Integrated Dell Remote Access Controller 8 (iDRAC8) Version 2.05.05.05 User's Guide December 2014 Rev.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. NOTE: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2014 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents Chapter 1: Overview.....................................................................................................................14 Benefits of Using iDRAC With Lifecycle Controller................................................................................................... 14 Key Features....................................................................................................................................................................... 15 New In This Release..........
Setting Up iDRAC IP Using CMC Web Interface.................................................................................................39 Enabling Auto-discovery............................................................................................................................................ 40 Configuring Servers and Server Components Using Auto Config...................................................................40 Using Hash Passwords for Improved Security...............................
Modifying Network Settings Using Web Interface..............................................................................................70 Modifying Network Settings Using Local RACADM........................................................................................... 70 Configuring IP Filtering............................................................................................................................................... 71 Configuring Services......................................
Checking the System for Fresh Air Compliance........................................................................................................ 94 Viewing Historical Temperature Data...........................................................................................................................94 Viewing Historical Temperature Data Using iDRAC Web Interface................................................................ 95 Viewing Historical Temperature Data Using RACADM......................
Configuring Extended Schema Active Directory................................................................................................126 Testing Active Directory Settings..........................................................................................................................134 Configuring Generic LDAP Users.................................................................................................................................
Viewing System Event Log........................................................................................................................................... 154 Viewing System Event Log Using Web Interface.............................................................................................. 154 Viewing System Event Log Using RACADM....................................................................................................... 154 Viewing System Event Log Using iDRAC Settings Utility...
Understanding RAID Concepts..................................................................................................................................... 172 What Is RAID?.............................................................................................................................................................172 Organizing Data Storage For Availability And Performance............................................................................ 173 Choosing RAID Levels ...............
Storage Devices — Apply Operation Scenarios......................................................................................................206 Blinking or Unblinking Component LEDs................................................................................................................... 207 Blinking or Unblinking Component LEDs Using Web Interface...................................................................... 207 Blinking or Unblinking Component LEDs Using RACADM........................
Chapter 17: Managing vFlash SD Card........................................................................................230 Configuring vFlash SD Card......................................................................................................................................... 230 Viewing vFlash SD Card Properties......................................................................................................................230 Enabling or Disabling vFlash Functionality....................
Configuring iDRAC Quick Sync Settings Using iDRAC Settings Utility....................................................... 258 Using Mobile Device to View iDRAC Information....................................................................................................258 Chapter 22: Deploying Operating Systems................................................................................ 259 Deploying Operating System Using VMCLI ..........................................................................
SNMP Authentication.................................................................................................................................................... 282 Storage Devices.............................................................................................................................................................. 282 iDRAC Service Module..............................................................................................................................................
1 Overview The Integrated Dell Remote Access Controller (iDRAC) is designed to make server administrators more productive and improve the overall availability of Dell servers. iDRAC alerts administrators to server issues, helps them perform remote server management, and reduces the need for physical access to the server. iDRAC with Lifecycle controller technology is part of a larger datacenter solution that helps keep business critical applications and workloads available at all times.
For more information on Lifecycle Controller GUI, see Lifecycle Controller User’s Guide and for remote services, see Lifecycle Controller Remote Services User’s Guide available at dell.com/support/manuals. Key Features The key features in iDRAC include: NOTE: Some of the features are available only with iDRAC Enterprise license. For information on the features available for a license, see Managing Licenses. Inventory and Monitoring ● View managed server health.
■ Securely erase the data. ○ Set the backplane mode (unified or split mode). ○ Blink or unblink component LEDs. ○ Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update ● Manage iDRAC licenses. ● Update BIOS and device firmware for devices supported by Lifecycle Controller. ● Update or rollback iDRAC firmware and lifecycle controller firmware using a single firmware image.
● Login failure limits per IP address, with login blocking from that IP address when the limit is exceeded. ● Limited IP address range for clients connecting to iDRAC. ● Dedicated Gigabit Ethernet adapter available on rack and tower servers (additional hardware may be required).
Acquiring Licenses Use any of the following methods to acquire the licenses: ● E-mail — License is attached to an email that is sent after requesting it from the technical support center. ● Self-service portal — A link to the Self-Service Portal is available from iDRAC. Click this link to open the licensing Self-Service Portal on the internet. Currently, you can use the License Self-Service Portal to retrieve licenses that were purchased with the server.
Table 1. License Operations Based on State and Condition (continued) License/ Component state or condition Import Export Delete Replace Learn More Active license Yes Yes Yes Yes Yes Expired license No Yes Yes Yes Yes License installed but component missing No Yes Yes No Yes NOTE: In the iDRAC Web interface, on the Licenses page, expand the device to view the Replace option in the dropdown menu.
Feature iDRAC8 Basic iDRAC8 Express iDRAC8 Express for Blades iDRAC8 Enterprise Shared NIC Yes Yes N/A Yes 1 Dedicated NIC 2 Yes Yes Yes Yes 2 VLAN tagging Yes Yes Yes Yes IPv4 Yes Yes Yes Yes IPv6 Yes Yes Yes Yes DHCP Yes Yes Yes Yes Dynamic DNS Yes Yes Yes Yes OS pass-through Yes Yes Yes Yes Front panel USB Yes Yes Yes Yes Role-based authority Yes Yes Yes Yes Local users Yes Yes Yes Yes SSL encryption Yes Yes Yes Yes IP blocking No Yes Ye
Feature iDRAC8 Basic iDRAC8 Express iDRAC8 Express for Blades iDRAC8 Enterprise Virtual Console collaboration (up to six simultaneous users) No No No Yes Virtual Console chat No No No Yes Virtual Flash partitions No No No Yes Automatic power on after loss Yes Yes Yes Yes Real-time power meter Yes Yes Yes Yes Power thresholds and alerts (includes headroom) No Yes Yes Yes Real-time power graphing No Yes Yes Yes Historical power counters No Yes Yes Yes Power capping
Feature iDRAC8 Basic iDRAC8 Express iDRAC8 Express for Blades iDRAC8 Enterprise Remote agent-free update Yes Yes Yes Yes Embedded update tools Yes Yes Yes Yes Sync with repository (scheduled updates) No No No Yes Auto-update No No No Yes Embedded OS deployment tools Yes Yes Yes Yes Embedded configuration tools (iDRAC Settings Utility) Yes Yes Yes Yes Embedded configuration wizards (Lifecycle Controller wizards) Yes Yes Yes Yes Auto-Discovery No Yes Yes Yes Remote
Feature iDRAC8 Basic iDRAC8 Express iDRAC8 Express for Blades iDRAC8 Enterprise iDRAC Service Module (iSM) Yes Yes Yes Yes Embedded Tech Support Report Yes Yes Yes Yes Crash screen capture No Yes Yes Yes Crash video capture No No No Yes Boot capture No No No Yes Manual reset for iDRAC Yes Yes Yes Yes Virtual NMI Yes Yes Yes Yes OS watchdog Yes Yes Yes Yes Embedded Health Report Yes Yes Yes Yes System Event Log Yes Yes Yes Yes Lifecycle Log Yes Yes Ye
Table 2. Interfaces and Protocols to Access iDRAC (continued) Interface or Protocol Description RACADM Use this command line utility to perform iDRAC and server management. You can use RACADM locally and remotely. ● Local RACADM command line interface runs on the managed systems that have Server Administrator installed. Local RACADM communicates with iDRAC through its in-band IPMI host interface.
Table 2. Interfaces and Protocols to Access iDRAC (continued) Interface or Protocol Description VMCLI Use the Virtual Media Command Line Interface (VMCLI) to access a remote media through the management station and deploy operating systems on multiple managed systems. SMCLP Use Server Management Workgroup Server Management-Command Line Protocol (SMCLP) to perform systems management tasks. This is available through SSH or Telnet. For more information about SMCLP, see Using SMCLP.
The following table lists the ports that iDRAC uses as a client. Table 4.
● The Glossary provides information about the terms used in this document. The following system documents are available to provide more information: ● The iDRAC Overview and Feature Guide provides information about iDRAC, its licensable features, and license upgrade options. ● The safety instructions that came with your system provide important safety and regulatory information. For additional regulatory information, see the Regulatory Compliance home page at dell.com/regulatory_compliance.
3. From the All products page, click Software, and then click the required link. 4. Click the required product and then click the required version. Using search engines, type the name and version of the document in the search box.
2 Logging into iDRAC You can log in to iDRAC as an iDRAC user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. The default user name and password is root and calvin, respectively. You can also log in using Single Sign-On or Smart Card. NOTE: You must have Login to iDRAC privilege to log in to iDRAC.
4. For an Active Directory user, in the Username and Password fields, enter the Active Directory user name and password. If you have specified the domain name as a part of the username, select This iDRAC from the drop-down menu. The format of the user name can be: \, /, or @. For example, dell.com\john_doe, or JOHN_DOE@DELL.COM. If the domain is not specified in the user name, select the Active Directory domain from the Domain drop-down menu. 5.
NOTE: If you are a local user for whom Enable CRL check for Smart Card Logon is enabled, iDRAC attempts to download the CRL and checks the CRL for the user's certificate. The login fails if the certificate is listed as revoked in the CRL or if the CRL cannot be downloaded for some reason.
To login to iDRAC using Web interface: 1. Log in to your management station using a valid Active Directory account. 2. In a Web browser, type https://[FQDN address] NOTE: If the default HTTPS port number (port 443) has been changed, type: https://[FQDN address]:[port number] where, [FQDN address] is the iDRAC FQDN (iDRACdnsname.domain. name) and [port number] is the HTTPS port number. NOTE: If you use IP address instead of FQDN, SSO fails.
Accessing iDRAC Using Local RACADM For information to access iDRAC using local RACADM, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals. Accessing iDRAC Using Firmware RACADM You can use SSH or Telnet interfaces to access iDRAC and run firmware RACADM commands. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.
Table 5. Multiple iDRAC Sessions (continued) Interface Number of Sessions Telnet - 2 Serial - 1 Changing Default Login Password The warning message that allows you to change the default password is displayed if: ● You log in to iDRAC with Configure User privilege. ● Default password warning feature is enabled. ● Credentials for any currently enabled account are root/calvin. A warning message is also displayed when you log in to iDRAC using SSH, Telnet, remote RACADM, or the Web interface.
2. In the Change Password field, enter the new password. 3. Click Back, click Finish, and then click Yes. The details are saved. Enabling or Disabling Default Password Warning Message You can enable or disable the display of the default password warning message. To do this, you must have Configure Users privilege. Enabling or Disabling Default Password Warning Message Using Web Interface To enable or disable the display of the default password warning message after logging in to iDRAC: 1.
