Integrated Dell Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers Version 3.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ________________________________________ Information in this publication is subject to change without notice. © 2011 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 iDRAC6 Enterprise Overview . What’s New in This Release. . . . . . . . . . 19 . . . . . . . . . . . . . . 20 IPv6 Ready Logo Certification . iDRAC6 Security Features . . . . . . . . . . . . . . 20 . . . . . . . . . . . . . . . 21 . . . . . . . . . 22 . . . . . . . . . . . . . . . . . . 24 iDRAC6 Enterprise and vFlash Media . Supported Platforms . . . . . . . . . . . . . . 24 . . . . . . . . . . . . . . . 25 Supported Operating Systems . Supported Web Browsers .
Configure Directory Services . . . . . . . . . . . . Configure IP Filtering and IP Blocking Configure Platform Events 37 . . . . . . . . . . . . . 37 Enabling or Disabling Local Configuration Access . . . . . . . . . . . . . . . . 37 Configure iDRAC6 Services . . . . . . . . . . . . . 38 Configure Secure Sockets Layer (SSL) . Configure Virtual Media. . . . . . . 38 . . . . . . . . . . . . . . 38 Configure a vFlash Media Card . . . . . . . . . . . Install the Managed Server Software . . .
Verifying the Digital Signature for Linux DUPs . . . . . . . . . . . . Using iDRAC6 Web Interface . . . . . . . . . . 53 . . . . . . . . . . . 57 Updating iDRAC6 Firmware Using RACADM . . . . . . . . . . . . . . . . . . . . . . 58 . . . . . . . . . . . 58 . . . . . . . . . . . . . 59 Using the DOS Update Utility . Using WSMAN Interface . Updating the USC Repair Package . . . . . . . . . . . Configuring iDRAC6 For Use With IT Assistant .
Installing iDRAC6 Software on the Management Station . . . . . . . . . . . . . . . . . . . Installing and Uninstalling RACADM on a Management Station . . . . . . . . . Installing and Uninstalling RACADM on Linux . . . . . . . . . . 73 . . . . . . . . . . . . . 73 . . . . . 74 . . . . . . . . . . . . . 75 . . . . . . . . . . . . . . . . . 75 Installing a Java Runtime Environment (JRE) . Installing Telnet or SSH Clients Telnet with iDRAC6 Configuring the Backspace Key For Telnet Sessions . . . .
Using Multiple Browser Tabs and Windows . . . . . . . . . Configuring iDRAC6 NIC . . . . . . . . . . . . 87 . . . . . . . . . . . . . . . . 88 Configuring the Network, IPMI, and VLAN Settings . . . . . . . . . . . . . . . . . . . . . . . 92 . . . . . . . . . . . . . . 94 Configuring IP Filtering and IP Blocking Configuring Platform Events . 88 Configuring Platform Event Filters (PEF) . . . . . . 95 Configuring Platform Event Traps (PET) . . . . . . 95 . . . . . . . . . . . . . 96 . . . .
Disabling Local Configuration Access . . . . . . 120 . . . . . . . . . . . . . 120 . . . . . . . . . . . . . . 123 Configuring iDRAC6 Services Updating iDRAC6 Firmware . . . . . 124 . . . . . . . . . . . . 125 Updating iDRAC6 Firmware Using CMC iDRAC6 Firmware Rollback 6 Using iDRAC6 Directory Service . . . . . . Using iDRAC6 With Microsoft Active Directory . Prerequisites for Enabling Active Directory Authentication for iDRAC6 . . . 127 . . . . . . . . .
Configuring Active Directory With Extended Schema Using RACADM . . . . . . 152 . . . . . . . . . . 153 Standard Schema Active Directory Overview Single Domain Versus Multiple Domain Scenarios . . . . . . . Configuring Standard Schema Active Directory to Access iDRAC6 . . . . . . . . . . . . . . . 154 Configuring Active Directory With Standard Schema Using iDRAC6 Web Interface . . . . . . . . . . . . . . . . . . . 154 Configuring Active Directory With Standard Schema Using RACADM .
Using Active Directory SSO . . . . . . . . . . . . . . . . . . . . . . . 175 Logging Into iDRAC6 Using SSO . . . . . . . . . 177 Configuring Smart Card Authentication . . . . . . . . 178 Configuring Smart Card Login in iDRAC6 . . . . . . . 178 . . . . . . . . . 180 Logging Into iDRAC6 Using Active Directory Smart Card Authentication Frequently Asked Questions About SSO. Troubleshooting the Smart Card Logon in iDRAC6 . . . . . . . . . 8 . . . . . . . 180 . . . . . . . . . . .
Misc Health . . . . . . . . . . . . . . . . . . . . . 193 System Inventory . . . . . . . . . . . . . . . . . . . . . 193 Troubleshooting . 9 Configuring and Using Serial Over LAN . . . . . . . . . . . . . . . . . . Enabling Serial Over LAN in the BIOS. Using Serial Over LAN (SOL) 198 . . . . . . . . . . . . . . 200 . . . . . . . . . . 200 . . . . . . . . . . . . . . 201 Model for Redirecting SOL Over IPMItool . . . . . 201 . . . . . . 202 . . . . . . . . . . . . . . .
Clear Your Browser’s Cache . . . . . . . . . . . Supported Screen Resolutions and Refresh Rates . . . . . . . . . . . . . . . . Configuring the Management Station . . . . . . Configuring Virtual Console and Virtual Media in iDRAC6 Web Interface . . . . 222 224 . . . . . . . . . . . . . 226 . . . . . . . . . . . . . . . . 226 Synchronizing the Mouse Pointers . . . . . . . . 230 Disabling or Enabling Local Console . . . . . . . 231 . . . . . . . . 232 . . . . . . . . . . . . . . . . . . .
Resetting the vFlash or Standard SD Card . . . . . 245 . . . . . . . . . . . 245 . . . . . . . . . . . . 245 Managing vFlash Partitions Using iDRAC6 Web Interface . . . . . . . Creating an Empty Partition Creating a Partition Using an Image File . Formatting a Partition . . . . . . 247 . . . . . . . . . . . . . . . 249 Viewing Available Partitions Modifying a Partition . . . . . . . . . . . . 251 . . . . . . . . . . . . . . . . 252 . . . . . . . . 252 . . . . . . . . . . . .
Disconnecting Virtual Media . . . . . . . . . . . 267 Booting From Virtual Media . . . . . . . . . . . . 267 Installing Operating Systems Using Virtual Media . . . . . . . . . . . . . . . 268 Using Virtual Media When the Server’s Operating System Is Running . . . . . . Frequently Asked Questions . . . . . . 269 . . . . . . . . . . . . . 269 13 Using the RACADM Command Line Interface . . . . . . . . . . . . . RACADM Subcommands . . . . . . . . 275 . . . . . . . . . . . . . . .
Remote and SSH/Telnet RACADM . . . . . . . . . . . . 295 Remote RACADM Usage . . . . . . . . . . . . . . 296 Remote RACADM Options . . . . . . . . . . . . . 296 Using an iDRAC6 Configuration File . . . . . . . 297 . . . . . . . . . . . . . 298 Creating an iDRAC6 Configuration File . Configuration File Syntax . Modifying iDRAC6 IP Address in a Configuration File . . . . . . . . . . 14 Power Monitoring and Power Management . . . . . . 300 . . . . . . . . . . . . . 302 . . . . . . . . . .
iDRAC6 SM-CLP Support . . . . . . . . . . . . . . . . SM-CLP Features . 318 . . . . . . . . . . . . . . . . . . . 319 Navigating the MAP Address Space Targets . . . . . . . . . 322 . . . . . . . . . . . . . . . . . . . . . . 322 Using the Show Verb . . . . . . . . . . . . . . . . . . Using the -level Option 322 . . . . . . . . . . . . . . 323 . . . . . . . . . . . . . 323 . . . . . . . . . . . . . . 323 Using the -output Option iDRAC6 SM-CLP Examples . . . . . . . . . . . . 324 . . .
Preparing for Deployment . Deploying the Operating System . . . . . . . . . 336 . . . . . . . . . . . . 337 Using the Virtual Media Command Line Interface Utility . . . . . . . . . . . . . . . . . . . . . 339 . . . . . . . . . . . . 340 . . . . . . . . . . . . . . 340 . . . . . . . . . . . . . . . . 341 Installing the iVMCLI Utility . Command Line Options . iVMCLI Parameters . iVMCLI Operating System Shell Options 18 Using iDRAC6 Configuration Utility . . . . . . . . . . . . . . . . . .
Trouble Indicators . . . . . . . . . . . . . . . . . . . LED Indicators . . . . . . . . . . . . . . . . . . Hardware Trouble Indicators . . . . . . . . . . . 363 363 . . . . . . . . . . . . . . . . 364 Checking the System Health . . . . . . . . . . . Checking the Post Codes . 365 . . . . . . . . . . . . 367 Viewing the Last System Crash Screen. Viewing the Most Recent Boot Sequences . . . . . . . . . . . . . . . . 367 . . . . . . . . . 368 Viewing and Adding Work Notes . . . . . . . . .
iDRAC6 Enterprise Overview 1 The Integrated Dell Remote Access Controller (iDRAC6) Enterprise is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for the Dell PowerEdge systems. iDRAC6 uses an integrated system-on-chip microprocessor for the remote monitor/control system, and co-exists on the system board with the managed Dell PowerEdge server.
NOTE: It is recommended that you isolate or separate the chassis management network, used by iDRAC6 and CMC, from your production network(s). Mixing management and production or application network traffic may cause congestion or network saturation resulting in CMC and iDRAC6 communication delays. The delays may cause unpredictable chassis behavior such as CMC displaying that iDRAC6 is offline even though it is operating properly. This may also cause other unpredictable behavior.
iDRAC6 Security Features The following features are available in iDRAC security: • User authentication through Microsoft Active Directory, generic LDAP Directory Service, or locally administered user IDs and passwords • Two-factor authentication provided by the Smart–Card logon feature.
iDRAC6 Enterprise and vFlash Media iDRAC6 Enterprise provides SD card slots for vFlash Media. For more information about iDRAC6 Enterprise and vFlash Media, see the Hardware Owner’s Manual at support.dell.com/manuals. Table 1-1 lists the features available for iDRAC6 Enterprise and vFlash Media. Table 1-1. iDRAC6 Feature List Feature iDRAC6 Enterprise Interface and Standards Support IPMI 2.
Table 1-1.
Table 1-1. iDRAC6 Feature List (continued) Feature iDRAC6 Enterprise iDRAC6 Enterprise with vFlash Media Real-time Power Graphing Historical Power Counters System Inventory Logging System Event Log (SEL) RAC Log Trace Log Remote Syslog Work Notes = Supported; =Not Supported Supported Platforms For the latest supported platforms, see iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.dell.com/manuals.
Supported Web Browsers For the latest information, see the readme file and the Dell Systems Software Support Matrix available at support.dell.com/manuals. On the Manuals page, click Software Systems Management. Click on the appropriate product link on the right-side to access the documents. NOTE: Support for SSL 2.0 has been discontinued because of security flaws. Ensure that your browser is configured to enable SSL 3.0. Supported Remote Access Connections Table 1-2 lists the connection features.
Table 1-3. iDRAC6 Server Listening Ports Port Number Function 22* Secure Shell (SSH) 23* Telnet 80* HTTP 443* HTTPS 623 RMCP/RMCP+ 3668, 3669 Virtual Media Service 3670, 3671 Virtual Media Secure Service 5900* Virtual Console keyboard/mouse 5901* Virtual Console video 5988 Used for WSMAN * Configurable port Table 1-4.
Other Documents You May Need In addition to this guide, the following documents provide additional information about the setup and operation of iDRAC6 in your system. You can access these guides available on the Dell Support website at support.dell.com/manuals. On the Manuals page, click Software Systems Management. Click on the appropriate product link on the right-side to access the documents. • iDRAC6 online help provides information about using the Web interface.
• The iDRAC6 CIM Element Mapping and iDRAC6 SM-CLP Property Database documents available on the Dell Enterprise Technology Center at delltechcenter.com provide information on iDRAC6 SM–CLP Property Database, mappings between WS–MAN classes and SM–CLP targets and Dell implementation details.
• Updates are sometimes included with the system to describe changes to the system, software, and/or documentation. NOTE: Always read the updates first because they often supersede information in other documents. • Release notes or readme files are included to provide last-minute updates to the system or documentation or advanced technical reference material intended for experienced users or technicians.
iDRAC6 Enterprise Overview
Configuring iDRAC6 Enterprise 2 This section provides information about how to establish access to iDRAC6 and to configure your management environment to use iDRAC6.
For greater security, access to iDRAC6 configuration through iDRAC6 Configuration Utility or disable the local RACADM CLI using a RACADM command (see RACADM Command Line Reference Guide for iDRAC and CMC available on support.dell.com/manuals) or from the GUI (see "Enabling or Disabling Local Configuration Access" on page 119.) NOTE: Using more than one configuration interface at the same time may generate unexpected results. Table 2-1.
Table 2-1. Configuration Interfaces (continued) Interface Description Chassis LCD Panel Use the LCD panel on the chassis containing iDRAC6 to view the high-level status of the servers in the chassis. During initial configuration of CMC, the configuration wizard allows you to enable DHCP configuration of iDRAC6 networking. Local and Remote RACADM The local RACADM command line interface runs on the managed server. Remote RACADM is a client utility which runs on a management station.
Table 2-1. Configuration Interfaces (continued) Interface Description SM-CLP SM-CLP is the Server Management Workgroup Server Management-Command Line Protocol (SM-CLP) implementation incorporated in iDRAC6. The SM-CLP command line is accessed by logging in to iDRAC6 using Telnet or SSH and typing smclp at the CLI prompt. SM-CLP commands implement a useful subset of the local RACADM commands. The commands are useful for scripting since you can execute these commands from a management station command line.
Configuration Tasks This section is an overview of the configuration tasks for the management station, iDRAC6, and the managed server. Performable tasks include configuring iDRAC6 for remote accessibility, configuring iDRAC6 features you want to use, installing the operating system on the managed server, and installing management software on your management station and the managed server. The configuration tasks required to perform each task are listed beneath that task.
• Chassis LCD Panel — See the Dell Chassis Management Controller Firmware User Guide. • iDRAC6 Configuration Utility — See "Using iDRAC6 Configuration Utility" on page 347. • CMC Web interface — See "Configuring Network Settings Using CMC Web Interface" on page 39. • Remote and local RACADM — See cfgLanNetworking in the RACADM Command Line Reference Guide for iDRAC and CMC available on support.dell.com/manuals. Configure iDRAC6 Users Set up the local iDRAC6 users and permissions.
Configure IP Filtering and IP Blocking In addition to user authentication, you can prevent unauthorized access by rejecting connection attempts from IP addresses outside of a defined range and by temporarily blocking connections from IP addresses where authentication has failed multiple times within a configurable timespan. • iDRAC6 Web interface — See "Configuring IP Filtering and IP Blocking" on page 92.
For RACADM commands, see cfgRacTuning in the RACADM Command Line Reference Guide for iDRAC and CMC available at support.dell.com/manuals. Configure iDRAC6 Services Enable or disable iDRAC6 network services — such as Telnet, SSH, and the Web server interface — and reconfigure ports and other service parameters.
Install the Managed Server Software Install the operating system on the Dell PowerEdge server using virtual media and then install the Dell OpenManage software on the managed Dell PowerEdge server and set up the last crash screen feature.
To launch iDRAC6 Web interface for a single server from CMC: 1 Log in to CMC Web interface. 2 Expand Server Overview in the system tree. All of the servers appear in the expanded Servers list. 3 Click the server you want to view. The Server Status screen for the server you selected displays. 4 Click Launch iDRAC6 GUI. Single Sign-On Using the single sign-on feature, you can launch iDRAC6 Web interface from CMC without having to log in a second time. Single sign-on policies are described below.
Configuring Networking for iDRAC6 1 Click System iDRAC SettingsNetwork/Security tab. 2 To enable or disable Serial Over LAN: a Click Serial Over LAN. The Serial Over LAN screen is displayed. b Select the Enable Serial Over LAN check box. You may also change the Baud Rate and Channel Privilege Level Limit settings. c Click Apply. 3 To enable or disable IPMI Over LAN: a Click Network. The Network screen is displayed. b Click IPMI Settings. c Select the Enable IPMI Over LAN check box.
