screen appears. 4 Click Trap Settings. The Trap Settings screen is displayed.
3 Click System, and then click the Alert Management tab. The Platform Events screen appears. 4 Click Email Alert Settings. The Email Alert Settings screen appears. 5 Configure your e-mail alert destination. a Select the Enabled check box for the first undefined e-mail alert. b Enter a valid e-mail address in the Destination Email Address field. c Click Apply.
• If the field is "a string with @", and DNS Domain Name is active, then the source e-mail address is:@. • If the field is "a string with @", and the DNS Domain Name is blank, then the source e-mail address is:@. e Click Send to test the configured e-mail alert (if desired). f To add an additional e-mail alert destination, repeat step a through step e. You may specify up to four e-mail alert destinations.
a Click System→Remote Access→iDRAC6, and then click the Network/Security tab. The Network screen appears. b Click the Serial Over LAN tab. c Select Enable Serial Over LAN. d Update the IPMI SOL Baud Rate, if needed, by selecting a data speed from the Baud Rate drop-down menu. NOTE: To redirect the serial console over the LAN, ensure that the SOL Baud Rate is identical to your managed server’s baud rate. e Click Apply.
Before you Begin You can configure up to 4 public keys per user that can be used over an SSH interface. Before adding or deleting public keys, ensure that you use the view command to see what keys are already set up, so a key is not accidentally overwritten or deleted. When the PKA over SSH is set up and used correctly, you do not have to enter the password when logging into iDRAC6. This can be very useful for setting up automated scripts to perform various functions.
4 You can save the public key to a file using the Save public key option to upload it later. All uploaded keys must be in RFC 4716 or openSSH formats. If not, you must convert the same into those formats. Generating Public Keys for Linux The ssh-keygen application for Linux clients is a command line tool with no graphical user interface. Open a terminal window and at the shell prompt, enter: ssh-keygen –t rsa –b 1024 –C testing NOTE: The options are case-sensitive. where, -t can be either dsa or rsa.
where IP_address is the IP address of iDRAC6. Sending RACADM commands: ssh username@ racadm getversion ssh username@ racadm getsel See "Uploading, Viewing, and Deleting SSH Keys Using RACADM" for information on how to upload, view, and delete SSH keys using RACADM. Table 5-9. SSH Key Configurations Option Description Upload SSH Key(s) Allows the local user to upload a SSH public key file.
Table 5-11. View/Remove SSH Key(s) Option Description Remove The uploaded key is displayed in the box. Select the Remove option and click Apply to delete the existing key. 1 If you select Configure User and click Next, the User Configuration page is displayed. 2 On the User Configuration screen, configure the user’s properties and privileges. Table 5-12 describes the General settings for configuring an iDRAC6 user name and password.
Table 5-12. General Properties (continued) Property Description User Name Specifies an iDRAC6 user name with up to 16 characters. Each user must have a unique user name. NOTE: User names on iDRAC6 cannot include the @,#,$,%,/,. characters and are case-sensitive. NOTE: If the user name is changed, the new name will not appear in the user interface until the next user login. Change Password Enables the New Password and Confirm New Password fields. When deselected, the user’s Password cannot be changed.
Table 5-14. Other Privilege (continued) Property Description Configure iDRAC6 Enables the user to configure iDRAC6. Configure Users Enables the user to allow specific users to access the system. CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the "Configure Users" user privilege. This privilege allows user(s) to configure any other user's SSH key. Given the importance of SSH Keys, grant this privilege very carefully. Clear Logs Enables the user to clear iDRAC6 logs.
Table 5-15. iDRAC6 Group Permissions (continued) User Group Permissions Granted Custom Selects any combination of the following permissions: Login to iDRAC6, Configure iDRAC6, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands None No assigned permissions Table 5-16. User Configuration Buttons Button Action Print Prints the User Configuration values that appear on the screen.
Secure Sockets Layer (SSL) iDRAC6 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. Built upon public-key and private-key encryption technology, SSL is a widely accepted technology for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.
After the CA approves the CSR and sends the certificate, upload the certificate to iDRAC6 firmware. The CSR information stored on iDRAC6 firmware must match the information contained in the certificate, that is, the certificate must have been generated in response to the CSR created by iDRAC6. Accessing the SSL Main Menu 1 Click System→Remote Access→iDRAC6→Network/Security tab. 2 Click SSL to open the SSL screen. Table 5-17 describes the options available when generating a CSR.
Generating a New Certificate Signing Request NOTE: Each new CSR overwrites any previous CSR data stored in the firmware. The CSR in the firmware must match the certificate returned from the CA. Otherwise, iDRAC6 will not accept the certificate. 1 On the SSL screen, select Generate a New Certificate Signing Request (CSR) and click Next. 2 On the Generate Certificate Signing Request (CSR) screen, enter a value for each CSR attribute.
Table 5-19. Generate Certificate Signing Request (CSR) Options (continued) Field Description Country Code The name of the country where the entity applying for certification is located. Email The e-mail address associated with the CSR. Enter the company’s e-mail address, or any e-mail address associated with the CSR. This field is optional. Key Size The size of the Certificate Signing Request (CSR) Key to be generated. The size may be 1024 KB or 2048 KB. Table 5-20.
Table 5-21. Certificate Upload Buttons Button Description Print Prints the values that appear on the Certificate Upload screen Refresh Reloads the Certificate Upload screen Apply Applies the certificate to iDRAC6 firmware Go Back to SSL Main Returns the user to the SSL Main Menu screen Menu Viewing a Server Certificate 1 On the SSL screen, select View Server Certificate and click Next. Table 5-22 describes the fields and associated descriptions listed in the View Server Certificate window.
Configuring and Managing Microsoft Active Directory Certificates NOTE: You must have Configure iDRAC permission to configure Active Directory and upload, download, and view an Active Directory certificate. NOTE: For more information about Active Directory configuration and how to configure Active Directory with the standard schema or an extended schema, see "Using iDRAC6 Directory Service.
Table 5-25. Active Directory Buttons Button Definition Print Prints the Active Directory values that appear on the screen. Refresh Reloads the Active Directory screen. Configuring Active Directory (Standard Schema and Extended Schema) 1 On the Active Directory summary screen, click Configure Active Directory.
Table 5-26. Active Directory Configuration Settings (continued) Setting Description Current Active Directory CA Certificate Displays the Active Directory CA Certificate that was uploaded to iDRAC6. Step 2 of 4 Active Directory Configuration and Management Active Directory Enabled Select this option if you want to enable Active Directory. Enable Smart–Card Login Select this option to enable Smart Card login. You are prompted for a Smart Card logon during any subsequent logon attempts using the GUI.
Table 5-26. Active Directory Configuration Settings (continued) Setting Description Timeout Enter the maximum time (in seconds) to wait for Active Directory queries to complete. Look Up Domain Select the Look Up Domain Controllers with DNS option Controllers with DNS to obtain the Active Directory domain controllers from a DNS lookup. When this option is selected, Domain Controller Server Addresses 1-3 are ignored.
Table 5-26. Active Directory Configuration Settings (continued) Setting Description Extended Schema Selection Select this option if you want to use Extended Schema with Active Directory. Click Next to display the Step 4 of 4 Active Directory Configuration and Management page. iDRAC6 Name: Specifies the name that uniquely identifies iDRAC6 in Active Directory. This value is NULL by default. iDRAC6 Domain Name: The DNS name (string) of the domain where the Active Directory iDRAC object resides.
Table 5-26. Active Directory Configuration Settings (continued) Setting Description Standard Schema Selection Select this option if you want to use Standard Schema with Active Directory. Click Next to display the Step 4a of 4 Active Directory page. Select the Look Up Global Catalog Servers with DNS option and enter the Root Domain Name to use on a DNS lookup to obtain the Active Directory Global Catalog Servers. When this option is selected, Global Catalog Server Addresses 1-3 are ignored.
Table 5-27. Role Group Privileges Setting Description Role Group Privilege Level Specifies the user’s maximum iDRAC6 user privilege as one of the following: Administrator, Power User, Guest User, None, or Custom. See Table 5-28 for Role Group permissions. Login to iDRAC6 Allows the group login access to iDRAC6. Configure iDRAC6 Allows the group permission to configure iDRAC6. Configure Users Allows the group permission to configure users. Clear Logs Allows the group permission to clear logs.
Table 5-28.
Disabling Local Configuration Access 1 Click System→Remote Access→iDRAC6→Network/Security→Services. 2 Under Local Configuration, click to select Disable iDRAC6 local USER Configuration Updates to disable access. 3 Click Apply. Configuring iDRAC6 Services NOTE: To modify these settings, you must have Configure iDRAC6 permission. NOTE: When you apply changes to services, the changes take effect immediately. Existing connections may be terminated without warning.
Table 5-30. Web Server Settings (continued) Setting Description Active Sessions The number of current sessions on the system, less than or equal to the Max Sessions. This field is not editable. Timeout The time, in seconds, that a connection is allowed to remain idle. The session is cancelled when the timeout is reached. Changes to the timeout setting take affect immediately and will reset the Web server. Timeout range is 60 to 10800 seconds. The default is 1800 seconds.
Table 5-32. Telnet Settings (continued) Setting Description Max Sessions The maximum number of simultaneous Telnet sessions allowed for this system. 4 simultaneous Telnet sessions are supported. You can not edit this field. Active Sessions The number of current Telnet sessions on the system. You can not edit this field. Timeout The Telnet idle timeout, in seconds. Timeout range is 60 to 10800 seconds. Enter 0 seconds to disable the Timeout feature. The default is 1800.
For example: C:\Updates\V2.2\. The default firmware image name is firmimg.imc. 4 Click Upload. The file will be uploaded to iDRAC6. This may take several minutes to complete. 5 In the Upload (Step 2 of 4) page, you will see the results of the validation performed on the image file you uploaded. • If the image file is uploaded successfully and passed all verification checks, a message will appear indicating that the firmware image has been verified.
You can use CMC Web interface or RACADM to update iDRAC6 firmware. This feature is available both when iDRAC6 firmware is in Normal mode, as well as when it is corrupted. NOTE: See the Chassis Management Controller Firmware User Guide for instructions for using CMC Web interface. To update iDRAC6 firmware, perform the following steps: 1 Download the latest iDRAC6 firmware to your management station from support.dell.com. 2 Log in to CMC Web interface. 3 Click Chassis in the system tree.
If the firmware rollback is successful, iDRAC6 will reset automatically. To continue working with iDRAC6 through the web interface, close the current browser and reconnect to iDRAC6 using a new browser window. An appropriate error message is displayed if an error occurs. NOTE: The Preserve Configuration feature does not work if you want to rollback iDRAC6 firmware from version 2.2 to version 2.1.
Configuring iDRAC6 Enterprise Using the Web Interface
Using iDRAC6 Directory Service A directory service maintains a common database for storing information about users, computers, printers, etc. on a network. If your company uses either the Microsoft® Active Directory® or the LDAP Directory Service software, you can configure the software to provide access to iDRAC6, allowing you to add and control iDRAC6 user privileges to your existing users in your directory service.
Prerequisites for Enabling Active Directory Authentication for iDRAC6 To use the Active Directory authentication feature of iDRAC6, you must have already deployed an Active Directory infrastructure. See the Microsoft website for information on how to set up an Active Directory infrastructure, if you don't already have one.
Extended Schema Active Directory Overview Using the extended schema solution requires the Active Directory schema extension, as described in the following section. Extending the Active Directory Schema Important: The schema extension for this product is different from the previous generations of Dell Remote Management products. You must extend the new schema and install the new Active Directory Users and Computers Microsoft Management Console (MMC) Snap-in on your directory.
Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for our attributes and classes that are added into the directory service. • Dell extension is: dell • Dell base OID is: 1.2.840.113556.1.8000.
Figure 6-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization. Figure 6-1. Typical Setup for Active Directory Objects iDRAC Association Object User(s) Group(s) Privilege Object iDRAC Device Object(s) You can create as many or as few association objects as required.
Users, user groups, or nested user groups from any domain can be added into the Association Object. Extended Schema solutions support any user group type and any user group nesting across multiple domains allowed by Microsoft Active Directory. Accumulating Privileges Using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects.
For example, Priv1 has these privileges: Login, Virtual Media, and Clear Logs and Priv2 has these privileges: Login to iDRAC, Configure iDRAC, and Test Alerts. As a result, User1 now has the privilege set: Login to iDRAC, Virtual Media, Clear Logs, Configure iDRAC, and Test Alerts, which is the combined privilege set of Priv1 and Priv2.
• LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema. The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: • DVD drive:\SYSMGMT\ManagementStation\support\OMActiveDirectory_ Tools\Remote_Management_Advanced\LDIF_Files • :\SYSMGMT\ManagementStation\support\OMActiveDirecto ry_Tools\Remote_Management_Advanced\Schema Extender To use the L
Table 6-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.1 delliDRACAssociation 1.2.840.113556.1.8000.1280.1.7.1.2 dellRAC4Privileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 6-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.7.1.
Table 6-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines the privileges (Authorization Rights) for iDRAC6 Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.2 List of dellRacDevice and DelliDRACDevice Objects that belong to this role.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsVirtualMediaUser 1.2.840.113556.1.8000.1280.1.1.2.9 TRUE TRUE if the user has Virtual Media rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsTestAlertUser 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE if the user has Test Alert User rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.
Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC6 devices, Users and User Groups, iDRAC6 Associations, and iDRAC6 Privileges.
3 Click Add/Remove Snap-in. 4 Select the Active Directory Users and Computers Snap-in and click Add. 5 Click Close and click OK. Adding iDRAC6 Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC6 users and privileges by creating iDRAC6, Association, and Privilege objects.
6 Right-click the privilege object that you created, and select Properties. 7 Click the Remote Management Privileges tab and select the privileges that you want the user or group to have (see Table 5-14). Creating an Association Object NOTE: iDRAC6 Association Object is derived from Group and its scope is set to Domain Local. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→Dell Remote Management Object Advanced. This opens the New Object window. 3 Enter a name for the new object.
Adding iDRAC6 Devices or iDRAC6 Device Groups To add iDRAC6 devices or iDRAC6 device groups: 1 Select the Products tab and click Add. 2 Enter iDRAC6 devices or iDRAC6 device group name and click OK. 3 In the Properties window, click Apply and click OK. Click the Products tab to add one iDRAC6 device connected to the network that is available for the defined users or user groups. You can add multiple iDRAC6 devices to an Association Object.
8 Select the Active Directory Enabled check box. NOTE: In this release, the Smart Card based Two Factor Authentication (TFA) and the single sign-on (SSO) features are not supported if the Active directory is configured for Extended Schema. 9 Click Add to enter the User Domain Name. Enter the domain name in the text field, and then click OK. Note that this step is optional. If you configure a list of user domains, the list will be available in the Web interface login screen.
NOTE: The FQDN or IP address that you specify in this field should match the Subject or Subject Alternative Name field of your domain controller certificate if you have certificate validation enabled. 13 Click Next. The Step 3 of 4 Active Directory Configuration and Management screen is displayed. 14 Under Schema Selection, select the Extended Schema Selection check box. 15 Click Next. The Step 4 of 4 Active Directory screen is displayed.
racadm config -g cfgActiveDirectory -o cfgADType 1 racadm config -g cfgActiveDirectory -o cfgADRacName racadm config -g cfgActiveDirectory -o cfgADRacDomain racadm config -g cfgActiveDirectory -o cfgADDomainController1 racadm config -g cfgActiveDirectory -o cfgADDomainController2 racadm config -g cfgActiveDirectory -o cf
Using the following RACADM command may be optional. See "Importing iDRAC6 Firmware SSL Certificate" for additional information.
Figure 6-3. Configuration of iDRAC6 with Microsoft Active Directory and Standard Schema Configuration on Active Directory Side Role Group Configuration on iDRAC6 Side Role Group Name and Domain Name Role Definition User On the Active Directory side, a standard group object is used as a role group. A user who has iDRAC6 access will be a member of the role group. To give this user access to a specific iDRAC6 card, the role group name and its domain name need to be configured on the specific iDRAC6 card.