3 Setting Up Managed System and Management Station To perform out-of-band systems management using iDRAC, you must configure iDRAC for remote accessibility, set up the management station and managed system, and configure the supported Web browsers. NOTE: In case of blade servers, install CMC and I/O modules in the chassis and physically install the system in the chassis before performing the configurations. Both iDRAC Express and iDRAC Enterprise ship from the factory with a default static IP address.
NOTE: In case of blade servers, you can configure the network setting using the Chassis LCD panel only during initial configuration of CMC. After the chassis is deployed, you cannot reconfigure iDRAC using the Chassis LCD panel. ● CMC Web interface (see Dell Chassis Management Controller Firmware User’s Guide) In case of rack and tower servers, you can set up the IP address or use the default iDRAC IP address 192.168.0.
NOTE: For information about the options, see the iDRAC Settings Utility Online Help. 1. Under Enable NIC, select the Enabled option. 2. From the NIC Selection drop-down menu, select one of the following ports based on the network requirement: ● Dedicated — Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC).
● Static Subnet Mask 3. Optionally, enable Use DHCP to obtain DNS server address, so that the DHCP server can assign the Static Preferred DNS Server and Static Alternate DNS Server. Else, enter the IP addresses for Static Preferred DNS Server and Static Alternate DNS Server. IPv6 Settings Alternately, based on the infrastructure setup, you can use IPv6 address protocol. To configure the IPv6 settings: 1. Select Enabled option under Enable IPv6. 2.
● ● ● ● ● ● Network Settings Common Settings IPV4 Settings IPV6 Settings IPMI Settings VLAN Settings NOTE: For more information, see iDRAC Online Help. 7. To save the network information, click Apply. For more information, see the Chassis Management Controller User’s Guide available at dell.com/support/manuals. Enabling Auto-discovery The auto-discovery feature allows newly installed servers to automatically discover the remote management console that hosts the provisioning server.
When the iDRAC or CMC obtains an IP address from the DHCP server, the XML file is used to configure the devices. Auto-config is invoked only after the iDRAC gets its IP address from the DHCP server. If it does not get a response or an IP address from the DHCP server, then auto-config is not invoked. NOTE: ● You can enable Auto Config only if DHCPv4 and the Enable IPv4 options are enabled. ● Auto Config and auto-discovery features are mutually exclusive.
where, -l is the location of the Remote File Share and –f is the file name in the string along with the credentials to the Remote File Share. In this example, root and calvin are the username and password to the RFS. The DHCP Option 60 identifies and associates a DHCP client with a particular vendor. Any DHCP server configured to take action based on a client’s vendor ID should have Option 60 and Option 43 configured. With Dell PowerEdge servers, the iDRAC identifies itself with vendor ID: iDRAC.
● ● ● ● ● ● ● ShareType – -s (0 = NFS, 2 = CIFS) IPAddress – IP address of the file share. (-i ) Username – Required for CIFS (-u) Password – Required for CIFS (-p) ShutdownType – Specify Graceful or Forced. (-d) Timetowait - Default is 300 ( -t ) EndHostPowerState - (-e) Configuring Option 43 and Option 60 on Linux Update the /etc/dhcpd.conf file. Similar to Windows, the steps are : 1. Set aside a block or pool of addresses that this DHCP server can allocate. 2.
Enabling Auto Config Using RACADM To enable Auto Config feature using RACADM, use the iDRAC.NIC.AutoConfig object. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide. Using Hash Passwords for Improved Security For iDRAC in 13 th generation servers, you can set user passwords and BIOS passwords using a one way hash format. The user authentication mechanism is not affected (except for SNMPv3 and IPMI) and you can provide the password in plain text format.
Setting Up Management Station A management station is a computer used for accessing iDRAC interfaces to remotely monitor and manage the PowerEdge server(s). To set up the management station: 1. Install a supported operating system. For more information, see the readme. 2. Install and configure a supported Web browser (Internet Explorer, Firefox, Chrome, or Safari). 3. Install the latest Java Runtime Environment (JRE) (required if Java plug-in type is used to access iDRAC using a Web browser). 4.
Related tasks Modifying Local Administrator Account Settings on page 46 Modifying Local Administrator Account Settings After setting the iDRAC IP address, you can modify the local administrator account settings (that is, user 2) using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings User Configuration page is displayed. 2. Specify the details for User Name, LAN User Privilege, Serial Port User Privilege, and Change Password.
● Set the maximum air exhaust temperature ● Increase airflow through a fan offset, if required ● Increase airflow through increasing minimum fan speed Modifying Thermal Settings Using iDRAC Web Interface To modify the thermal settings: 1. In the iDRAC Web interface, go to Overview > Hardware > Fans > Setup. The Fan Setup page is displayed. 2.
○ Custom — Enter the percentage value. The allowable range for minimum fan speed PWM is dynamic based on the system configuration. The first value is the idle speed and the second value is the configuration max (which may or may not be 100% based on system configuration). System fans can run higher than this speed as per thermal requirements of the system but not lower than the defined minimum speed. For example, setting Minimum Fan Speed at 35% limits the fan speed to never go lower than 35% PWM.
Object Description Usage FanSpeedHighOffsetVal ● Getting this variable reads the fan speed offset value in %PWM for High Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 1. Values from FanSpeedLowOffsetVal ● Getting this variable reads the fan speed offset value in %PWM for Low Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 0.
Object Description Usage Modifying Thermal Settings Using iDRAC Settings Utility To modify the thermal settings: 1. In the iDRAC Settings utility, go to Thermal. The iDRAC Settings Thermal page is displayed. 2. Specify the following: ● ● ● ● Thermal Profile Maximum Exhaust Temperature Limit Fan Speed Offset Minimum Fan Speed For information about the fields, see the Modifying Thermal Settings Using Web Interface.
● ● ● ● ● ● Do not prompt for client certificate selection when no certificates or only one certificate exists: Enable Launching programs and files in an IFRAME: Enable Open files based on content, not file extension: Enable Software channel permissions: Low safety Submit non-encrypted form data: Enable Use Pop-up Blocker: Disable Under Scripting: ● Active scripting: Enable ● Allow paste operations via script: Enable ● Scripting of Java applets: Enable 5. Go to Tools > Internet Options > Advanced. 6.
Related concepts Viewing Localized Versions of Web Interface on page 52 Related tasks Adding iDRAC to the List of Trusted Domains on page 52 Disabling Whitelist Feature in Firefox on page 52 Adding iDRAC to the List of Trusted Domains When you access iDRAC Web interface, you are prompted to add iDRAC IP address to the list of trusted domains if the IP address is missing from the list. When completed, click Refresh or relaunch the Web browser to establish a connection to iDRAC Web interface.
NOTE: See the browser documentation on how to configure or setup different languages and view localized versions of iDRAC Web interface.
Table 6. Firmware Update – Supported Components (continued) Component Name Firmware Rollback Supported? (Yes or No) Out-of-band— System Restart Required? In-band—System Restart Required? Lifecycle Controller GUI— Restart Required? iDRAC Yes **No *No *No Power Supply Unit Yes Yes Yes Yes CPLD No Yes Yes Yes FC Cards Yes Yes Yes Yes PCIe SSD Yes Yes Yes Yes * Indicates that though a system restart is not required, iDRAC must be restarted to apply the updates.
To update single device firmware using iDRAC Web interface: 1. Go to Overview > iDRAC Settings > Update and Rollback . The Firmware Update page is displayed. 2. On the Update tab, select Local as the File Location. 3. Click Browse, select the firmware image file for the required component, and then click Upload. 4. After the upload is complete, the Update Details section displays each firmware file uploaded to iDRAC and its status.
5. Select the required updates and do one of the following: ● For firmware images that do not require a host system reboot, click Install. For example, .d7 firmware file. ● For firmware images that require a host system reboot, click Install and Reboot or Install Next Reboot. ● To cancel the firmware update, click Cancel. When you click Install, Install and Reboot or Install Next Reboot, the message Updating Job Queue is displayed. 6.
Before performing an update, make sure that: ● Lifecycle Controller is enabled. ● You have Server Control privilege to update firmware for devices other than iDRAC. To update device firmware using TFTP: 1. In the iDRAC Web interface, go to Overview > iDRAC Settings > Update and Rollback . The Firmware Update page is displayed. 2. On the Update tab, select TFTP as the File Location. 3. In the TFTP Server Settings section, enter the TFTP details. For information about the fields, see the iDRAC Online Help. 4.
When you click Install, Install and Reboot or Install Next Reboot, the message Updating Job Queue is displayed. 7. Click Job Queue to display the Job Queue page, where you can view and manage the staged firmware updates or click OK to refresh the current page and view the status of the firmware update. Enter the tasks the user should do after finishing this task (optional).
4. Select any of the following options to specify if a system reboot is required after the updates are staged: ● Schedule Updates — Stage the firmware updates but do not reboot the server. ● Schedule Updates and reboot Server — Enables server reboot after the firmware updates are staged. 5. Select any of the following to specify the location of the firmware images: ● Network — Use the catalog file from a network share (CIFS or NFS). Enter the network share location details.
Updating Firmware Using CMC Web Interface You can update iDRAC firmware for blade servers using the CMC Web interface. To update iDRAC firmware using the CMC Web interface: 1. Log in to CMC Web interface. 2. Go to Server > Overview > . The Server Status page is displayed. 3. Click Launch iDRAC Web interface and perform iDRAC Firmware Update.
Updating Firmware Using Lifecycle Controller Remote Services For information to update the firmware using Lifecycle Controller–Remote Services, see Lifecycle Controller Remote Services Quick Start Guide available at dell.com/support/manuals. Updating CMC Firmware From iDRAC In FX2/FX2s chassis, you can update the firmware for the Chassis Management Controller and any component that can be updated by CMC and shared by the servers from iDRAC.
Viewing and Managing Staged Updates Using RACADM To view the staged updates using RACADM, use jobqueue subcommand. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals. Rolling Back Device Firmware You can rollback the firmware for iDRAC or any device that is supported by Lifecycle Controller even if the update was previously performed using another interface.
● While in rollback mode, the rollback process continues in the background even if you navigate away from this page. ● If iDRAC configuration is reset to default values, the iDRAC IP address is reset to 192.168.0.120. You can access iDRAC using this IP, or reconfigure the iDRAC address using local RACADM or F2 (remote RACADM requires network access).
● System Health and Identify LED is flashed at ~1/2 second rate. (LED is located on the back of a rack and tower servers and on the front of a blade server.) ● Bootloader is now polling the SD card slot. ● Format an SD card with FAT using a Windows operating system, or EXT3 using a Linux operating system. ● Copy firmimg.d7 to the SD card. ● Insert the SD card into the server. ● Bootloader detects the SD card, turns the flashing LED to solid amber, reads the firmimg.
2. Select one of the following to save the backup file image: ● Network to save the backup file image on a CIFS or NFS share. ● vFlash to save the backup file image on the vFlash card. 3. Enter the backup file name and encryption passphrase (optional). 4. If Network is selected as the file location, enter the network settings. NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters.