Viewing FlexAddress Mezzanine Card Fabric Connections The M1000e includes FlexAddress, an advanced multilevel, multistandard networking system. FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/MAC) for each managed server port connection. NOTE: To avoid errors that may lead to an inability to power on the managed server, you must have the correct type of mezzanine card installed for each port and fabric connection.
When the remotely-assigned MAC addresses are active, the CMC Web interface page displays the MAC address as remotely managed for a particular slot in the chassis. The remotely-assigned addresses are displayed only on the iDRAC Out-OfBand (OOB) GUI and not through other interfaces such as RACADM and IPMI tools.
Enabling FlexAddress through RACADM You cannot enable FlexAddress from iDRAC6. Enable FlexAddress at the slot and fabric levels from CMC. 1 From CMC console, enable FlexAddress for the managed server on the slot with the following RACADM command: racadm setflexaddr -i 1, where is the slot number on which to enable FlexAddress.
To enable Remote Syslog through the remote Web interface: 1 Open a supported Web browser window. 2 Log in to iDRAC6 Web interface. 3 In the system tree, select SystemSetup tabRemote Syslog Settings. The Remote Syslog Settings screen is displayed. Table 2-2 lists the Remote Syslog settings. Table 2-2. Remote Syslog Settings Attribute Description Remote Syslog Enabled Select this option to enable the transmission and remote capture of the syslog on the specified server.
racadm config –g cfgRemoteHosts –o cfgRhostsSyslogServer3 ; default is blank racadm config –g cfgRemoteHosts –o cfgRhostsSyslogPort ; default is 514 First Boot Device This feature allows you to select the first boot device for your system and enable boot once. The system boots from the selected device on the next and subsequent reboots and remains as the first boot device in the BIOS boot order, until it is changed again either from the iDRAC6 GUI or from the BIOS Boot sequence.
Remote File Share iDRAC6 Remote File Share (RFS) feature allows you to specify a CD/DVD ISO image file located on a network share and make it available to the managed server’s operating system as a virtual drive by mounting it as a CD or DVD using NFS or CIFS. NOTE: This feature works only with IPv4 addresses. IPv6 addresses are currently not supported. NOTE: For Linux distributions, this feature may require a manual mount command when operating at runlevel init 3.
The RFS feature utilizes the underlying virtual media implementation in iDRAC6. You must have Virtual Media privileges to perform an RFS mounting. If a virtual drive is already used by Virtual Media, then the drive will not be available to mount as RFS and vice versa. For RFS to work, Virtual Media in iDRAC6 must be in the Attach or Auto–Attach modes. The connection status for RFS is available in iDRAC6 log. Once connected, an RFS mounted virtual drive does not disconnect even if you log out from iDRAC6.
For remote file share, the remote RACADM command is racadm remoteimage.
Internal Dual SD Module Internal Dual SD Module (IDSDM) is available only on applicable platforms. IDSDM provides redundancy on the hypervisor SD card by using another SD card that mirrors the first SD card’s content. The iDRAC6 vFlash SD card, with the second SD card, can be set to IDSDM by setting the Redundancy option to Mirror mode in the Integrated Devices screen of the system BIOS setup.
Viewing Internal Dual SD Module Status Using GUI 1 Log in to iDRAC Web GUI. 2 In the System tree, click Removable Flash Media. The Removable vFlash Media page is displayed. This page displays the following two sections: • • Internal Dual SD Module — Displayed only if IDSDM is in redundant mode. The Redundancy Status is displayed as Full. If this section is not present, then the card is in the non-redundant mode state.
Updating iDRAC6 Firmware Updating iDRAC6 firmware installs a new firmware image in the flash memory. You can update the firmware using any of the following methods: • iDRAC6 Web interface • RACADM CLI • Dell Update Package (for Linux or Microsoft Windows) • DOS iDRAC6 firmware update utility • CMC Web interface • WSMAN interface Downloading the Firmware or Update Package Download the firmware from support.dell.com.
When using iDRAC6 Web interface or CMC Web interface, place the firmware binary image on a disk that is accessible to the management station from which you are running the Web interface. See "Updating iDRAC6 Firmware" on page 123. NOTE: iDRAC6 Web interface also allows you to reset iDRAC6 configuration to the factory defaults. NOTE: If the configuration is not preserved during firmware update, iDRAC6 generates new SHA1 and MD5 keys for the SSL certificate.
3 To prevent a distrusted-key warning, change the trust level for the Dell Public GPG key. a Enter the following command: gpg --edit-key 23B66A9D b Within the GPG key editor, enter fpr. The following message is displayed: pub 1024D/23B66A9D 2001-04-16 Dell, Inc. (Product Group) Primary key fingerprint: 4172 E2CE 955A 1776 A5E6 1BB7 CA77 951D 23B6 6A9D If the fingerprint of your imported key is the same as above, you have a correct copy of the key.
4 Obtain the package you need (for example, the Linux DUP or self-extracting archive) and its associated signature file from the Dell Support website at support.dell.com/support/downloads. NOTE: Each Linux Update Package has a separate signature file, which is shown on the same Web page as the Update Package. You need both the Update Package and its associated signature file for verification. By default, the signature file has the same name as the DUP filename with a .sign extension.
3 Set the GPG trust level for the Dell public key, if you have not done so previously. a Enter the following command: gpg --edit-key 23B66A9D b At the command prompt, enter the following commands: fpr trust c Enter 5, then press to choose I trust ultimately from the menu. d Enter y to confirm your choice. e Enter quit to exit the GPG key editor. This completes validation of the Dell public key.
Using iDRAC6 Web Interface NOTE: If iDRAC6 firmware update progress is interrupted before it completes, iDRAC6 firmware may be corrupted. In such cases, you can recover iDRAC6 using CMC Web interface. NOTE: The firmware update, by default, retains the current iDRAC6 settings. During the update process, you have the option to reset iDRAC6 configuration to the factory defaults. If you set the configuration to the factory defaults, external network access will be disabled when the update completes.
6 By default, the Preserve Configuration option is enabled (checked) to preserve the current settings on iDRAC6 after an upgrade. If you do not want the settings to be preserved, clear the Preserve Configuration check box. 7 Click Begin Update to start the upgrade process. Do not interrupt the upgrade process. 8 In the Upload (Step 3 of 3) window, you will see the status of the update. The progress of the firmware upgrade operation, measured in percentage, is displayed in the Progress column.
The options are as follows: • -f — Forces the update. The -f option can be used to downgrade the firmware to an earlier image. • -i= — Specifies the file name of the firmware image. This option is required if the firmware file name has been changed from the default name firmimg.imc. • -l= — Logs output from the update activity. This option is used for debugging.
Using iDRAC6 Configuration Utility to Enable Discovery and Monitoring To set up iDRAC6 for IPMI discovery and sending alert traps at iDRAC6 Configuration Utility level, restart your managed server (blade) and observe its power-up using the Virtual Console and either a remote monitor and console keyboard or a Serial over LAN (SOL) connection. When Press for Remote Access Setup displays, press . When iDRAC6 Configuration Utility screen is displayed, use the arrow keys to scroll down.
Using iDRAC6 Web Interface to Enable Discovery and Monitoring IPMI Discovery can also be enabled through the remote Web interface: 1 Open a supported Web browser window. 2 Log in to iDRAC6 Web interface using a login and password with Administrator rights. 3 In the system tree, select SystemiDRAC SettingsNetwork/Security tab. The Network screen is displayed. 4 In the IPMI Settings section, ensure the Enable IPMI Over LAN check box is selected (checked).
16 In the Destination Email Addresses section, in the first available Email Alert field, type the email address that must receive the alert messages, and then click Apply. 17 You can click Send to send a test email alert message. It is highly recommended that for security purposes you create a separate User for IPMI commands with its own user name, IPMI over LAN privileges, and password: 1 In the system tree, select SystemiDRAC Settings. 2 Click the Network/Security tab, and then click Users.
Using IT Assistant to View iDRAC6 Status and Events After discovery is complete, iDRAC6 devices appear in the Servers category of the ITA Devices detail screen, and iDRAC6 information can be seen by clicking the iDRAC6 name. This is different from DRAC 5 systems, where the management card shows up in the RAC group. iDRAC6 error and warning traps can now be seen in the primary Alert Log of IT Assistant. They display in the Unknown category, but the trap description and severity will be accurate.
Configuring iDRAC6 Enterprise
Configuring the Management Station 3 A management station is a computer used to monitor and manage the Dell PowerEdge servers and other modules in the chassis. This section describes software installation and configuration tasks that set up a management station to work with iDRAC6 Enterprise. Before you begin configuring iDRAC6, follow the procedures in this section to ensure that you have installed and configured the tools you will need.
Using iDRAC6 Virtual Console feature (see "Configuring and Using Serial Over LAN" on page 197), you can access the managed server’s console even if you do not have network access to the server’s ports. You can also perform several management functions on the managed server, such as rebooting the computer and using iDRAC6 facilities. To access network and application services hosted on the managed server, however, you may need an additional NIC in the managed server.
5 Select Medium-Low from the drop-down menu and click Reset. Click OK to confirm. You will need to re-enter the Custom Level dialog by clicking its button.
In the Scripting section: • Active scripting: Enable • Allow paste operations via script: Enable • Scripting of Java applets: Enable 7 Select ToolsInternet OptionsAdvanced.
• Check for signatures on downloaded programs: checked • Use SSL 2.0: unchecked • Use SSL 3.0: checked • Use TLS 1.0: checked • Warn about invalid site certificates: checked • Warn if changing between secure and not secure mode: checked • Warn if forms submittal is being redirected: checked NOTE: If you choose to alter any of the above settings, It is recommended that you learn and understand the consequences of doing so.
To add iDRAC6 IP address to the list of trusted domains in IE8, do the following: 1 Select Tools Internet Options SecurityTrusted sitesSites. 2 Enter iDRAC6 IP address to the Add this website to the zone. 3 Click Add. 4 Click OK. 5 Click Close. 6 Click OK and then refresh your browser. When you launch Virtual Console for the first time through IE8 with Active-X plug-in, a "Certificate Error: Navigation Blocked" message may be displayed. 1 Click Continue to this website.
certain functions/letters. For more details on how to use localized keyboards in these situations, see "Using the Video Viewer" on page 226. Use of other keyboards is not supported and may cause unexpected problems. NOTE: See the browser documentation on how to configure or setup different languages and view localized versions of iDRAC6 Web interface. Setting the Locale in Linux The Virtual Console viewer requires a UTF-8 character set to display correctly.
5 In the file, apply the following changes: Current entry: LANG="zh_CN.GB18030" SUPPORTED="zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" Updated entry: LANG="zh_CN.UTF-8" SUPPORTED="zh_CN.UTF8:zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" 6 Log out and then log in to the operating system. When you switch from any other language, ensure that this fix is still valid. If not, repeat this procedure.
Installing iDRAC6 Software on the Management Station Your system includes the Dell Systems Management Tools and Documentation DVD.
Installing a Java Runtime Environment (JRE) NOTE: If you use Internet Explorer, an ActiveX control is provided for the Virtual Console viewer. You can also use the Java Virtual Console viewer with Firefox if you install a JRE and configure the Virtual Console viewer in iDRAC6 Web interface before you launch the viewer. See "Configuring Virtual Console and Virtual Media in iDRAC6 Web Interface" on page 222 for more information. You can choose to use the Java viewer instead before you launch the viewer.
Installing Telnet or SSH Clients By default, iDRAC6 Telnet service is disabled and the SSH service is enabled. Since Telnet is an insecure protocol, you should use it only if you cannot install an SSH client or your network connection is otherwise secured. NOTE: iDRAC6 supports up to 4 Telnet sessions and 4 SSH sessions simultaneously. Telnet with iDRAC6 Telnet client is included in Windows and Linux operating systems, and can be run from a command shell.
To configure a Linux Telnet session to use the key, perform the following steps: 1 Open a shell and enter: stty erase ^h 2 At the prompt, enter: telnet SSH With iDRAC6 Secure Shell (SSH) is a command line connection with the same capabilities as a Telnet session, but with session negotiation and encryption to improve security. iDRAC6 supports SSH version 2 with password authentication. SSH is enabled by default on iDRAC6.
iDRAC6 SSH implementation supports multiple cryptography schemes, as shown in Table 3-1. NOTE: SSHv1 is not supported. Table 3-1.
Installing a TFTP Server Trivial File Transfer Protocol (TFTP) is a simplified form of the File Transfer Protocol (FTP). It is used with the SM-CLP and RACADM command line interfaces to transfer files to and from iDRAC6. NOTE: If you use only iDRAC6 Web interface to transfer SSL certificates and upload new iDRAC6 firmware, no TFTP server is required. The only times when you need to copy files to or from iDRAC6 are when you update iDRAC6 firmware or install certificates on iDRAC6.
Installing Dell Management Console Dell Management Console (DMC) is the next generation one-to-many systems management application that provides similar functionality as the Dell OpenManage IT Assistant and also provides enhanced discovery, inventory, monitoring, and reporting features. It is a Web–based GUI, which is installed on a management station in a networked environment. You can install DMC from the Dell Management Console DVD or download and install it from the Dell website at dell.com/openmanage.
Configuring the Management Station
Configuring the Managed Server 4 This section describes tasks to set up the managed server to enhance your remote management capabilities. These tasks include installing the Dell Open Manage Server Administrator software and configuring the managed server to capture the last crash screen. Installing the Software on the Managed Server The Dell management software includes the following features: • RACADM CLI — Allows you to configure and administer iDRAC6.
Configuring the Managed Server to Capture the Last Crash Screen iDRAC6 can capture the last crash screen so that you can view it in the Web interface to help troubleshoot the cause of the managed server crash. NOTE: You can capture the last crash screen only if the managed server is running on a Windows operating system. Follow these steps to enable the last crash screen feature. 1 Install the managed server software.
For information about how to configure the Auto Recovery timer, see the Dell OpenManage Server Administrator User's Guide. To ensure that the last crash screen can be captured, the Auto Recovery timer should be set to 60 seconds. The default setting is 480 seconds. The last crash screen is not available when the Auto Recovery action is set to Shutdown or Power Cycle if the managed server is powered off.
Configuring the Managed Server
Configuring iDRAC6 Enterprise Using the Web Interface 5 iDRAC6 provides a Web interface that enables you to configure iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. You would typically use the Web interface to perform your daily system management tasks. This chapter provides information about how to perform common systems management tasks with iDRAC6 Web interface and provides links to related information.
Accessing the Web Interface To access iDRAC6 Web interface, perform the following steps: 1 Open a supported Web browser window. 2 In the Address field, enter https:// and press . If the default HTTPS port number (port 443) has been changed, enter: https://: where iDRAC6-IP-address is the IP address for iDRAC6 and port-number is the HTTPS port number. The iDRAC6 Log in window is displayed.
2 In the Password field, enter either your iDRAC6 user password, Active Directory user password, or LDAP password. Passwords are case-sensitive. 3 Click OK or press . Logging Out 1 In the upper-right corner of the main window, click Log out to close the session. 2 Close the browser window. NOTE: The Log out button does not appear until you log in. NOTE: Closing the browser without gracefully logging out may cause the session to remain active until the session timeout is reached.
Table 5-1. User Privilege Behavior in Supported Browsers Browser Tab Behavior Window Behavior Microsoft IE7 and IE8 From latest session opened New session Firefox 3 From latest session opened From latest session opened Configuring iDRAC6 NIC This section assumes that iDRAC6 has already been configured and is accessible on the network. See "Configure iDRAC6 Networking" on page 35 for help with the initial iDRAC6 network configuration.
Table 5-2. Network Settings Setting Description Network Interface Card Settings MAC Address Displays the Media Access Control (MAC) address that uniquely identifies each node in a network. The MAC address cannot be changed. Enable NIC When checked, indicates that the NIC is enabled and activates the remaining controls in this group. When a NIC is disabled, all communication to and from iDRAC6 through the network is blocked. The default is Unchecked.
Table 5-2. Network Settings (continued) Setting Description Subnet Mask Allows you to enter or edit a subnet mask for iDRAC6 NIC. To change this setting, deselect the DHCP Enable option. Gateway Allows you to enter or edit a static IPv4 gateway for iDRAC6 NIC. To change this setting, deselect the DHCP Enable option. Use DHCP to obtain DNS server addresses Select the DHCP Enable option to obtain DNS server addresses by selecting the Use DHCP to obtain DNS server addresses check box.