Table 6-9.
Configuring Standard Schema Active Directory to Access iDRAC6 You must perform the following steps to configure Active Directory before an Active Directory user can access iDRAC6: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2 Create a group or select an existing group.
8 Select the Active Directory Enabled check box. 9 Select Enable smart card Login to enable Smart–Card login. You are prompted for a Smart–Card logon during any subsequent logon attempts using the GUI. 10 Select Enable Single Sign-on if you want to log into iDRAC6 without entering your domain user authentication credentials, such as user name and password. 11 Click Add to enter the User Domain Name. Enter the domain name in the text field, and then click OK. Note that this step is optional.
The Step 3 of 4 Active Directory Configuration and Management screen is displayed. 16 Under Schema Selection, select the Standard Schema Selection check box. 17 Click Next. The Step 4a of 4 Active Directory screen is displayed. 18 Under Standard Schema Settings, select the Look Up Global Catalog Servers with DNS option and enter the Root Domain Name to use on a DNS lookup to obtain the Active Directory Global Catalog Servers. If already configured, the Global Catalog Server Addresses 1-3 are ignored.
23 In the Role Group Privileges section, set the group privileges. See Table 5-14 for information on role group privileges. NOTE: If you modify any of the permissions, the existing role group privilege (Administrator, Power User, or Guest User) will change to either the Custom Group or the appropriate role group privilege based on the permissions you modified. 24 Click OK to save the role group settings. An alert dialog appears, indicating that your settings are changed.
racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupName racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupPrivilege NOTE: For Bit Mask values for specific Role Group permissions, see Table 6-9.
NOTE: The Global Catalog server is only required for standard schema when the user accounts and role groups are in different domains. And, in this multiple domain case, only the Universal Group can be used. NOTE: The FQDN or IP address that you specify in this field should match the Subject or Subject Alternative Name field of your domain controller certificate if you have certificate validation enabled.
racadm config -g cfgLanNetworking -o cfgDNSServer2 4 If you want to configure a list of user domains so that you only need to enter the user name when logging in to the Web interface, enter the following command: racadm config -g cfgUserDomain -o cfgUserDomainName -i Up to 40 user domains can be configured with index numbers between 1 and 40.
In other words, for iDRAC6 to authenticate to any domain controller— whether it is the root or the child domain controller—that domain controller should have an SSL-enabled certificate signed by the domain’s CA. If you are using Microsoft Enterprise Root CA to automatically assign all your domain controllers to an SSL certificate, perform the following steps to enable SSL on each domain controller: 1 Enable SSL on each of your domain controllers by installing the SSL certificate for each controller.
12 In the Certificate Export Wizard, click Next, and select No do not export the private key. 13 Click Next and select Base-64 encoded X.509 (.cer) as the format. 14 Click Next and save the certificate to a directory on your system. 15 Upload the certificate you saved in step 14 to iDRAC6. To upload the certificate using RACADM, see "Configuring Active Directory With Standard Schema Using RACADM.
If you have installed your own certificate, ensure that the CA signing your certificate is in the Trusted Root Certification Authority list. If the Authority is not in the list, you must install it on all your domain controllers. 5 Click Next and select whether you would like Windows to automatically select the certificate store based on the type of certificate, or browse to a store of your choice. 6 Click Finish and click OK.
Using Active Directory Single Sign-On You can enable iDRAC6 to use Kerberos—a network authentication protocol—to enable single sign-on. For more information on setting up iDRAC6 to use the Active Directory single sign-on feature, see "Enabling Kerberos Authentication." Configuring iDRAC6 to Use Single Sign-On 1 Open a supported Web browser window. 2 Log in to iDRAC6 Web interface. 3 In the system tree, select System→Remote Access→iDRAC6→ Network/Security tab→Network.
10 Select Enable Single Sign-on if you want to log into iDRAC6 directly after logging into your workstation without entering your domain user authentication credentials, such as user name and password. To log into iDRAC6 using this feature, you should have already logged into your system using a valid Active Directory user account. Also you should have already configured the user account to log into iDRAC6 using the Active Directory credentials.
Using iDRAC6 with LDAP Directory Service iDRAC6 provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not require any schema extension on your directory services. To make iDRAC6 LDAP implementation generic, the commonality between different directory services is utilized to group users and then map the user-group relationship. The directory service specific action is the schema.
4 The Generic LDAP Configuration and Management page displays the current iDRAC6 generic LDAP settings. Scroll to the bottom of the Generic LDAP Configuration and Management page, and click Configure Generic LDAP. NOTE: In this release, only Standard Schema Active Directory (SSAD) without extensions is supported. The Step 1 of 3 Generic LDAP Configuration and Management page is displayed.
8 Click Next to go to the Step 2 of 3 Generic LDAP Configuration and Management page. Use this page to configure location information about generic LDAP servers and user accounts. NOTE: In this release, the Smart Card based Two Factor Authentication (TFA) and the single sign-on (SSO) features are not supported for Generic LDAP Directory Service. 9 Select Enable Generic LDAP. NOTE: In this release, nested group is not supported. The firmware searches for the direct member of the group to match the user DN.
17 In the Attribute of Group Membership field, specify which LDAP attribute should be used to check for group membership. This should be an attribute of the group class. If not specified, iDRAC6 uses the member and uniquemember attributes. 18 In the Search Filter field, enter a valid LDAP search filter. Use the filter if the user attribute cannot uniquely identify the login user within the chosen Base DN. If not specified, the value defaults to objectClass=*, which searches for all objects in the tree.
27 Enter the user name and password of a directory user that is chosen to test the LDAP settings. The format depends on what Attribute of User Login is used and the user name entered must match the value of the chosen attribute. NOTE: When testing LDAP settings with "Enable Certificate Validation" checked, iDRAC6 requires that the LDAP server be identified by the FQDN and not an IP address.
Always ensure that the Group Type is Security. You cannot use distribution groups to assign permission on any objects and use them to filter Group Policy settings. My Active Directory log in failed. What do I do? iDRAC6 provides a diagnostic tool in the Web interface. 1 Log in as a local user with administrator privilege from the Web interface. 2 In the system tree, select System→Remote Access→iDRAC6→ Network/Security tab→Directory Service→Microsoft Active Directory.
If certificate validation is enabled, iDRAC6 uses the uploaded CA certificate to verify the directory server certificate when iDRAC6 establishes the SSL connection with the directory server. The most common reasons for failing certification validation are: • iDRAC6 date is not within the valid period of the server certificate or CA certificate. Check iDRAC6 time and the valid period of your certificate.
c If you are using the Extended Schema, ensure that iDRAC6 Name and iDRAC6 Domain Name match your Active Directory environment configuration. If you are using the Standard Schema, ensure that the Group Name and Group Domain match your Active Directory configuration. d Navigate to the Network screen. Select System→Remote Access→ iDRAC6→Network/Security→Network. Ensure that the DNS settings are correct.
Extended and Standard Schema I'm using extended schema in a multiple domain environment. How do I configure the domain controller address(es)? Use the host name (FQDN) or the IP address of the domain controller(s) that serves the domain in which iDRAC6 object resides. Do I need to configure Global Catalog Address(es)? If you are using extended schema, you cannot configure global catalog addresses, because they are not used with extended schema.
Using iDRAC6 Directory Service
Configuring Smart Card Authentication iDRAC6 supports the two factor authentication (TFA) feature by enabling Smart Card Logon. The traditional authentication schemes use user name and password to authenticate users. This provides minimal security. TFA, on the other hand, provides a higher-level of security by making the users provide two factors of authentication - what you have and what you know–what you have is the Smart Card, a physical device, and what you know–a secret code like a password or PIN.
6 Click Next. The Step 2 of 4 Active Directory Configuration and Management screen appears. 7 Select the Active Directory Enabled check box. 8 Select Enable Smart–Card Login to enable Smart Card login. You are prompted for a Smart Card logon during any subsequent logon attempts using the GUI. 9 Add User Domain Name, and enter the IP address of the Domain Controller Server Address. Select Next. 10 Select Standard Schema Settings on Step 3 of 4 Active Directory Configuration and Management page. Select Next.
If the default HTTPS port number (port 443) has been changed, type: https://: where IP address is the IP address for iDRAC6 and port number is the HTTPS port number. iDRAC6 Login page is displayed prompting you to insert the Smart Card. 2 Insert the Smart Card. 3 Enter the PIN and click Log in. You are logged into iDRAC6 with your credentials as set in Active Directory. NOTE: You need not keep your Smart Card in the reader to stay logged in.
Incorrect Smart Card PIN Check to see if the Smart Card has been locked out due to too many attempts with an incorrect PIN. In such cases, the issuer of the Smart Card in the organization will be able to help you get a new Smart Card. Unable to Log into iDRAC6 as an Active Directory User • If you cannot log into iDRAC6 as an Active Directory user, try to log into iDRAC6 without enabling the Smart Card logon.
• Ensure that iDRAC6 time and the domain controller time at the domain controller server are within 5 minutes of each other for Kerberos authentication to work. See iDRAC6 time on the System→Remote Access→iDRAC6→Properties→Remote Access Information page, and the domain controller time by right clicking on the time in the bottom right hand corner of the screen. The timezone offset is displayed in the pop up display. For US Central Standard Time (CST), this is –6 ).
Configuring Smart Card Authentication
Enabling Kerberos Authentication Kerberos is a network authentication protocol that allows systems to communicate securely over a non-secure network. It achieves this by allowing the systems to prove their authenticity. To keep with the higher authentication enforcement standards, iDRAC6 now supports Kerberos based Active Directory® authentication to support Active Directory Smart Card and single sign-on (SSO) logins.
Prerequisites for single sign-on and Active Directory Authentication Using Smart Card • Configure iDRAC6 for Active Directory login. • Register iDRAC6 as a computer in the Active Directory root domain. a Click System→Remote Access→iDRAC6→Network/Security→ Network subtab. b Provide a valid Preferred/Alternate DNS Server IP address. This value is the IP address of the DNS that is part of the root domain, which authenticates the Active Directory accounts of the users. c Select Register iDRAC6 on DNS.
(Active Directory server) where you want to map iDRAC6 to a user account in Active Directory. For example, use the following ktpass command to create the Kerberos keytab file: C:\> ktpass.exe -princ HTTP/idracname.domainname.com@DOMAINNAME.COM mapuser DOMAINNAME\username -mapOp set -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass +DesOnly -out c:\krbkeytab NOTE: If you find any issues with iDRAC6 user the keytab file is created for, create a new user and a new keytab file.
• iDRAC6 time should be synchronized with the Active Directory domain controller. Configuring iDRAC6 for single sign-on and Active Directory Authentication Using Smart Card Upload the keytab obtained from the Active Directory root domain, to iDRAC6: 1 Click System→Remote Access→iDRAC6→Network/Security→Directory Service→Microsoft Active Directory 2 At the bottom of the Active Directory summary page, click Kerberos Keytab Upload.
Logging Into iDRAC6 Using single sign-on for Active Directory Users NOTE: To log into iDRAC6, ensure that you have the latest runtime components of Microsoft Visual C++ 2005 Libraries. For more information, see the Microsoft website. 1 Log into your system using a valid Active Directory account. 2 Provide iDRAC6 name in the address bar of your browser in the following format: https://idracname.domainname.com (for example, https://idrac–test.domain.com).
NOTE: The Smart Card based Two Factor Authentication (TFA) and the single signon (SSO) features are not supported if the Active directory is configured for Extended schema. Further, both the Smart Card based TFA and Single Sign–on are supported on Microsoft Windows operating systems with Internet Explorer®. Smart Card based TFA is not supported on Firefox browsers whereas Single Sign–on to iDRAC6 is supported on Firefox browsers.
• CMC v2.0 or earlier and iDRAC6 v2.1 or later with TFA enabled: iDRAC6 Login prompt with PIN entry. • CMC v2.1 or later with TFA disabled, and iDRAC6 v2.1 or later with TFA enabled and SSO disabled: iDRAC6 prompts for PIN entry. • CMC v2.1 or later with TFA disabled, and iDRAC6 v2.1 or later with TFA disabled and SSO enabled: iDRAC6 logins with SSO.
Enabling Kerberos Authentication
Viewing the Configuration and Health of the Managed Server System Summary The System Summary page allows you to view your system's health and other basic iDRAC6 information at a glance and provides you with links to access the system health and information pages. Also, you can quickly launch common tasks from this page and view recent events logged in the System Event Log (SEL). To access the System Summary page, click System→Properties tab→System Summary.
• Host Name — The DNS hostname associated with the managed server • OS Name — The name of the operating system installed on the managed server NOTE: The OS Name field is populated only if Dell OpenManage™ Server Administrator is installed on the managed system. An exception to this are VMware® operating system names which are displayed even if Server Administrator is not installed on the managed system.
Integrated Dell Remote Access Controller 6 - Enterprise iDRAC6 Information This section of iDRAC6 Web interface provides the following information about iDRAC6 itself: • Date/Time — Displays the current date and time (as of last page refresh) of iDRAC6 • Firmware Version — Displays the current version of iDRAC6 firmware installed on the managed system • CPLD Version — Displays the board complex programmable logic device (CPLD) version.
IPv6 Settings • Enabled — Displays whether IPv6 protocol support is enabled or disabled • Autoconfiguration Enabled — Displays whether Autoconfiguration is enabled or disabled • Link Local Address — Displays the IPv6 address for iDRAC6 NIC • IPv6 Address 1-16 — Displays up to 16 IPv6 addresses (IPv6 Address 1 to IPv6 Address 16) for iDRAC6 NIC.
WWN/MAC Click System→Properties tab→WWN/MAC to view the current configuration of installed I/O Mezzanine cards and their associated network fabrics. If the FlexAddress feature is enabled in CMC, the globally assigned (Chassis-Assigned) persistent MAC addresses supersede the hardwired values of each LOM. Server Health Click System→Properties tab→System Summary→Server Health section to view important information about the health of iDRAC6 and components monitored by iDRAC6.
Batteries The Batteries screen displays the status of the system board coin-cell battery that maintains the Real-Time Clock (RTC) and CMOS configuration data storage of the managed system. Temperatures The Temperatures screen displays the status and readings of the on–board ambient temperature probe. Minimum and maximum temperature thresholds for warning and failure states are shown, along with the current health status of the probe.
NOTE: Power and Amperage are measured in AC. CPU The CPU screen reports the health of each CPU on the managed server. This health status is a roll-up of a number of individual thermal, power, and functional tests. POST The Post Code screen displays the last system post code (in hexadecimal) prior to booting the operating system of the managed server.
Viewing the Configuration and Health of the Managed Server
Configuring and Using Serial Over LAN Serial Over LAN (SOL) is an IPMI feature that allows a managed server’s text based console data that would traditionally be sent to the serial I/O port to be redirected over iDRAC6’s dedicated Out of Band Ethernet management network. The SOL out-of-band console enables system administrators to remotely manage the blade server’s text-based console from any location with network access. Benefits of SOL are as follows: • Remotely access operating systems with no timeout.
Serial communication is off by default in BIOS. In order to redirect the host text console data to Serial over LAN, you must enable console redirection via COM1. To change the BIOS setting, perform the following steps: 1 Boot the managed server. 2 Press to enter the BIOS setup utility during POST. 3 Scroll down to Serial Communication and press .
NOTE: Ensure that the SOL baud rate is identical to the Failsafe Baud Rate that was set in BIOS. 5 Click Apply if you have made any changes. Table 10-1. Serial Over LAN Configuration Settings Setting Description Enable Serial Over LAN When selected, the check box indicates that Serial Over LAN is enabled. Baud Rate Indicates the data speed. Select a data speed of 9600 bps, 19.2 kbps, 57.6 kbps, or 115.2 kbps. Channel Privilege Level Limit Select a privilege level limit for Serial Over LAN.