A recurring job is represented in the job queue with a start date and time of the next scheduled backup operation. Five minutes after the first instance of the recurring job starts, the job for the next time period is created. The backup server profile operation is performed at the scheduled date and time. Scheduling Automatic Backup Server Profile Using RACADM To enable automatic backup use the command: racadm set lifecyclecontroller.lcattributes.
Importing Server Profile Using iDRAC Web Interface To import the server profile using iDRAC Web interface: 1. Go to Overview > iDRAC Settings > Server Profile > Import. The Import Server Profile page is displayed. 2. Select one of the following to specify the location of the backup file: ● Network ● vFlash 3. Enter the backup file name and decryption passphrase (optional). 4. If Network is selected as the file location, enter the network settings.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see Managing Licenses.
Managing Virtual Media on page 220 Managing vFlash SD Card on page 230 Setting First Boot Device on page 77 Enabling or Disabling OS to iDRAC Pass-through on page 78 Related tasks Configuring iDRAC to Send Alerts on page 143 Topics: • • • • • • • • • • • Viewing iDRAC Information Modifying Network Settings Configuring Services Using VNC Client to Manage Remote Server Configuring Front Panel Display Configuring Time Zone and NTP Setting First Boot Device Enabling or Disabling OS to iDRAC Pass-through Obtai
Modifying Network Settings Using Web Interface To modify the iDRAC network settings: 1. In the iDRAC Web interface, go to Overview > iDRAC Settings > Network. The Network page is displayed. 2. Specify the network settings, common settings, IPv4, IPv6, IPMI, and/or VLAN settings as per your requirement and click Apply.
Configuring IP Filtering In addition to user authentication, use the following options to provide additional security while accessing iDRAC: ● IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are denied.
○ Using config command: racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.57 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255 ○ Using set command: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.57 racadm set iDRAC.IPBlocking.RangeMask 255.255.255.255 ● To restrict logins to a set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.
○ cfgRacTuneWebserverEnable ○ cfgSsnMgtWebserverTimeout ○ cfgRacTuneHttpPort ○ cfgRacTuneHttpsPort ○ cfgRacTuneRemoteRacadmEnable ○ cfgSsnMgtRacadmTimeout ○ cfgOobSnmpAgentEnable ○ cfgOobSnmpAgentCommunity ● Use the objects in the following object groups with the set command: ○ iDRAC.LocalSecurity ○ iDRAC.LocalSecurity ○ iDRAC.SSH ○ iDRAC.Webserver ○ iDRAC.Telnet ○ iDRAC.Racadm ○ iDRAC.SNMP For more information about these objects, see iDRAC8 RACADM Command Line Interface Reference Guide available at dell.
If video encryption is disabled, the VNC client starts RFB handshake directly, and a SSL handshake is not required. During VNC client handshake (RFB or SSL), if another VNC session is active or if a Virtual Console session is open, the new VNC client session is rejected. After completion of the initial handshake, VNC server disables Virtual Console and allows only Virtual Media. After termination of the VNC session, VNC server restores the original state of Virtual Console (enabled or disabled).
Configuring Front Panel Display You can configure the front panel LCD and LED display for the managed system. For rack and tower servers, two types of front panels are available: ● LCD front panel and System ID LED ● LED front panel and System ID LED For blade servers, only the System ID LED is available on the server front panel since the blade chassis has the LCD.
3. Specify the following: ● Access to the front panel ● LCD message string ● System power units, ambient temperature units, and error display 4. Enable or disable the virtual console indication. For information about the options, see the iDRAC Settings Utility Online Help. 5. Click Back, click Finish, and then click Yes. Configuring System ID LED Setting To identify a server, enable or disable System ID LED blinking on the managed system.
Setting First Boot Device You can set the first boot device for the next boot only or for all subsequent reboots. Based on this selection, you can set the first boot device for the system. The system boots from the selected device on the next and subsequent reboots and remains as the first boot device in the BIOS boot order, until it is changed again either from the iDRAC Web interface or from the BIOS boot sequence.
Enabling Last Crash Screen To troubleshoot the cause of managed system crash, you can capture the system crash image using iDRAC. To enable the last crash screen: 1. From the Dell Systems Management Tools and Documentation DVD, install Server Administrator on the managed system. For more information, see the Dell OpenManage Server Administrator Installation Guide at dell.com/support/manuals. 2. In the Windows startup and recovery window, make sure that the automatic reboot option is not selected.
Related references Supported Cards for OS to iDRAC Pass-through on page 79 Supported Operating Systems for USB NIC on page 79 Enabling or Disabling OS to iDRAC Pass-through Using Web Interface on page 81 Enabling or Disabling OS to iDRAC Pass-through Using RACADM on page 81 Enabling or Disabling OS to iDRAC Pass-through Using iDRAC Settings Utility on page 81 Supported Cards for OS to iDRAC Pass-through The following table provides a list of cards that support the OS to iDRAC Pass-through feature using LOM
For the following operating systems, if you install the Avahi and nss-mdns packages, then you can use https://idrac.local to launch the iDRAC from the host operating system. If these packages are not installed, use https://169.254.0.1 to launch the iDRAC. Operating System Firewall Status Avahi Package nss-mdns Package RHEL 5.9 32– bit Disable Install as a separate package (avahi-0.6.16-10.el5_6.i386.rpm) Install as a separate package (nssmdns-0.10-4.el5.i386.rpm) RHEL 6.
Enabling or Disabling OS to iDRAC Pass-through Using Web Interface To enable OS to iDRAC Pass-through using Web interface: 1. Go to Overview > iDRAC Settings > Network > OS to iDRAC Pass-through. The OS to iDRAC Pass-through page is displayed. 2. Select any of the following options to enable OS to iDRAC pass-through: ● LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or NDC.
The default value is 169.254.0.1. However, if this IP address conflicts with an IP address of other interfaces of the host system or the local network, you must change it. Do not enter 169.254.0.3 and 169.254.0.4 IPs. These IPs are reserved for the USB NIC port on the front panel when a A/A cable is used 5. Click Back, click Finish, and then click Yes. The details are saved. Obtaining Certificates The following table lists the types of certificates based on the login type. Table 8.
important security criteria. Examples of CAs include Thawte and VeriSign. To initiate the process of obtaining a CA-signed certificate, use either iDRAC Web interface or RACADM interface to generate a Certificate Signing Request (CSR) with your company’s information. Then, submit the generated CSR to a CA such as VeriSign or Thawte. The CA can be a root CA or an intermediate CA. After you receive the CA-signed SSL certificate, upload this to iDRAC.
3. Click Generate. A new CSR is generated. Save it to the management station. Generating CSR Using RACADM To generate a CSR using RACADM, use the objects in the cfgRacSecurity group with the config command or use the objects in the iDRAC.Security group with the set command, and then use the sslcsrgen command to generate the CSR. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/ support/manuals.
Related concepts SSL Server Certificates on page 82 Viewing Server Certificate Using Web Interface In the iDRAC Web interface, go to Overview > iDRAC Settings > Network > SSL. The SSL page displays the SSL server certificate that is currently in use at the top of the page. Viewing Server Certificate Using RACADM To view the SSL server certificate, use the sslcertview command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.
A pop-up message is displayed that allows you to save the custom signing certificate to a location of your choice. Downloading Custom SSL Certificate Signing Certificate Using RACADM To download the custom SSL certificate signing certificate, use the sslcertdownload subcommand. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.
The getconfig command displays all configuration properties in a group (specified by group name and index) and all configuration properties for a user by user name. 2. Modify the configuration file using a simple text editor (optional). NOTE: It is recommended that you edit this file with a simple text editor. The RACADM utility uses an ASCII text parser. Any formatting confuses the parser, which may corrupt the RACADM database. 3.
● Use the racresetcfg subcommand to reset the iDRAC to the default setting, and then run the racadm config -f .cfg or racadm set -f .cfg command. Make sure that the .cfg file includes all required objects, users, indexes, and other parameters. CAUTION: Use the racresetcfg subcommand to reset the database and the iDRAC NIC settings to the default settings and remove all users and user configurations.
# [cfgLanNetworking] cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.1 This file is updated as follows: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.9.143 # comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 The command racadm config -f myfile.cfg parses the file and identifies any errors by line number. A correct file updates the proper entries. Additionally, you can use the same getconfig command from the previous example to confirm the update.
5 Viewing iDRAC and Managed System Information You can view iDRAC and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.
The Hardware Inventory section displays the information for the following components available on the managed system: ● iDRAC ● RAID controller ● Batteries ● CPUs ● DIMMs ● HDDs ● Backplanes ● Network Interface Cards (integrated and embedded) ● Video card ● SD card ● Power Supply Units (PSUs) ● Fans ● Fibre Channel HBAs ● USB The Firmware Inventory section displays the firmware version for the following components: ● BIOS ● Lifecycle Controller ● iDRAC ● OS driver pack ● 32-bit diagnostics ● System CPLD ● P
● Removable Flash Media — Provides information about the Internal SD Modules—vFlash and Internal Dual SD Module (IDSDM). ○ When IDSDM redundancy is enabled, the following IDSDM sensor status is displayed—IDSDM Redundancy Status, IDSDM SD1, IDSDM SD2. When redundancy is disabled, only IDSDM SD1 is displayed. ○ If IDSDM redundancy is initially disabled when the system is powered on or after an iDRAC reset, the IDSDM SD1 sensor status is displayed only after a card is inserted.
Monitoring Performance Index of CPU, Memory, and I/O Modules In 13 th generation Dell PowerEdge servers, Intel ME provides support for Compute Usage Per Second (CUPS) functionality. The CUPS functionality provides real-time monitoring of CPU, memory and I/O utilization and system-level utilization index for the system. Since it is done by Intel ME, it is independent of the OS and does not consume CPU resources.
● Hardware section – Click the required link to view the health of the component. ● System Performance section - Displays the current reading and the warning reading for CPU, Memory and I/O utilization index, and system level CUPS index in a graphical view. ● System Performance Historical Data section: ○ Provides the statistics for CPU, memory, IO utilization, and the system level CUPS index. If the host system is powered off, then the graph displays the power off line below 0 percent.
● Warning event when the temperature was greater than the warning threshold for duration of 8% or more in the last 12 months. ● Critical event when the temperature was greater than the warning threshold for duration of 10% or more in the last 12 months. ● Warning event when the temperature was greater than the critical threshold for duration of 0.8% or more in the last 12 months. ● Critical event when the temperature was greater than the critical threshold for duration of 1% or more in the last 12 months.
NOTE: This feature is available with iDRAC Express and iDRAC Enterprise licenses. To ● ● ● view the OS information, make sure that: You have Login privilege. iDRAC Service Module is installed and running on the host operating system. OS Information option is enabled in the Overview > Server > Service Module page. iDRAC can display the IPv4 and IPv6 addresses for all the interfaces configured on the Host OS.