Table 5-2. Network Settings (continued) Setting Description Prefix Length Configures the prefix length of the IPv6 address. It can be a value between 1 and 128 inclusive. To change this setting, you must first disable Autoconfiguration Enable by deselecting the associated check box. Gateway Configures the static IPv6 gateway for iDRAC6 NIC. To change this setting, you must first disable Autoconfiguration Enable by deselecting the associated check box.
Table 5-4. VLAN Settings Button Description Enable VLAN ID Yes—Enabled. No—Disabled. If enabled, only matched Virtual LAN (VLAN) ID traffic is accepted. NOTE: The VLAN settings can only be configured through CMC Web Interface. iDRAC6 only displays the current enablement status; you can not modify the settings on this screen. VLAN ID VLAN ID field of 802.1g fields. Displays a value from 1 to 4094 except 4001 to 4020. Priority Priority field of 802.1g fields.
4 Configure IP filtering and blocking settings as needed. See Table 5-6 for descriptions of the IP filtering and blocking settings. 5 Click Apply to save the settings. Table 5-6. IP Filtering and Blocking Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a range of IP addresses that can access iDRAC6. The default is Disabled. IP Range Address Determines the acceptable IP subnet address. The default is 192.168.1.0.
Configuring Platform Events Platform event configuration provides a mechanism for configuring iDRAC6 to perform selected actions on certain event messages. The actions include no action, reboot system, power cycle system, power off system, and generate an alert (Platform Event Trap [PET] and/or e-mail). The filterable platform events are listed in Table 5-7. Table 5-7.
Configuring Platform Event Filters (PEF) NOTE: Configure platform event filters before you configure the platform event traps or e-mail alert settings. 1 Log in to iDRAC6 Web interface. 2 Click System, and then click the Alert Management tab. The Platform Events screen is displayed. 3 Select the Enable Paltform Event Filter Alerts checkbox. You must select this option for any platform alert to be sent to a valid destination.
4 Click Trap Settings. The Trap Settings screen is displayed. 5 Configure your PET destination IP address: a Select the Enabled check box for the Destination Number you would like to activate. b Enter an IP address in the appropriate IPv4 or IPv6 Destination IP Address box. c Click Apply. NOTE: To successfully send a trap, configure the Community String value. The Community String value indicates the community string to use in a Simple Network Management Protocol (SNMP) alert trap sent from iDRAC6.
5 Configure your e-mail alert destination. a Select the Enabled check box for the first undefined e-mail alert. b Enter a valid e-mail address in the Destination Email Address field. c Click Apply. NOTE: To successfully send a test e-mail, the SMTP (Email) Server must be configured in the SMTP (Email) Server Address Settings section of the Email Alert Settings screen. Specify an SMTP server in the field provided using either the dot separated format (for example, 192.168.1.1) or the DNS name.
e Click Send to test the configured e-mail alert (if desired). f To add an additional e-mail alert destination, repeat step a through step e. You may specify up to four e-mail alert destinations. Configuring IPMI Over LAN 1 Log in to iDRAC6 Web interface. 2 Configure IPMI over LAN: a Click SystemiDRAC Settings, and then click the Network/Security tab. The Network screen is displayed. b Click IPMI Settings. c Select the Enable IPMI Over LAN check box.
c Select Enable Serial Over LAN. d Update the IPMI SOL Baud Rate, if needed, by selecting a data speed from the Baud Rate drop-down menu. NOTE: To redirect the serial console over the LAN, ensure that the SOL Baud Rate is identical to your managed server’s baud rate. e Click Apply. f Configure IP filtering and blocking settings as needed in the Advanced Settings page.
overwritten or deleted. When the PKA over SSH is set up and used correctly, you do not have to enter the password when logging into iDRAC6. This can be very useful for setting up automated scripts to perform various functions. When getting ready to set up this functionality, be aware of the following: • You can manage this feature with RACADM and also from the GUI. • When adding new public keys, ensure that the existing keys are not already at the index where the new key is added.
Generating Public Keys for Linux The ssh-keygen application for Linux clients is a command line tool with no graphical user interface. Open a terminal window and at the shell prompt, enter: ssh-keygen –t rsa –b 1024 –C testing NOTE: The options are case-sensitive. where, -t can be either dsa or rsa. –b specifies the bit encryption size between 768 and 4096. –C allows modifying the public key comment and is optional. After the command executes, upload the public file.
Sending RACADM commands: ssh username@ racadm getversion ssh username@ racadm getsel See "Uploading, Viewing, and Deleting SSH Keys Using RACADM" on page 282 for information on how to upload, view, and delete SSH keys using RACADM. Table 5-8. SSH Key Configurations Option Description Upload SSH Key(s) Allows the local user to upload a SSH public key file. If a key is uploaded, the content of the key file is displayed in a non-editable text box on the User Configuration page.
The View/Remove SSH Key(s) page enables you to view or remove the user's SSH public keys. Table 5-10. View/Remove SSH Key(s) Option Description Remove The uploaded key is displayed in the box. Select the Remove option and click Apply to delete the existing key. 1 If you select Configure User and click Next, the User Configuration page is displayed. 2 On the User Configuration screen, configure the user’s properties and privileges.
Table 5-11. General Properties (continued) Property Description User Name Specifies an iDRAC6 user name with up to 16 characters. Each user must have a unique user name. • 0-9 • A-Z • a-z • Special characters: + % = , - { ] ! ( ? ; _ } I # ) * : $ [ | § NOTE: If the user name is changed, the new name will not appear in the user interface until the next user login. Change Password Enables the New Password and Confirm New Password fields.
Table 5-12. IPMI LAN Privilege Property Description Maximum LAN User Privilege Granted Specifies the user’s maximum privilege on the IPMI LAN channel to one of the following user groups: None, Administrator, Operator, or User. Enable Serial Over LAN Allows the user to use IPMI Serial Over LAN. When Checked, this privilege is enabled. Table 5-13.
Table 5-13. Other Privilege (continued) Property Description Access Virtual Console Enables the user to run Virtual Console. CAUTION: This privilege is normally reserved for users who are members of the Administrator or Power User group on iDRAC. In addition to being able to use the Virtual Console, users with the Access Virtual Console privilege are allowed to view in the iDRAC6 Web interface the activities of anyone using the Virtual Console. For these reasons, assign this privilege carefully.
Securing iDRAC6 Communications Using SSL and Digital Certificates This section provides information about the following data security features that are incorporated in iDRAC6: • Secure Sockets Layer (SSL) • Certificate Signing Request (CSR) • Accessing the SSL main menu • Generating a new CSR • Uploading a server certificate • Viewing a server certificate Secure Sockets Layer (SSL) iDRAC6 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encr
signed certificate, you can use iDRAC6 Web interface to generate a Certificate Signing Request (CSR) with your company’s information. You can then submit the generated CSR to a CA such as VeriSign or Thawte. Certificate Signing Request (CSR) A CSR is a digital request to a Certificate Authority (CA) for a secure server certificate. Secure server certificates allow clients of the server to trust the identity of the server and to negotiate an encrypted session with the server.
Table 5-15. SSL Main Menu Options (continued) Field Description Upload Server Certificate Select the option and click Next to open the Certificate Upload screen and upload the certificate sent to you by the CA. See "Uploading a Server Certificate" on page 110 for more information. NOTE: Only X509 v3, Base 64-encoded certificates are accepted by iDRAC6. DER-encoded certificates are not accepted.
Table 5-16. Generate Certificate Signing Request (CSR) Options (continued) Field Description Organization Unit The name associated with an organizational unit, such as a department (for example, Information Technology). All characters except for '$' is supported. Locality The city or other location of the entity being certified (for example, Round Rock). Only alphanumeric characters and spaces are valid. Do not separate words using an underscore or other character.
Viewing a Server Certificate 1 On the SSL screen, select View Server Certificate and click Next. Table 5-17 describes the fields and associated descriptions listed in the View Server Certificate window. Table 5-17.
Table 5-18 lists the Active Directory summary options. Click the appropriate button to continue. Table 5-18. Active Directory Options Field Description Common Settings Displays commonly configured Active Directory settings. Active Directory CA Certificate Displays the certificate of the CA that signs all the domain controller's SSL server certificates.
Table 5-19. Active Directory Configuration Settings Setting Description Step 1 of 4 Active Directory Configuration and Management Certificate Validation Enabled Specifies whether Certificate validation is enabled or disabled. If Checked, Certificate Validation is enabled. iDRAC6 uses LDAP over Secure Socket Layer (SSL) while connecting to Active Directory.
Table 5-19. Active Directory Configuration Settings (continued) Setting Description Enable Single Sign-on Select this option if you want to log into iDRAC6 without entering your domain user authentication credentials, such as user name and password. If you enable Single Sign-on (SSO) and then logout, you can log back in using SSO. If you are already logged in using SSO and then logout or if SSO fails, the normal login webpage is displayed.
Table 5-19. Active Directory Configuration Settings (continued) Setting Description Look Up Domain Select the Look Up Domain Controllers with DNS option Controllers with DNS to obtain the Active Directory domain controllers from a DNS lookup. When this option is selected, Domain Controller Server Addresses 1-3 are ignored. Select User Domain from Login to perform the DNS lookup with the domain name of the login user. Otherwise, select Specify a Domain and enter the domain name to use on the DNS lookup.
Table 5-19. Active Directory Configuration Settings (continued) Setting Description Extended Schema Selection Select this option if you want to use Extended Schema with Active Directory. Click Next to display the Step 4 of 4 Active Directory Configuration and Management page. iDRAC6 Name: Specifies the name that uniquely identifies iDRAC6 in Active Directory. This value is NULL by default. iDRAC6 Domain Name: The DNS name (string) of the domain where the Active Directory iDRAC object resides.
Table 5-19. Active Directory Configuration Settings (continued) Setting Description Standard Schema Selection Select this option if you want to use Standard Schema with Active Directory. Click Next to display the Step 4a of 4 Active Directory page. Select the Look Up Global Catalog Servers with DNS option and enter the Root Domain Name to use on a DNS lookup to obtain the Active Directory Global Catalog Servers. When this option is selected, Global Catalog Server Addresses 1-3 are ignored.
Table 5-20. Role Group Privileges Setting Description Role Group Privilege Level Specifies the user’s maximum iDRAC6 user privilege as one of the following: Administrator, Power User, Guest User, None, or Custom. See Table 5-21 for Role Group permissions. Login to iDRAC6 Allows the group login access to iDRAC6. Configure iDRAC6 Allows the group permission to configure iDRAC6. Configure Users Allows the group permission to configure users. Clear Logs Allows the group permission to clear logs.
Table 5-21. Role Group Permissions (continued) Property Description Custom Selects any combination of the following permissions: Login to iDRAC6, Configure iDRAC6, Configure Users, Clear Logs, Execute Server Control Commands, Access Virtual Console, Access Virtual Media, Test Alerts, Execute Diagnostic Commands None No assigned permissions Viewing an Active Directory CA Certificate On the Active Directory summary page, click Configure Active Directory.
Disabling Local Configuration Access 1 Click SystemiDRAC Settings Network/SecurityServices. 2 Under Local Configuration, click to select Disable iDRAC6 local USER Configuration Updates to disable access. 3 Click Apply. Configuring iDRAC6 Services NOTE: To modify these settings, you must have Configure iDRAC6 permission. NOTE: When you apply changes to services, the changes take effect immediately. Existing connections may be terminated without warning.
Table 5-23. Web Server Settings Setting Description Enabled Enables or disables iDRAC6 Web server. When Checked, indicates that the Web server is enabled. The default value is Checked. Max Sessions The maximum number of simultaneous Web server sessions allowed for this system. This field is not editable. There can be 4 simultaneous Web server sessions. Active Sessions The number of current sessions on the system, less than or equal to the Max Sessions. This field is not editable.
Table 5-25. Telnet Settings Setting Description Enabled Enables or disables Telnet. When Checked, Telnet is enabled. The default value is Unchecked. Max Sessions The maximum number of simultaneous Telnet sessions allowed for this system. 4 simultaneous Telnet sessions are supported. You can not edit this field. Active Sessions The number of current Telnet sessions on the system. You can not edit this field. Timeout The Telnet idle timeout, in seconds. Timeout range is 60 to 10800 seconds.
Updating iDRAC6 Firmware NOTE: If iDRAC6 firmware becomes corrupted, as could occur if iDRAC6 firmware update is interrupted before it completes, you can recover iDRAC6 using CMC. See your CMC Firmware User Guide for instructions. NOTE: The firmware update, by default, retains the current iDRAC6 settings. During the update process, you have the option to reset iDRAC6 configuration to the factory defaults.
6 By default the Preserve Configuration check box is selected to preserve the current settings on iDRAC6 after an upgrade. If you do not want the settings to be preserved, clear the Preserve Configuration check box. 7 Click Begin Update to start the upgrade process. Do not interrupt the upgrade process. 8 In the Upload (step 3 of 3) window, you will see the status of the upgrade. The progress of the firmware upgrade operation, measured in percent, will appear in the Progress column.
After the firmware image file has been uploaded to CMC, iDRAC6 updates itself with the image. NOTE: The configuration is always preserved when iDRAC is updated using the CMC Web interface. iDRAC6 Firmware Rollback iDRAC6 has the provision to maintain two simultaneous firmware images. You can choose to boot from (or rollback to) the firmware image of your choice. 1 Open iDRAC6 Web interface and log in to the remote system. 2 Click System iDRAC Settings Update tab. 3 Click Rollback.
Configuring iDRAC6 Enterprise Using the Web Interface
Using iDRAC6 Directory Service 6 A directory service maintains a common database for storing information about users, computers, printers, and so on on a network. If your company uses either the Microsoft Active Directory or the LDAP Directory Service software, you can configure the software to provide access to iDRAC6, allowing you to add and control iDRAC6 user privileges to your existing users in your directory service.
Table 6-1. iDRAC6 User Privileges (continued) Privilege Description Execute Diagnostic Commands Enables the user to run diagnostic commands You can use Active Directory to log in to iDRAC6 using one of the following methods: • Web interface • Local RACADM • SSH or Telnet console for SM-CLP CLI The login syntax is the same for all three methods: or \ or / where username is an ASCII string of 1–256 bytes.
Prerequisites for Enabling Active Directory Authentication for iDRAC6 To use the Active Directory authentication feature of iDRAC6, you must have already deployed an Active Directory infrastructure. See the Microsoft website for information on how to set up an Active Directory infrastructure, if you don't already have one.
Exporting the Domain Controller Root CA Certificate to iDRAC6 NOTE: If your system is running Windows 2000, the following steps may vary. NOTE: If you are using a standalone CA, the following steps may vary. 1 Locate the domain controller that is running the Microsoft Enterprise CA service. 2 Click StartRun. 3 In the Run field, enter mmc and click OK. 4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.
Importing iDRAC6 Firmware SSL Certificate NOTE: If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC6 Server certificate to the Active Directory Domain controller as well. This additional step is not required if the Active Directory does not perform a client authentication during an SSL session’s initialization phase. NOTE: If your system is running Windows 2000, the following steps may vary.
Supported Active Directory Authentication Mechanisms You can use Active Directory to define user access on iDRAC6 through two methods: you can use the extended schema solution, which Dell has customized to add Dell-defined Active Directory objects. Or, you can use the standard schema solution, which uses Active Directory group objects only. See the sections that follow for more information about these solutions.
Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for our attributes and classes that are added into the directory service. • Dell extension is: dell • Dell base OID is: 1.2.840.113556.1.8000.
Figure 6-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization. Figure 6-1. Typical Setup for Active Directory Objects iDRAC Association Object User(s) Group(s) Privilege Object iDRAC Device Object(s) You can create as many or as few association objects as required.
Users, user groups, or nested user groups from any domain can be added into the Association Object. Extended Schema solutions support any user group type and any user group nesting across multiple domains allowed by Microsoft Active Directory. Accumulating Privileges Using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects.
For example, Priv1 has these privileges: Login, Virtual Media, and Clear Logs and Priv2 has these privileges: Login to iDRAC, Configure iDRAC, and Test Alerts. As a result, User1 now has the privilege set: Login to iDRAC, Virtual Media, Clear Logs, Configure iDRAC, and Test Alerts, which is the combined privilege set of Priv1 and Priv2.
Extending the Active Directory Schema Important: The schema extension for this product is different from the previous generations of Dell Remote Management products. You must extend the new schema and install the new Active Directory Users and Computers Microsoft Management Console (MMC) Snap-in on your directory. The old schema does not work with this product.