Table 10-3. Serial Over LAN Configuration Advanced Settings Setting Description Character Accumulate Interval The typical amount of time iDRAC6 waits before sending a partial SOL data packet. This parameter is specified in milliseconds. Character Send Threshold Specifies the number of characters per SOL data packet.
8 Click Services to open the Services screen. NOTE: SSH and Telnet programs both provide access on a remote machine. 9 Click Enabled on either SSH or Telnet as required. 10 Click Apply. NOTE: SSH is a recommended method due to better security and encryption mechanisms. NOTE: SSH/Telnet session duration can be infinite as long as the timeout value is set to 0. The default timeout value is 1800 seconds.
Model for the SOL Proxy Telnet Client (port 623) ←→WAN connection ←→SOL Proxy ←→iDRAC6 server When the SOL Proxy communicates with the Telnet client on a management station, it uses the TCP/IP protocol. However, SOL proxy communicates with the managed server's iDRAC6 over the RMCP/IPMI/SOL protocol, which is a UDP-based protocol. Therefore if you communicate with your managed system's iDRAC6 from SOL Proxy over a WAN connection, you may experience network performance issues.
NOTE: If a SOL session is not closed successfully in the utility, more SOL sessions may not be available. The way to resolve this situation is to terminate the command line console in the Web GUI under System→Remote Access→iDRAC6→ Network/Security→Sessions. Using SOL over PuTTY To start SOL from PuTTY on a Windows management station, follow these steps: NOTE: If required, you can change the default SSH/Telnet timeout at System→ Remote Access→iDRAC6→Network/Security→Services.
3 Enter the following command at the command prompt to start SOL: connect 4 To quit a SOL session from Telnet on Linux, press +] (hold down the control key, press the right-square-bracket key, and then release). A Telnet prompt displays. Enter quit to exit Telnet. Using SOL over OpenSSH with Linux OpenSSH is an open source utility for using the SSH protocol.
2 Ensure the Encryption Key is all zeroes at System→Remote Access→ iDRAC6→Network/Security→Network→IPMI Settings. 3 Enter the following command in the Windows command prompt or in the Linux shell prompt to start SOL from iDRAC: ipmitool -H -I lanplus -U -P sol activate This connects you to the managed server's serial port. 4 To quit a SOL session from IPMItool, press <~> and <.> (press the tilde and period keys in sequence, one after the other).
NOTE: HyperTerminal and Telnet settings must be consistent with the settings on the managed system. For example, the baud rates and terminal modes should match. NOTE: The Windows telnet command that is run from a MS-DOS® prompt supports ANSI terminal emulation, and the BIOS needs to be set for ANSI emulation to display all the screens correctly. Before Using SOL proxy Before using SOL proxy, see the Baseboard Management Controller Utilities User's Guide to learn how to configure your management stations.
3 Locate DSM_BMU_SOLProxy in the list of services and right-click to start the service. Depending on the console you use, there are different steps for accessing SOL Proxy. Throughout this section, the management station where the SOL Proxy is running is referred as the SOL Proxy Server. For Linux The SOL Proxy will start automatically during system startup. Alternatively, you can go to directory /etc/init.
NOTE: Whether your host operating system is Windows or Linux, if the SOL Proxy server is running on a different machine than your management station, input SOL Proxy server IP address instead of localhost. telnet 623 Using HyperTerminal with SOL Proxy 1 From the remote station, open HyperTerminal.exe. 2 Choose TCPIP(Winsock). 3 Enter host address localhost and port number 623.
NOTE: If required, extend SOL session duration to infinite by changing the Telnet Timeout value to zero in iDRAC6 Web GUI under System→Remote Access→iDRAC6→Network/Security→Services. 4 Provide the IPMI encryption key if it was configured in iDRAC6. NOTE: You can locate the IPMI encryption key in iDRAC6 GUI on System→ Remote Access→iDRAC6→Network/Security→Network→IPMI Settings→ Encryption Key. NOTE: The default IPMI encryption key is all zeros.
8 Select Help (option 5) in the main menu to display a detailed description for each option. 9 Select Exit (option 6) in the main menu to end your Telnet session and disconnect from SOL Proxy. NOTE: If a user does not terminate the SOL session correctly, issue the following command to reboot iDRAC. Allow iDRAC6 1-2 minutes to complete booting. Refer to "RACADM Subcommand Overview" for more details.
6:2345:respawn:/sbin/migetty tty1 # Run xdm in runlevel 5 x:5:respawn:/etc/X11/prefdm -nodaemon ______________________________________________________________ Example of modified /etc/inittab: ______________________________________________________________ # # inittab This file describes how the INIT process should set up # the system in a certain run-level.
vc/3 vc/4 SKIP the rest of file ______________________________________________________________ Example of modified /etc/securetty: ______________________________________________________________ Console ttyS0 vc/1 vc/2 vc/3 vc/4 SKIP the rest of file ______________________________________________________________ 3 Edit the /boot/grub/grub.conf or /boot/grub/menu.
Example of original /boot/grub/grub.conf in RHEL 5: ______________________________________________________________ # grub.conf generated by anaconda # # Note that you do not have to return grub after making changes to this # file # NOTICE: You have a /boot partition. This means that # eg. all kernel and initrd paths are relative to /boot/, # root (hd0,0) # kernel /vmlinux-version ro root= /dev/VolGroup00/LogVol00 # initrd /initrd-version.
# eg. all kernel and initrd paths are relative to /boot/, # root (hd0,0) # kernel /vmlinux-version ro root= /dev/VolGroup00/LogVol00 # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 #splashimage=(hd0,0)/grub/splash.xpm/gz hiddenmenu # Redirect the OS boot via SOL title Red Hat Enterprise Linux 5 SOL redirection root (hd0,0) kernel /vmlinuz-2.6.18-8.el5 ro root= /dev/VolGroup00/LogVol00 rhgb quiet console=tty1 console= ttyS0,115200 initrd /initrd-2.6.18-8.el5.
______________________________________________________________ Example of modified /boot/grub/menu.list in SLES 10: ______________________________________________________________ #Modified by YaST2. Last modification on Sat Oct 11 21:52:09 UTC 2008 Default 0 Timeout 8 #gfxmenu (hd0.5)/boot/message ###Don't change this comment - YaST2 identifier: Original name: linux### title SUSE Linux Enterprise Server 10 SP1 SOL redirection root (hd0,5) kernel /boot/vmlinux-2.6.16-46-0.
Example of original bootcfg setting: ______________________________________________________________ Boot Loader Settings -------------------timeout:30 default:multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Boot Entries -----------Boot entry ID: 1 Os Friendly Name: Winodws Server 2003, Enterprise Path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS OS Load Options: /redirect /nonexecute=optout /fastdetect /usepmtimer ______________________________________________________________ Example of modified bootcfg s
Using GUI Console Redirection This section provides information about using iDRAC6 console redirection feature. Overview iDRAC6 console redirection feature enables you to remotely access local consoles in graphic or text mode, allowing you to control one or more iDRAC6-enabled systems from a single location.
second user. During the time that two sessions are concurrently active, the first user sees a message in the upper-right corner of the screen that identifies that the second user has an active session. If the neither the first or second user has administrator privileges, termination of the first user's active session automatically results in termination of the second user's session.
2 Open the Internet Explorer browser again and go to Internet Explorer→ Tools→Manage Add-ons and click Enable or Disable Add-ons. The Manage Add-ons window is displayed. 3 Select All Add-ons from the Show drop-down menu. 4 Select the Video Viewer add-on and click the More Information link. 5 Select Remove from the More Information window. 6 Close the More Information and the Manage Add-ons windows.
2 If you are using Firefox or want to use the Java Viewer with Internet Explorer, install a Java Runtime Environment (JRE). See "Installing a Java Runtime Environment (JRE)." 3 It is recommended that you configure your monitor display resolution to 1280x1024 pixels. NOTE: If you have an active console redirection session and a lower resolution monitor is connected to the iKVM, the server console resolution may reset if the server is selected on the local console.
Table 11-2. Console Redirection Configuration Properties (continued) Property Description Active Sessions Displays the number of Active Console sessions. This field is read-only. Keyboard and Mouse Port The network port number used for connecting to the Number Console Redirection Keyboard/Mouse option. This traffic is always encrypted. You may need to change this number if another program is using the default port. The default is 5900.
Table 11-2. Console Redirection Configuration Properties (continued) Property Description Console Plug-In Type for IE When using Internet Explorer on a Windows operating system, you can choose from the following viewers: ActiveX - The ActiveX Console Redirection viewer Java - Java Console Redirection viewer NOTE: Depending on your version of Internet Explorer, additional security restrictions may need to be turned off (see "Configuring and Using Virtual Media").
NOTE: vKVM launch from a Windows Vista® management station may lead to vKVM restart messages. To avoid this, set the appropriate timeout values in the following locations: Control Panel→Power Options→Power Saver→Advanced Settings→Hard Disk→Turnoff Hard Disk After and in the Control Panel→ Power Options→High–Performance→Advanced Settings→Hard Disk→Turnoff Hard Disk After .
Table 11-4. Console Redirection Information (continued) Property Description Console Plug-in Type Shows the plug-in type currently configured. ActiveX — An Active-X viewer will be launched. Active-X viewer will only work on Internet Explorer while running on a Windows Operating System. Java — A Java viewer will be launched. The Java viewer can be used on any browser including Internet Explorer. If your client runs on an operating system other than Windows, then you must use the Java Viewer.
NOTE: If one or more Security Alert windows appear in the following steps, read the information in the window and click Yes to continue. The management station connects to iDRAC6 and the remote system’s desktop appears in iDRACView. 4 Two mouse pointers appear in the viewer window: one for the remote system and one for your local system. You must synchronize the two mouse pointers so that the remote mouse pointer follows your local mouse pointer. See "Synchronizing the Mouse Pointers.
Table 11-6. Viewer Menu Bar Selections Menu Item Item Description Video Pause Temporarily pauses console redirection. Resume Resumes console redirection. Refresh Redraws the viewer screen image. Capture Captures the current remote system screen to a .bmp Current Screen file. A dialog box is displayed that allows you to save the file to a specified location.
Table 11-6. Menu Item Viewer Menu Bar Selections (continued) Item Description Macros When you select a macro, or enter the hotkey specified for the macro, the action is executed on the remote system.
Table 11-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Options Color Mode Allows you to select a color depth to improve performance over the network. For example, if you are installing software from virtual media, you can choose the lowest color depth, so that less network bandwidth is used by the console viewer leaving more bandwidth for transferring data from the media. The color mode can be set to 15-bit color and 7-bit color.
Synchronizing the Mouse Pointers When you connect to a remote Dell PowerEdge system using Console Redirection, the mouse acceleration speed on the remote system may not synchronize with the mouse pointer on your management station, causing two mouse pointers to appear in the Video Viewer window. To synchronize the mouse pointers click Mouse→Synchronize cursor or press . The Synchronize cursor menu item is a toggle.
4 If you want to enable (turn on) local video on the server, in the Configuration screen, select Local Server Video Enabled and then click Apply. The Console Redirection screen displays the status of the Local Server Video. Launching vKVM and Virtual Media Remotely You can launch vKVM/virtual media by entering a single URL on a supported browser instead of launching it from iDRAC6 Web GUI.
Table 11-7. Error Scenarios (continued) Error Scenarios Reason Behavior Insufficient Privileges You do not have console redirection and virtual media privileges. iDRACView is not launched and you are redirected to the Console/Media configuration GUI page. Console Redirection disabled Console redirection is iDRACView is not launched and disabled on your system. you are redirected to the Console/Media configuration GUI page.
Table 11-8. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Can the local user also turn on the video? No. Once the local console is disabled, the local user’s keyboard and mouse are disabled and they are unable to change any settings. Does switching off the local video also Yes.
Table 11-8. Using Console Redirection: Frequently Asked Questions (continued) Question Answer The console window is garbled. The console viewer on Linux requires a UTF-8 character set. Check your locale and reset the character set if needed. See "Setting the Locale in Linux" for more information. Why do I get a blank screen on the managed server when loading the Windows 2000 operating system? The managed server does not have the correct ATI video driver. Update the video driver.
Table 11-8. Using Console Redirection: Frequently Asked Questions (continued) Question Answer I am still having issues with mouse synchronization. Ensure that the correct mouse is selected for your operating system before starting a console redirection session. Ensure that Synchronize Mouse is checked in the Mouse menu. Press or select Mouse→Synchronize mouse to toggle mouse synchronization. When synchronization is enabled, a check mark appears next to the selection in the Mouse menu.
Table 11-8. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why do multiple Session Viewer windows appear when I establish a console redirection session from the local host? You are configuring a console redirection session from the local system. This is not supported. If I am running a console redirection No. If a local user accesses the system, you session and a local user accesses the both have control of the system.
Using GUI Console Redirection
Configuring the VFlash Media Card for Use With iDRAC6 The VFlash media card is a Secure Digital (SD) card that plugs into the optional iDRAC6 Enterprise card slot at the back corner of the system. It provides storage space that behaves like a common USB Flash Key device. Installing a VFlash Media Card 1 Remove the blade from the chassis. 2 Locate the VFlash media slot at the back corner of the system. NOTE: You do not need to remove the blade cover to install or remove the card.
3 With the label side facing up, insert the contact-pin end of the SD card into the card slot on the module. NOTE: The slot is keyed to ensure correct insertion of the card. 4 Press inward on the card to lock it into the slot. 5 Place the blade back in the chassis. Removing a VFlash Media Card To remove the VFlash media, push inward on the card to release it, and pull the card from the card slot.
The VFlash screen is displayed. Table 12-1 lists the SD Card Properties options. Table 12-1. SD Card Properties Attribute Description Virtual Key Size Allows you to select the size to be occupied by the VFlash key on the SD card. Select a virtual key size and click Apply. The virtual key re-initializes to the specified size, erases all existing data, and formats a part of the SD card. NOTE: If you have inserted a 1 GB licensed SD card, you can select either 256 MB or 512 MB as the partition size.
Table 12-1. SD Card Properties (continued) Attribute Description Initialize Click Initialize to create the VFlash image, ManagedStore.IMG, on the SD card. NOTE: The Initialize option is enabled only if a VFlash media card is present. Also, the SD card can be formatted only if the VFlash Attach option is unchecked. NOTE: The ManagedStore.IMG and ManagedStore.ID files displayed on the VFlash GUI page are not visible on the host server's operating system but on the SD card.
Table 12-2. VFlash Drive (continued) Attribute Description Upload Click this option to upload the selected image file to the SD card. After the upload is completed, the image file is stored on the SD card as ManagedStore.IMG. NOTE: Uploading ISO images is not supported in this release and may result in errors during upload.
CAUTION: Resetting the VFlash media card with the RACADM command resets the size of the key to 256MB and deletes all existing data. NOTE: For more information about vmkey, see "vmkey." The RACADM command functions only if a VFlash media card is present. If a card is not present, the following message is displayed: ERROR: Unable to perform the requested operation. Ensure that a SD Card is inserted.
Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the console redirection viewer, provides the managed server access to media connected to a remote system on the network. Figure 13-1 shows the overall architecture of Virtual Media. Figure 13-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual Media requires a minimum available network bandwidth of 128 Kbps. Virtual Media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
Depending on your version of Internet Explorer, a custom security setting for ActiveX may be required: 1 Start Internet Explorer. 2 Click Tools→Internet Options, and then click the Security tab. 3 Under Select a Web content zone to specify its security settings, click to select the desired zone. 4 Under Security level for this zone, click Custom Level. The Security Settings window appears.
3 In the Virtual Media section, select values for the settings. See Table 13-2 for information on Virtual Media configuration values. 4 Click Apply to save your settings. An alert dialog appears with the following message: You are about to change device configuration. All existing redirection sessions will be closed. Do you want to continue? 5 Click OK to continue. An alert dialog appears with the following message: Virtual Media Configuration successfully set. Table 13-2.