If ● ● ● ● CMC enables chassis–assigned MAC addresses, iDRAC displays the MAC address on any of the following pages: Overview > Server > Properties Details > iDRAC Information. Overview > Server > Properties WWN/MAC. Overview > iDRAC Settings > Properties iDRAC Information > Current Network Settings. Overview > iDRAC Settings > Network Network > Network Settings.
6 Setting Up iDRAC Communication You can communicate with iDRAC using any of the following modes: ● iDRAC Web Interface ● Serial connection using DB9 cable (RAC serial or IPMI serial) - For rack and tower servers only ● IPMI Serial Over LAN ● IPMI Over LAN ● Remote RACADM ● Local RACADM ● Remote Services For an overview of the supported protocols, supported commands, and pre-requisites, see the following table. Table 10.
Communicating With iDRAC Using IPMI Over LAN on page 107 Enabling or Disabling Remote RACADM on page 108 Disabling Local RACADM on page 109 Enabling IPMI on Managed System on page 109 Configuring Linux for Serial Console During Boot on page 109 Supported SSH Cryptography Schemes on page 111 Topics: • • • • • • • • • Communicating With iDRAC Through Serial Connection Using DB9 Cable Switching Between RAC Serial and Serial Console While Using DB9 Cable Communicating With iDRAC Using IPMI SOL Communicating W
3. Go to System BIOS Settings > Serial Communication. 4. Select External Serial Connector to Remote Access device. 5. Click Back, click Finish, and then click Yes. 6. Press to exit System Setup. Enabling RAC Serial Connection After configuring serial connection in BIOS, enable RAC serial in iDRAC. NOTE: This is applicable only for iDRAC on rack and tower servers. Enabling RAC Serial Connection Using Web Interface To enable RAC serial connection: 1.
Enabling Serial Connection IPMI Mode Using RACADM To configure the IPMI mode, disable the RAC serial interface and then enable the IPMI mode using any of the following: ● Usingconfig command: racadm config -g cfgSerial -o cfgSerialConsoleEnable 0 racadm config -g cfgIpmiSerial -o cfgIpmiSerialConnectionMode < 0 or 1> where, 0 indicates Terminal mode and 1 indicates Basic mode. ● Using set command: racadm set iDRAC.Serial.Enable 0 racadm set iDRAC.IPMISerial.
4. Specify the following values: ● ● ● ● ● ● Line editing Delete control Echo Control Handshaking control New line sequence Input new line sequences For information about the options, see the iDRAC Online Help. 5. Click Apply. The terminal mode settings are configured. 6. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection.
1. Configure BIOS for serial connection. 2. Configure iDRAC to Use SOL. 3. Enable a supported protocol (SSH, Telnet, IPMItool). Related concepts Configuring BIOS For Serial Connection on page 103 Configuring iDRAC to Use SOL on page 103 Enabling Supported Protocol on page 104 Configuring BIOS For Serial Connection To configure BIOS for Serial Connection: NOTE: This is applicable only for iDRAC on rack and tower servers. 1. Turn on or restart the system. 2. Press . 3.
Configuring iDRAC to Use SOL Using RACADM To configure IPMI Serial over LAN (SOL): 1. Enable IPMI Serial over LAN: ● Using config command: racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1 ● Using set command: racadm set iDRAC.IPMISol.Enable 1 2. Update the IPMI SOL minimum privilege level: ● Using config command: racadm config -g cfgIpmiSol o cfgIpmiSolMinPrivilege ● Using set command: racadm set iDRAC.IPMISol.MinPrivilege 1 where is 2 (User), 3 (Operator), 4 (Administrator).
● Putty/OpenSSH for using SSH or Telnet protocol Related tasks SOL Using IPMI Protocol on page 105 SOL Using SSH or Telnet Protocol on page 105 SOL Using IPMI Protocol IPMItool <−−> LAN/WAN connection <−−> iDRAC The IPMI-based SOL utility and IPMItool uses RMCP+ delivered using UDP datagrams to port 623. The RMCP+ provides improved authentication, data integrity checks, encryption, and the ability to carry multiple types of payloads while using IPMI 2.0. For more information, see http://ipmitool.
Using SOL From OpenSSH or Telnet On Linux on page 106 Using SOL From Putty On Windows To start IPMI SOL from PuTTY on a Windows management station: NOTE: If required, you can change the default SSH or Telnet time-out at Overview > iDRAC Settings > Network > Services. 1. Run the command to connect to iDRAC: putty.exe [-ssh | -telnet] @ NOTE: The port number is optional. It is required only when the port number is reassigned. 2.
Related tasks Using Telnet Virtual Console on page 107 Configuring Backspace Key For Your Telnet Session on page 107 Disconnecting SOL Session in iDRAC Command Line Console on page 107 Using Telnet Virtual Console Some Telnet clients on the Microsoft operating systems may not display the BIOS setup screen correctly when BIOS Virtual Console is set for VT100/VT220 emulation. If this issue occurs, change the BIOS console to ANSI mode to update the display.
The IPMI over LAN settings are configured. Configuring IPMI Over LAN Using iDRAC Settings Utility To configure IPMI over LAN: 1. In the iDRAC Settings Utility, go to Network. The iDRAC Settings Network page is displayed. 2. For IPMI Settings, specify the values. For information about the options, see the iDRAC Settings Utility Online Help. 3. Click Back, click Finish, and then click Yes. The IPMI over LAN settings are configured.
● To ● ● Using set command: racadm set iDRAC.Racadm.Enable 1 disable the remote capability, type one of the following command: Using config command: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 0 Using set command: racadm set iDRAC.Racadm.Enable 0 NOTE: It is recommended to run these commands on the local system. Disabling Local RACADM The local RACADM is enabled by default. To disable, see Disabling Access to Modify iDRAC Configuration Settings on Host System.
initrd /boot/initrd-2.4.9-e.3.im 4. To enable multiple GRUB options to start Virtual Console sessions through the RAC serial connection, add the following line to all options: console=ttyS1,115200n8r console=tty1 The example shows console=ttyS1,57600 added to the first option.
ttyS1 The following example shows a sample file with the new line. NOTE: Use the Break Key Sequence (~B) to execute the Linux Magic SysRq key commands on serial console using IPMI Tool. vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1 Supported SSH Cryptography Schemes To communicate with iDRAC using SSH protocol, it supports multiple cryptography schemes listed in the following table. Table 11.
Using Public Key Authentication For SSH iDRAC supports the Public Key Authentication (PKA) over SSH. This is a licensed feature. When the PKA over SSH is set up and used correctly, you need not enter the user name or password while logging into iDRAC. This is useful for setting up automated scripts that perform various functions. The uploaded keys must be in RFC 4716 or openssh format. Else, you must convert the keys into that format.
Uploading SSH Keys You can upload up to four public keys per user to use over an SSH interface. Before adding the public keys, make sure that you view the keys if they are set up, so that a key is not accidentally overwritten. When adding new public keys, make sure that the existing keys are not at the index where the new key is added. iDRAC does not perform checks to make sure previous key(s) are deleted before a new key(s) are added. When a new key is added, it is usable if the SSH interface is enabled.
● Specific key — racadm sshpkauth -i <2 to 16> -v -k <1 to 4> ● All keys — racadm sshpkauth -i <2 to 16> -v -k all Deleting SSH Keys Before deleting the public keys, make sure that you view the keys if they are set up, so that a key is not accidentally deleted. Deleting SSH Keys Using Web Interface To delete the SSH key(s): 1. In Web interface, go to Overview > iDRAC Settings > Network > User Authentication > Local Users. The Users page is displayed. 2. In the User ID column, click a user ID number.
7 Configuring User Accounts and Privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. This default user name is root and the password is calvin. As an administrator, you can setup user accounts to allow other users to access iDRAC.
Configuring Local Users Using RACADM NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system. You can configure single or multiple iDRAC users using RACADM. To configure multiple iDRAC users with identical configuration settings, perform one of the following procedures: ● Use the RACADM examples in this section as a guide to create a batch file of RACADM commands and then execute the batch file on each managed system.
● Serial Port ● Serial Over LAN 4. Enable the user. Example: The following example describes how to add a new user named "John" with a "123456" password and LOGIN privileges to the RAC.
NOTE: Using Active Directory to recognize iDRAC users is supported on the Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008 operating systems. You can configure user authentication through Active Directory to log in to the iDRAC. You can also provide role-based authority, which enables an administrator to configure specific privileges for each user. The iDRAC role and privilege names have changed from earlier generation of servers. The role names are: Table 12.
● Integrated PKI into the Active Directory infrastructure. iDRAC uses the standard Public Key Infrastructure (PKI) mechanism to authenticate securely into the Active Directory. See the Microsoft website for more information. ● Enabled the Secure Socket Layer (SSL) on all domain controllers that iDRAC connects to for authenticating to all the domain controllers.
14. Upload the certificate you saved in step 13 to iDRAC. Importing iDRAC Firmware SSL Certificate iDRAC SSL certificate is the identical certificate used for iDRAC Web server. All iDRAC controllers are shipped with a default self-signed certificate. If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC Server certificate to the Active Directory Domain controller.
Figure 1. Configuration of iDRAC with Active Directory Standard Schema In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and the privilege level is defined on each iDRACand not in the Active Directory. You can configure up to five role groups in each iDRAC.
Configuring Standard Schema Active Directory To configure iDRAC for a Active Directory login access: 1. On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2. Create a group or select an existing group. Add the Active Directory user as a member of the Active Directory group to access iDRAC. 3. Configure the group name, domain name, and the role privileges on iDRAC using the iDRAC Web interface or RACADM.
qualified domain name> racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupPrivilege racadm config -g cfgActiveDirectory -o cfgADDomainController1 racadm config -g cfgActiveDirectory -o cfgADDomainController2 racadm config -g cfgActiveDirectory -o cfgADDomainController3
2. If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following RACADM commands: ● Using config command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 ● Using set command: racadm set iDRAC.IPv4.DNSFromDHCP 1 3.
However, each association object can be linked (or, may link users, groups of users, or iDRAC device objects) to only one privilege object. This example allows an administrator to control each user’s privileges on specific iDRAC devices. iDRAC device object is the link to iDRAC firmware for querying Active Directory for authentication and authorization.
Figure 3. Privilege Accumulation for a User The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only.