To use the LDIF files, see the instructions in the readme included in the LDIF_Files directory. To use the Dell Schema Extender to extend the Active Directory Schema, see "Using the Dell Schema Extender" on page 138. You can copy and run the Schema Extender or LDIF files from any location. Using the Dell Schema Extender CAUTION: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To ensure that the Dell Schema Extender utility functions properly, do not modify the name of this file.
Table 6-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.7.1.1 Description Represents the Dell iDRAC6 device. iDRAC6 must be configured as delliDRACDevice in Active Directory. This configuration enables iDRAC6 to send Lightweight Directory Access Protocol (LDAP) queries to Active Directory. Class Type Structural Class SuperClasses dellProduct Attributes dellSchemaVersion dellRacType Table 6-4. delliDRACAssociationObject Class OID 1.2.840.113556.1.8000.1280.1.7.1.
Table 6-5. dellRAC4Privileges Class (continued) OID 1.2.840.113556.1.8000.1280.1.1.1.3 Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights).
Table 6-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.2 List of dellRacDevice and DelliDRACDevice Objects that belong to this role.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsVirtualMediaUser 1.2.840.113556.1.8000.1280.1.1.2.9 TRUE TRUE if the user has Virtual Media rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsTestAlertUser 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE if the user has Test Alert User rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.
Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC6 devices, Users and User Groups, iDRAC6 Associations, and iDRAC6 Privileges.
3 Click Add/Remove Snap-in. 4 Select the Active Directory Users and Computers Snap-in and click Add. 5 Click Close and click OK. Adding iDRAC6 Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC6 users and privileges by creating iDRAC6, Association, and Privilege objects.
5 Click OK. 6 Right-click the privilege object that you created, and select Properties. 7 Click the Remote Management Privileges tab and select the privileges that you want the user or group to have (see Table 5-13). Creating an Association Object NOTE: iDRAC6 Association Object is derived from Group and its scope is set to Domain Local. 1 In the Console Root (MMC) window, right-click a container. 2 Select New Dell Remote Management Object Advanced. This opens the New Object window.
Adding Users or User Groups 1 Right-click the Association Object and select Properties. 2 Select the Users tab and click Add. 3 Enter the user or User Group name and click OK. Adding Privileges 1 Select the Privileges Object tab and click Add. 2 Enter the Privilege Object name and click OK. Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC6 device.
If you do not want to validate the SSL certificate of your Active Directory servers, skip to step 7. 6 Under Upload Active Directory CA Certificate, enter the file path of the certificate or browse to find the certificate file, and then click Upload. NOTE: You must enter the absolute file path which includes the full path, complete file name, and file extension.
If Standard Schema is selected, the domain controllers are where the user accounts and the role groups are located. NOTE: iDRAC6 does not failover to the specified domain controllers when DNS lookup fails, or none of the servers returned by the DNS lookup works. 12 Select the Specify Domain Controller Addresses option to allow iDRAC6 to use the Active Directory Domain Controller server addresses that are specified. DNS lookup is not performed. Specify the IP address or the FQDN of the domain controllers.
19 Enter your iDRAC6 user name and password, and then click Start Test. The test results and the test log displays. For additional information, see "Testing Your Configurations" on page 161. NOTE: You must have a DNS server configured properly on iDRAC6 to support Active Directory log in. Navigate to the Network screen (click System iDRAC SettingsNetwork/SecurityNetwork) to configure DNS server(s) manually or use DHCP to get DNS server(s).
If you want to disable the certificate validation during SSL handshake, enter the following RACADM command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0 In this case, you do not have to upload a CA certificate.
4 If you want to configure a list of user domains so that you only need to enter the user name during log in to iDRAC6 Web interface, enter the following command: racadm config -g cfgUserDomain -o cfgUserDomainName -i You can configure up to 40 user domains with index numbers between 1 and 40. See "Using iDRAC6 With Microsoft Active Directory" on page 127 for details about user domains.
Standard Schema Active Directory Overview As shown in Figure 6-3, using standard schema for Active Directory integration requires configuration on both Active Directory and iDRAC6. Figure 6-3. Configuration of iDRAC6 with Microsoft Active Directory and Standard Schema Configuration on iDRAC6 Side Configuration on Active Directory Side Role Group Role Group Name and Domain Name Role Definition User On the Active Directory side, a standard group object is used as a role group.
Table 6-9.
Configuring Standard Schema Active Directory to Access iDRAC6 You must perform the following steps to configure Active Directory before an Active Directory user can access iDRAC6: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2 Create a group or select an existing group. Add the Active Directory user as a member of the Active Directory group to access iDRAC6.
7 Click Next. The Step 2 of 4 Active Directory Configuration and Management screen is displayed. 8 Select the Active Directory Enabled check box. 9 Select Enable smart card Login to enable Smart–Card login. You are prompted for a Smart–Card logon during any subsequent logon attempts using the GUI. This is optional. 10 Select Enable Single Sign-on if you want to log into iDRAC6 without entering your domain user authentication credentials, such as user name and password.
If Standard Schema is selected, these are the addresses of the domain controllers where the user accounts and the role groups are located. NOTE: iDRAC6 does not failover to the specified domain controllers when DNS lookup fails, or none of the servers returned by the DNS lookup works. 15 Click Next. The Step 3 of 4 Active Directory Configuration and Management screen is displayed. 16 Under Schema Selection, select the Standard Schema Selection check box. 17 Click Next.
21 Enter the Group Name. The group name identifies the role group in the Active Directory associated with iDRAC6. 22 Enter the Group Domain. The Group Domain is the fully qualified root domain name for the forest. 23 In the Role Group Privileges section, set the group privileges. See Table 5-13 for information on role group privileges.
Configuring Active Directory With Standard Schema Using RACADM Use the following commands to configure iDRAC6 Active Directory Feature with Standard Schema using the RACADM CLI instead of the Web-based interface.
racadm config -g cfgActiveDirectory -o cfgADDomainController3 NOTE: Enter the FQDN of the domain controller, not the FQDN of the domain. For example, enter servername.dell.com instead of dell.com. NOTE: At least one of the 3 addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one-by-one until it makes a successful connection.
In this case, you must also upload the CA certificate using the following RACADM command: racadm sslcertupload -t 0x2 -f Using the following RACADM command may be optional. See "Importing iDRAC6 Firmware SSL Certificate" on page 131 for additional information.
Testing Your Configurations If you want to verify whether your configuration works, or if you need to diagnose the problem with your failed Active Directory log in, you can test your settings from iDRAC6 Web interface. After you finish configuring settings in iDRAC6 Web interface, click Test Settings at the bottom of the screen. You will be required to enter a test user's name (for example, username@domain.com) and password to run the test.
When generic LDAP is enabled, iDRAC6 first tries to login the user as a directory user. If it fails, local user lookup is enabled. NOTE: There is no behavior change on the Active Directory login syntax. When generic LDAP is enabled, the GUI login page displays only This iDRAC in the drop-down menu. NOTE: In this release, only openLDAP, openDS, Novell eDir and Fedora based directory services are supported. "<" and ">" characters are not allowed in the user name.
SSL handshake. You can disable certificate validation during testing or if your system administrator chooses to trust the domain controllers in the security boundary without validating their SSL certificates. CAUTION: Ensure that CN = open LDAP FQDN is set (for example, CN= openldap.lab) in the subject field of the LDAP server certificate during certificate generation. The CN field in the server certificate should be set to match the LDAP server address field in iDRAC6 for certificate validation to work.
12 Enter the port used for LDAP over SSL in the LDAP Server Port field. The default is 636. 13 In the Bind DN field, enter the DN of a user used to bind to the server when searching for the login user’s DN. If not specified, an anonymous bind is used. 14 Enter the Bind Password to use in conjunction with the Bind DN. This is required if anonymous bind is not allowed. 15 In the Base DN to Search field, enter the DN of the branch of the directory where all searches should start.
22 In the Role Group Privileges section, specify the privileges associated with the group by selecting the Role Group Privilege Level. For example, if you select Administrator, all of the privileges are selected for that level of permission. 23 Click Apply to save Role Group settings. iDRAC6 Web server automatically returns you to the Step 3a of 3 Generic LDAP Configuration and Management page where your Role Group settings are displayed. 24 Configure additional Role Groups if required.
I have configured Active Directory for a domain present in Windows Server 2008 Active Directory and have made these configurations. A child or sub domain is present for the domain, the User and Group is present in the same child domain, and the User is a member of that Group. Now if I try to log in to iDRAC6 using the User present in the child domain, Active Directory Single Sign-On login fails. This may be because of the wrong Group type.
I enabled certificate validation but my Active Directory log in failed. I ran the diagnostics from the GUI and the test results show the following error message. What could the problem be and how do I fix it? ERROR: Can't contact LDAP server, error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: Please check the correct Certificate Authority (CA) certificate has been uploaded to iDRAC.
1 Ensure that you use the correct user domain name during a log in and not the NetBIOS name. 2 If you have a local iDRAC6 user account, log in to iDRAC6 using your local credentials. a Ensure that the Active Directory Enabled check box is selected in the Step 2 of 4 Active Directory Configuration and Management page. b If you have enabled certificate validation, ensure that you have uploaded the correct Active Directory root CA certificate to iDRAC6.
You can fix the problem by taking any of the following actions: • Configure the hostname (FQDN) of the domain controller as the domain controller address(es) on iDRAC6 to match the Subject or Subject Alternative Name of the server certificate. • Re-issue the server certificate to use an IP address in the Subject or Subject Alternative Name field so it matches the IP address configured in iDRAC6.
How does standard schema query work? iDRAC6 connects to the configured domain controller address(es) first. If the user and role groups reside in that domain, the privileges are saved. If global controller address(es) is configured, iDRAC6 continues to query the Global Catalog. If additional privileges are retrieved from the Global Catalog, these privileges are accumulated. Miscellaneous Does iDRAC6 always use LDAP over SSL? Yes. All the transportation is over secure port 636 and/or 3269.
7 Configuring iDRAC6 for Single SignOn and Smart Card Login This section provides information to configure iDRAC6 for Smart Card login for local users and Active Directory users, and Single Sign-On (SSO) login for Active Directory users. iDRAC6 supports Kerberos based Active Directory authentication to support Active Directory Smart Card and Single Sign-On (SSO) logins.
You can also use the following RACADM time zone offset command to synchronize the time: racadm config -g cfgRacTuning -o cfgRacTuneTimeZoneOffset Prerequisites for Active Directory SSO and Smart Card Authentication The pre-requisites for both Active Directory SSO and Smart Card authentication are: • Configure iDRAC6 for Active Directory login. For more information, see "Using iDRAC6 Directory Service" on page 127. • Register iDRAC6 as a computer in the Active Directory root domain.
information between the server and the KDC. The ktpass tool allows UNIX–based services that support Kerberos authentication to use the interoperability features provided by a Windows Server Kerberos KDC service. The keytab obtained from the ktpass utility is made available to iDRAC6 as a file upload and is enabled to be a kerberized service on the network.
NOTE: It is recommended that you use the latest ktpass utility to create the keytab file. Also, while generating the keytab file, use lowercase letters for the idracname and the Service Principal Name. This procedure will produce a keytab file that you should upload to iDRAC6. NOTE: The keytab contains an encryption key and should be kept secure. For more information on the ktpass utility, see the Microsoft website at: http://technet.microsoft.com/en-us/library/cc779157(WS.10).
Using Active Directory SSO You can enable iDRAC6 to use Kerberos—a network authentication protocol—to enable single sign-on. For more information on setting up iDRAC6 to use the Active Directory single sign-on feature, see "Prerequisites for Active Directory SSO and Smart Card Authentication" on page 172. Configuring iDRAC6 to Use SSO 1 Ensure you have done the following: a Created the device object, privilege object, and association object in the Active Directory server.
7 To validate the SSL certificate of the Active Directory servers, select the Enable Certificate Validation check box under Certificate Settings. If you do not want to validate the SSL certificate of your Active Directory servers, take no action, and skip to step 9. 8 Under Upload Active Directory CA Certificate, enter the file path of the certificate or browse to find the certificate file, and then click Upload.
14 For standard schema: a In the Active Directory Step 4a of 4 screen, enter the IP Address of the Global Catalog Server or select the Look Up Global Catalog Servers with DNS option and enter the Root Domain Name to use for a DNS lookup to obtain the Active Directory Global Catalog Servers. b Click any of the Role Groups and add the Role Group information that your valid Active Directory user is a member. The Active Directory Step 4b of 4 screen is displayed.
Configuring Smart Card Authentication iDRAC6 supports the two factor authentication (TFA) feature by enabling Smart Card Logon. The traditional authentication schemes use user name and password to authenticate users. This provides minimal security. TFA, on the other hand, provides a higher-level of security by making the users provide two factors of authentication—what you have and what you know—what you have is the Smart Card, a physical device, and what you know—a secret code like a password or PIN.
8 Select Enable Smart–Card Login to enable Smart Card login. You are prompted for a Smart Card logon during any subsequent logon attempts using the GUI. 9 Add User Domain Name, and enter the IP address of the Domain Controller Server Address. Select Next. 10 Select Standard Schema Settings on Step 3 of 4 Active Directory Configuration and Management page. Select Next. 11 On Step 4a of 4 Active Directory page, enter the IP Address of the Global Catalog Server.
Logging Into iDRAC6 Using Active Directory Smart Card Authentication NOTE: Depending on your browser settings, you may be prompted to download and install the Smart Card reader ActiveX plug-in when using this feature for the first time. 1 Log into iDRAC6 using https. https:// If the default HTTPS port number (port 443) has been changed, type: https://: where IP address is the IP address for iDRAC6 and port number is the HTTPS port number.
Troubleshooting the Smart Card Logon in iDRAC6 Use the following tips to help you debug an inaccessible Smart Card: It takes nearly 4 minutes to log into iDRAC6 using Active Directory Smart Card login.
Unable to Log into iDRAC6 as an Active Directory User • If you cannot log into iDRAC6 as an Active Directory user, try to log into iDRAC6 without enabling the Smart Card logon. You can disable the Smart Card logon through RACADM using the following command: racadm config –g cfgSmartCard –o cfgSmartCardLogonEnable 0 • For 64–bit Windows platforms, iDRAC6 authentication plug–in is not installed properly if a 64–bit version of Microsoft Visual C++ 2005 Redistributable Package is deployed.
display. For US Central Standard Time (CST), this is –6. Use the following RACADM timezone offset command to synchronize iDRAC6 time (through Remote or Telnet/SSH RACADM): racadm config -g cfgRacTuning –o cfgRacTuneTimeZoneOffset . For example, if the system time is GMT -6 (US CST) and time is 2PM, set iDRAC6 time to GMT time of 18:00 which would require you to enter "360" in the above command for the offset.
Configuring iDRAC6 for Single Sign-On and Smart Card Login
Viewing the Configuration and Health of the Managed Server 8 System Summary The System Summary page allows you to view your system's health and other basic iDRAC6 information at a glance and provides you with links to access the system health and information pages. Also, you can quickly launch common tasks from this page and view recent events logged in the System Event Log (SEL). To access the System Summary page, click System Properties tabSystem Summary.
• Express Service Code — The system’s service code number. It is the decimal numerical representation of the Service Tag. • Host Name — The DNS hostname associated with the managed server. • OS Name — The name of the operating system installed on the managed server. NOTE: The OS Name field is populated only if Dell OpenManage Server Administrator is installed on the managed system.
Integrated Network Card This section of the iDRAC6 Web interface provides information about the integrated network card installed on the managed server. It is displayed only for applicable platforms. • Card Type— Displays the card type of the integrated network card installed on the board, for example, Gigabit Ethernet. • Model Name — Displays the model name of the integrated network card.
• Extended CPLD Version — Displays the extended board CPLD version. • Firmware Updated — Displays the date and time of the last successful iDRAC6 firmware update. • MAC Address — Displays the MAC address associated with the LOM (LAN on Motherboard) Network Interface Controller of iDRAC6. IPv4 Settings • Enabled — Displays whether IPv4 protocol support is enabled or disabled NOTE: The IPv4 protocol option is enabled by default.
• Use DHCPv6 to obtain DNS server addresses — Displays whether DHCP is used to obtain DNS Server Addresses. • Preferred DNS Server — Displays the currently active primary DNS server. • Alternate DNS Server — Displays the alternate DNS server address. NOTE: This information is also available at SystemiDRAC SettingsProperties Remote Access Information. Embedded NIC MAC Addresses • NIC 1 — Displays the Media Access Control (MAC) address(es) of the embedded Network Interface Controller (NIC) 1.