Table 13-2. Virtual Media Configuration Values (continued) Attribute Value Floppy Emulation Indicates whether the Virtual Media appears as a floppy drive or as a USB key to the server. If Floppy Emulation is selected, the Virtual Media device appears as a floppy device on the server. If it is deselected, it appears as a USB Key drive. NOTE: On certain Windows Vista® and Red Hat® Enterprise Linux® environments, you may not be able to virtualize a USB with Floppy Emulation enabled.
NOTE: Virtual Media may not function properly on Windows operating system clients that are configured with Internet Explorer Enhanced Security. To resolve this issue, see your Microsoft operating system documentation or contact your administrator. 4 Click Launch Viewer. NOTE: On Linux, the file jviewer.jnlp is downloaded to your desktop and a dialog box will ask what to do with the file.
The media is connected and the Status window is updated. 10 Click Close. NOTE: Whenever a Virtual Media session is initiated or a VFlash is connected, an extra drive named "LCDRIVE" is displayed on the host operating system and the BIOS. The extra drive disappears when the VFlash or the Virtual Media session is disconnected. Disconnecting Virtual Media 1 Select Media→Virtual Media Wizard. The Media Redirection Wizard appears. 2 Click Disconnect next to the media you wish to disconnect.
The managed server attempts to boot from a bootable device based on the boot order. If the virtual device is connected and a bootable media is present, the system boots to the virtual device. Otherwise, the system overlooks the device—similar to a physical device without bootable media. Installing Operating Systems Using Virtual Media This section describes a manual, interactive method to install the operating system on your management station that may take several hours to complete.
Frequently Asked Questions Table 13-3 lists frequently asked questions and answers. Table 13-3. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my Virtual Media client connection drop. Why? When a network time-out occurs, iDRAC6 firmware drops the connection, disconnecting the link between the server and the Virtual Drive.
Table 13-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer An installation of the Windows operating system seems to take too long. Why? If you are installing the Windows operating system and have a slow network connection, the installation procedure may require an extended amount of time to access iDRAC6 Web interface due to network latency. While the installation window does not indicate the installation progress, the installation procedure is in progress.
Table 13-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer How can I make my USB key bootable? Search support.dell.com for the Dell Boot Utility, a Windows program you can use to make your Dell USB key bootable. You can also boot with a Windows 98 startup disk and copy system files from the startup disk to your USB key. For example, from the DOS prompt, enter the following command: sys a: x: /s where x: is the USB key you want to make bootable.
Table 13-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy device on a system running Red Hat® Enterprise Linux® or the SUSE® Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
Using the RACADM Command Line Interface The RACADM command line interface (CLI) provides access to iDRAC6 management features on the managed server. RACADM provides access to most of the features on iDRAC6 Web interface. RACADM can be used in scripts to ease configuration of multiple servers, instead of using the Web interface, which, is more useful for interactive management.
CAUTION: The latest iDRAC6 firmware supports only the latest RACADM version. You may encounter errors if you use an older version of RACADM to query iDRAC6 with the latest firmware. Install the RACADM version shipped with your latest Dell™ OpenManage™ DVD media. RACADM Subcommands Table 14-1 provides a description of each RACADM subcommand that you can run in RACADM. For a detailed listing of RACADM subcommands including syntax and valid entries, see "RACADM Subcommand Overview." Table 14-1.
Table 14-1. RACADM Subcommands (continued) Command Description gettracelog Displays iDRAC6 trace log. If used with -i, the command displays the number of entries in iDRAC6 trace log. help Lists iDRAC6 subcommands. help Lists usage statement for the specified subcommand. ifconfig Displays the contents of the network interface table. krbkeytabupload Uploads a Kerberos keytab file. localconredirdisable Performs local kVM disable from the local system.
Table 14-1. RACADM Subcommands (continued) Command Description sslcsrgen Generates and downloads the SSL CSR. testemail Forces iDRAC6 to send an e-mail over iDRAC6 NIC. testtrap Forces iDRAC6 to send an SNMP alert over iDRAC6 NIC. traceroute Traces the network path of routers that packets take as they are forwarded from your system to a destination IPv4 address. traceroute6 Traces the network path of routers that packets take as they are forwarded from your system to a destination IPv6 address.
Table 14-2.
Table 14-2. RACADM Subcommand Interface Support (continued) Subcommand Telnet/SSH Local RACADM Remote RACADM setniccfg sshpkauth sslcertdownload sslcertupload sslcertview sslcsrgen (can only generate, not download) sslkeyupload testemail testtrap traceroute traceroute6 usercertupload usercertview version vmdisconnect vmkey = Supported; =Not supported Using local RACADM Commands You run RACADM commands locally (on the managed server) from a command prompt or shell prompt.
Log in to the managed server, start a command shell, and enter local RACADM commands in one of the following formats: • racadm [parameters] • racadm [-g ] [-o
For example, to display a list of all cfgLanNetworking group object settings, enter the following command: racadm getconfig -g cfgLanNetworking Managing iDRAC6 Users with RACADM NOTE: Use caution when using the racresetcfg command, as all configuration parameters are reset to the original defaults. Any previous changes are lost. NOTE: If you are configuring a new iDRAC6 or if you ran the racadm racresetcfg command, the only current user is root with the password calvin.
Adding an iDRAC6 User To add a new user to iDRAC6, perform the following steps: 1 Set the user name. 2 Set the password. 3 Set the Login to iDRAC6 user privilege. 4 Enable the user.
Table 14-3.
View The view mode allows the user to view a key specified by the user or all keys. racadm sshpkauth -i <2 to 16> -v -k <1 to 4> racadm sshpkauth -i <2 to 16> -v -k all Delete The delete mode allows the user to delete a key specified by the user or all keys. racadm sshpkauth -i <2 to 16> -d -k <1 to 4> racadm sshpkauth -i <2 to 16> -d -k all CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the "Configure Users" user privilege.
NOTE: Ensure that the SMTP and E-mail Alert settings are configured before testing the e-mail alert feature. See "Configuring E-Mail Alerts" for more information. Testing iDRAC6 SNMP Trap Alert Feature iDRAC6 SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed server. The following example shows how a user can test the SNMP trap alert feature.
racadm config -g cfgLanNetworking -o cfgNicGateway 192.168.0.120 racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 192.168.0.5 racadm config -g cfgLanNetworking -o cfgDNSServer2 192.168.0.
• 4 (Administrator) For example, to set the IPMI LAN channel privilege to 2 (User), enter the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanPrivilegeLimit 2 b Set the IPMI LAN channel encryption key, if required, using a command such as the following: NOTE: iDRAC6 IPMI supports the RMCP+ protocol. See the IPMI 2.0 specifications for more information. racadm config -g cfgIpmiLan -o cfgIpmiEncryptionKey where is a 20-character encryption key in a valid hexadecimal format.
b Update the IPMI SOL baud rate using the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolBaudRate where is 19200, 57600, or 115200 bps. For example: racadm config -g cfgIpmiSol -o cfgIpmiSolBaudRate 57600 c Enable SOL by typing the following command at the command prompt. NOTE: SOL can be enabled or disabled for each individual user. racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable 1 -i where is the user’s unique ID.
racadm config -g cfgIpmiPef -o cfgIpmiPefAction -i 9 2 Configuring PET 1 Enable global alerts using the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 2 Enable PET using the following command: racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i <0|1> where is the PET destination index and 0 or 1 disable PET or enable PET, respectively.
racadm config -g cfgEmailAlert -o cfgEmailAlertEnable -i <0|1> where is the e-mail destination index and 0 disables the e-mail alert or 1 enables the alert. The e-mail destination index can be a value from 1 through 4.
IP filtering compares the IP address of an incoming login to the IP address range that is specified in the following cfgRacTuning properties: • cfgRacTuneIpRangeAddr • cfgRacTuneIpRangeMask The cfgRacTuneIpRangeMask property is applied to both the incoming IP address and to the cfgRacTuneIpRangeAddr properties. If the results are identical, the incoming login request is allowed to access iDRAC6. Logins from IP addresses outside this range receive an error.
NOTE: See "Using the RACADM Command Line Interface" for more information about RACADM and RACADM commands. 1 The following RACADM commands block all IP addresses except 192.168.0.57: racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.57 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255 2 To restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.
Configuring IP Blocking IP blocking dynamically determines when excessive login failures occur from a particular IP address and blocks (or prevents) the address from logging in to iDRAC6 for a preselected time span.
Table 14-6. Log In Retry Restriction (IP Blocking) Properties (continued) Property Definition cfgRacTuneIpBlkFailWindow The time frame in seconds during which the failure attempts are counted. When the failures exceed this limit, they are dropped from the counter. cfgRacTuneIpBlkPenaltyTime Defines the time span in seconds that login attempts from an IP address with excessive failures are rejected.
Configuring iDRAC6 Telnet and SSH Services Using Local RACADM The Telnet/SSH console can be configured locally (on the managed server) using RACADM commands. NOTE: You must have Configure iDRAC6 permission to execute the commands in this section. NOTE: When you reconfigure Telnet or SSH settings in iDRAC6, any current sessions are terminated without warning.
The maximum number of simultaneous remote RACADM sessions is four. These sessions are independent and in addition to the Telnet and SSH sessions. iDRAC6 can simultaneously support four SSH sessions and four Telnet sessions, in addition to the four RACADM sessions. NOTE: Configure the IP address on your iDRAC6 before using the RACADM remote capability.
For example: racadm -r 192.168.0.120 -u root -p calvin getsysinfo racadm -i -r 192.168.0.120 getsysinfo If the HTTPS port number of iDRAC6 has been changed to a custom port other than the default port (443), the following syntax must be used: racadm -r : -u -p racadm -i -r : Remote RACADM Options Table 14-7 lists the options for the remote RACADM command. Table 14-7.
Using an iDRAC6 Configuration File An iDRAC6 configuration file is a text file that contains a representation of the values in iDRAC6 database. You can use the RACADM getconfig subcommand to generate a configuration file containing the current values from iDRAC6. You can then edit the file and use the RACADM config -f subcommand to load the file back into iDRAC6, or to copy the configuration to other iDRAC6s. Creating an iDRAC6 Configuration File The configuration file is a plain text file.
# This is a comment [cfgUserAdmin] cfgUserAdminPrivilege=4 • Group entries must be surrounded by [ and ] characters. The starting [ character denoting a group name must start in column one. This group name must be specified before any of the objects in that group. Objects that do not include an associated group name generate an error. The configuration data is organized into groups as defined in "iDRAC6 Enterprise Property Database Group and Object Definitions.
racadm config -g -o -i "" NOTE: A NULL string (identified by two "" characters) directs iDRAC6 to delete the index for the specified group. To view the contents of an indexed group, use the following command: racadm getconfig -g -i • For indexed groups the object anchor must be the first object after the [ ] pair.
# Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.1 This file will be updated as follows: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.9.143 # comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 Loading the Configuration File Into iDRAC6 The command racadm config -f parses the configuration file to verify that valid group and object names are present and that syntax rules are followed.
Before you execute the racadm config -f command, you can run the racresetcfg subcommand to reset iDRAC6 to its default settings. Ensure that the configuration file you will load includes all desired objects, users, indexes, and other parameters. To update iDRAC6 with the configuration file, execute the following command: racadm -r -u -p config -f myconfig.
NOTE: Some configuration files contain unique iDRAC6 information (such as the static IP address) that must be modified before you export the file to other iDRAC6s. 2 Edit the configuration file you created in the previous step and remove or comment-out any settings you do not want to replicate. 3 Copy the edited configuration file to a network drive where it is accessible to each managed server whose iDRAC6 you want to configure.
Power Monitoring and Power Management Dell™ PowerEdge™ systems incorporate many new and enhanced power management features. The entire platform, from hardware to firmware to systems management software, has been designed with a focus on power efficiency, power monitoring, and power management. NOTE: iDRAC6 power management logic utilizes a Complex Programmable Logic Device (CPLD) present in the blade server. Updates to CPLD devices are available at the Dell Support website at support.dell.
• View the power status of the server. See "Viewing Power Monitoring." • View power budget information for the server, including the minimum and maximum potential power consumption. See "Viewing Power Budget." • View power budget threshold for the server. See "Power Budget Threshold." • Execute power control operations on the server (for example, power on, power off, system reset, power cycle, and graceful shutdown). See "Executing Power Control Operations on the Server.
• Warning Threshold: Displays the acceptable power consumption (in Watts and BTU/hr) recommended for system operation. Power consumption that exceeds this value results in warning events. • Failure Threshold: Displays the highest acceptable power consumption (in Watts and BTU/hr) required for system operation. Power consumption that exceeds this value results in critical/failure events. Amperage • Location: Displays the name of the system board sensor. • Reading: The current consumption in AC Amps.
– Reading: The value of the appropriate statistic—Cumulative System Power, System Peak Power, and System Peak Amperage since the counter was started. NOTE: Power Tracking Statistics are maintained across system resets and so reflect all activity in the interval between the stated Start and Current times. The power values displayed in the Power Consumption table are cumulative averages over the respective time interval (last minute, hour, day and week).
potential power consumption thus increasing the power envelope. iDRAC6 only increases its maximum potential power consumption request to CMC. It does not request for a lesser minimum potential power if the consumption decreases. CMC reclaims any unused power from lower priority servers and subsequently allocates the reclaimed power to a higher priority infrastructure module or a server. Viewing Power Budget The server provides power budget status overviews of the power subsystem on the Power Budget screen.
Power Budget Threshold Power Budget Threshold, if enabled, enforces power limits for the system. System performance is dynamically adjusted to maintain power consumption near the specified threshold. Actual power consumption may be less for light workloads and momentarily may exceed the threshold until performance adjustments have completed. Using the Web Interface 1 Log in to iDRAC6 Web interface. 2 In the system tree, select System. 3 Click the Power Management tab, and then click Power Budget.
returns racadm getconfig -g cfgServerPower -o cfgServerPowerCapPercent returns NOTE: For more information about cfgServerPower, including output details, see "cfgServerPower." Power Control iDRAC6 enables you to remotely perform a power-on, power off, reset, graceful shutdown, non-masking interruption (NMI), or power cycle. Use the Power Control screen to perform an orderly shutdown through the operating system when rebooting and powering on or off.
– NMI (Non-Masking Interrupt) generates an NMI to halt system operation. An NMI sends a high-level interrupt to the operating system, which causes the system to halt operation to allow for critical diagnostic or troubleshooting activities. This option is disabled if the system is already powered off. – Graceful Shutdown attempts to cleanly shutdown the operating system, then powers off the system.
Using iDRAC6 Enterprise SM-CLP Command Line Interface This section provides information about the Server Management Workgroup (SMWG) Server Management-Command Line Protocol (SM-CLP) that is incorporated in iDRAC6. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SMWG SM-CLP specifications. For more information on these specifications, see the Distributed Management Task Force (DMTF) website at www.dmtf.org.
System Management With SM-CLP iDRAC6 SM-CLP enables you to manage the following system features from a command line: • Server Power Management — Turn on, shutdown, or reboot the system • System Event Log (SEL) Management — Display or clear the SEL records • iDRAC6 user account management • Active Directory configuration • iDRAC6 LAN configuration • SSL Certificate Signature Request (CSR) generation • Virtual media configuration iDRAC6 SM-CLP Support SM-CLP is hosted from iDRAC6 firmware, and s
telnet $; (the CLI prompt is displayed) $smclp; (in the CLI prompt, type smclp) SM-CLP Features The SM-CLP specification provides a common set of standard SM-CLP verbs that can be used for simple systems management through the CLI. SM-CLP promotes the concept of verbs and targets to provide system configuration capabilities through the CLI. The verb indicates the operation to perform and the target is the entity (or object) on which the operation is performed.