● Dell Schema Extender utility ● LDIF script file If you use the LDIF script file, the Dell organizational unit is not added to the schema. The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: ● DVDdrive:\SYSMGMT\ManagementStation\support\OMActiveDirectory_Tools\Remote_Management_Advanced\ LDIF_Files ● : \SYSMGMT\ManagementStation\support\OMActiveDirectory_Tools\Remote_Management_Advanced\Schema Ext
Table 16. dellRacDevice Class (continued) OID 1.2.840.113556.1.8000.1280.1.7.1.1 dellRacType Table 17. delliDRACAssociationObject Class OID 1.2.840.113556.1.8000.1280.1.7.1.2 Description Represents the Dell Association Object. The Association Object provides the connection between the users and the devices. Class Type Structural Class SuperClasses Group Attributes dellProductMembers dellPrivilegeMember Table 18. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 20. dellProduct Class OID 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived. Class Type Structural Class SuperClasses Computer Attributes dellAssociationMembers Table 21. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 List of dellPrivilege Objects that belong to this Attribute.
Table 21. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued TRUE if the user has Test Alert User rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsDebugCommandAdmin 1.2.840.113556.1.8000.1280.1.1.2.11 TRUE TRUE if the user has Debug Boolean (LDAPTYPE_BOOLEAN Command Admin rights on the device. 1.3.6.1.4.1.1466.115.121.1.7) dellSchemaVersion 1.2.840.113556.1.8000.1280.1.
Related tasks Creating iDRAC Device Object on page 131 Creating Privilege Object on page 131 Creating Association Object on page 131 Creating iDRAC Device Object To create iDRAC device object: 1. In the MMC Console Root window, right-click a container. 2. Select New > Dell Remote Management Object Advanced. The New Object window is displayed. 3. Enter a name for the new object. The name must be identical to iDRAC name that you enter while configuring Active Directory properties using iDRAC Web interface.
Adding Objects to Association Object Using the Association Object Properties window, you can associate users or user groups, privilege objects, and iDRAC devices or iDRAC device groups. You can add groups of users and iDRAC devices. Related tasks Adding Users or User Groups on page 132 Adding Privileges on page 132 Adding iDRAC Devices or iDRAC Device Groups on page 132 Adding Users or User Groups To add users or user groups: 1. Right-click the Association Object and select Properties. 2.
5. Specify the location information about Active Directory (AD) servers and user accounts. Also, specify the time iDRAC must wait for responses from AD during login process. NOTE: ● If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that DNS is configured correctly under Overview > iDRAC Settings > Network ● If the user and iDRAC objects are in different domains, then do not select the User Domain from Login option.
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that DNS is configured correctly under Overview > iDRAC Settings > Network. Using the following RACADM command may be optional: racadm sslcertdownload -t 0x1 -f 2.
Configuring Generic LDAP Users iDRAC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not require any schema extension on your directory services. To make iDRAC LDAP implementation generic, the commonality between different directory services is utilized to group users and then map the user-group relationship. The directory service specific action is the schema.
Configuring Generic LDAP Directory Service Using RACADM To configure the LDAP directory service: ● Use the objects in the cfgLdap and cfgLdapRoleGroup groups with the config command. ● Use the objects in the iDRAC.LDAP and iDRAC.LDAPRole groups with the set command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/ manuals.
8 Configuring iDRAC for Single Sign-On or Smart Card Login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Registering iDRAC as a Computer in Active Directory Root Domain To register iDRAC in Active Directory root domain: 1. Click Overview > iDRAC Settings > Network > Network. The Network page is displayed. 2. Provide a valid Preferred/Alternate DNS Server IP address. This value is a valid DNS server IP address that is part of the root domain. 3. Select Register iDRAC on DNS. 4. Provide a valid DNS Domain Name. 5. Verify that network DNS configuration matches with the Active Directory DNS information.
3. Associate the device object and privilege object using the association object. 4. Add the preceding SSO user (login user) to the device object. 5. Provide access privilege to Authenticated Users for accessing the created association object. Related concepts Adding iDRAC Users and Privileges to Active Directory on page 130 Configuring Browser to Enable Active Directory SSO This section provides the browser settings for Internet Explorer and Firefox to enable Active Directory SSO.
Configuring iDRAC SSO Login for Active Directory Users Using Web Interface To configure iDRAC for Active Directory SSO login: NOTE: For information about the options, see the iDRAC Online Help. 1. Verify whether the iDRAC DNS name matches the iDRAC Fully Qualified Domain Name. To do this, in iDRAC Web interface, go to Overview > iDRAC Settings > Network > Network and see the DNS Domain Name property. 2.
3. Under Smart Card Configurations, select Upload User Certificate and click Next. The User Certificate Upload page is displayed. 4. Browse and select the Base64 user certificate, and click Apply. Uploading Smart Card User Certificate Using RACADM To upload smart card user certificate, use the usercertupload object. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.
Configuring Active Directory With Extended Schema Using iDRAC Web Interface on page 132 Configuring Active Directory With Extended Schema Using RACADM on page 133 Enabling or Disabling Smart Card Login Before enabling or disabling smart card login for iDRAC, make sure that: ● You have configure iDRAC permissions. ● iDRAC local user configuration or Active Directory user configuration with the appropriate certificates is complete.
9 Configuring iDRAC to Send Alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, or WS events), then an alert is sent to one or more configured destinations.
Enabling or Disabling Alerts Using Web Interface To enable or disable generating alerts: 1. In iDRAC Web interface, go to Overview > Server > Alerts. The Alerts page is displayed. 2. Under Alerts section: ● Select Enable to enable alert generation or perform an event action. ● Select Disable to disable alert generation or disable an event action. 3. Click Apply to save the setting.
● Informational ● Warning ● Critical 4. Click Apply. The Alert Results section displays the results based on the selected category and severity. Filtering Alerts Using RACADM To filter the alerts, use the eventfilters command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.
Setting Alert Recurrence Event You can configure iDRAC to generate additional events at specific intervals if the system continues to operate at a temperature which is greater than the inlet temperature threshold limit. The default interval is 30 days. The valid range is 0 to 366 days. A value of ‘0’ indicates no event recurrence. NOTE: You must have Configure iDRAC privilege to set the alert recurrence value. Setting Alert Recurrence Events Using iDRAC Web Interface To set the alert recurrence value: 1.
Configuring Email Alert, SNMP Trap, or IPMI Trap Settings The management station uses Simple Network Management Protocol (SNMP) and Intelligent Platform Management Interface (IPMI) traps to receive data from iDRAC. For systems with large number of nodes, it may not be efficient for a management station to poll each iDRAC for every condition that may occur. For example, event traps can help a management station with load balancing between nodes or by issuing an alert if an authentication failure occurs.
1. To enable traps: ● For IPv4 address: racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i (index) (0|1) ● For IPv6 address: racadm config -g cfgIpmiPetIpv6 -o cfgIpmiPetIpv6AlertEnable -i (index) (0|1) where, (index) is the destination index and 0 or 1 disables or enables the trap, respectively. For example, to enable trap with index 4, enter the following command: racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i 4 1 2.
For information about the options, see the iDRAC Settings Utility Online Help. 4. Click Back, click Finish, and then click Yes. The alert destinations are configured. Configuring Email Alert Settings You can configure the email address to receive the email alerts. Also, configure the SMTP server address settings. NOTE: If your mail server is Microsoft Exchange Server 2007, make sure that iDRAC domain name is configured for the mail server to receive the email alerts from iDRAC.
where 1 is the email destination index and [email-address] is the destination email address that receives the platform event alerts. ● Using set command: racadm set iDRAC.EmailAlert.Address.1 [email-address] where 1 is the email destination index and [email-address] is the destination email address that receives the platform event alerts. 3.
Configuring WS Eventing The WS Eventing protocol is used for a client service (subscriber) to register interest (subscription) with a server (event source) for receiving messages containing the server events (notifications or event messages). Clients interested in receiving the WS Eventing messages can subscribe with iDRAC and receive Lifecycle Controller job related events.
Table 22.
Table 22.
10 Managing Logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WS-MAN interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
If no arguments are specified, the entire log is displayed. To display the number of SEL entries: racadm getsel -i To clear the SEL entries: racadm clrsel For more information, see iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/ manuals. Viewing System Event Log Using iDRAC Settings Utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1.
Filtering Lifecycle Logs You can filter logs based on category, severity, keyword, or date range. To filter the lifecycle logs: 1. In the Lifecycle Log page, under the Log Filter section, do any or all of the following: ● ● ● ● Select the Log Type from the drop-down list. Select the severity level from the Severity drop-down list. Enter a keyword. Specify the date range. 2. Click Apply. The filtered log entries are displayed in Log Results.
Adding Work Notes Each user who logs in to iDRAC can add work notes and this is stored in the lifecycle log as an event. You must have iDRAC logs privilege to add work notes. A maximum of 255 characters are supported for each new work note. NOTE: You cannot delete a work note. To add a work note: 1. In the iDRAC Web interface, go to Overview > Server > Properties > Summary. The System Summary page is displayed. 2. Under Work Notes, enter the text in the blank text box.
11 Monitoring and Managing Power You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: ● Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
Monitoring Power Using RACADM To view the power monitoring information, use the System.Power group objects with the get command or the cfgServerPower object with the getconfig command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals. Setting Warning Threshold for Power Consumption You can set the warning threshold value for the power consumption sensor in the rack and tower systems.
Executing Power Control Operations Using RACADM To perform power actions, use the serveraction command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals. Power Capping You can view the power threshold limits that covers the range of AC and DC power consumption that a system under heavy workload presents to the datacenter. This is a licensed feature.
4. Click Apply to apply the values. Configuring Power Cap Policy Using RACADM To view and configure the current power cap values: ● Use the following objects with the config subcommand: ○ cfgServerPowerCapWatts ○ cfgServerPowerCapBTUhr ○ cfgServerPowerCapPercent ○ cfgServerPowerCapEnable ● Using the following objects with the set subcommand: ○ System.Power.Cap.Enable ○ System.Power.Cap.Watts ○ System.Power.Cap.Btuhr ○ System.Power.Cap.
1. In iDRAC Web interface, go to Overview > Server > Power/Thermal > Power Configuration > Power Configuration. The Power Configuration page is displayed. 2. Under Power Supply Options, select the required options. For more information, see iDRAC Online Help. 3. Click Apply. The power supply options are configured. Configuring Power Supply Options Using RACADM To ● ● ● ● configure the power supply options, use the following objects with the set subcommand: System.Power.RedundancyPolicy System.Power.
12 Inventory, Monitoring, and Configuring Network Devices You can inventory, monitor, and configure the following network devices: ● Network Interface Cards (NICs) ● Converged Network Adapters (CNAs) ● LAN On Motherboards (LOMs) ● Network Daughter Cards (NDCs) ● Mezzanine cards (only for blade servers) Related concepts Inventory and Monitoring FC HBA Devices on page 164 Dynamic Configuration of Virtual Addresses, Initiator, and Storage Target Settings on page 164 Topics: • • • Inventory and Monitoring Net
Inventory and Monitoring FC HBA Devices You can remotely monitor the health and view the inventory of the Fibre Channel Host Bus Adapters (FC HBA) devices in the managed system. The Emulex and QLogic (except FC8) FC HBAs are supported.