WWN/MAC Click System Properties tab WWN/MAC to view the current configuration of installed I/O Mezzanine cards and their associated network fabrics. You can also view the remotely-assigned MAC addresses. If the FlexAddress feature is enabled in CMC, the globally assigned (ChassisAssigned) persistent MAC addresses supersede the hardwired values of each LOM. Server Health Click System Properties tab System Summary.
The firmware time stamp always matches the time stamp iDRAC last had prior to the firmware update, which can be BIOS time if the system had been booted or rebooted prior to the firmware update or the CMC time. CMC CMC screen displays the health status, firmware revision, and IP addresses of the Chassis Management Controller. You can also launch CMC Web interface by clicking the Launch the CMC Web Interface button. See the Chassis Management Controller Firmware User Guide for more information.
Power Monitoring The Power Monitoring screen enables you to view the following monitoring and power statistics information: • Power Monitoring — Displays the amount of power being used (one minute average power value measured in AC watts) by the server as reported by the System Board Current Monitor. • Amperage — Displays the current consumption (AC in Amperes) in the active Power Supply unit.
Misc Health The Misc Health screen provides access to the following system logs: • System Event Log — Displays system-critical events that occur on the managed system. • Post Code — Displays the last system post code (in hexadecimal) prior to booting the operating system of the managed server. • Last Crash Screen — Displays the most recent crash screen and time. • Boot Capture — Provides playback of the last three boot screens.
3 After the host reboots and the system inventory is collected, reboot iDRAC only. 4 Once the iDRAC boots, the hardware inventory is accessible. After iDRAC reboots, the internal components necessary for servicing the requests that provide the hardware inventory will not be ready immediately. Therefore, after the reboot, wait for 5 minutes and then connect to iDRAC to display the hardware inventory. This can be several minutes after iDRAC was first reset.
Hardware Inventory has mostly blank data and is missing many supported components. This problem is typically a result of the CSIOR feature not being enabled or the data was lost from a previous collection. To gather the full inventory allow the system to boot and make sure the CSIOR feature is enabled in the Ctrl-E setup for System Services. As the system is booting make sure the screen shows a message “Collecting System Inventory” before the host boots.
Viewing the Configuration and Health of the Managed Server
Configuring and Using Serial Over LAN 9 Serial Over LAN (SOL) is an IPMI feature that allows a managed server’s text based console data that would traditionally be sent to the serial I/O port to be redirected over iDRAC6’s dedicated Out of Band Ethernet management network. The SOL out-of-band console enables system administrators to remotely manage the blade server’s text-based console from any location with network access.
Serial communication is off by default in BIOS. In order to redirect the host text console data to Serial over LAN, you must enable Virtual Console through COM1. To change the BIOS setting: 1 Boot the managed server. 2 Press to enter the BIOS setup utility during POST. 3 Scroll down to Serial Communication and press .
4 From the Channel Privilege Level Limit drop-down menu, select a privilege level limit for SOL. NOTE: Ensure that the SOL baud rate is identical to the Failsafe Baud Rate that was set in BIOS. 5 Click Apply to save the settings. 6 Click Advanced Settings. The Serial Over LAN Configuration Advanced Settings screen is displayed that allows you to adjust the SOL performance. See Table 9-1. Table 9-1.
9 Click Services to open the Services screen. NOTE: SSH and Telnet programs both provide access on a remote machine. 10 Click Enabled on either SSH or Telnet as required. 11 Click Apply. NOTE: SSH is a recommended method due to better security and encryption mechanisms. NOTE: SSH/Telnet session duration can be infinite as long as the timeout value is set to 0. The default timeout value is 1800 seconds.
To initiate a SOL session, attach to iDRAC6 through SSH/Telnet which takes you to iDRAC6 command line console. Then enter connect at the dollar prompt. See "Installing Telnet or SSH Clients" on page 75 for more information about using Telnet and SSH clients with iDRAC6. Model for the SOL Proxy Telnet Client (port 623) WAN connection SOL Proxy iDRAC6 server When the SOL Proxy communicates with the Telnet client on a management station, it uses the TCP/IP protocol.
Disconnecting SOL session in iDRAC6 Command Line Console Commands to disconnect a SOL session are utility oriented. You can exit the utility only when a SOL session is fully terminated. To disconnect a SOL session, terminate the SOL session from iDRAC6 command line console. When you are ready to quit SOL redirection, press , , and then (press the keys in sequence, one after the other). The SOL session will close accordingly.
NOTE: In Windows, if the Emergency Management System (EMS) console is opened immedidately after a host reboot, the Special Admin Console (SAC) terminal may get corrupted. Quit the SOL session as mentioned in "Disconnecting SOL session in iDRAC6 Command Line Console" on page 202, close the terminal, open another terminal and start the SOL session using the same command described above.
This connects you to the managed server's serial port. Once a SOL session is established successfully, iDRAC6 command line console is no longer available to you. Follow the escape sequence properly to reach iDRAC6 command line console. Quit the SOL session (see "Disconnecting SOL session in iDRAC6 Command Line Console" on page 202 to close an active SOL session).
Opening SOL with SOL proxy Serial-Over-LAN Proxy (SOL Proxy) is a Telnet daemon that allows LANbased administration of remote systems using the Serial over LAN (SOL) and IPMI protocols. Any standard Telnet client application, such as HyperTerminal on Microsoft Windows or Telnet on Linux, can be used to access the daemon's features. SOL can be used either in the menu mode or command mode.
The installation program copies the files to the following locations on Linux Enterprise Operating Systems: /etc/init.d/SOLPROXY.cfg /etc/SOLPROXY.cfg /usr/sbin/dsm_bmu_solproxy32d /usr/sbin/solconfig /usr/sbin/ipmish Initiating the SOL Proxy session For Windows 2003 To start the SOL Proxy service on Windows system after installation, you can reboot the system (SOL Proxy automatically starts on a reboot).
Using Telnet with SOL Proxy This assumes that the SOL Proxy service is already up and running on the management station. For Windows 2003: 1 Open a command prompt window on your management station. 2 Enter the telnet command in the command-line and provide localhost as the IP address if the SOL Proxy server is running in the same machine and the port number that you specified in the SOL Proxy installation (the default value is 623).
Connecting to the Remote Managed System's BMC After a SOL Proxy session is established successfully, you are presented with the following choices: 1. Connect to the Remote Server's BMC 2. Configure the Serial-Over-LAN for the Remote Server 3. Activate Virtual Console 4. Reboot and Activate Virtual Console 5. Help 6. Exit NOTE: While multiple SOL sessions can be active at the same time, only one Virtual Console session can be active at any given time for a managed system.
The SOL configuration menu is displayed. According to the current SOL status, the content of the SOL configuration menu varies: • If SOL is already enabled, the current settings are displayed and you are presented with three choices: 1. Disable Serial-Over-LAN 2. Change Serial-Over-LAN settings 3. Cancel • If SOL is enabled, ensure that the SOL baud rate is consistent with iDRAC6's and that the user has the administrator privilege.
Operating System Configuration To configure generic operating systems, perform the steps relevant to your operating system. This configuration is based on default installations of Red Hat Enterprise Linux 5.0, SUSE Linux Enterprise Server 10 SP1, and Windows 2003 Enterprise. Linux Enterprise Operating System 1 Edit the /etc/inittab file to enable hardware flow control and to allow users to log in through the SOL console. Add the line below to the end of #Run gettys in standard runlevels section.
Example of modified /etc/inittab: ______________________________________________________________ # # inittab This file describes how the INIT process should set up # the system in a certain run-level.
SKIP the rest of file ______________________________________________________________ Example of modified /etc/securetty: ______________________________________________________________ Console ttyS0 vc/1 vc/2 vc/3 vc/4 SKIP the rest of file ______________________________________________________________ 3 Edit the /boot/grub/grub.conf or /boot/grub/menu.
Example of original /boot/grub/grub.conf in RHEL 5: ______________________________________________________________ # grub.conf generated by anaconda # # Note that you do not have to return grub after making changes to this # file # NOTICE: You have a /boot partition. This means that # eg. all kernel and initrd paths are relative to /boot/, # root (hd0,0) # kernel /vmlinux-version ro root= /dev/VolGroup00/LogVol00 # initrd /initrd-version.
Example of modified /boot/grub/grub.conf: ______________________________________________________________ # grub.conf generated by anaconda # # Note that you do not have to return grub after making changes to this # file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinux-version ro root= /dev/VolGroup00/LogVol00 # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 #splashimage=(hd0,0)/grub/splash.
Example of original /boot/grub/menu.list in SLES 10: ______________________________________________________________ #Modified by YaST2. Last modification on Sat Oct 11 21:52:09 UTC 2008 Default 0 Timeout 8 gfxmenu (hd0.5)/boot/message ###Don't change this comment - YaST2 identifier: Original name: linux### title SUSE Linux Enterprise Server 10 SP1 root (hd0,5) kernel /boot/vmlinux-2.6.16-46-0.12-bigsmp root=/dev/disk/byid/scsi-35000c5000155c resume=/dev/sda5 splash=silent showopts initrd /boot/initrd-2.6.
Windows 2003 Enterprise 1 Find out the boot entry ID by entering bootcfg in the Windows command prompt. Locate the boot entry ID for the section with the OS-friendly name Windows Server 2003 Enterprise. Press to display the boot options on the management station. 2 Enable EMS at a Windows command prompt by entering: bootcfg /EMS ON /PORT COM1 /BAUD 115200 /ID NOTE: is the boot entry ID from step 1. 3 Press to verify that the EMS console setting takes effect.
Example of modified bootcfg setting: ______________________________________________________________ Boot Loader Settings -------------------timeout: 30 default: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS redirect: COM1 redirectbaudrate:115200 Boot Entries -----------Boot entry ID: 1 Os Friendly Name: Windows Server 2003, Enterprise Path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS OS Load Options: /redirect /nonexecute=optout /fastdetect /usepmtimer ____________________________________________
Configuring and Using Serial Over LAN
Using GUI Virtual Console 10 This section provides information about using iDRAC6 Virtual Console feature. Overview iDRAC6 Virtual Console feature enables you to remotely access local consoles in graphic or text mode, allowing you to control one or more iDRAC6enabled systems from a single location.
second user. During the time that two sessions are concurrently active, the first user sees a message in the upper-right corner of the screen that identifies that the second user has an active session. If the neither the first or second user has administrator privileges, termination of the first user's active session automatically results in termination of the second user's session.
2 Delete the item titled iDRAC6 Virtual Console Client and JViewer. You can also run javaws -uninstall at the command prompt to remove all applications from the cache. Supported Screen Resolutions and Refresh Rates Table 10-1 lists the supported screen resolutions and corresponding refresh rates for a Virtual Console session that is running on the managed server. Table 10-1.
a In Internet Explorer, go to Tools Internet Options Security Trusted sites Custom level. NOTE: For Windows 7 64-bit, click Tools Internet Options Security Internet Custom level. b In the Security Settings window, select the Disable option for Automatic prompting for file downloads. c Click OK, and again click OK.
Table 10-2. Virtual Console Configuration Properties (continued) Property Description Video Port Number The network port number used for connecting to the Virtual Console Screen service. You may need to change this setting if another program is using the default port. The default is 5901. Video Encryption Enabled Selected indicates that video encryption is enabled. All traffic going to the video port is encrypted. Deselected indicates that video encryption is disabled.
NOTE: For information about using Virtual Media with Virtual Console, see "Configuring and Using Virtual Media" on page 261. Opening a Virtual Console Session When you open a Virtual Console session, the Dell Virtual Console Viewer Application (iDRACView) starts and the remote system’s desktop is displayed in the viewer. Using iDRACView, you can control the remote system’s mouse and keyboard functions from your local management station.
Table 10-3. Virtual Console Information (continued) Property Description Console Plug-in Type Shows the plug-in type currently configured. ActiveX — An Active-X viewer will be launched. Active-X viewer will only work on Internet Explorer while running on a Windows Operating System. Java — A Java viewer will be launched. The Java viewer can be used on any browser including Internet Explorer. If your client runs on an operating system other than Windows, then you must use the Java Viewer.
Virtual Console Preview Before launching the Virtual Console, you can preview the state of the Virtual Console on the SystemPropertiesSystem Summary page. The Virtual Console Preview section displays an image showing the state of the Virtual Console. The image is automatically refreshed every 30 seconds. NOTE: The Virtual Console image is available only if you have enabled Virtual Console. Table 10-4 provides inforation about the available options. Table 10-4.
The Video Viewer provides various control adjustments such as color mode, mouse synchronization, snapshots, keyboard macros, power actions, and access to Virtual Media. Click Help for more information on these functions. When you start a Virtual Console session and the Video Viewer is displayed, you may need to adjust the color mode and synchronize the mouse pointers. Table 10-5 describes the menu options that are available for use in the viewer. Table 10-5.
Table 10-5. Viewer Menu Bar Selections (continued) Menu Item Item Description Macros When you select a macro, or enter the hotkey specified for the macro, the action is executed on the remote system.
Table 10-5. Viewer Menu Bar Selections (continued) Menu Item Item Description Options Color Mode Allows you to select a color depth to improve performance over the network. For example, if you are installing software from virtual media, you can choose the lowest color depth, so that less network bandwidth is used by the Virtual Console viewer leaving more bandwidth for transferring data from the media. The color mode can be set to 15-bit color and 7-bit color.
Table 10-5. Viewer Menu Bar Selections (continued) Menu Item Item Description Help About iDRACView Displays iDRACView Version. Synchronizing the Mouse Pointers When you connect to a remote Dell PowerEdge system using Virtual Console, the mouse acceleration speed on the remote system may not synchronize with the mouse pointer on your management station, causing two mouse pointers to appear in the Video Viewer window. To synchronize the mouse pointers click Mouse Synchronize cursor or press .
synchronization in the iDRAC Virtual Console, this feature must be disabled. To disable Predictable Pointer Acceleration, in the mouse section of the /etc/X11/xorg.conf file, add: Option "AccelerationScheme" "lightweight". If synchronization problems continue, make the following additional change in the /.gconf/desktop/gnome/peripherals/mouse/%gconf.xml file: Change the values for motion_threshold and motion_acceleration to -1.
Launching Virtual Console and Virtual Media Remotely You can launch Virtual Console or Virtual Media by entering a single URL on a supported browser instead of launching it from iDRAC6 Web GUI. Depending on your system configuration, you will either go through the manual authentication process (login page) or will be directed to the Virtual Console or Virtual Media viewer (iDRACView) automatically.
Table 10-6. Error Scenarios (continued) Error Scenarios Reason Behavior Virtual Console disabled Virtual Console is iDRACView is not launched and disabled on your system. you are redirected to the Virtual Console/Media configuration GUI page. Unknown URL parameters detected The URL you have entered contains undefined parameters. Page not Found (404) message is displayed. Frequently Asked Questions Table 10-7 lists frequently asked questions and answers. Table 10-7.
Table 10-7. Using Virtual Console: Frequently Asked Questions (continued) Question Answer Does switching off the local video also Yes. switch off the local keyboard and mouse? Does turning off the local console turn No, turning the local video on or off is independent of the remote console session.
Table 10-7. Using Virtual Console: Frequently Asked Questions (continued) Question Answer The console window is garbled. The Virtual Console viewer on Linux requires a UTF-8 character set. Check your locale and reset the character set if needed. See "Setting the Locale in Linux" on page 71 for more information. Why do I get a blank screen on the managed server when loading the Windows 2000 operating system? The managed server does not have the correct ATI video driver. Update the video driver.
Table 10-7. Using Virtual Console: Frequently Asked Questions (continued) Question Answer I am still having issues with mouse synchronization. Ensure that the correct mouse is selected for your operating system before starting a Virtual Console session. Ensure that Synchronize Mouse is checked in the Mouse menu. Press or select Mouse Synchronize mouse to toggle mouse synchronization. When synchronization is enabled, a check mark is displayed next to the selection in the Mouse menu.
Table 10-7. Using Virtual Console: Frequently Asked Questions (continued) Question Answer Why do multiple Session Viewer windows appear when I establish a Virtual Console session from the local host? You are configuring a Virtual Console session from the local system. This is not supported. If I am running a Virtual Console No. If a local user accesses the system, you session and a local user accesses the both have control of the system.
Table 10-7. Using Virtual Console: Frequently Asked Questions (continued) Question Answer Linux SysRq key is not working with Internet Explorer. Why? The Linux SysRq key behavior is different when using Virtual Console from Internet Explorer. To send the SysRq key, the Print Screen key should be pressed and released while holding the Ctrl and Alt keys.