Table 16-1. Supported SM-CLP CLI Verbs (continued) Verb Description Options reset Resets the target. –examine, –help, –output, –version Syntax: reset [options] [target] set Sets the properties of a target Syntax: –examine, –help, –output, –version set [options] [target] = show Displays the target properties, verbs, and subtargets.
Table 16-2. Supported SM-CLP Options (continued) SM-CLP Option Description -destination Specifies the location to store an image in the dump command. Syntax: –destination -display, -d Filters the command output. Syntax: -display [, ]* -examine, -x Instructs the command processor to validate the command syntax without executing the command. -help, -h Displays help for the verb.
Objects that can be managed with SM-CLP are represented by targets arranged in a hierarchical space called the Manageability Access Point (MAP) address space. An address path specifies the path from the root of the address space to an object in the address space. The root target is represented by a slash (/) or a backslash (\). It is the default starting point when you log in to iDRAC6. Navigate down from the root using the cd verb.
Using the -level Option The show -level option executes show over additional levels beneath the specified target. To see all targets and properties in the address space, use the -l all option. Using the -output Option The -output option specifies one of four formats for the output of SM-CLP verbs: text, clpcsv, keyword, and clpxml. The default format is text, and is the most readable output. The clpcsv format is a comma-separated values format suitable for loading into a spreadsheet program.
Table 16-3. Server Power Management Operations Operation Syntax Logging in to iDRAC6 using the SSH interface >ssh 192.168.0.120 >login: root >password: Enter "smclp" to start the SM–CLP console.
Table 16-4. SEL Management Operations Operation Syntax Viewing the SEL ->show -d targets,properties,verbs /admin1/system1/logs1/log1 Might return: Targets: record1/ record2/...
Table 16-4. SEL Management Operations (continued) Operation Syntax Viewing the SEL record ->show /admin1/system1/logs1/log1/record4 Might return: ufip=/admin1/system1/logs1/log1/record4 Associations:LogManagesRecord= >/admin1/system1/logs1/log1 Properties: RecordData=*0.0.65*4 2*1245152621*65 65*4*31*0*true*111*1*255*255* RecordFormat= *IPMI_SensorNumber.IPMI_OwnerLUN.
Table 16-4. SEL Management Operations (continued) Operation Syntax Verbs: show exit version cd help delete Clearing the SEL ->delete /admin1/system1/logs1/log1/record* Returns: Records deleted successfully. Table 16-5. Map Target Navigation Operations Operation Syntax Navigate to the system target and reboot ->cd admin1/system1 ->reset NOTE: The current default target is /.
Using iDRAC6 Enterprise SM-CLP Command Line Interface
Using the WS-MAN Interface Web Services for Management (WS–MAN) is a Simple Object Access Protocol (SOAP)–based protocol used for systems management. WS–MAN provides an interoperable protocol for devices to share and exchange data across networks. iDRAC6 uses WS–MAN to convey Distributed Management Task Force (DMTF) Common Information Model (CIM)–based management information; the CIM information defines the semantics and information types that can be manipulated in a managed system.
• ENUMERATE the contents of containers and collections, such as large tables and logs • EXECUTE specific management methods with strongly typed input and output parameters Supported CIM Profiles Table 17-1. Supported CIM Profiles Standard DMTF 1 Base Server Defines CIM classes for representing the host server. 2 Base Metrics Defines CIM classes for providing the ability to model and control metrics captured for managed elements. 3 Service Processor Defines CIM classes for modeling service processors.
Table 17-1. Supported CIM Profiles (continued) 10 DHCP Client Defines CIM classes for representing a DHCP client and its associated capabilities and configuration. 11 DNS Client Defines CIM classes for representing a DNS client in a managed system. 12 Record Log Defines CIM classes for representing different type of logs. iDRAC6 uses this profile to represent the System Event Log (SEL) and iDRAC6 RAC Log. 13 Role Based Authorization Defines CIM classes for representing roles.
Table 17-1. Supported CIM Profiles (continued) 3 OS Deployment Defines CIM and Dell extension classes for representing the configuration of OS Deployment features. It extends the management capability of referencing profiles by adding the capability to support OS deployment activities by manipulating OS Deployment features provided by the service processor.
iDRAC6 WS–MAN implementation uses SSL on port 443 for transport security, and supports basic and digest authentication. Web services interfaces can be utilized by leveraging client infrastructure such as Windows® WinRM and Powershell CLI, open source utilities like WSMANCLI, and application programming environments like Microsoft® .NET®. There are additional implementation guides, white papers, profile, and code samples available in the Dell Enterprise Technology Center at www.delltechcenter.com.
Using the WS-MAN Interface
Deploying Your Operating System Using iVMCLI The Integrated Virtual Media Command Line Interface (iVMCLI) utility is a command-line interface that provides virtual media features from the management station to iDRAC6 in the remote system. Using iVMCLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the iVMCLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using iDRAC6 Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Windows systems. Creating an Image File for Linux Systems Use the Data Duplicator (dd) utility to create a bootable image file for your Linux system.
When you create the image file, do the following: • Follow standard network-based installation procedures. • Mark the deployment image as "read only" to ensure that each target system boots and executes the same deployment procedure. 4 Perform one of the following procedures: • Integrate IPMItool and the Virtual Media command line interface (iVMCLI) into your existing operating system deployment application. Use the sample ivmdeploy script as a guide to using the utility.
• is the password for iDRAC6 user—for example, calvin • is the path to an ISO9660 image of the operating system installation CD or DVD • is the path to the device containing the operating system installation CD or DVD The ivmdeploy script passes its command line options to the iVMCLI utility. See "Command Line Options" for details about these options. The script processes the -r option slightly differently than the iVMCLI -r option.
CAUTION: It is recommended to use the interactive flag '-i' option, when starting up the iVMCLI command line utility. This ensures tighter security by keeping the username and password private because on many Windows and Linux operating systems, the username and password are visible in clear text when processes are examined by other users.
Command Line Options The iVMCLI interface is identical on both Windows and Linux systems. The utility uses options that are consistent with the RACADM utility options. For example, an option to specify iDRAC6 IP address requires the same syntax for both RACADM and iVMCLI utilities. The iVMCLI command format is as follows: iVMCLI [parameter] [operating_system_shell_options] Command-line syntax is case-sensitive. See "iVMCLI Parameters" for more information.
• Valid user name • iDRAC6 Virtual Media User permission If iDRAC6 authentication fails, an error message displays and the command terminates. iDRAC6 User Password -p This parameter provides the password for the specified iDRAC6 user. If iDRAC6 authentication fails, an error message displays and the command terminates.
Omit this parameter from the command line if you are not virtualizing floppy media. If an invalid value is detected, an error message displays and the command terminates. CD/DVD Device or Image File -c { | } where is a valid CD/DVD drive letter (Windows systems) or a valid CD/DVD device file name (Linux systems) and is the file name and path of a valid ISO-9660 image file.
Manual Display -m This parameter displays a detailed “man page” for the iVMCLI utility, including descriptions of all of the possible options. Encrypted Data -e When this parameter is included in the command line, iVMCLI will use an SSL-encrypted channel to transfer data between the management station and iDRAC6 in the remote system. If this parameter is not included in the command line, the data transfer is not encrypted.
2 = iVMCLI command line error 3 = RAC firmware connection dropped English-only text messages are also issued to standard error output whenever errors are encountered.
Using iDRAC6 Configuration Utility Overview iDRAC6 Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for iDRAC6 and for the managed system.
Starting iDRAC6 Configuration Utility You must use an iDRAC6 KVM-connected console to access iDRAC6 Configuration Utility initially or after resetting iDRAC6 to the default settings. 1 At the keyboard connected to iDRAC6 KVM console, press to display iDRAC6 KVM On Screen Configuration and Reporting (OSCAR) menu. Use and to highlight the slot containing your server, then press .
• The bottom line of the screen displays instructions for the current item. You can press to display help for the current item. • When you have finished using iDRAC6 Configuration Utility, press to view the exit menu, where you can choose to save or discard your changes or return to the utility. The following sections describe iDRAC6 Configuration Utility menu items. iDRAC6 LAN Use the left-arrow and right-arrow keys and the spacebar to select between On and Off.
LAN Parameters Press to display the LAN Parameters submenu. When you have finished configuring the LAN parameters, press to return to the previous menu. Table 19-1. LAN Parameters Item Description Common Settings MAC Address This is the non-editable MAC address of iDRAC6 network interface. VLAN Enable Displays On/Off. On will enable the Virtual LAN filtering for iDRAC6. VLAN ID Displays any any VLAN ID value between 1-4094.
Table 19-1. LAN Parameters (continued) Item Description Alert Destination 1 if LAN Alert Enabled is set to On, enter the IP address where PET LAN alerts will be forwarded. IPv4 Settings Enable or disable support for the IPv4 connection. IPv4 Select Enabled or Disabled IPv4 protocol support. The default is enabled. RMCP+ Encryption Press to edit the value and when finished. Key The RMCP+ Encryption key is a 40-character hexadecimal string (characters 0-9, a-f, and A-F).
Table 19-1. LAN Parameters (continued) Item Description DNS Server 1 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the second DNS server. IPv6 Settings IPv6 Enable or disable support for the IPv6 connection. IPv6 Address Source Select between AutoConfig and Static. When AutoConfig is selected, the IPv6 Address 1, Prefix Length, and Default Gateway fields are obtained from DHCP.
Table 19-1. LAN Parameters (continued) Item Description DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. Virtual Media Configuration Virtual Media Use the left-arrow and right-arrow keys to select Auto-Attached, Attached or Detached. • If you select Attached, the virtual media devices are attached to the USB bus, making them available for use during Console Redirection sessions.
NOTE: If you enable the Single Sign On feature, the Smart Card Logon feature is disabled. System Services System Services Use the left-arrow and right-arrow keys to select Enabled or Disabled. If enabled, certain iDRAC6 features can be configured through the Lifecycle Controller. For more information, see the Lifecycle Controller User Guide, available on the Dell Support Website at support.dell.com/manuals. NOTE: Modifying this option restarts the server when you Save and Exit to apply the new settings.
Table 19-2. Lan User Configuration Screen Item Description Auto-Discovery The auto-discovery feature enables automated discovery of unprovisioned systems on the network; further, it securely establishes initial credentials so that these discovered systems can be managed. This feature enables iDRAC6 to locate the provisioning server. iDRAC6 and provisioning service server mutually authenticate each other.
Table 19-2. Lan User Configuration Screen (continued) Item Description Auto–Discovery (continued...) Before adding your Dell system to the network and using the auto–discovery feature, ensure that: • Dynamic Host Configuration Protocol (DHCP) server/Domain Name System (DNS) are configured. • Provisioning Web services is installed, configured, and registered. Provisioning Server This field is used to configure the provisioning server.
Reset to Default Use the Reset to Default menu item to reset all of iDRAC6 configuration items to the factory defaults. This may be required, for example, if you have forgotten the administrative user password or if you want to reconfigure iDRAC6 from the default settings. NOTE: In the default configuration, iDRAC6 networking is disabled. You cannot reconfigure iDRAC6 over the network until you have enabled iDRAC6 network in iDRAC6 Configuration Utility. Press to select the item.
Exiting iDRAC6 Configuration Utility When you have finished making changes to iDRAC6 configuration, press the key to display the Exit menu. Select Save Changes and Exit and press to retain your changes. Select Discard Changes and Exit and press to ignore any changes you made. Select Return to Setup and press to return to iDRAC6 Configuration Utility.
Recovering and Troubleshooting the Managed System This section explains how to perform tasks related to diagnosing and troubleshooting a remote managed system using iDRAC6 utilities.
Trouble Indicators This section describes indications that there may be a problem with your system. LED Indicators LEDs on the chassis or on components installed in the chassis are generally the first indicators of system trouble. The following components and modules have status LEDs: • Chassis LCD display • Servers • Fans • CMCs • I/O modules • Power supplies The single LED on the chassis LCD summarizes the status of all of the components in the system.
Hardware Trouble Indicators Indications that a module has a hardware problem include the following: • Failure to power up • Noisy fans • Loss of network connectivity • Battery, temperature, voltage, or power monitoring sensor alerts • Hard drive failures • USB media failure • Physical damage caused by dropping, water, or other external stress When these kinds of problems occur, inspect the damage caused, and then try to correct the problem using these strategies: • Reseat the module and resta
Problem Solving Tools This section describes iDRAC6 utilities you can use to diagnose problems with your system, especially when you are trying to solve problems remotely.
Click any component on the Server Health section to see information about the component. Sensor readings are displayed for batteries, temperatures, voltages, and power monitoring, helping to diagnose some types of problems. iDRAC6 and CMC information screens provide useful current status and configuration information. Checking the System Event Log (SEL) The SEL Log screen displays messages for events that occur on the managed server.
Checking the Post Codes The Post Codes screen displays the last system post code prior to booting the operating system. Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from Power on Reset, and allow you to diagnose any faults related to system boot-up. NOTE: View the text for POST code message numbers in the LCD display or in the Hardware Owner’s Manual.
Table 20-6. Last Crash Screen Buttons Button Action Print Prints the Last Crash Screen screen. Save Opens a pop-up window that enables you to save the Last Crash Screen to a directory of your choice. Delete Deletes the Last Crash Screen screen. Refresh Reloads the Last Crash Screen screen. NOTE: Due to fluctuations in the Auto Recovery timer, the Last Crash Screen may not be captured when the System Reset Timer is configured with a value that is too high. The default setting is 480 seconds.
Table 20-7. Boot Capture Options (continued) Button/Option Description Save As Creates a compressed .zip file that contains all boot capture images of the current sequence. The user must have administrator privileges to perform this action. Previous Screen Takes you to previous screen, if any, in the replay console. Play Starts the screenplay from current screen in the replay console. Pause Pauses the screenplay on the current screen being displayed in the replay console.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-8.
Table 20-9. iDRAC6 Log Information Field Description Date/Time The date and time (for example, Dec 19 16:55:47). iDRAC6 sets its clock from the managed server’s clock. When iDRAC6 initially starts and is unable to communicate with the managed server, the time is displayed as the string System Boot. Source The interface that caused the event. Description A brief description of the event and the user name that logged in to iDRAC6.
See "Recovering and Troubleshooting the Managed System" for information on the system summary, main system enclosure, and iDRAC6. Identifying the Managed Server in the Chassis The Dell PowerEdge M1000e chassis holds up to sixteen servers. To locate a specific server in the chassis, you can use iDRAC6 Web interface to turn on a blue flashing LED on the server.
Table 20-11 describes the commands that can be entered on the Diagnostics Console screen. Enter a command and click Submit. The debugging results appear in the Diagnostics Console screen. Click the Clear button to clear the results displayed by the previous command. To refresh the Diagnostics Console screen, click Refresh. Table 20-11. Diagnostic Commands Command Description arp Displays the contents of the Address Resolution Protocol (ARP) table. ARP entries may not be added or deleted.
NOTE: You must have Execute Server Action Commands permission to perform power management actions. See "Adding and Configuring iDRAC6 Users" for help configuring user permissions. 1 Click System, then click the Power Management→Power Control tab. 2 Select a Power Control Operation, for example Reset System (warm boot). Table 20-12 provides information about Power Control Actions. 3 Click Apply to perform the selected action. Table 20-12.
Troubleshooting and Frequently Asked Questions Table 20-13 contains frequently asked questions about troubleshooting issues. Table 20-13. Frequently Asked Questions/Troubleshooting Question Answer The LED on the server is blinking amber. Check the SEL for messages and then clear the SEL to stop the blinking LED.
Table 20-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer For example: $ racadm getniccfg -m server-1 DHCP Enabled IP Address Subnet Mask Gateway = = = = 1 192.168.0.1 255.255.255.0 192.168.0.1 From local RACADM: Enter the following command at a command prompt: racadm getsysinfo From the LCD: 1 On the Main Menu, highlight Server and press the check button. 2 Select the server whose IP address you seek and press the check button.