Supported BIOS Version for I/O Identity Optimization on page 165 Supported NIC Firmware Versions for I/O Identity Optimization on page 166 Enabling or Disabling I/O Identity Optimization on page 166 Configuring Persistence Policy Settings on page 167 Supported Cards for I/O Identity Optimization The following table provides the cards that support the I/O Identity Optimization feature.
Dell PowerEdge 12th Generation Server Minimum Supported BIOS Version R720, R720xd, R620, T620, and M620 2.1.0 R820 2.0.15 R520, R320, R420, T420, T320, M520, and M420 2.0.19 M820 1.7.0 Supported NIC Firmware Versions for I/O Identity Optimization In 13th generation Dell PowerEdge servers, the required NIC firmware is available by default. The following table provides the NIC firmware versions for the I/O identity optimization feature.
● You have the Login, Configure, and System Control privileges. ● BIOS, iDRAC, and network cards are updated to the latest firmware. For information on the supported versions, see Supported BIOS Version For I/O Identity Optimization and Supported NIC Firmware Version for I/O Identity Optimization. After enabling I/O Identity Optimization feature, export the XML configuration file from iDRAC, modify the required I/O Identity attributes in the XML configuration file, and import the file back to iDRAC.
Default Values for Persistence Policy Persistence Policy AC Power Loss Cold Boot Warm Boot Virtual Address: Auxiliary Powered Devices Not selected Selected Selected Virtual Address: Non-Auxiliary Powered Devices Not selected Not selected Selected Initiator Selected Selected Selected Storage Target Selected Selected Selected Related concepts Enabling or Disabling I/O Identity Optimization on page 166 Configuring Persistence Policy Settings Using iDRAC Web Interface To configure the persi
Table 23. iSCSI Initiator —Default Values (continued) iSCSI Initiator Default Values in IPv4 mode Default Values in IscsiInitiatorGateway 0.0.0.0 :: IscsiInitiatorIpv4Gateway 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6Gateway :: :: IscsiInitiatorPrimDns 0.0.0.0 :: IscsiInitiatorIpv4PrimDns 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6PrimDns :: :: IscsiInitiatorSecDns 0.0.0.0 :: IscsiInitiatorIpv4SecDns 0.0.0.0 0.0.0.
Table 24.
13 Managing Storage Devices In the iDRAC 2.00.00.00 release, iDRAC expands its agent-free management to include direct configuration of the new PERC9 controllers. It enables you to remotely configure the storage components attached to your system at run-time. These components include RAID and non-RAID controllers and the channels, ports, enclosures, and disks attached to them.
PERC Capability CEM configuration Capable Controller (PERC 9.1 or later) CEM configuration Non-capable Controller (PERC 9.0 and lower) the configuration at run-time. Run-time or real-time means, a reboot is not required. Staged If all the set operations are staged, the configuration is staged and applied after reboot or it is applied at real-time.
used to restore data in the event of a disk failure. RAID uses different techniques, such as striping, mirroring, and parity, to store and reconstruct data. There are different RAID levels that use different methods for storing and reconstructing data. The RAID levels have different characteristics in terms of read/write performance, data protection, and storage capacity. Not all RAID levels maintain redundant data, which means for some RAID levels lost data cannot be restored.
Maintaining redundant data requires the use of additional physical disks. The possibility of a disk failure increases with an increase in the number of disks. Since the differences in I/O performance and redundancy, one RAID level may be more appropriate than another based on the applications in the operating environment and the nature of the data being stored.
RAID 0 characteristics: ● ● ● ● Groups n disks as one large virtual disk with a capacity of (smallest disk size) *n disks. Data is stored to the disks alternately. No redundant data is stored. When a disk fails, the large virtual disk fails with no means of rebuilding the data. Better read and write performance. RAID Level 1 (Mirroring) RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks.
● Redundancy for protection of data. ● RAID 1 is more expensive in terms of disk space since twice the number of disks are used than required to store the data without redundancy. RAID Level 5 (Striping With Distributed Parity) RAID 5 provides data redundancy by using data striping in combination with parity information. Rather than dedicating a physical disk to parity, the parity information is striped across all physical disks in the disk group.
RAID 6 characteristics: ● ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n-2) disks. Redundant information (parity) is alternately stored on all disks. The virtual disk remains functional with up to two disk failures. The data is reconstructed from the surviving disks. Better read performance, but slower write performance. Increased redundancy for protection of data. Two disks per span are required for parity. RAID 6 is more expensive in terms of disk space.
RAID 50 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-1) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 5 span. ● Better read performance, but slower write performance. ● Requires as much parity information as standard RAID 5. ● Data is striped across all spans. RAID 50 is more expensive in terms of disk space.
RAID 60 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 6 span. ● Better read performance, but slower write performance. ● Increased redundancy provides greater data protection than a RAID 50. ● Requires proportionally as much parity information as RAID 6. ● Two disks per span are required for parity.
RAID 10 characteristics: ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. Improved read performance and write performance. Redundancy for protection of data.
Table 25. RAID Level Performance Comparison (continued) RAID Level Data Availability Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential reads: good. Transactional reads: Very good Fair, unless using writeback cache Poor N + 2 (N = at least two disks) Critical information.
Summary of Supported Features for Storage Devices The following table provides the features supported by the storage devices through iDRAC.
Feature Name PERC 9 Controllers PERC 8 Controllers PCIe SSD H830 H730P H730 H330 H810 H710P H710 H310 Import foreign configuration Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicable Auto-import foreign configuration Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicable Clear foreign configuration Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicable Reset controller configuration Realtime
● Go to Overview > Storage > Virtual Disks > Properties to view virtual disks information. The Virtual Disks Properties page is displayed. ● Go to Overview > Storage > Controllers > Properties to view the RAID controller information. The Controllers Properties page is displayed. ● Go to Overview > Storage > Enclosures > Properties to view the enclosure information. The Enclosures Properties page is displayed. You can also use filters to view specific device information.
Global hot spares must be assigned and unassigned manually. They are not assigned to specific virtual disks. If you want to assign a hot spare to a virtual disk (it replaces any physical disk that fails in the virtual disk), then see Assigning or Unassigning Dedicated Hot Spares. When deleting virtual disks, all assigned global hot spares may be automatically unassigned when the last virtual disk associated with the controller is deleted.
● This task is not supported on PERC hardware controllers running in HBA mode. ● This task is only supported as a staged operation. Convert To Non-RAID Disk This task converts a disk to a Non-RAID disk. After converting a disk to non- RAID, the disk is exposed to the operating system unlike unconfigured good disks and it enables usage of disk in direct pass-through mode. This task is supported on H310 and H330 controllers. NOTE: This task is not supported on PERC hardware controllers running in HBA mode.
● Physical disk is in non-RAID mode. You must convert to RAID mode using the racadm command or . NOTE: If you create a virtual disk in Add to Pending Operation mode and a job is not created, and then if you delete the Virtual disk, then the create pending operation for the virtual disk is cleared.
Editing Virtual Disk Cache Policies You can change the read, write, or disk cache policy of a virtual disk. NOTE: Some of the controllers do not support all read or write policies. Therefore, when a policy is applied, an error message is displayed. The read policies indicate whether the controller must read sequential sectors of the virtual disk searching for data: ● Adaptive Read Ahead — The controller initiates read ahead only if the two most recent read requests accessed sequential sectors of the disk.
The cancel check consistency is a real-time operation. You must have Login and Server Control privilege to check consistency of virtual disks. Initializing Virtual Disks Initializing virtual disks erases the all the data on the disk but does not change the virtual disk configuration. You must initialize a virtual disk that is configured before it is used. NOTE: Do not initialize virtual disks when attempting to recreate an existing configuration.
Assigning or Unassigning Dedicated Hot Spares A dedicated hot spare is an unused backup disk that is assigned to a virtual disk. When a physical disk in the virtual disk fails, the hot spare is activated to replace the failed physical disk without interrupting the system or requiring your intervention. You must have Login and Server Control privilege to run this operation. Only T10 PI (DIF) capable physical disks can be assigned as a hot spare to T10 PI (DIF) enabled virtual disks.
Managing Virtual Disks Using RACADM Use the following RACADM commands to manage virtual disks: ● To delete virtual disk: racadm storage deletevd: ● To initialize virtual disk: racadm storage init: -speed {fast|full} ● To check consistency of virtual disks: racadm storage ccheck: ● To encrypt virtual disks: racadm storage encryptvd: ● To assign or unassign dedicated hot spares: racadm storage hotspare: -assign yes -type dhs -vdkey: ● To
Patrol Read Mode Considerations Patrol read identifies disk errors to avoid disk failures, data loss, or corruption. The Patrol Read does not run on a physical disk in the following circumstances: ● The physical disk is not included in a virtual disk or assigned as a hot spare.
required to secure the virtual disk. If you are using LKM, you must create the encryption key by providing the Security Key Identifier and the Passphrase. This task is not supported on PERC hardware controllers running in HBA mode. If you create the security key in Add to Pending Operation mode and a job is not created, and then if you delete the security key, the create security key pending operation is cleared. Configuring Controller Properties Using Web Interface 1.
Importing or Auto Importing Foreign Configuration A foreign configuration is data residing on physical disks that have been moved from one controller to another. Virtual disks residing on physical disks that have been moved are considered to be a foreign configuration. You can import foreign configurations so that virtual disks are not lost after moving Physical Disks.
3. From the Apply Operation Mode drop-down menu, select when you want to import. 4. Click Import Foreign Configuration. Based on the selected operation mode, the configuration is imported. To automatically import foreign configurations, in the Configure Controller Properties section, enable the Enhanced Auto Import Foreign Config option, select the Apply Operation Mode and click Apply.
NOTE: Resetting the controller configuration does not remove a foreign configuration. To remove a foreign configuration, perform clear configuration operation. Resetting Controller Configuration Using Web Interface To reset the controller configuration: 1. In the iDRAC Web interface, go to Overview > Storage > Controllers > Troubleshooting. The Controllers Troubleshooting page is displayed. 2. From the Actions drop-down menu, select Reset Configuration for one or more controllers. 3.
SMART performs predictive failure analysis on each disk and sends alerts if a disk failure is predicted. The controllers check physical disks for failure predictions and, if found, pass this information to iDRAC. iDRAC immediately logs an alert. Controller Operations in Non-RAID (HBA) Mode If ● ● ● the controller is in non-RAID mode (HBA mode), then: Virtual disks or hot spares are not available. Security state of the controller is disabled. All physical disks are in non-RAID mode.
Related concepts Inventory and Monitoring PCIe SSDs on page 198 Preparing to Remove PCIe SSD on page 198 Erasing PCIe SSD Device Data on page 199 Inventory and Monitoring PCIe SSDs In staged or real-time, the following inventory and monitoring information is available for PCIe SSDs: ● Hardware information: ○ PCIe SSD Extender card ○ PCIe SSD Backplane ● Software inventory includes only the firmware version for the PCIe SSD.