11 Configuring the vFlash SD Card and Managing vFlash Partitions The vFlash SD card is a Secure Digital (SD) card that plugs into the optional iDRAC6 Enterprise card slot at the back corner of the system. It provides storage space that behaves like a common USB Flash Key device. It is the storage location for user-defined partition(s) that can be configured to be exposed to the system as a USB device and also used to create a bootable USB device.
NOTE: You can only perform a single vFlash operation at a time. The first operation must be completed before you perform another vflash operation. For example, if you start a create from image operation using RACADM, you cannot perform a create, download, or format operation using RACADM or GUI. You must wait until the operation is complete before performing the next vFlash operation. Installing a vFlash or Standard SD Card 1 Remove the blade from the chassis.
Removing a vFlash or Standard SD Card To remove the vFlash or standard SD card, push inward on the card to release it, and pull the card from the card slot. Configuring vFlash or Standard SD Card Using iDRAC6 Web Interface After you install the vFlash or standard SD card, you can view its properties, enable or disable vFlash, and initialize the card. The card must be enabled to perform partition management. When the card is disabled, you can only view its properties.
Table 11-1. SD Card Properties (continued) Attribute Description Available Space Displays the unused space on the SD card in MB. This space is available to create more partitions on the vFlash SD card. If the inserted SD card is uninitialized, then the available space displays that the card is uninitialized. Write Protected Displays whether the card is write-protected or not. Health Displays the overall health of the SD card.
If you click any option on the vFlash pages when an application such as WSMAN provider, iDRAC6 Configuration Utility, or RACADM is using vFlash, or if you navigate to some other page in the GUI, iDRAC6 may display the following message. SD card is temporarily unavailable. To retry, click Refresh. Configuring vFlash or Standard SD Card Using RACADM You can view and configure the vFlash or standard SD card using RACADM commands from local, remote, or Telnet/SSH console.
Enabling or Disabling the vFlash or Standard SD Card Open a telnet/SSH/Serial console to the server, log in, and enter the following command: • To enable vFlash or standard SD card: racadm config -g cfgvFlashsd -o cfgvflashSDEnable 1 • To disable vFlash or standard SD card: racadm config -g cfgvFlashsd -o cfgvflashSDEnable 0 NOTE: The RACADM command functions only if a vFlash or standard SD card is present. If a card is not present, the following message is displayed: ERROR: SD Card not present.
Resetting the vFlash or Standard SD Card Open a telnet/SSH/Serial console to the server, log in, and enter: racadm vflashsd initialize For more information about vflashsd, see the RACADM Command Line Reference Guide for iDRAC and CMC available on the Dell Support website at support.dell.com/manuals. NOTE: The racadm vmkey reset command is deprecated from 1.5 release onwards. The functionality of this command is now covered by vflashsd initialize.
Before creating an empty partition, ensure the following: • The card is initialized. • The card is not write-protected. • An initialize operation is not already being performed on the card. To create an empty vFlash partition: 1 On the iDRAC6 Web interface, select SystemvFlash tabCreate Empty Partition subtab. The Create Empty Partition page is displayed. 2 Enter the information mentioned in Table 11-2. 3 Click Apply. A new partition is created.
Table 11-2. Create Empty Partition Page Options Field Description Emulation Type Select the emulation type for the partition from the dropdown list. The available options are Floppy and HDD. Size Enter the partition size in Megabytes (MB). The maximum partition size is 4 GB, or less than or equal to the available space on the vFlash SD card. NOTE: For the standard SD card, the partition size can be up to 256 MB.
Before creating a partition from an image file, ensure the following: • The card is initialized. • The card is not write-protected. • An initialize operation is not already being performed on the card. NOTE: When creating partition from an image file, ensure that the image type and the emulation type match. iDRAC emulates the device based on the image type specified. There may be issues when the uploaded image and the emulation type do not match.
Table 11-3. Create Partition from Image File Page Options Field Description Label Enter a unique label for the new partition. This can contain up to six alphanumeric characters. Do not include spaces in the label name. The characters are displayed in upper case. NOTE: For the standard SD card, the label name must be VFLASH. If not, an error message is displayed. Emulation Type Select the emulation type for the partition from the dropdown list. The available options are Floppy, HDD, and CDROM.
3 Click Apply. A warning message indicating that all the data on the partition will be erased is displayed. Click OK. The selected partition is formated with the specified file system type. An error message is displayed if: • The card is write-protected. • An initialize operation is already being performed on the card. Table 11-4. Format Partition Page Options Field Description Label Select the partition label that you want to format. The first available partition is selected by default.
Viewing Available Partitions Ensure that the vFlash or standard SD card is enabled to view the list of available partitions. To view the available partitions on the card: 1 On the iDRAC6 Web interface, select SystemvFlashManage subtab. The Manage Partitions page lists the available partitions. 2 For each partition, you can view the information mentioned in Table 11-5. Table 11-5. Viewing Available Partitions Field Description Index Partitions are indexed from 1 to 16.
Modifying a Partition Ensure that the card is enabled to modify the partition. NOTE: You must have Access Virtual Media privileges to modify a vFlash partition. You can change a read-only partition to read-write or vice-versa. To do this: 1 On the iDRAC6 Web interface, select SystemvFlash tabManage subtab. The Manage Partitions page is displayed.
Before attaching or detaching a partition, ensure the following: • The card is enabled. • An initialize operation is not already being performed on the card. To attach or detach partitions: 1 On the iDRAC6 Web interface, select SystemvFlash tabManage subtab. The Manage Partitions page is displayed. 2 In the Attached column, select the checkbox for the partition(s) that you want to attach or clear the checkbox for the partition(s) that you want to detach.
Deleting Existing Partitions NOTE: You can delete existing partitions for the vFlash or standard SD card. Before deleting existing partition(s), ensure the following: • The card is not write-protected. • The partition is not attached. • An initialize operation is not already being performed on the card. NOTE: You must have Access Virtual Media privileges to modify a partition. To delete an existing partition: 1 On the iDRAC6 Web interface, select SystemvFlash tabManage subtab.
4 Specify the location to save the file. If only the folder location is specified, then the partition label is used as the file name, along with the extension .iso for CD type partitions and .img for floppy and hard-disk type partitions. 5 Click Save. The contents of the selected partition are downloaded to the specified location. Booting to a Partition You can set an attached vFlash partition as the boot device for the next boot operation. The vFlash partition must contain a bootable image (in the .
Managing vFlash Partitions Using RACADM You can use the vFlashPartition subcommand to create, delete, list, or view the status of partitions on an already initialized vFlash or standard SD card. The format is: racadm vflashpartition NOTE: You must have Access Virtual Media privileges to perform vFlash partition management. Valid Options: -i Index of the partition for which this command applies. must be an integer from 1 to 16.
-t Create a partition of type . must be: • empty - Create an empty partition. • -s - Partition size in MB. • -f - Format type for the partition based on the type of file system. Valid options are RAW, FAT16, FAT32, EXT2, or EXT3. • image - Create a partition using an image file. The following options are valid with the image type: • -l - Specifies the remote path relative to the iDRAC.
Deleting a Partition • To delete a partition: racadm vflashpartition delete -i 1 • To delete all partitions, re-initialize the vFlash SD card. For information, see "Initializing the vFlash or Standard SD Card" on page 244.
Attaching or Detaching a Partition • To attach a partition: racadm config –g cfgvflashpartition cfgvflashPartitionAttachState 1 • –i 1 –o To detach a partition: racadm config –g cfgvflashpartition cfgvflashPartitionAttachState 0 –i 1 –o Modifying a Partition • To change a read-only partition to read-write: racadm config –g cfgvflashpartition cfgvflashPartitionAccessType 1 • –i 1 –o To change a read-write partition to read-only: racadm config –g cfgvflashpartition cfgvflashPartitionAccessType 0 –i
Configuring the vFlash SD Card and Managing vFlash Partitions
12 Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the Virtual Console viewer, provides the managed server access to media connected to a remote system on the network. Figure 12-1 shows the overall architecture of Virtual Media. Figure 12-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual Media requires a minimum available network bandwidth of 128 Kbps. Virtual Media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
Depending on your version of Internet Explorer, a custom security setting for ActiveX may be required: 1 Start Internet Explorer. 2 Click Tools Internet Options, and then click the Security tab. 3 Under Select a Web content zone to specify its security settings, click to select the desired zone. 4 Under Security level for this zone, click Custom Level. The Security Settings window is displayed.
Configuring Virtual Media 1 Log in to iDRAC6 Web interface. 2 Click System Virtual Console/Media Configuration. 3 In the Virtual Media section, select values for the settings. See Table 12-2 for information on Virtual Media configuration values. 4 Click Apply to save your settings. An alert dialog is displayed with the following message: You are about to change device configuration. All existing redirection sessions will be closed. Do you want to continue? 5 Click OK to continue.
Table 12-2. Virtual Media Configuration Values (continued) Attribute Value Floppy Emulation Indicates whether the Virtual Media is displayed as a floppy drive or as a USB key to the server. If Floppy Emulation is selected, the Virtual Media device is displayed as a floppy device on the server. If it is deselected, it is displayed as a USB Key drive. NOTE: On certain Windows Vista and Red Hat Enterprise Linux environments, you may not be able to virtualize a USB with Floppy Emulation enabled.
To change the values of any of the displayed attributes, see "Configuring Virtual Media" on page 264. NOTE: The Floppy Image File under Floppy Drive (if applicable) may appear, as this device can be virtualized as a virtual floppy. You can select one optical drive and one floppy at the same time, or a single drive. NOTE: The virtual device drive letters on the managed server do not coincide with the physical drive letters on the management station.
To connect a floppy image or ISO image, enter the path to the image location on your local computer, or click the Browse button to navigate to the image location. NOTE: You may not be able to mount remote ISO images if you use the Java based Virtual Media plug–in. For example, Linux clients will not allow you to mount the images since they use the Java based plug–in. To avoid this, copy the ISO image to your local system to make the image file available locally.
3 Scroll to the boot sequence and press . In the pop-up window, the virtual optical drives and virtual floppy drives are listed with the standard boot devices. 4 Ensure that the virtual drive is enabled and listed as the first device with bootable media. If required, follow the on-screen instructions to modify the boot order. 5 Save the changes and exit. The managed server reboots. The managed server attempts to boot from a bootable device based on the boot order.
Using Virtual Media When the Server’s Operating System Is Running Windows-Based Systems On Windows systems, the Virtual Media drives are automounted if they are attached and configured with a drive letter. Using the virtual drives from within Windows is similar to using your physical drives. When you connect to the media using the Virtual Media wizard, the media is available at the system by clicking the drive and browsing its content.
Table 12-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer Why do I sometimes lose my client connection? • You can sometimes lose your client connection if the network is slow or if you change the CD in the client system CD drive. For example, if you change the CD in the client system’s CD drive, the new CD might have an autostart feature.
Table 12-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer What types of media can I boot iDRAC6 allows you to boot from the following from? bootable media: • CDROM/DVD Data media • ISO 9660 image • 1.44 Floppy disk or floppy image • A USB key that is recognized by the operating system as a removable disk (minimum size 128 MB) • A USB key image How can I make my USB key bootable? Search support.dell.
Table 12-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy device on a system running Red Hat Enterprise Linux or the SUSE Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
Configuring and Using Virtual Media 273
Configuring and Using Virtual Media
13 Using the RACADM Command Line Interface The RACADM command line interface (CLI) provides access to iDRAC6 management features on the managed server. RACADM provides access to most of the features on iDRAC6 Web interface. RACADM can be used in scripts to ease configuration of multiple servers, instead of using the Web interface, which, is more useful for interactive management.
CAUTION: The latest iDRAC6 firmware supports only the latest RACADM version. You may encounter errors if you use an older version of RACADM to query iDRAC6 with the latest firmware. Install the RACADM version shipped with your latest Dell OpenManage DVD media. RACADM Subcommands Table 13-1 provides a description of each RACADM subcommand that you can run in RACADM.
Table 13-1. RACADM Subcommands (continued) Command Description getsysinfo Displays information about iDRAC6 and the managed server, including IP configuration, hardware model, firmware versions, and operating system information. gettracelog Displays iDRAC6 trace log. If used with -i, the command displays the number of entries in iDRAC6 trace log. help Lists iDRAC6 subcommands. help Lists usage statement for the specified subcommand.
Table 13-1. RACADM Subcommands (continued) Command Description sslcertdownload Downloads a CA certificate or server certificate from iDRAC. sslcertupload Uploads a CA certificate or server certificate to iDRAC6. sslcertview Views a CA certificate or server certificate in iDRAC6. sslcsrgen Generates and downloads the SSL CSR. testemail Forces iDRAC6 to send an e-mail over iDRAC6 NIC. testtrap Forces iDRAC6 to send an SNMP alert over iDRAC6 NIC.
Without options, the RACADM command displays general use information. To display the RACADM subcommand list, enter: racadm help or racadm getconfig -h The subcommand list includes all RACADM commands that are supported by iDRAC6. To get help for a subcommand, enter: racadm help The command displays the syntax and command-line options for the subcommand.
racadm getconfig -g cfgLanNetworking Managing iDRAC6 Users with RACADM NOTE: Use caution when using the racresetcfg command, as all configuration parameters are reset to the original defaults. Any previous changes are lost. NOTE: If you are configuring a new iDRAC6 or if you ran the racadm racresetcfg command, the only current user is root with the password calvin. NOTE: Users can be enabled and disabled over time. As a result, a user may have a different index number on each iDRAC6.
Adding an iDRAC6 User To add a new user to iDRAC6, perform the following steps: 1 Set the user name. 2 Set the password. 3 Set the Login to iDRAC6 user privilege. 4 Enable the user.
Table 13-2. Bit Masks for User Privileges (continued) User Privilege Privilege Bit Mask Clear Logs 0x00000008 Execute Server Control Commands 0x00000010 Access Virtual Console 0x00000020 Access Virtual Media 0x00000040 Test Alerts 0x00000080 Execute Debug Commands 0x00000100 For example, to allow the user Configure iDRAC6, Configure Users, Clear Logs, and Access Virtual Console privileges, add the values 0x00000002, 0x00000004, 0x00000008, and 0x00000010 to construct the bitmap 0x0000002E.
View The view mode allows the user to view a key specified by the user or all keys. racadm sshpkauth -i <2 to 16> -v -k <1 to 4> racadm sshpkauth -i <2 to 16> -v -k all Delete The delete mode allows the user to delete a key specified by the user or all keys. racadm sshpkauth -i <2 to 16> -d -k <1 to 4> racadm sshpkauth -i <2 to 16> -d -k all CAUTION: This privilege is normally reserved for users who are members of the Administrator user group on iDRAC.
racadm testemail -i 2 (-i 2 is for the index entry #2 in the e–mail alert table) NOTE: Ensure that the SMTP and E-mail Alert settings are configured before testing the e-mail alert feature. See "Configuring E-Mail Alerts" on page 96 for more information. Testing iDRAC6 SNMP Trap Alert Feature iDRAC6 SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed server.
racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.255.0 racadm config -g cfgLanNetworking -o cfgNicGateway 192.168.0.120 racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 192.168.0.5 racadm config -g cfgLanNetworking -o cfgDNSServer2 192.168.0.
Configuring IPMI Over LAN 1 Configure IPMI over LAN by entering the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications.
a Update the IPMI SOL minimum privilege level using the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolMinPrivilege where is one of the following: • 2 (User) • 3 (Operator) • 4 (Administrator) For example, to configure the IPMI privileges to 2 (User), enter the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolMinPrivilege 2 NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate is identical to your managed server’s baud rate.
Configuring PEF You can configure the action you wish iDRAC6 to take for each platform alert. Table 13-3 lists the possible actions and the value to identify them in RACADM. Table 13-3. Platform Event Action Action Value No action 0 Power off 1 Reboot 2 Power Cycle 3 Configure PEF actions using the following command: racadm config -g cfgIpmiPef -o cfgIpmiPefAction -i where is the PEF index (Table 5-7), and is a value from Table 13-3.
3 Configure your PET policy using the following command: racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIPAddr -i where is the PET destination index and is the destination IP address of the system that receives the platform event alerts. 4 Configure the Community Name string. At the command prompt, enter: racadm config -g cfgIpmiLan -o cfgIpmiPetCommunityName where is the PET Community Name.
racadm config -g cfgRemoteHosts -o cfgRhostsSmtpServerIpAddr 5 To configure a custom message, enter the following command: racadm config -g cfgEmailAlert -o cfgEmailAlertCustomMsg -i where is the e-mail destination index and is the custom message. 6 Test the configured e-mail alert, if desired, by entering the following command: racadm testemail -i where is the e-mail destination index to test.