Table 20-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of CMC? From iDRAC6 Web interface: • Click System→Remote Access→CMC. CMC IP address is displayed on the CMC Summary screen. From the iKVM: • Select the "Dell CMC" console in the OSCAR to log in to CMC through a local serial connection. CMC RACADM commands can be issued from this connection.
Table 20-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer I have forgotten iDRAC6 administrative user name and password. You must restore iDRAC6 to its default settings. 1 Reboot the server and press when prompted to enter iDRAC6 Configuration Utility. 2 On iDRAC6 Configuration Utility menu, highlight Reset to Default and press . NOTE: You can also reset iDRAC6 from local RACADM by issuing racadm racresetcfg. For more information, see "Reset to Default.
Table 20-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer When attempting to boot the managed server, the power indicator is green, but there is no POST or no video at all. This can happen if any of the following conditions is true: • Memory is not installed or is inaccessible. • The CPU is not installed or is inaccessible. • The video riser card is missing or improperly connected. Also, look for error messages in iDRAC6 log from iDRAC6 Web interface or from the LCD.
Recovering and Troubleshooting the Managed System
RACADM Subcommand Overview This section provides descriptions of the subcommands that are available in the RACADM command line interface. CAUTION: The latest iDRAC6 firmware supports only the latest RACADM version. You may encounter errors if you use an older version of RACADM to query iDRAC6 with the latest firmware. Install the RACADM version shipped with the Dell™ OpenManage™ 6.2 DVD media. help Table A-1 describes the help command. Table A-1.
The racadm help command displays information for the specified subcommand only. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM config Table A-2 describes the config subcommand. Table A-2. config/getconfig Subcommand Definition config Configures iDRAC6.
Input Table A-3 describes the config subcommand options. Table A-3. config Subcommand Options and Descriptions Option Description -f The -f option causes config to read the contents of the file specified by and configure iDRAC6. The file must contain data in the format specified in "Configuration File Syntax" on page 275. -p The -p, or password, option directs config to delete the password entries contained in the config file -f after the configuration is complete.
Sets the cfgNicIpAddress configuration parameter (object) to the value 10.35.10.110. This IP address object is contained in the group cfgLanNetworking. • racadm config -f myrac.cfg Configures or reconfigures iDRAC6. The myrac.cfg file may be created with the getconfig command. The myrac.cfg file may also be edited manually as long as the parsing rules are followed. NOTE: The myrac.cfg file does not contain passwords. To include passwords in the file, you must enter them manually.
Table A-4. getconfig Subcommand Options (continued) Option Description -h The -h, or help, option displays a list of all available configuration groups that you can use. This option is useful when you do not remember exact group names. -i The -i , or index, option is valid only for indexed groups and can be used to specify a unique group. If -i is not specified, a value of 1 is assumed for groups, which are tables that have multiple entries.
• racadm getconfig -h Displays a list of the available configuration groups on iDRAC6. • racadm getconfig -u root Displays the configuration properties for the user named root. • racadm getconfig -g cfgUserAdmin -i 2 -v Displays the user group instance at index 2 with extensive information for the property values.
Synopsis racadm getssninfo [-A] [-u | *] Description The getssninfo command returns a list of users that are connected to iDRAC6. The summary information provides the following information: • Username • IP address (if applicable) • Session type (for example, SSH or Telnet) Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM Input Table A-6 describes the getssninfo subcommand options. Table A-6.
Security Alert: Certificate is invalid - Certificate is not signed by Trusted Third Party Continuing execution. Use -S option for racadm to stop execution on certificate-related errors. Table A-7. getssninfo Subcommand Output Example User IP Address Type root 192.168.1.1 RACADM getsysinfo Table A-8 describes the racadm getsysinfo subcommand. Table A-8. getsysinfo Command Definition getsysinfo Displays information related to iDRAC6.
Table A-9. getsysinfo Subcommand Options Option Description -d Displays iDRAC6 information. -s Displays system information -w Displays watchdog information -A Eliminates the printing of headers/labels. –4 Displays iDRAC6 IPv4 information. –6 Displays iDRAC6 IPv6 information. Output The getsysinfo subcommand displays information related to iDRAC6, the managed server, and the watchdog configuration.
Domain Name from DHCP = 1 IPv4 settings: Enabled = 1 Current IP Address = 192.168.1.166 Current IP Gateway = 0.0.0.0 Current IP Netmask = 255.255.255.0 DHCP Enabled = 1 Current DNS Server 1 = 0.0.0.0 Current DNS Server 2 = 0.0.0.
Current IP Address 12 = :: Current IP Address 13 = :: Current IP Address 14 = :: Current IP Address 15 = :: DNS Servers from DHCPv6 = 0 Current DNS Server 1 = :: Current DNS Server 2 = :: System Information: System Model = PowerEdge M710 System BIOS Version = 1.1.
iSCSI = 00:23:AE:EC:2E:3F Examples racadm getsysinfo -A -s "System Information:" "PowerEdge M600" "0.2.1" "0.32" "48192" "dellx92i38xc2n" "" "ON" racadm getsysinfo -w -s System Information: System Model = PowerEdge M600 System BIOS Version = 0.2.1 BMC Firmware Version = 0.
Table A-10. getractime (continued) getractime Displays the current time from the remote access controller. Synopsis racadm getractime [-d] Description With no options, the getractime subcommand displays the time in a common readable format. With the -d option, getractime displays the time in the format, yyyymmddhhmmss.mmmmmms, which is the same format returned by the UNIX® date command. Output The getractime subcommand displays the output on one line.
Table A-11. setniccfg Subcommand Definition setniccfg Sets the IP configuration for the controller. Synopsis racadm setniccfg -d racadm setniccfg -s [ ] racadm setniccfg -o [ ] Description The setniccfg subcommand sets iDRAC6 IP address. • The -d option enables DHCP for the NIC (default is DHCP enabled). • The -s option enables static IP settings. The IP address, netmask, and gateway can be specified.
getniccfg Table A-12 describes the getniccfg subcommand. Table A-12. getniccfg Subcommand Definition getniccfg Displays the current IP configuration for iDRAC6. Synopsis racadm getniccfg Description The getniccfg subcommand displays the current NIC settings. Sample Output The getniccfg subcommand will display an appropriate error message if the operation is not successful.
IP Address 2 = :: IP Address 3 = :: IP Address 4 = :: IP Address 5 = :: IP Address 6 = :: IP Address 7 = :: IP Address 8 = :: IP Address 9 = :: IP Address 10 = :: IP Address 11 = :: IP Address 12 = :: IP Address 13 = :: IP Address 14 = :: IP Address 15 = :: NOTE: IPv6 information is displayed only if iDRAC6 supports IPv6. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM getsvctag Table A-13 describes the getsvctag subcommand. Table A-13.
Description The getsvctag subcommand displays the service tag of the host system. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM racreset Table A-14 describes the racreset subcommand. Table A-14. racreset Subcommand Definition racreset Resets iDRAC6. NOTE: When you issue a racreset subcommand, iDRAC6 may require up to two minutes to return to a usable state. Synopsis racadm racreset [hard | soft] Description The racreset subcommand resets iDRAC6.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM racresetcfg Table A-15 describes the racresetcfg subcommand. Table A-15. racresetcfg Subcommand Definition racresetcfg Resets the entire iDRAC6 configuration to factory default values. NOTE: The racresetcfg subcommand does not reset the cfgDNSRacName object.
serveraction Table A-16 describes the serveraction subcommand. Table A-16. serveraction Subcommand Definition serveraction Executes a managed server reset or power-on/off/cycle. Synopsis racadm serveraction Description The serveraction subcommand enables users to perform power management operations on the host system. Table A-17 describes the serveraction power control options. Table A-17. serveraction Subcommand Options String Definition Specifies the action.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM getraclog Table A-18 describes the racadm getraclog command. Table A-18. getraclog Command Definition getraclog -i Displays the number of entries in iDRAC6 log. getraclog Displays iDRAC6 log entries. Synopsis racadm getraclog -i racadm getraclog [-A] [-o] [-c count] [-s startrecord] [-m] Description The getraclog -i command displays the number of entries in iDRAC6 log.
Table A-19. getraclog Subcommand Options (continued) Option Description -s Specifies the starting record used for the display. Output The default output display shows the record number, time stamp, source, and description. The timestamp begins at midnight, January 1 and increases until the managed server boots. After the managed server boots, the managed server’s system time is used for the timestamp.
getsel Table A-20 describes the getsel command. Table A-20. getsel Command Definition getsel -i Displays the number of entries in the System Event Log. getsel Displays SEL entries. Synopsis racadm getsel -i racadm getsel [-E] [-R] [-A] [-o] [-c count] [-s count] [-m] Description The getsel -i command displays the number of entries in the SEL. The following getsel options (without the -i option) are used to read entries. NOTE: If no arguments are specified, the entire log is displayed. Table A-21.
Output The default output display shows the record number, timestamp, severity, and description. For example: Record: 1 Date/Time: 11/16/2005 22:40:43 Severity: Ok Description: System Board SEL: event log sensor for System Board, log cleared was asserted Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM clrsel Synopsis racadm clrsel Description The clrsel command removes all existing records from the System Event Log (SEL).
gettracelog Table A-22 describes the gettracelog subcommand. Table A-22. gettracelog Command Definition gettracelog -i Displays the number of entries in iDRAC6 trace log. gettracelog Displays iDRAC6 trace log. Synopsis racadm gettracelog -i racadm gettracelog [-A] [-o] [-c count] [-s startrecord] [-m] Description The gettracelog (without the -i option) command reads entries. The following gettracelog entries are used to read entries: Table A-23.
For example: Record: 1 Date/Time: Dec Source: ssnmgrd[175] 8 08:21:30 Description: root from 192.168.1.1: session timeout sid 0be0aef4 Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM sslcsrgen Table A-24 describes the sslcsrgen subcommand. Table A-24. sslcsrgen Subcommand Description sslcsrgen Generates and downloads an SSL certificate signing request (CSR) from the RAC.
Table A-25. sslcsrgen Subcommand Options Option Description -g Generates a new CSR. -s Returns the status of a CSR generation process (generation in progress, active, or none). -f Specifies the filename of the location, , where the CSR will be downloaded. NOTE: If the -f option is not specified, the filename defaults to sslcsr in your current directory. If no options are specified, a CSR is generated and downloaded to the local file system as sslcsr by default.
sslcertupload Table A-26 describes the sslcertupload subcommand. Table A-26. sslcertupload Subcommand Description sslcertupload Uploads a custom SSL server or CA certificate from the client to iDRAC6. Synopsis racadm sslcertupload -t [-f ] Options Table A-27 describes the sslcertupload subcommand options. Table A-27. sslcertupload Subcommand Options Option Description -t Specifies the type of certificate to upload, either the CA certificate or server certificate.
sslcertdownload Table A-28 describes the sslcertdownload subcommand. Table A-28. sslcertdownload Subcommand Description sslcertdownload Downloads an SSL certificate from the RAC to the client’s file system. Synopsis racadm sslcertdownload -t [-f ] Options Table A-29 describes the sslcertdownload subcommand options. Table A-29.
sslcertview Table A-30 describes the sslcertview subcommand. Table A-30. sslcertview Subcommand Description sslcertview Displays the SSL server or CA certificate that exists on iDRAC6. Synopsis racadm sslcertview -t [-A] Options Table A-31 describes the sslcertview subcommand options. Table A-31. sslcertview Subcommand Options Option Description -t Specifies the type of certificate to view, either the Microsoft Active Directory certificate or server certificate.
Organizational Unit (OU) Common Name (CN) : Remote Access Group : iDRAC default certificate Issuer Information: Country Code (CC) State (S) Locality (L) Organization (O) Organizational Unit (OU) Common Name (CN) : : : : : : Valid From Valid To : Jul : Jul racadm sslcertview -t 1 -A 00 US Texas Round Rock Dell Inc. Remote Access Group iDRAC default certificate US Texas Round Rock Dell Inc.
testemail Table A-32 describes the testemail subcommand. Table A-32. testemail configuration Subcommand Description testemail Tests iDRAC6 e-mail alerting feature. Synopsis racadm testemail -i Description Sends a test e-mail from iDRAC6 to a specified destination. Prior to executing the testemail command, ensure that the SMTP server is configured and the specified index in the RACADM cfgEmailAlert group is enabled and configured properly.
Table A-33. testemail Configuration (continued) Action Command View the current e-mail alert settings racadm getconfig -g cfgEmailAlert -i where is a number from 1 to 4 Options Table A-34 describes the testemail subcommand options. Table A-34. testemail Subcommand Option Option Description -i Specifies the index of the e-mail alert to test. The index for -i can be from 1 to 4.
Synopsis racadm testtrap -i Description The testtrap subcommand tests iDRAC6 SNMP trap-alerting feature by sending a test trap from iDRAC6 to a specified destination trap listener on the network. Before you execute the testtrap subcommand, ensure that the specified index in the RACADM cfgIpmiPet group is configured properly. Table A-36 provides a list and associated commands for the cfgIpmiPet group. Table A-36.
• telnet/ssh RACADM vmdisconnect Synopsis racadm vmdisconnect Description The vmdisconnect subcommand allows a user to disconnect another user's virtual media session. Once disconnected, the Web interface will reflect the correct connection status. The vmdisconnect subcommand enables iDRAC6 user to disconnect all active virtual media sessions. The active virtual media sessions can be displayed in iDRAC6 Web interface or by using the RACADM getsysinfo subcommand.
• Remote RACADM • telnet/ssh RACADM localconredirdisable Synopsis racadm localconredirdisable
racadm fwupdate -r Description The fwupdate subcommand allows users to update the firmware on iDRAC6. The user can: • Check the firmware update process status • Update iDRAC6 firmware from a TFTP server by providing an IP address and optional path • Rollback to the standby firmware Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM Input Table A-39 describes the fwupdate subcommand options. NOTE: The -p option is not supported with the remote or the Telnet/SSH console.
Table A-39. fwupdate Subcommand Options (continued) Option Description -d The -d, or directory, option specifies the directory on the TFTP server or on iDRAC6’s host server where the firmware update file resides. -r The rollback option is used to rollback to the standby firmware. Output Displays a message indicating which operation is being performed. Examples • racadm fwupdate -g -u -a 192.168.1.
Options Table A-41 describes the krbkeytabupload subcommand options. Table A-41. krbkeytabupload Subcommand Options Option Description -f Specifies the file name of the keytab to be uploaded. If the file is not specified, the keytab file in the current directory is selected. The krbkeytabupload command returns 0 when successful and returns a non–zero number when unsuccessful. Example racadm krbkeytabupload -f c:\keytab\krbkeytab.
• telnet/ssh RACADM version Synopsis racadm version Description Displays the RACADM version Supported Interfaces • Remote RACADM • Local RACADM • ssh/telnet RACADM arp NOTE: To use this command, you must have Administrator privilege. Table A-42 describes the arp command. Table A-42. arp Command Command Definition arp Displays the contents of the ARP table. ARP table entries cannot be added or deleted. Synopsis racadm arp Description Display the Address Resolution Protocol (ARP) table.
Example IP address HW type 192.168.1.1 0x1 Flags 0x2 HW address 00:00:0C:07:AC:0F Mask * Device eth0 Supported Interfaces • Remote RACADM • telnet/ssh RACADM coredump NOTE: To use this command, you must have Execute Debug Commands permission. Table A-43 describes the coredump subcommand. Table A-43. coredump Subcommand Definition coredump Displays the last iDRAC6 core dump.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh RACADM coredumpdelete NOTE: To use this command, you must have Clear Logs or Execute Debug Commands permission. Table A-44 describes the coredumpdelete subcommand. Table A-44. coredumpdelete Subcommand Definition coredumpdelete Deletes the core dump stored in iDRAC6. Synopsis racadm coredumpdelete Description The coredumpdelete subcommand can be used to clear any currently resident coredump data stored in iDRAC6.
ifconfig NOTE: To use this command, you must have Execute Diagnostic Commands or Configure iDRAC6 permission. Table A-45 describes the ifconfig subcommand. Table A-45. ifconfig Subcommand Definition ifconfig Displays the contents of the network interface table. Synopsis racadm ifconfig Example $ racadm ifconfig eth0 Link encap:Ethernet HWaddr 00:1D:09:FF:DA:23 inet addr:10.35.155.136 Bcast:10.35.155.255 Mask:255.255.255.