Before preparing the PCIe SSD for removal, make sure that: ● iDRAC Service Module is installed. ● Lifecycle Controller is enabled. ● You have Server Control and Login privileges Preparing to Remove PCIe SSD Using Web Interface To prepare the PCIe SSD for removal: 1. In the iDRAC Web interface, go to Overview > Storage > Physical Disks > Setup. The Setup Physical Disk page is displayed. 2. From the Controller drop-down menu, select the extender to view the associated PCIe SSDs. 3.
● After the drive is erased, it displays in the operating system as online but it is not initialized. You must re-initialize and re-format the drive before using it again. ● After you hot-plug a PCIe SSD, it may take several seconds to be displayed on the Web interface. Erasing PCIe SSD Device Data Using Web Interface To erase the data on the PCIe SSD device: 1. In the iDRAC Web interface, go to Overview > Storage > Physical Disks > Setup. The Setup Physical Disk page is displayed. 2.
Managing Enclosures or Backplanes You can perform the following for enclosures or backplanes: ● View properties ● Configure universal mode or split mode ● View slot information (universal or shared) ● Set SGPIO mode Related concepts Summary of Supported Features for Storage Devices on page 182 Supported Enclosures on page 181 Configuring Backplane Mode on page 201 Viewing Universal Slots on page 203 Setting SGPIO Mode on page 203 Configuring Backplane Mode The 13th generation Dell PowerEdge servers support
4. From the Apply Operation Mode drop-down menu, select Apply Now to apply the actions immediately, and then click Apply. A job ID is created. 5. Go to the Job Queue page and verify that it displays the status as Completed for the job. 6. Power cycle the system for the setting to take affect. Configuring Enclosure Using RACADM To configure the enclosure or backplane, use the BackplaneMode object with the set subcommand. For example, to set the BackplaneMode attribute to split mode: 1.
The output is: BackplaneRequestedMode=SplitMode 9. Run the following command to cold reboot the server: serveraction powercycle 10. After the system completes POST and CSIOR, type the following command to verify the backplanerequestedmode: get storage.enclosure.1.backplanerequestedmode The output is: BackplaneRequestedMode=None 11. Run the following to verify is the backplane mode is set to split mode: get storage.enclosure.1.backplanecurrentmode The output is: BackplaneCurrentMode=SplitMode 12.
After LC wipe operation or iDRAC reset to default, the SGPIO mode is reset to disabled state. It compares the iDRAC setting with the backplane setting. If the backplane is set to SGPIO mode, iDRAC changes its setting to match the backplane setting. Server power cycle is required for any change in setting to take effect. You must have Server Control privilege to modify this setting. NOTE: You cannot set the SGPIO mode using iDRAC Web interface.
● Only the Apply Now option is available on the Enclosure Setup page. 3. Click Apply. Based on the operation mode selected, the settings are applied. Choosing Operation Mode Using RACADM Use the jobqueue subcommand to select the operation mode. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/esmmanuals. Viewing and Applying Pending Operations You can view and commit all pending operations for the storage controller.
6. If the commit job is created successfully, a message indicating that the job ID is created for the selected controller is displayed. Click Job Queue to view the progress of the job in the Job Queue page. If the clear foreign configuration, import foreign configuration, security key operations, or encrypt virtual disk operations are in pending state, and if these are the only operations pending, then you cannot create a job from thePending Operations page.
Case 3: Selected Add to Pending Operations and there are no existing pending operations If you have selected Add to Pending Operations and then clicked Apply, first the pending operation is created for the selected storage configuration operation. ● If the pending operation is created successfully and if there are no existing pending operations, then an information message is displayed: ○ Click OK to remain on the page to perform more storage configuration operations.
2. If you are on the Identify Component LED page: ● Select or deselect all component LEDs — Select the Select/Deselect All option and click Blink to start blinking the component LEDs. Similarly, click Unblink to stop blinking the component LEDs. ● Select or deselect individual component LEDs — Select one or more component(s) and click Blink to start blinking the selected component LED(s). Similarly, click Unblink to stop blinking the component LEDs. 3.
14 Configuring and Using Virtual Console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: ● A maximum of six simultaneous Virtual Console sessions are supported. All the sessions view the same managed server console simultaneously.
Table 26. Supported Screen Resolutions and Refresh Rates (continued) Screen Resolution Refresh Rate (Hz) 1280x1024 60 It is recommended that you configure your monitor display resolution to 1280x1024 pixels or higher. NOTE: If you have an active Virtual Console session and a lower resolution monitor is connected to the Virtual Console, the server console resolution may reset if the server is selected on the local console.
Configuring IE to Use ActiveX Plug-in You must configure the IE browser settings before you launch and run ActiveX based Virtual Console and Virtual Media applications. The ActiveX applications are delivered as signed CAB files from the iDRAC server. If the plug-in type is set to Native-ActiveX type in Virtual console, when you try to launch the Virtual Console, the CAB file is downloaded to the client system and ActiveX based Virtual Console is launched.
5. In the Add this website to the zone field, add the address of your iDRAC and click Add. 6. Click Close and then click OK. 7. Close and restart the browser for the settings to take effect. Clearing Browser Cache If you have issues when operating the Virtual Console, (out of range errors, synchronization issues, and so on) clear the browser’s cache to remove or delete any old versions of the viewer that may be stored on the system and try again.
2. Click Security tab and then click Certificates. The Certificates dialog box is displayed. 3. From the Certificate type drop-down menu, select Trusted Certificates. 4. Click Import, browse, select the CA certificate (in Base64 encoded format), and click Open. The selected certificate is imported to the Web start trusted certificate store. 5. Click Close and then click OK. The Java Control Panel window closes.
Previewing Virtual Console Before launching the Virtual Console, you can preview the state of the Virtual Console on the System > Properties > System Summary page. The Virtual Console Preview section displays an image showing the state of the Virtual Console. The image is refreshed every 30 seconds. This is a licensed feature. NOTE: The Virtual Console image is available only if you have enabled Virtual Console.
Two mouse pointers may appear in the viewer window: one for the managed server and another for your management station. To synchronize the cursors, see Synchronizing Mouse Pointers. Virtual Console launch from a Windows Vista management station may lead to Virtual Console restart messages.
The Virtual Console Viewer title bar displays the DNS name or the IP address of the iDRAC you are connected to from the management station. If iDRAC does not have a DNS name, then the IP address is displayed. The format is: ● For rack and tower servers: , , User: , ● For blade servers: , , , User: , Sometimes the Virtual Console Viewer may display low quality video.
For the Java client, the native library must be loaded for Pass all keystrokes to server and Single Cursor mode to function. If the native libraries are not loaded, the Pass all keystrokes to server and Single Cursor options are deselected. If you attempt to select either of these options, an error message is displayed indicating that the selected options are not supported. For the ActiveX client, the native library must be loaded for Pass all keystrokes to server function to work.
Java Based Virtual Console Session Running on Linux Operating System The behavior mentioned for Windows operating system is also applicable for Linux operating system with the following exceptions: ● When Pass all keystrokes to server is enabled, is passed to the operating system on the managed system. ● Magic SysRq keys are key combinations interpreted by the Linux Kernel.
NOTE: You do not have to run break sequence before using the magic SysRq keys.
15 Managing Virtual Media Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: ● Remotely access media connected to a remote system over the network ● Install applications ● Update drivers ● Install an operating system on the managed system This is a licensed feature for rack and tower servers. It is available by default for blade servers.
Table 27. Supported Drives and Devices Drive Supported Storage Media Virtual Optical Drives ● ● ● ● ● Virtual floppy drives ● CD-ROM/DVD image file in the ISO9660 format ● Floppy image file in the ISO9660 format USB flash drives ● USB CD-ROM drive with CD-ROM media ● USB Key image in the ISO9660 format Legacy 1.44 floppy drive with a 1.
Table 28. Attached Media State and System Response Attached Media State System Response Detach Cannot map an image to the system. Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed. Server Settings For Viewing Virtual Devices in Virtual Media You must configure the following settings in the management station to allow visibility of empty drives.
Launching Virtual Media Without Using Virtual Console Before you launch Virtual Media when the Virtual Console is disabled, make sure that ● Virtual Media is in Attach state. ● System is configured to unhide empty drives. To do this, in Windows Explorer, navigate to Folder Options, clear the Hide empty drives in the Computer folder option, and click OK. To launch Virtual Media when Virtual Console is disabled: 1. In the iDRAC Web Interface, go to Overview > Server > Virtual Console.
Viewing Virtual Device Details To view the virtual device details, in the Virtual Console Viewer, click Tools > Stats. In the Stats window, the Virtual Media section displays the mapped virtual devices and the read/write activity for each device. If Virtual Media is connected, this information is displayed. If Virtual Media is not connected, the “Virtual Media is not connected” message is displayed.
5. Click Map Device to map the device to the host server. After the device/file is mapped, the name of its Virtual Media menu item changes to indicate the device name. For example, if the CD/DVD device is mapped to an image file named foo.iso, then the CD/DVD menu item on the Virtual Media menu is named foo.iso mapped to CD/DVD. A check mark for that menu item indicates that it is mapped.
Enabling Boot Once for Virtual Media You can change the boot order only once when you boot after attaching remote Virtual Media device. Before you enable the boot once option, make sure that: ● You have Configure User privilege. ● Map the local or virtual drives (CD/DVD, Floppy, or USB flash device) with the bootable media or image using the Virtual Media options ● Virtual Media is in Attached state for the virtual drives to appear in the boot sequence.
16 Installing and Using VMCLI Utility The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network. NOTE: You can run the VMCLI utility only on the management station that is installed with 32–bit operating system.
NOTE: VMCLI syntax is case-sensitive. To ensure security, it is recommended to use the following VMCLI parameters: ● vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users. ● vmcli -r -S -u -p -c {< device-name > | < image-file >} — Indicates whether the iDRAC CA certificate is valid.
NOTE: The VMCLI utility does not read from standard input (stdin). Hence, stdin redirection is not required. ● Background execution — By default, the VMCLI utility runs in the foreground. Use the operating system's command shell features for the utility to run in the background. For example, under a Linux operating system, the ampersand character (&) following the command causes the program to be spawned as a new background process.
17 Managing vFlash SD Card The vFlash SD card is a Secure Digital (SD) card that plugs into the vFlash SD card slot in the system. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. If the card is not available in the system's vFlash SD card slot, the following error message is displayed in the iDRAC Web interface at Overview > Server > vFlash: SD card not detected.