Table 13-4. IP Address Filtering (IPRange) Properties Property Description cfgRacTuneIpRangeEnable Enables the IP range checking feature. cfgRacTuneIpRangeAddr Determines the acceptable IP address bit pattern, depending on the 1’s in the subnet mask. This property is bitwise anded with cfgRacTuneIpRangeMask to determine the upper portion of the allowed IP address. Any IP address that contains this bit pattern in its upper bits is allowed to log in.
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.212 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.252 The last byte of the range mask is set to 252, the decimal equivalent of 11111100b.
See the RACADM Command Line Reference Guide for iDRAC and CMC available on the Dell Support website at support.dell.com/manuals for a complete list of cfgRacTune properties. Table 13-5 lists the user-defined parameters. Table 13-5. Log In Retry Restriction (IP Blocking) Properties Property Definition cfgRacTuneIpBlkEnable Enables the IP blocking feature.
racadm config -g cfgRacTuning -o cfgRacTuneIpBlkPenaltyTime 300 The following example prevents more than three failed attempts within one minute, and prevents additional login attempts for an hour.
racadm config -g cfgRacTuning -o cfgRacTuneTelnetPort 8022 For a complete list of available RACADM CLI commands, see "Using the RACADM Command Line Interface" on page 275. Remote and SSH/Telnet RACADM Remote RACADM is a client side utility, which can be executed from a management station through the out of band network interface. A remote capability option (-r) is provided that allows you to connect to the managed system and execute RACADM subcommands from a remote console or management station.
ERROR: Unable to connect to iDRAC6 at specified IP address NOTE: When using the RACADM remote capability, you must have write permissions on the folders where you are using the RACADM subcommands involving file operations, for example: racadm getconfig -f or racadm sslcertdownload -t [-f ] Remote RACADM Usage racadm -r -u -p racadm -i -r For examp
Table 13-6. RACADM Command Options (continued) Option Description -i Instructs RACADM to interactively query the user for user name and password. -u Specifies the user name that is used to authenticate the command transaction. If the -u option is used, the -p option must be used, and the -i option (interactive) is not allowed. -p Specifies the password used to authenticate the command transaction. If the -p option is used, the -i option is not allowed.
• Obtained from iDRAC6 with the RACADM getconfig subcommand and then edited To obtain a configuration file with the RACADM getconfig command, enter the following command: racadm -r -u -p getconfig -f myconfig.cfg This command creates the file myconfig.cfg in the current directory. Configuration File Syntax NOTE: Edit the configuration file with a plain text editor, such as Notepad on Windows or vi on Linux. The racadm utility parses ASCII text only.
[cfgLanNetworking] (group name) cfgNicIpAddress=192.168.1.1 (object name) • Parameters are specified as object=value pairs with no white space between the object, =, and value. White space that is included after the value is ignored. White space inside a value string remains unmodified. Any character to the right of the = is taken as is (for example, a second =, or a #, [, ], and so forth).
• A predefined set of indexes are available for each indexed group. For more information, see the RACADM Command Line Reference Guide for iDRAC and CMC available on the Dell Support website at support.dell.com/manuals. Modifying iDRAC6 IP Address in a Configuration File When you modify iDRAC6 IP address in the configuration file, remove all unnecessary = entries.
NOTE: To verify the syntax only and not update iDRAC6 database, add the -c option to the config subcommand. Errors in the configuration file are flagged with the line number and a message that explains the problem. You must correct all errors before the configuration file can update iDRAC6. NOTE: Use the racresetcfg subcommand to reset the database and iDRAC6 NIC settings to the original default settings and remove all users and user configurations.
Configuring Multiple iDRAC6s Using a configuration file, you can configure other iDRAC6s with identical properties. Follow these steps to configure multiple iDRAC6s: 1 Create the configuration file from iDRAC6 settings you want to replicate to the others. Enter the following command: racadm -r -u -p getconfig -f where is the name of a file to save iDRAC6 properties, such a myconfig.cfg.
racadm racresetcfg c Load the configuration file into iDRAC6 with the following command: racadm -r -u -p config -f where is the name of the configuration file you created. Include the full path if the file is not in the working directory.
Using the RACADM Command Line Interface
14 Power Monitoring and Power Management Dell PowerEdge systems incorporate many new and enhanced power management features. The entire platform, from hardware to firmware to systems management software, has been designed with a focus on power efficiency, power monitoring, and power management. NOTE: iDRAC6 power management logic utilizes a Complex Programmable Logic Device (CPLD) present in the blade server. A few platforms also support an extended CPLD.
Configuring and Managing Power You can use iDRAC6 Web interface and RACADM command line interface (CLI) to manage and configure power controls on the Dell PowerEdge system. Specifically, you can: • View the power status of the server. See "Viewing Power Monitoring" on page 307. • View power budget information for the server, including the minimum and maximum potential power consumption. See "Viewing Power Budget" on page 311. • View power budget threshold for the server.
Viewing Power Monitoring Using the Web Interface To view the power monitoring data: 1 Log in to iDRAC6 Web interface. 2 In the system tree, select Power Monitoring. The Power Monitoring screen is displayed, displaying the following information: Power Monitoring • Status: A green check indicates that the power status is normal, Warning indicates that a warning alert was issued, and Severe indicates a failure alert was issued. • Probe Name: Lists the name of the sensor.
– System Peak Amperage specifies the system peak amperage. The peak value is the highest value recorded between the Measurement Start Time and now. The peak time was the point in time when that peak value occurred. Click Reset at the end of the table row to set it back to the current instantaneous value (which, if the server is running, will not be 0). Clicking reset will also reset the measurement start time to the current time.
Show Graph Click Show Graph to display graphs illustrating iDRAC6 power consumption in Watts over the last hour, 24 hours, three days, and one week. Use the drop-down menu provided above the graph to select the time period. NOTE: Each data point plotted on the graphs represents the average of readings over a 5 minute period. As a result, the graphs may not reflect brief fluctuations in power or current consumption.
iDRAC6 also supports power allocation to the PCIe expansion-cards for applicable platforms. You can change the power allocated to the PCIe expansion-cards installed in the expansion slot in the server. Two PCIe cards can be installed in the applicable platforms. iDRAC dynamically adjusts the power envelope close to the actual system requirement for the blade, adds the power allocated for the expansion-card slot, and requests for the combined power from CMC.
Viewing Power Budget The server provides power budget status overviews of the power subsystem on the Power Budget screen. Using the Web Interface NOTE: To perform power management actions, you must have Administrative privilege. 1 Log in to iDRAC6 Web interface. 2 In the system tree, select System. 3 Click the Power Management tab, and then click Power Budget. The Power Budget screen is displayed.
Power Budget Threshold Power Budget Threshold, if enabled, enforces power limits for the system. System performance is dynamically adjusted to maintain power consumption near the specified threshold. Actual power consumption may be less for light workloads and momentarily may exceed the threshold until performance adjustments have completed. NOTE: Power Budget Threshold information is read-only and cannot be enabled or configured in iDRAC6. Using the Web Interface 1 Log in to iDRAC6 Web interface.
racadm getconfig -g cfgServerPower -o cfgServerPowerCapBTUhr returns racadm getconfig -g cfgServerPower -o cfgServerPowerCapPercent returns NOTE: For more information about cfgServerPower, including output details, see cfgServerPower in the RACADM Command Line Reference Guide for iDRAC and CMC available on the Dell Support website at support.dell.com/manuals.
Using RACADM To view the current power allocated for the PCIe expansion-cards using remote RACADM, on the remote system, open a command prompt and enter the following command: racadm -r -u -p config -g cfgServerPower -o cfgServerPowerPCIeAllocation Returns . The default value is 500W.
Using the Web Interface 1 Log in to iDRAC6 Web interface. 2 In the system tree, select System. 3 Click the Power Management tab. The Power Control screen displays. 4 Select one of the following Power Control Operations by clicking its radio button: – Power On System turns on the server (the equivalent of pressing the power button when the server power is off). This option is disabled if the system is already powered on. – Power Off System turns off the server.
Using RACADM To perform power actions from local RACADM, enter the below command at a command prompt: racadm serveraction where is powerup, powerdown, powercycle, hardreset, or powerstatus. NOTE: For more information about serveraction, including output details, see serveraction in the RACADM Command Line Reference Guide for iDRAC and CMC available on the Dell Support website at support.dell.com/manuals.
15 Using iDRAC6 Enterprise SM-CLP Command Line Interface This section provides information about the Server Management Workgroup (SMWG) Server Management-Command Line Protocol (SM-CLP) that is incorporated in iDRAC6. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SMWG SM-CLP specifications. For more information on these specifications, see the Distributed Management Task Force (DMTF) website at dmtf.org.
System Management With SM-CLP iDRAC6 SM-CLP enables you to manage the following system features from a command line: • Server Power Management — Turn on, shutdown, or reboot the system • System Event Log (SEL) Management — Display or clear the SEL records • iDRAC6 user account management • Active Directory configuration • iDRAC6 LAN configuration • SSL Certificate Signature Request (CSR) generation • Virtual media configuration iDRAC6 SM-CLP Support SM-CLP is hosted from iDRAC6 firmware, and s
Syntax: telnet $ (the CLI prompt is displayed) $smclp (at the CLI prompt, type smclp) SM-CLP Features The SM-CLP specification provides a common set of standard SM-CLP verbs that can be used for simple systems management through the CLI. SM-CLP promotes the concept of verbs and targets to provide system configuration capabilities through the CLI. The verb indicates the operation to perform and the target is the entity (or object) on which the operation is performed.
Table 15-1. Supported SM-CLP CLI Verbs (continued) Verb Description Options reset Resets the target. –examine, –help, –output, –version Syntax: reset [options] [target] set Sets the properties of a target Syntax: –examine, –help, –output, –version set [options] [target] = show Displays the target properties, verbs, and subtargets.
Table 15-2 describes the SM-CLP options. Some options have abbreviated forms, as shown in the table. Table 15-2. Supported SM-CLP Options SM-CLP Option Description -all, -a Instructs the verb to perform all possible functions. -destination Specifies the location to store an image in the dump command. Syntax: –destination -display, -d Filters the command output.
Navigating the MAP Address Space NOTE: The slash (/) and backslash (\) are interchangeable in SM-CLP address paths. However, a backslash at the end of a command line continues the command on the next line and is ignored when the command is parsed. Objects that can be managed with SM-CLP are represented by targets arranged in a hierarchical space called the Manageability Access Point (MAP) address space. An address path specifies the path from the root of the address space to an object in the address space.
To list only certain properties, qualify them, as in the following command: show –d properties=(userid,name) /admin1/system1/sp1/oemdcim_mfaaccount1 If you only want to show one property, you can omit the parentheses. Using the -level Option The show -level option executes show over additional levels beneath the specified target. To see all targets and properties in the address space, use the -l all option.
Server Power Management Table 15-3 provides examples of using SM-CLP to perform power management operations on a managed server. Enter "smclp" to start the SM-CLP console. Table 15-3. Server Power Management Operations Operation Syntax Logging in to iDRAC6 using the SSH interface >ssh 192.168.0.120 >login: root >password: Enter "smclp" to start the SM–CLP console.
Table 15-4. SEL Management Operations Operation Syntax Viewing the SEL ->show -d targets,properties,verbs /admin1/system1/logs1/log1 Might return: Targets: record1/ record2/...
Table 15-4. SEL Management Operations (continued) Operation Syntax Viewing the SEL record ->show /admin1/system1/logs1/log1/record4 Might return: ufip=/admin1/system1/logs1/log1/record4 Associations:LogManagesRecord= >/admin1/system1/logs1/log1 Properties: RecordData=*0.0.65*4 2*1245152621*65 65*4*31*0*true*111*1*255*255* RecordFormat= *IPMI_SensorNumber.IPMI_OwnerLUN.
Table 15-4. SEL Management Operations (continued) Operation Syntax Verbs: show exit version cd help delete Clearing the SEL ->delete /admin1/system1/logs1/log1/record* Returns: Records deleted successfully. Table 15-5. Map Target Navigation Operations Operation Syntax Navigate to the system target and reboot ->cd admin1/system1 ->reset NOTE: The current default target is /.
Using iDRAC6 Enterprise SM-CLP Command Line Interface
Using the WS-MAN Interface 16 Web Services for Management (WS–MAN) is a Simple Object Access Protocol (SOAP)–based protocol used for systems management. WS–MAN provides an interoperable protocol for devices to share and exchange data across networks. iDRAC6 uses WS–MAN to convey Distributed Management Task Force (DMTF) Common Information Model (CIM)–based management information; the CIM information defines the semantics and information types that can be manipulated in a managed system.
• ENUMERATE the contents of containers and collections, such as large tables and logs • EXECUTE specific management methods with strongly typed input and output parameters Supported CIM Profiles Table 16-1. Supported CIM Profiles Standard DMTF 1 Base Server Defines CIM classes for representing the host server. 2 Base Metrics Defines CIM classes for providing the ability to model and control metrics captured for managed elements.
Table 16-1. Supported CIM Profiles (continued) 10 DHCP Client Defines CIM classes for representing a DHCP client and its associated capabilities and configuration. 11 DNS Client Defines CIM classes for representing a DNS client in a managed system. 12 Record Log Defines CIM classes for representing different type of logs. iDRAC6 uses this profile to represent the System Event Log (SEL) and iDRAC6 RAC Log. 13 Role Based Authorization Defines CIM classes for representing roles.
Table 16-1. Supported CIM Profiles (continued) 3 OS Deployment Defines CIM and Dell extension classes for representing the configuration of OS Deployment features. It extends the management capability of referencing profiles by adding the capability to support OS deployment activities by manipulating OS Deployment features provided by the service processor.
Table 16-1. Supported CIM Profiles (continued) 12 iDRAC Card Defines CIM and Dell extension classes to represent the iDRAC6 inventory information. 13 Memory Defines CIM and Dell extension classes to represent the host's DIMM inventory information. 14 CPU Defines CIM and Dell extension classes to represent the host's CPU inventory information. 15 System Info Defines CIM and Dell extension classes to represent the host platform's inventory information.
Using the WS-MAN Interface
17 Deploying Your Operating System Using iVMCLI The Integrated Virtual Media Command Line Interface (iVMCLI) utility is a command-line interface that provides virtual media features from the management station to iDRAC6 in the remote system. Using iVMCLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the iVMCLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using iDRAC6 Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Windows systems. Creating an Image File for Linux Systems Use the Data Duplicator (dd) utility to create a bootable image file for your Linux system.
When you create the image file, do the following: • Follow standard network-based installation procedures. • Mark the deployment image as "read only" to ensure that each target system boots and executes the same deployment procedure. 4 Perform one of the following procedures: • Integrate IPMItool and the Virtual Media command line interface (iVMCLI) into your existing operating system deployment application. Use the sample ivmdeploy script as a guide to using the utility.
To run the ivmdeploy script, enter the following command at the command prompt: ivmdeploy -r ip.
Using the Virtual Media Command Line Interface Utility The Virtual Media Command Line Interface (iVMCLI) utility is a scriptable command-line interface that provides virtual media features from the management station to iDRAC6. The iVMCLI utility provides the following features: NOTE: When virtualizing read-only image files, multiple sessions may share the same image media. When virtualizing physical drives, only one session can access a given physical drive at a time.
To add or edit users in the iVMCLI group, the administrator uses the visudo command. Users without administrator privileges can add the sudo command as a prefix to the iVMCLI command line (or to the iVMCLI script) to obtain access to iDRAC6 in the remote system and run the utility. Installing the iVMCLI Utility The iVMCLI utility is located on the Dell Systems Management Tools and Documentation DVD, which is included with your Dell OpenManage system management software kit.
If the remote system accepts the commands and iDRAC6 authorizes the connection, the command continues to run until either of the following occurs: • The iVMCLI connection terminates for any reason. • The process is manually terminated using an operating system control. For example, in Windows, you can use the Task Manager to terminate the process. NOTE: When you are using the iVMCLI command, if the parameter values have spaces between words, you must use quotes for the complete parameter value.
iDRAC6 User Name -u This parameter provides iDRAC6 user name that will run Virtual Media. The must have the following attributes: • Valid user name • iDRAC6 Virtual Media User permission If iDRAC6 authentication fails, an error message displays and the command terminates. iDRAC6 User Password -p This parameter provides the password for the specified iDRAC6 user.