Table A-46. netstat Subcommand Definition netstat Displays the routing table and the current connections. Synopsis racadm netstat Supported Interfaces • Remote RACADM • telnet/ssh RACADM ping NOTE: To use this command, you must have Execute Diagnostic Commands or Configure iDRAC6 permission. Table A-47 describes the ping subcommand. Table A-47. ping Subcommand Definition ping Verifies that the destination IP address is reachable from iDRAC6 with the current routing-table contents.
ping6 NOTE: To use this command, you must have Execute Diagnostic Commands or Configure iDRAC6 permission. Table A-48 describes the ping6 subcommand. Table A-48. ping6 Subcommand Definition ping6 Verifies that the destination IPv6 address is reachable from iDRAC6 with the current routing-table contents. A destination IPv6 address is required. An ICMP echo packet is sent to the destination IPv6 address based on the current routing-table contents.
Description The racdump subcommand provides a single command to get dump, status, and general iDRAC6 board information. The following information is displayed when the racdump subcommand is processed: • General system/RAC information • Coredump • Session information • Process information • Firmware build information Supported Interfaces • Remote RACADM • telnet/ssh RACADM traceroute NOTE: To use this command, you must have Administrator permission.
Description Traces a route using IPv4 to a destination on the network. Supported Interfaces • Remote RACADM • telnet/ssh RACADM traceroute6 NOTE: To use this command, you must have Administrator permission. Table A-51 describes the traceroute6 subcommand. Table A-51. traceroute6 Subcommand Definition traceroute6 Traces the network path of routers that packets take as they are forwarded from your system to a destination IPv6 address.
remoteimage NOTE: To use this command, you must have Administrator permission. Table A-52 describes the remoteimage subcommand. Table A-52. remoteimage Subcommand Definition remoteimage Connects, disconnects, or deploys a media file on a remote server.
sshpkauth Synopsis racadm sshpkauth Upload The upload mode allows you to upload a keyfile or to copy the key text on the command line. You cannot upload and copy a key at the same time. View The view mode allows the user to view a key specified by the user or all keys. Delete The delete mode allows the user to delete a key specified by the user or all keys. Description Enables you to upload and manage up to 4 different SSH public keys per user.
Examples Upload an invalid key to iDRAC6 User 2 in the first key space using a string: $ racadm sshpkauth -i 2 -k 1 -t "This is invalid key Text" ERROR: Invalid SSH key Upload a valid key to iDRAC6 User 2 in the first key space using a file: $ racadm sshpkauth -i 2 -k 1 -f pkkey.key PK SSH Authentication Key file successfully uploaded to the RAC.
RACADM Subcommand Overview
iDRAC6 Enterprise Property Database Group and Object Definitions iDRAC6 property database contains the configuration information for iDRAC6. Data is organized by associated object, and objects are organized by object group. The IDs for the groups and objects that the property database supports are listed in this section. Use the group and object IDs with the RACADM utility to configure iDRAC6. The following sections describe each object and indicate whether the object is readable, writable, or both.
idRacInfo This group contains display parameters to provide information about the specifics of iDRAC6 being queried. One instance of the group is allowed. The following subsections describe the objects in this group. idRacProductInfo (Read Only) Legal Values String of up to 63 ASCII characters. Default Integrated Dell Remote Access Controller. Description A text string that identifies the product. idRacDescriptionInfo (Read Only) Legal Values String of up to 255 ASCII characters.
Default None Description A string containing the current product firmware version. idRacBuildInfo (Read Only) Legal Values String of up to 16 ASCII characters. Default The current RAC firmware build version. For example, 05.12.06. Description A string containing the current product build version. idRacName (Read Only) Legal Values String of up to 15 ASCII characters. Default iDRAC Description A user assigned name to identify this controller.
Description Identifies the remote access controller type as iDRAC6. cfgOobSnmp This group contains parameters to configure the SNMP agent and trap capabilities of iDRAC6. One instance of the group is allowed. The following subsections describe the objects in this group. cfgOobSnmpAgentCommunity (Read/Write) Legal Values String. Maximum length = 31 Default public Description Specifies the SNMP Community Name used for SNMP traps.
cfgLanNetworking This group contains parameters to configure iDRAC6 NIC. One instance of the group is allowed. All objects in this group will require iDRAC6 NIC to be reset, which may cause a brief loss in connectivity. Objects that change iDRAC6 NIC IP address settings will close all active user sessions and require users to reconnect using the updated IP address settings. NOTE: For any network property changes on iDRAC6 to be successfully executed through RACADM, you must first enable iDRAC6 NIC.
Description Specifies that iDRAC6 DNS domain name should be assigned from the network DHCP server. cfgDNSDomainName (Read/Write) Legal Values String of up to 254 ASCII characters. At least one of the characters must be alphabetic. Characters are restricted to alphanumeric, hyphens, and periods. NOTE: Microsoft® Active Directory® only supports Fully Qualified Domain Names (FQDN) of 64 characters or fewer length. Default (blank) Description The DNS domain name.
cfgDNSRegisterRac (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Registers iDRAC6 name on the DNS server. cfgDNSServersFromDHCP (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies that the DNS server IP addresses should be assigned from the DHCP server on the network. cfgDNSServer1 (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 0.0.0.
Description Specifies the IP address for DNS server 1. This property is only valid if cfgDNSServersFromDHCP is set to 0 (FALSE). NOTE: cfgDNSServer1 and cfgDNSServer2 may be set to identical values while swapping addresses. cfgDNSServer2 (Read/Write) Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 0.0.0.0 Description Retrieves the IP address for DNS server 2. This parameter is only valid if cfgDNSServersFromDHCP is set to 0 (FALSE).
cfgNicIpAddress (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid IP address. For example: 192.168.0.20. Default 192.168.0.n where n is 120 plus the server slot number. Description Specifies the static IP address to assign to the RAC. This property is only valid if cfgNicUseDhcp is set to 0 (FALSE).
Default 192.168.0.1 Description The gateway IP address used for static assignment of the RAC IP address. This property is only valid if cfgNicUseDhcp is set to 0 (FALSE). cfgNicUseDhcp (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies whether DHCP is used to assign iDRAC6 IP address. If this property is set to 1 (TRUE), then iDRAC6 IP address, subnet mask, and gateway are assigned from the DHCP server on the network.
cfgNicVLanEnable (Read Only) NOTE: VLAN settings can be configured through CMC Web Interface. iDRAC6 displays only the current VLAN settings and you cannot modify the settings from iDRAC6. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the VLAN capabilities of iDRAC6 from CMC. cfgNicVLanID (Read Only) Legal Values 1-4094 Default 1 Description Specifies the VLAN ID for the network VLAN configuration in CMC.
Description Specifies the VLAN Priority for the network VLAN configuration in CMC. This property is only valid if cfgNicVLanEnable is set to 1 (enabled). cfgIPv6URL This group specifies properties used to configure iDRAC6 IPv6 URL. cfgIPv6URLstring (Read Only) Legal Values A string of up to 80 characters. Default Description iDRAC6 IPv6 URL. cfgIPv6LanNetworking This group is used to configure the IPv6 over LAN networking capabilities.
cfgIPv6Address1 (Read/Write) Legal Values A string representing a valid IPv6 entry. Default :: Description An iDRAC6 IPv6 address. cfgIPv6Gateway (Read/Write) Legal Values A string representing a valid IPv6 entry. Default :: Description iDRAC6 gateway IPv6 address. cfgIPv6PrefixLength (Read/Write) Legal Values 1-128 Default 0 Description The prefix length for iDRAC6 IPv6 address 1.
cfgIPv6AutoConfig (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IPv6 AutoConfig option. cfgIPv6LinkLocalAddress (Read Only) Legal Values A string representing a valid IPv6 entry. Default :: Description iDRAC6 IPv6 link local address. cfgIPv6Address2 (Read Only) Legal Values A string representing a valid IPv6 entry. Default :: Description An iDRAC6 IPv6 address.
cfgIPv6DNSServersFromDHCP6 (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies whether cfgIPv6DNSServer1 and cfgIPv6DNSServer2 are static or DHCP IPv6 addresses. cfgIPv6DNSServer1 (Read/Write) Legal Values A string representing a valid IPv6 entry. Default :: Description An IPv6 DNS server address. cfgIPv6DNSServer2 (Read/Write) Legal Values A string representing a valid IPv6 entry. Default :: Description An IPv6 DNS server address.
cfgIPv6Address3 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Address4 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Address5 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Address6 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Address7 (Read Only) Legal Values String representing a valid IPv6 entry.
Default cfgIPv6Address8 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Address9 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Address10 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Address11 (Read Only) Legal Values String representing a valid IPv6 entry.
cfgIPv6Address12 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Address13 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Address14 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Address15 (Read Only) Legal Values String representing a valid IPv6 entry.
Up to 16 instances of the user group are allowed. Each instance represents the configuration for an individual user. cfgUserAdminIndex (Read Only) Legal Values This parameter is populated based on the existing instances. Default 1 – 16 Description The unique index of a user. cfgUserAdminIpmiLanPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) 15 (No access) Default 4 (User 2) 15 (All others) Description The maximum privilege on the IPMI LAN channel.
Default 0x00000000 Description This property specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values. Table B-1 describes the user privilege bit values that can be combined to create bit masks. Table B-1.
Table B-2. Sample Bit Masks for User Privileges (continued) User Privilege(s) Privilege Bit Mask The user may login to iDRAC6 and change configuration. 0x00000001 + 0x00000002 = 0x00000003 The user may login to RAC, access virtual media, and access console redirection. 0x00000001 + 0x00000040 + 0x00000080 = 0x000000C1 cfgUserAdminUserName (Read/Write) Legal Values String. Maximum length = 16 Default (blank) Description The name of the user for this index.
cfgUserAdminEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables an individual user. cfgUserAdminSolEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Serial Over LAN (SOL) user access. cfgEmailAlert This group contains parameters to configure the RAC e-mail alerting capabilities. The following subsections describe the objects in this group. Up to four instances of this group are allowed.
Default This parameter is populated based on the existing instances. Description The unique index of an alert instance. cfgEmailAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies the destination e-mail address for e-mail alerts. For example, user1@company.com. cfgEmailAlertAddress (Read/Write) Legal Values E-mail address format, with a maximum length of 64 ASCII characters. Default (blank) Description The e-mail address of the alert source.
Default (blank) Description Specifies a custom message that is sent with the alert. cfgSessionManagement This group contains parameters to configure the number of sessions that can connect to iDRAC6. One instance of the group is allowed. The following subsections describe the objects in this group. cfgSsnMgtConsRedirMaxSessions (Read/Write) Legal Values 1–2 Default 2 Description Specifies the maximum number of console redirection sessions allowed on iDRAC6.
Description Defines the Web server time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session; you must log out and log in again to make the new settings effective. An expired Web server session logs out the current session.
Default 1800 Description Defines the Telnet idle time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session (you must log out and log in again to make the new settings effective).
cfgSerialTelnetEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the Telnet console interface on iDRAC6. cfgRemoteHosts This group provides properties that allow configuration of the SMTP server for e-mail alerts. cfgRhostsSmtpServerIpAddr (Read/Write) Legal Values A string representing a valid SMTP server IP address. For example: 192.168.0.56. Default 0.0.0.0 Description The IP address of the network SMTP server.
Default 1 Description Enables or disables iDRAC6 firmware update from a network TFTP server. cfgRhostsFwUpdateIpAddr (Read/Write) Legal Values A string representing a valid IP address. Default 0.0.0.0 Description Specifies the network TFTP server IP address that is used for TFTP iDRAC6 firmware update operations. cfgRhostsFwUpdatePath (Read/Write) Legal Values A string with a maximum length of 255 ASCII characters.
0 (FALSE) Default 0 Description Enables or disables remote syslog. cfgRhostsSyslogPort (Read/Write) Legal Values 0 — 65535 Default 514 Description Remote syslog port number. cfgRhostsSyslogServer1 (Read/Write) Legal Values String from 0 to 511 characters. Default Description Name of remote syslog server. cfgRhostsSyslogServer2 (Read/Write) Legal Values String from 0 to 511 characters.
Default Description Name of remote syslog server. cfgRhostsSyslogServer3 (Read/Write) Legal Values String from 0 to 511 characters. Default Description Name of remote syslog server. cfgUserDomain This group is used to configure the Active Directory user domain names. A maximum of 40 domain names can be configured at any given time. cfgUserDomainIndex (Read Only) Legal Values 1 – 40 Default Description Represents a specific domain.
cfgUserDomainName (Read/Write) Legal Values A string of up to 255 characters. Default (blank) Description Specifies the Active Directory user domain name. cfgServerPower This group provides several power management features. cfgServerPowerStatus (Read Only) Legal Values 1 = TRUE 0 = FALSE Default 0 Description Represents the server power state, either ON or OFF. cfgServerActualPowerConsumption (Read Only) Legal Values String of up to 32 characters.
Description Represents the power consumed by the server at the current time. cfgServerPeakPowerConsumption (Read Only) Legal Values String of up to 32 characters. Default (blank) Description Represents the maximum power consumed by the server until the current time. cfgServerPeakPowerConsumptionTimestamp (Read Only) Legal Values String of up to 32 characters. Default (blank) Description Time when the maximum power consumption was recorded.
Description Resets the cfgServerPeakPowerConsumption property to 0 and the cfgServerPeakPowerConsumptionTimestamp property to the current iDRAC6 time. cfgServerPowerCapWatts (Read Only) Legal Values String of up to 32 characters. Default (blank) Description Represents the server power threshold in Watts. cfgServerPowerCapBtuhr (Read Only) Legal Values String of up to 32 characters. Default (blank) Description Represents the server power threshold in BTU/hr.
Description Represents the server power threshold in percentage. cfgRacTuning This group is used to configure various iDRAC6 configuration properties, such as valid ports and security port restrictions. cfgRacTuneHttpPort (Read/Write) Legal Values 10 – 65535 Default 80 Description Specifies the port number to use for HTTP network communication with the RAC.
0 (FALSE) Default 0 Description Enables or disables the IP Address Range validation feature of iDRAC6. cfgRacTuneIpRangeAddr Legal Values An IP address-formatted string. For example, 192.168.0.44. Default 192.168.1.1 Description Specifies the acceptable IP address bit pattern in positions determined by the 1's in the range mask property (cfgRacTuneIpRangeMask). cfgRacTuneIpRangeMask Legal Values Standard IP mask values with left-justified bits. Default 255.255.255.
0 (FALSE) Default 0 Description Enables or disables the IP address blocking feature of the RAC. cfgRacTuneIpBlkFailCount Legal Values 2 – 16 Default 5 Description The maximum number of login failures to occur within the window (cfgRacTuneIpBlkFailWindow) before login attempts from the IP address are rejected. cfgRacTuneIpBlkFailWindow Legal Values 10 – 65535 Default 60 Description Defines the time span in seconds that the failed attempts are counted.
cfgRacTuneIpBlkPenaltyTime Legal Values 10 – 65535 Default 300 Description Defines the time span in seconds that session requests from an IP address with excessive failures are rejected. cfgRacTuneSshPort (Read/Write) Legal Values 1 – 65535 Default 22 Description Specifies the port number used for iDRAC6 SSH interface. cfgRacTuneConRedirEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables console redirection.
cfgRacTuneTelnetPort (Read/Write) Legal Values 1 – 65535 Default 23 Description Specifies the port number used for iDRAC6 Telnet interface. cfgRacTuneConRedirEncryptEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Encrypts the video in a console redirection session.
Description Specifies the port to be used for keyboard and mouse traffic during console redirection activity with iDRAC6. cfgRacTuneConRedirVideoPort (Read/Write) Legal Values 1 – 65535 Default 5901 Description Specifies the port to be used for video traffic during console redirection activity with iDRAC6. NOTE: This object requires an iDRAC6 reset before it becomes active.
Default 1 Description Enables and disables iDRAC6 Web server. If this property is disabled, iDRAC6 will not be accessible using client Web browsers. This property has no effect on the Telnet/SSH or local RACADM interfaces. cfgRacTuneLocalServerVideo (Read/Write) Legal Values 1 (Enables) 0 (Disables) Default 1 Description Enables (switches ON) or disables (switches OFF) the local server video.
Default 0 Description Specifies the timezone offset (in minutes) from GMT/UTC to use for the RAC Time. Some common timezone offsets for timezones in the United States are shown below: –480 (PST — Pacific Standard Time) –420 (MST — Mountain Standard Time) –360 (CST — Central Standard Time) –300 (EST — Eastern Standard Time). cfgRacTuneLocalConfigDisable (Read/Write) Legal Values 0 (Enables) 1 (Disables) Default 0 Description Disables write access to iDRAC6 configuration data.
ifcRacMnOsHostname (Read Only) Legal Values A string of up to 255 characters. Default (blank) Description The host name of the managed server. ifcRacMnOsOsName (Read Only) Legal Values A string of up to 255 characters. Default (blank) Description The operating system name of the managed server. cfgRacSecurity This group is used to configure settings related to iDRAC6 SSL certificate signing request (CSR) feature. The properties in this group must be configured before generating a CSR from iDRAC6.
Default Description Specifies the CSR Common Name (CN). cfgSecCsrOrganizationName (Read/Write) Legal Values A string of up to 254 characters. Default (blank) Description Specifies the CSR Organization Name (O). cfgSecCsrOrganizationUnit (Read/Write) Legal Values A string of up to 254 characters. Default (blank) Description Specifies the CSR Organization Unit (OU). cfgSecCsrLocalityName (Read/Write) Legal Values A string of up to 254 characters.
Description Specifies the CSR Locality (L). cfgSecCsrStateName (Read/Write) Legal Values A string of up to 254 characters. Default (blank) Description Specifies the CSR State Name (S). cfgSecCsrCountryCode (Read/Write) Legal Values A two-character string. Default (blank) Description Specifies the CSR Country Code (CC). cfgSecCsrEmailAddr (Read/Write) Legal Values A string of up to 254 characters. Default (blank) Description Specifies the CSR Email Address.
cfgSecCsrKeySize (Read/Write) Legal Values 512 1024 2048 Default 1024 Description Specifies the SSL asymmetric key size for the CSR. cfgRacVirtual This group contains parameters to configure iDRAC6 virtual media feature. One instance of the group is allowed. The following subsections describe the objects in this group.
are attached you then can connect to the virtual devices remotely using iDRAC6 Web interface or the CLI. Setting this object to 0 will cause the devices to detach from the USB bus. cfgVirMediaBootOnce (Read/Write) Legal Values 1 (Enabled) 0 (Disabled) Default 0 Description Enables or disables the virtual media boot-once feature of iDRAC6.
0 (FALSE) Default 0 Description When set to 0, the virtual floppy drive is recognized as a removable disk by Windows operating systems. Windows operating systems will assign a drive letter that is C: or higher during enumeration. When set to 1, the Virtual Floppy drive will be seen as a floppy drive by Windows operating systems. Windows operating systems will assign a drive letter of A: or B:.
cfgIpmiLanPrivLimit (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the maximum privilege level allowed for IPMI over LAN access. cfgIpmiLanAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables global e-mail alerting. This property overrides all individual e-mail alerting enable/disable properties.
Description The IPMI encryption key. cfgIpmiPetCommunityName (Read/Write) Legal Values A string of up to 18 characters Default public Description The SNMP community name for traps. cfgIpmiPetIpv6 This group is used to configure IPv6 platform event traps on the managed server. cfgIpmiPetIPv6Index (Read Only) Legal Values 1–4 Default Description Unique identifier for the index corresponding to the trap.
Default Description Configures the IPv6 alert destination IP address for the trap. cfgIpmiPetIPv6AlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IPv6 alert destination for the trap. cfgIpmiPef This group is used to configure the platform event filters available on the managed server. The event filters can be used to control policies related to actions that are triggered when critical events occur on the managed server.
cfgIpmiPefIndex (Read/Write) Legal Values 1–9 Default The index value of a platform event filter object. Description Specifies the index of a specific platform event filter. cfgIpmiPefAction (Read/Write) Legal Values 0 (None) 1 (Power Down) 2 (Reset) 3 (Power Cycle) Default 0 Description Specifies the action that is performed on the managed server when the alert is triggered.
Description Enables or disables a specific platform event filter. cfgIpmiPet This group is used to configure platform event traps on the managed server. cfgIpmiPetIndex (Read Only) Legal Values 1–4 Default The index value of a specific platform event trap. Description Unique identifier for the index corresponding to the trap. cfgIpmiPetAlertDestIpAddr (Read/Write) Legal Values A string representing a valid IPv4 address. For example, 192.168.0.67. Default 0.0.0.
Default 0 Description Enables or disables a specific trap. cfgSmartCard This group specifies properties used to support access to iDRAC6 using a smart card. cfgSmartCardLogonEnable (Read/Write) Legal Values 0 (Disabled) 1 (Enabled) Default 0 Description Enables or disables support for access to iDRAC6 using a smart card. cfgActiveDirectory This group contains parameters to configure iDRAC6 Active Directory feature.
Description Enables or disables Active Directory single sign-on authentication on iDRAC6. cfgADRacDomain (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default (blank) Description Active Directory Domain in which the DRAC resides. cfgADRacName (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default (blank) Description Name of iDRAC6 as recorded in the Active Directory forest.
Default 0 Description Enables or disables Active Directory user authentication on iDRAC6. If this property is disabled, local iDRAC6 authentication is used for user logins instead. cfgADAuthTimeout (Read/Write) NOTE: To modify this property, you must have Configure iDRAC permission. Legal Values 15 – 300 Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out.
cfgADDomainController2 (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN). The maximum number of characters is 254. Default No default value. Description iDRAC6 uses the value you specify to search the LDAP server for user names. cfgADDomainController3 (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN). The maximum number of characters is 254. Default No default value.
cfgADGlobalCatalog2 (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN). The maximum number of characters is 254. Default No default value. Description iDRAC6 uses the value you specify to search the Global Catalog server for user names. cfgADGlobalCatalog3 (Read/Write) Legal Values Valid IP address or a fully qualified domain name (FQDN). The maximum number of characters is 254. Default No default value.
Description Determines the schema type to use with Active Directory. cfgADCertValidationEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default Description Enables or disables Active Directory certificate validation. cfgADDcSRVLookupEnable (Read/Write) Legal Values 1 (TRUE)—use DNS to look up domain controllers 0 (FALSE)—use pre-configured domain controllers Default 0 Definition Configures iDRAC6 to use pre-configured domain controllers or to use DNS to find the domain controller.
cfgADDcSRVLookupbyUserdomain (Read/Write) Legal Values 1 (TRUE)—use user domain as the search domain to look up DCs. The user domain is chosen from the user domain list or entered by the login user. 0 (FALSE)—use the configured search domain cfgADDcSrvLookupDomainName to look up DCs. Default 1 Example If there exists a user "userid" who has an active directory domain "MyDomain", then: If this option is enabled, the user would enter "MyDomain/userid" for the user field when logging in.
cfgADGcSRVLookupEnable (Read/Write) Legal Values 0(FALSE)—use pre-configured Global Catalog Servers (GCS) 1(TRUE)—use DNS to look up GCS Default 0 Definition Determines how the global catalog server is looked up. If using pre-configured global catalog servers, then iDRAC6 uses the values cfgAdGlobalCatalog1, cfgAdGlobalCatalog2, and cfgAdGlobalCatalog3. cfgADGcRootDomain (Read/Write) Legal Values String. Maximum length = 254 Default Null Example If your domain is "ROOTDOMAIN.
cfgLdapEnable (Read/Write) Legal Values 1 (TRUE)—Enable LDAP Services 0 (FALSE)—Disable LDAP Services Default 0 Description Turns LDAP service on or off. cfgLdapServer (Read/Write) Legal Values String. Maximum length = 1024 Default Null Description Configures the address of the LDAP Server. cfgLdapPort (Read/Write) Legal Values 1 - 65535 Default 636 Description Port of LDAP over SSL. Non-SSL port is not supported.
cfgLdapBasedn (Read/Write) Legal Values String. Maximum length = 254 Default Null Description The Domain Name of the branch of the directory where all searches should start from. cfgLdapUserAttribute (Read/Write) Legal Values String. Maximum length = 254 Default Null. uid if not configured. Description Specifies the user attribute to search for. If not configured, the default is to use uid.
Description Specify which LDAP attribute is used to check for group membership. This should be an attribute of the group class. If not specified, then iDRAC6 uses the member and unique member attributes.
cfgLdapBindpassword (Write only) Legal Values String. Maximum length = 254 Default Null Description A bind password to use in conjunction with the bind DN. The bind password is sensitive data, and should be properly protected. This is optional but is required if anonymous bind is not supported. cfgLdapSearchFilter (Read/Write) Legal Values String. Maximum length = 254 Default (objectclass=*) Searches for all objects in tree. Description A valid LDAP search filter.
Default 1—Enabled Description Controls certificate validation during SSL handshake. cfgLdapRoleGroup This group allows the user to configure role groups for LDAP. This group is indexed from 1 to 5. cfgLdapRoleGroupIndex (Read Only) Legal Values An integer between 1 and 5 Default Description This is the index value of the Role Group Object. cfgLdapRoleGroupDN (Read/Write) Legal Values String.
cfgLdapRoleGroupPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff Default 0x000 Description A bit–mask defining the privileges associated with this particular group. cfgStandardSchema This group contains parameters to configure the Active Directory standard schema settings. cfgSSADRoleGroupIndex (Read Only) Legal Values 1–5 Description Index of the Role Group as recorded in the Active Directory. cfgSSADRoleGroupName (Read/Write) Legal Values Any printable text string with no white space.
cfgSSADRoleGroupDomain (Read/Write) Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default Description Active Directory Domain in which the Role Group resides. cfgSSADRoleGroupPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff Default Description Use the bit mask numbers in Table B-3 to set role-based authority privileges for a Role Group. Table B-3.
Table B-3. Bit Masks for Role Group Privileges Role Group Privilege Bit Mask Test Alerts 0x00000080 Execute Debug Commands 0x00000100 cfgIpmiSol This group is used to configure the Serial Over LAN (SOL) capabilities of the system. cfgIpmiSolEnable (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables SOL. cfgIpmiSolBaudRate (Read/Write) Legal Values 9600, 19200, 57600, 115200 Default 115200 Description The baud rate for serial communication over LAN.
cfgIpmiSolMinPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the minimum privilege level required for SOL access. cfgIpmiSolAccumulateInterval (Read/Write) Legal Values 1 – 255 Default 10 Description Specifies the typical amount of time that iDRAC6 waits before transmitting a partial SOL character data packet. This value is 1-based 5ms increments.
Description The SOL threshold limit value. Specifies the maximum number of bytes to buffer before sending an SOL data packet.
Index A C Active Directory adding DRAC 5 users, 138 configuring access to the DRAC 5, 131 logging in to the DRAC 5, 156 managing certificates, 110 objects, 128 schema extensions, 127 using with extended schema, 127 using with standard schema, 144 using with the DRAC 5, 125 Certificate Signing Request. See CSR ActiveX console redirection plug-in, 218 alert management.
configuring multiple iDRACs with RACADM, 277 configuring Smart Card Login, 169 console redirection configuring, 214 opening a session, 216 using, 191, 211 CSR about, 105 generating, 107 D F Firefox tab behavior, 85 firewall, opening ports, 32 firmware recovering with CMC, 58, 120 updating, 53 updating with the web interface, 120 frequently asked questions using console redirection, 225 using the DRAC 5 with Active Directory, 163 using Virtual Media, 245 diagnostics console, 344 digital signature, verify,
displaying OSCAR, 316 iDRAC service ports, 32 iDRAC6 configuring standard schema Active Directory, 159 resetting to factory defaults, 325 SSH, 76 iDRAC6 configuration utility, 38 configuring IPMI, 317 configuring network properties, 317 configuring virtual media, 321 starting, 316 iDRAC6 firmware rollback, 122 iDRAC6 web interface, 38, 58 ifconfig command, diagnostics console, 345 iKVM disabling during console redirection, 223 viewing status of the local console, 226 instrumentation server, 79 Internet Expl
L navigating last crash screen capturing on the managed server, 80 viewing, 332 Media Redirection wizard, 242-243 Lifecycle Controller User Guide, 322 Mozilla Firefox disabling whitelist, 72 supported versions, 72 local RACADM, 39 mouse pointer synchronizing, 223 localization, browser setup, 70 logs iDRAC, 342 post codes, 332 server, 79 N lost administrative password, 325 network properties configuring manually, 260 configuring with CMC Web interface, 45 configuring with iDRAC6 configuration util
cfgEmailAlert, 424 cfgIpmiLan, 449 cfgIpmiPef, 451-452 cfgIpmiPet, 454 cfgIpmiSerial, 455 cfgIpmiSol, 470 cfgLanNetworking, 407 cfgRacSecurity, 444 cfgRacTuning, 436 cfgRacVirtual, 447 cfgSerial, 428 cfgSessionManagement, 426 cfgUserAdmin, 420 idRacInfo, 404 ifcRacManagedNodesOs, 443 displaying, 316 P password changing, 102 lost, 325 PEF configuring with RACADM, 263 configuring with the web interface, 93 PET configuring with RACADM, 264 configuring with the web interface, 92, 94, 264 filterable platform e
configuring SSH service, 270 configuring telnet service, 270 installing and removing, 73 subcommands, 353 supported interfaces, 252 using, 249 RACADM subcommands arp, 391 clrraclog, 250, 373 clrsel, 250, 375 config, 80, 250, 354 coredump, 392 coredumpdelete, 393 fwupdate, 387 getconfig, 226, 250, 273, 356 getniccfg, 250, 367 getraclog, 250, 372 getractime, 250, 364 getsel, 374 getssninfo, 250, 358 getsvctag, 250, 368 getsysinfo, 250, 360 gettracelog, 251, 376 help, 353 ifconfig, 394 netstat, 394 ping, 395-3
managing with the iDRAC6 configuration utility, 325 managing with the web interface, 331 server instrumentation, 79 logs, 79 server certificate uploading, 108 viewing, 109 server features, integrated instrumentation, 79 logs, 79 Server Management Command Line Protocol. See SM-CLP server storage management, 79 services configuring with the web interface, 118 signature, verify, 55-58 Simple Network Management Protocol.
configuring iDRAC service with the web interface, 118 configuring iDRAC6 service with RACADM, 270 TFTP server, installing, 77 traceroute, 345 traceroute6, 345 Trivial File Transfer Protocol, see TFTP troubleshooting indications, 328 trusted domains list, adding iDRAC, 69 Two-factor-authentication TFA, 169 U Unified Server Configurator, 322 System Services, 322 Update Packages verifying the digital signature, 55-58 USB flash drive emulation type, 321 user configuration, 101 users adding and configuring with
proxy server configuration, 69 supported, 31 web interface accessing, 84 browser configuration, 66 configuring ASR service, 118 configuring e-mail alerts, 94 configuring iDRAC services, 118 configuring IP blocking, 89 configuring IP filtering, 89 configuring IPMI LAN properties, 86, 96 configuring network properties, 86 configuring PEF, 93 configuring PET, 92, 94, 264 configuring SOL, 96 configuring telnet service, 118 configuring the SSH service, 118 configuring the web server service, 118 logging in, 84 l
Index