For example, a device is specified as: -f a:\ (Windows system) -f /dev/sdb4 # 4th partition on device /dev/sdb (Linux system) If the device provides a write-protection capability, use this capability to ensure that Virtual Media will not write to the media. Omit this parameter from the command line if you are not virtualizing floppy media. If an invalid value is detected, an error message displays and the command terminates.
Root CA Certificate Validation -S This parameter is used to indicate if the iDRAC CA certificate is valid or not. If the certificate is not valid, the iVMCLI session is terminated and an error message is displayed indicating the certificate is not valid. If the certificate is valid, the iVMCLI session is established. Version Display -v This parameter is used to display the iVMCLI utility version. If no other non-switch options are provided, the command terminates without an error message.
iVMCLI Operating System Shell Options The following operating system features can be used in the iVMCLI command line: • stderr/stdout redirection — Redirects any printed utility output to a file. For example, using the greater-than character (>) followed by a filename overwrites the specified file with the printed output of the iVMCLI utility. NOTE: The iVMCLI utility does not read from standard input (stdin). As a result, stdin redirection is not required.
Deploying Your Operating System Using iVMCLI
18 Using iDRAC6 Configuration Utility Overview iDRAC6 Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for iDRAC6 and for the managed system.
Starting iDRAC6 Configuration Utility You must use an iDRAC6 Virtual Console-connected console to access iDRAC6 Configuration Utility initially or after resetting iDRAC6 to the default settings. 1 At the keyboard connected to iDRAC6 Virtual Console, press to display iDRAC6 Virtual Console On Screen Configuration and Reporting (OSCAR) menu. Use and to highlight the slot containing your server, then press .
• The bottom line of the screen displays instructions for the current item. You can press to display help for the current item. • When you have finished using iDRAC6 Configuration Utility, press to view the exit menu, where you can choose to save or discard your changes or return to the utility. The following sections describe iDRAC6 Configuration Utility menu items. iDRAC6 LAN Use the left-arrow and right-arrow keys and the spacebar to select between On and Off.
LAN Parameters Press to display the LAN Parameters submenu. When you have finished configuring the LAN parameters, press to return to the previous menu. Table 18-1. LAN Parameters Item Description Common Settings MAC Address This is the non-editable MAC address of iDRAC6 network interface. VLAN Enable Displays On/Off. On will enable the Virtual LAN filtering for iDRAC6. VLAN ID Displays any VLAN ID value between 1-4094.
Table 18-1. LAN Parameters (continued) Item Description Alert Destination if LAN Alert Enabled is set to On, enter the IP address where PET 1 LAN alerts will be forwarded. IPv4 Settings Enable or disable support for the IPv4 connection. IPv4 Select Enabled or Disabled IPv4 protocol support. The default is enabled. RMCP+ Encryption Key Press to edit the value and when finished. The RMCP+ Encryption key is a 40-character hexadecimal string (characters 0-9, a-f, and A-F).
Table 18-1. LAN Parameters (continued) Item Description DNS Server 1 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the second DNS server. IPv6 Settings IPv6 Enable or disable support for the IPv6 connection. IPv6 Address Source Select between AutoConfig and Static. When AutoConfig is selected, the IPv6 Address 1, Prefix Length, and Default Gateway fields are obtained from DHCP.
Virtual Media Configuration Virtual Media Use the left-arrow and right-arrow keys to select Auto-Attached, Attached or Detached. • If you select Attached, the virtual media devices are attached to the USB bus, making them available for use during Virtual Console sessions. • If you select Detached, users cannot access virtual media devices during Virtual Console sessions.
• SD card is write-protected. • One or more partitions are currently in-use. • One or more partitions are currently attached. vFlash Properties Press to view the following vFlash SD card properties: • Name - Displays the name of the vFlash SD card inserted into the server's vFlash SD card slot. If it is a Dell SD card, it displays vFlash SD Card. If it is a non-Dell SD card, it displays SD Card. • Size - Displays the vFlash SD card size in gigabytes (GB).
System Services System Services Use the left-arrow and right-arrow keys to select Enabled or Disabled. If enabled, certain iDRAC6 features can be configured through the Lifecycle Controller. For more information, see the Lifecycle Controller User Guide, available on the Dell Support Website at support.dell.com/manuals. NOTE: Modifying this option restarts the server when you Save and Exit to apply the new settings. Cancel System Services Use the up-arrow and down-arrow keys to select Yes or No.
Table 18-2. Lan User Configuration Screen Item Description Auto-Discovery The auto-discovery feature enables automated discovery of unprovisioned systems on the network; further, it securely establishes initial credentials so that these discovered systems can be managed. This feature enables iDRAC6 to locate the provisioning server. iDRAC6 and provisioning service server mutually authenticate each other.
Table 18-2. Lan User Configuration Screen (continued) Item Description Auto–Discovery (continued...) Before adding your Dell system to the network and using the auto–discovery feature, ensure that: • Dynamic Host Configuration Protocol (DHCP) server/Domain Name System (DNS) are configured. • Provisioning Web services is installed, configured, and registered. Provisioning Server This field is used to configure the provisioning server.
Reset to Default Use the Reset to Default menu item to reset all of iDRAC6 configuration items to the factory defaults. This may be required, for example, if you have forgotten the administrative user password or if you want to reconfigure iDRAC6 from the default settings. NOTE: In the default configuration, iDRAC6 networking is disabled. You cannot reconfigure iDRAC6 over the network until you have enabled iDRAC6 network in iDRAC6 Configuration Utility. Press to select the item.
Press to exit the System Event Log. NOTE: You can only clear the SEL in iDRAC6 Configuration Utility or in iDRAC6 Web interface. To clear the SEL, select Clear System Event Log and press . When you have finished with the SEL menu, press to return to the previous menu. Exiting iDRAC6 Configuration Utility When you have finished making changes to iDRAC6 configuration, press the key to display the Exit menu. • Select Save Changes and Exit and press to retain your changes.
Using iDRAC6 Configuration Utility
19 Recovering and Troubleshooting the Managed System This section explains how to perform tasks related to diagnosing and troubleshooting a remote managed system using iDRAC6 utilities.
Trouble Indicators This section describes indications that there may be a problem with your system. LED Indicators LEDs on the chassis or on components installed in the chassis are generally the first indicators of system trouble. The following components and modules have status LEDs: • Chassis LCD display • Servers • Fans • CMCs • I/O modules • Power supplies The single LED on the chassis LCD summarizes the status of all of the components in the system.
Hardware Trouble Indicators Indications that a module has a hardware problem include the following: • Failure to power up • Noisy fans • Loss of network connectivity • Battery, temperature, voltage, or power monitoring sensor alerts • Hard drive failures • USB media failure • Physical damage caused by dropping, water, or other external stress When these kinds of problems occur, inspect the damage caused, and then try to correct the problem using these strategies: • Reseat the module and resta
Table 19-2. Trouble Indicators (continued) Look for: Action: Messages in iDRAC6 Log See "Viewing iDRAC6 Log" on page 377. Problem Solving Tools This section describes iDRAC6 utilities you can use to diagnose problems with your system, especially when you are trying to solve problems remotely.
Click any component on the Server Health section to see information about the component. Sensor readings are displayed for batteries, temperatures, voltages, and power monitoring, helping to diagnose some types of problems. iDRAC6 and CMC information screens provide useful current status and configuration information. Checking the System Event Log (SEL) The SEL Log screen displays messages for events that occur on the managed server.
Table 19-4. SEL Buttons (continued) Button Action Save As Opens a pop-up window that enables you to save the SEL to a directory of your choice. NOTE: If you are using Internet Explorer and encounter a problem when saving, be sure to download the Cumulative Security Update for Internet Explorer, located on the Microsoft Support website at support.microsoft.com. NOTE: When using Internet Explorer, if you are not able to save the SEL Log using Save As, it may be due to a browser setting.
The clrsel command removes all existing records from the SEL: racadm clrsel Checking the Post Codes The Post Codes screen displays the last system post code prior to booting the operating system. Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from Power on Reset, and allow you to diagnose any faults related to system boot-up. NOTE: View the text for POST code message numbers in the LCD display or in the Hardware Owner’s Manual.
Viewing the Most Recent Boot Sequences If you experience boot problems, you can view the screen activity of what happened during the last three boot sequences from the Boot Capture screen. Playback of the boot screens occurs at a rate of 1 frame per second. iDRAC6 records fifty frames during boot time. If iDRAC is reset, the boot capture video is not available since it is stored in RAM and is deleted when iDRAC resets. Table 19-5 lists the available control actions.
Viewing and Adding Work Notes The Work Notes page displays the work note entries stored in the Lifecycle Log. To view the Work Notes page, expand the System tree and click SystemsLogsWork Notes. The time stamp recorded for each work note entry and the work note contents are displayed. The timestamp format is yyyy/mm/dd hh:mm:ss, based on a 24-hour clock. Each user who logs in to iDRAC can add work notes to the log. A maximum of 50 characters is supported for each new work note.
Table 19-6.
Table 19-6.
Table 19-6.
Table 19-6.
Table 19-6.
Table 19-6.
Table 19-6.
Table 19-6.
Table 19-7. iDRAC6 Log Information Field Description Date/Time The date and time (for example, Dec 19 16:55:47). iDRAC6 sets its clock from the managed server’s clock at iDRAC6 initialization. If the managed server is off when iDRAC6 is started, then iDRAC6 sets its clock from the CMC in the chassis where the blade resides.
CAUTION: To ensure that the computer used to access iDRAC is safe, under Miscellaneous, the Launching applications and unsafe files option must not be enabled. Viewing System Information The System Details screen displays information about the following system components: • Main system enclosure • Integrated Dell Remote Access Controller 6—Enterprise To access the system information, click System PropertiesSystem Details.
Using the Diagnostics Console iDRAC6 provides a standard set of network diagnostic tools (see Table 19-8) that are similar to the tools included with Microsoft Windows or Linux-based systems. Using iDRAC6 Web interface, you can access the network debugging tools. Click Reset iDRAC6 to reset the iDRAC. A normal boot operation is performed on the iDRAC. To access the Diagnostics Console screen, perform the following steps: 1 Click System iDRAC Settings Troubleshooting. 2 Select the Diagnostics Console tab.
Table 19-8. Diagnostic Commands (continued) Command Description traceroute Used to determine the route taken by packets across an IP network. traceroute6 Used to determine the route taken by packets across an IPv6 network. gettracelog Displays iDRAC6 trace log. For more information, see gettracelog in the RACADM Command Line Reference Guide for iDRAC and CMC available on the Dell Support website at support.dell.com/manuals.
Table 19-9. Power Control Actions (continued) Graceful Shutdown Attempts to cleanly shut down the operating system, then powers off the system. It requires an ACPI (Advanced Configuration and Power Interface) aware operating system, which allows for system directed power management. NOTE: A graceful shutdown of the server operating system may not be possible when the server software stops responding, or if you are not logged as an administrator at a local Windows console.
Troubleshooting and Frequently Asked Questions Table 19-10 contains frequently asked questions about troubleshooting issues. Table 19-10. Frequently Asked Questions/Troubleshooting Question Answer The LED on the server is blinking amber. Check the SEL for messages and then clear the SEL to stop the blinking LED. From iDRAC6 Web interface, see "Checking the System Event Log (SEL)" on page 365. From SM-CLP, see "SEL Management" on page 324.
Table 19-10. Frequently Asked Questions/Troubleshooting (continued) Question Answer For example: $ racadm getniccfg -m server-1 DHCP Enabled IP Address Subnet Mask Gateway = = = = 1 192.168.0.1 255.255.255.0 192.168.0.1 From local RACADM: Enter the following command at a command prompt: racadm getsysinfo From the LCD: 1 On the Main Menu, highlight Server and press the check button. 2 Select the server whose IP address you seek and press the check button.
Table 19-10. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of CMC? From iDRAC6 Web interface: • Click System iDRAC Settings CMC. CMC IP address is displayed on the CMC Summary screen. From the Virtual Console: • Select the "Dell CMC" console in the OSCAR to log in to CMC through a local serial connection. CMC RACADM commands can be issued from this connection.
Table 19-10. Frequently Asked Questions/Troubleshooting (continued) Question Answer I have forgotten iDRAC6 administrative user name and password. You must restore iDRAC6 to its default settings. 1 Reboot the server and press when prompted to enter iDRAC6 Configuration Utility. 2 On iDRAC6 Configuration Utility menu, highlight Reset to Default and press . NOTE: You can also reset iDRAC6 from local RACADM by issuing racadm racresetcfg.
Table 19-10. Frequently Asked Questions/Troubleshooting (continued) Question Answer When attempting to boot the managed server, the power indicator is green, but there is no POST or no video at all. This can happen if any of the following conditions is true: • Memory is not installed or is inaccessible. • The CPU is not installed or is inaccessible. • The video riser card is missing or improperly connected. Also, look for error messages in iDRAC6 log from iDRAC6 Web interface or from the LCD.
Recovering and Troubleshooting the Managed System
Index A Active Directory adding DRAC 5 users, 144 configuring access to the DRAC 5, 136 managing certificates, 111 objects, 133 schema extensions, 132 using with extended schema, 132 using with standard schema, 152 using with the DRAC 5, 127 bootable image file creating, 336 C Certificate Signing Request. See CSR ActiveX console redirection plug-in, 225 certificates Active Directory, 111 exporting the root CA certificate, 130 SSL and digital, 107 viewing a server certificate, 111 alert management.
configuring Local iDRAC6 users for Smart Card logon, 180 configuring multiple iDRACs with RACADM, 302 configuring Smart Card Login, 178 console redirection configuring, 222 opening a session, 224 using, 219 CSR about, 108 generating, 109 D delete a partition, 254 diagnostics console, 380 digital signature, verify, 53-56 Distributed Management Task Force (DMTF), 317 documents you may need, 27 DOS update utility, 58 DRAC 5 configuring, 146, 154 Enabling or Disabling SD card, 244 extended schema using with A
I iDRAC creating a configuration file, 297 log, viewing, 377 recovering firmware, 124 securing communications, 107 updating the firmware, 52 iDRAC configuration utility configuring LAN user, 355 iDRAC KVM displaying OSCAR, 348 iDRAC service ports, 25 iDRAC6 configuring standard schema Active Directory, 162 resetting to factory defaults, 358 SSH, 76 iDRAC6 configuration utility, 32 configuring IPMI, 349 configuring network properties, 349 configuring virtual media, 353 starting, 348 iDRAC6 firmware rollback,
J configuring, 81 Java console redirection plug-in, 74, 225 K key, verify, 54, 56 management storage, 81 management station configuring, 65-74 configuring for console redirection, 221 installing the software, 78-79 network requirements, 65 MAP navigating L last crash screen capturing on the managed server, 82 viewing, 367 Lifecycle Controller User Guide, 355 local RACADM, 33 Media Redirection wizard, 266-267 mouse pointer synchronizing, 230 Mozilla Firefox disabling whitelist, 72 supported versions, 7
O supported, 24 On Screen Configuration and Reporting.
config, 82, 276 getconfig, 234, 276, 297-298 getniccfg, 276 getraclog, 276 getractime, 276 getssninfo, 276 getsvctag, 276 getsysinfo, 277 gettracelog, 277 racreset, 277 racresetcfg, 277 serveraction, 277 setniccfg, 277 sslcertdownload, 278 sslcertupload, 278 sslcertview, 278 sslcsrgen, 278 testemail, 278 testtrap, 278 reboot option disabling, 83 remote access connections supported, 25 resetting iDRAC6 to defaults, 358 Secure Sockets Layer (SSL) importing the firmware certificate, 131 secure sockets layer.
Simple Network Management Protocol.
Update Packages verifying the digital signature, 53-56 USB flash drive emulation type, 353 user configuration, 103 users adding and configuring with the web interface, 99 configuring LAN user with iDRAC6 configuration utility, 355 Using iDRAC6 with LDAP Directory Service, 161 using RACADM to configure iDRAC6 Users, 102-103 utilities dd, 336 iVMCLI, 335 video viewer, 226 V verify digital signature, 53-56 public key, 54, 56 vFlash Partitions, 239 vFlash SD Card, 239 vFlash SD Card Properties, 243 video viewe
configuring the web server service, 120 logging in, 86 logging out, 87 updating firmware, 123 web server, iDRAC configuring with the web interface, 120 Index 397
Index