Viewing vFlash SD Card Properties Using RACADM To view the vFlash SD card properties using RACADM, use one of the following: ● Use the cfgvFlashSD object with the getconfig command. The following read-only properties are displayed: ○ cfgVFlashSDSize ○ cfgVFlashSDLicensed ○ cfgVFlashSDAvailableSize ○ cfgVFlashSDHealth ○ cfgVFlashSDEnable ○ cfgVFlashSDWriteProtect ○ cfgVFlashSDInitialized ● Use the following objects with the get command: ○ iDRAC.vflashsd.AvailableSize ○ iDRAC.vflashsd.Health ○ iDRAC.vflashsd.
racadm set iDRAC.vflashsd.Enable 1 ○ To disable vFlash: racadm set iDRAC.vflashsd.Enable 0 NOTE: The RACADM command functions only if a vFlash SD card is present. If a card is not present, the following message is displayed: ERROR: SD Card not present. Enabling or Disabling vFlash Functionality Using iDRAC Settings Utility To enable or disable the vFlash functionality: 1. In the iDRAC Settings utility, go to Media and USB Port Settings. The iDRAC Settings . Media and USB Port Settings page is displayed. 2.
4. Click Back and navigate to the same iDRAC Settings . Media and USB Port Settings page to view the successful message. All existing contents are removed and the card is reformatted with the new vFlash system information. Getting the Last Status Using RACADM To get the status of the last initialize command sent to the vFlash SD card: 1. Open a telnet, SSH, or Serial console to the system and log in. 2. Enter the command: racadm vFlashsd status The status of commands sent to the SD card is displayed. 3.
The Create Empty Partition page is displayed. 2. Specify the required information and click Apply. For information about the options, see the iDRAC Online Help. A new unformatted empty partition is created that is read-only by default. A page indicating the progress percentage is displayed. An error message is displayed if: ● The card is write-protected. ● The label name matches the label of an existing partition.
1. Open a telnet, SSH, or Serial console to the system and log in. 2. Enter the command: racadm vflashpartition create –i 1 –o drive1 –e HDD –t image –l // myserver/sharedfolder/foo.iso –u root –p mypassword A new partition is created. By default, the created partition is read-only. This command is case sensitive for the image file name extension. If the file name extension is in upper case, for example FOO.ISO instead of FOO.iso, then the command returns a syntax error.
racadm vflashpartition status -i 1 ● To get the status of all existing partitions: racadm vflashpartition status -a NOTE: The -a option is valid only with the status action. Modifying a Partition You can change a read-only partition to read-write or vice-versa. Before modifying the partition, make sure that: ● The vFlash functionality is enabled. ● You have Access Virtual Media privileges. NOTE: By default, a read-only partition is created.
Attaching or Detaching Partitions When you attach one or more partitions, they are visible to the operating system and BIOS as USB mass storage devices. When you attach multiple partitions, based on the assigned index, they are listed in an ascending order in the operating system and the BIOS boot order menu. If you detach a partition, it is not visible in the operating system and the BIOS boot order menu. When you attach or detach a partition, the USB bus in the managed system is reset.
● The vFlash partition label is different from the volume name of the file system on the emulated USB device. You can change the volume name of the emulated USB device from the operating system. However, it does not change the partition label name stored in iDRAC. Deleting Existing Partitions Before deleting existing partition(s), make sure that: ● The vFlash functionality is enabled. ● The card is not write-protected. ● The partition is not attached.
NOTE: If only the folder location is specified, then the partition label is used as the file name, along with the extension .iso for CD and Hard Disk type partitions, and .img for Floppy and Hard Disk type partitions. Booting to a Partition You can set an attached vFlash partition as the boot device for the next boot operation. Before booting a partition, make sure that: ● The vFlash partition contains a bootable image (in the .img or .iso format) to boot from the device.
18 Using SMCLP The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP Syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation.
Table 31.
Table 31.
Table 31.
Using the -level Option The show -level option executes show over additional levels beneath the specified target. To see all targets and properties in the address space, use the -l all option. Using the -output Option The -output option specifies one of four formats for the output of SM-CLP verbs: text, clpcsv, keyword, and clpxml. The default format is text, and is the most readable output. The clpcsv format is a comma-separated values format suitable for loading into a spreadsheet program.
Targets: Record1 Record2 Record3 Record4 Record5 Properties: InstanceID = IPMI:BMC1 SEL Log MaxNumberOfRecords = 512 CurrentNumberOfRecords = 5 Name = IPMI SEL EnabledState = 2 OperationalState = 2 HealthState = 2 Caption = IPMI SEL Description = IPMI SEL ElementName = IPMI SEL Commands: cd show help exit version ● To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord Log
delete /system1/logs1/log1/record* The following output is displayed: All records deleted successfully MAP Target Navigation The following examples show how to use the cd verb to navigate the MAP. In all examples, the initial default target is assumed to be /. Type the following commands at the SMCLP command prompt: ● To navigate to the system target and reboot: cd system1 reset The current default target is /.
19 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It does not have an interface but, complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, RACADM, and WSMAN.
● Integrate with Technical Support Report. This is applicable only if iDRAC Service Module Version 2.0 or later is installed. For more information, see Generating Tech Support Report. ● Prepare to Remove NVMe PCIe SSD. For more information, see iDRACUG_Preparing to Remove NVMe PCIe SSD.
The following example is using the DCIM_account class to illustrate the capability that WMI information feature provides in iDRAC Service Module. For the details of the supported classes and profiles, see the WSMAN profiles documentation available at Dell Tech Center. CIM Interface Enumerate instances of a class Get a specific instance of a class Get associated instances of an instance Get references of an instance WinRM WMIC PowerShell winrm e wmi/root/cimv2/ dcim/dcim_account wmic /namespace:\ \ro
When you re-enable these monitoring features through the iDRAC interfaces at a later time, the same checks are performed and the features are enabled depending on whether OpenManage Server Administrator is running or not. Using iDRAC Service Module From iDRAC Web Interface To use the iDRAC Service Module from the iDRAC Web interface: 1. Go to Overview > Server > Service Module. The iDRAC Service Module Setup page is displayed. 2.
20 Using USB Port for Server Management In Dell PowerEdge 12 th generation servers, all USB ports are dedicated to the server. With the 13 th generation of servers, one of the front panel USB port is used by iDRAC for management purposes such as pre-provisioning and troubleshooting. The port has an icon to indicate that it is a management port. All 13 th generation servers with LCD panel support this feature. This port is not available in a few of the 200-500 model variations without the LCD panel.
The LED turns off. Configuring iDRAC Using Server Configuration Profile on USB Device With the new iDRAC Direct feature, you can configure iDRAC at-the-server. First configure the USB Management port settings in iDRAC, insert the USB device that has the server configuration profile, and then import the server configuration profile from the USB device to iDRAC. NOTE: PowerEdge systems that do not have the LCD and the LED panel does not support the USB key.
Configuring USB Management Port Using Web interface To configure the USB port: 1. In the iDRAC Web interface, go to Overview > Hardware > USB Management Port. The Configure USB Management Port page is displayed. 2. From the USB Management Port Mode drop-down menu, select any of the following options: ● Automatic — USB Port is used by iDRAC or the server’s operating system. ● Standard OS Use — USB port is used by the server OS. ● iDRAC Direct only — USB pot is used by iDRAC. 3.
For information about the fields, see the iDRAC Settings Utility Online Help. 4. Click Back, click Finish and then click Yes to apply the settings. Importing Server Configuration Profile From USB Device Make sure to create a directory in root of the USB device called System_Configuration_XML which contains both the config.xml and control.xml files.: ● Server Configuration Profile is in the System_Configuration_XML sub-directory under the USB device root directory.
LCD Messages If the LCD panel is available, it displays the following messages in a sequence: 1. Importing – When the server configuration profile is being copied from the USB device. 2. Applying — When the job is in-progress. 3. Completed — When the job has completed successfully. 4. Completed with errors — When the job has completed with errors. 5. Failed — When the job has failed. For more details, see the results file on the USB device.
21 Using iDRAC Quick Sync A few 13 th generation Dell PowerEdge servers have the Quick Sync bezel that supports the Quick Sync feature. This feature enables at-the-server management with a mobile device. This allows you to view inventory and monitoring information and configure basic iDRAC settings (such as root credential setup and configuration of the first boot device) using the mobile device. You can configure iDRAC Quick Sync access for your mobile device (example, OpenManage Mobile) in iDRAC.
You must have Server Control privilege to configure the settings. A server reboot is not required for the settings to take effect. An entry is logged to the Lifecycle Controller log when the configuration is modified. Configuring iDRAC Quick Sync Settings Using Web Interface To configure iDRAC Quick Sync: 1. In the iDRAC Web interface, go to Overview > Hardware > Front Panel. 2.
22 Deploying Operating Systems You can use any of the following utilities to deploy operating systems to managed systems: ● Virtual Media Command Line Interface (CLI) ● Virtual Media Console ● Remote File Share Related tasks Deploying Operating System Using VMCLI on page 259 Deploying Operating System Using Remote File Share on page 260 Deploying Operating System Using Virtual Media on page 263 Topics: • • • • Deploying Deploying Deploying Deploying Operating System Using VMCLI Operating System Using Rem
NOTE: The vmdeploy script processes the -r option slightly differently than the vmcli -r option. If the argument to the -r option is the name of an existing file, the script reads iDRAC IPv4 or IPv6 addresses from the specified file and runs the utility once for each line. If the argument to the -r option is not a filename, then it should a single iDRAC address. In this case, the -r works as described for the VMCLI utility. The following table describes the vmdeploy command parameters. Table 32.
3. Set the boot order in the First Boot Device drop-down list to Remote File Share. 4. Select the Boot Once option to enable the managed system to reboot using the image file for the next instance only. 5. Click Apply. 6. Reboot the managed system and follow the on-screen instructions to complete the deployment.
NOTE: Both '/' or '\' characters can be used for the file path. CIFS supports both IPv4 and IPv6 addresses but NFS supports only IPv4 address. If you are using NFS share, make sure that you provide the exact and as it is case-sensitive. The following characters are supported for image file path, user name and password: ● Uppercase characters ● Lowercase characters ● Digits from 0–9 ● _, -, ?, <, >, /, \, :, *, |, @ ● Whitespace NOTE: While specifying the network share settings, it i
Deploying Operating System Using Virtual Media Before you deploy the operating system using Virtual Media, make sure that: ● Virtual Media is in Attached state for the virtual drives to appear in the boot sequence. ● If Virtual Media is in Auto Attached mode, the Virtual Media application must be launched before booting the system. ● Network share contains drivers and operating system bootable image file, in an industry standard format such as .img or .iso.
3. Set the Internal USB Port to On. If it is set to Off, the IDSDM is not available as a boot device. 4. If redundancy is not required (single SD card), set Internal SD Card Port to On and Internal SD Card Redundancy to Disabled. 5. If redundancy is required (two SD cards), set Internal SD Card Port to On and Internal SD Card Redundancy to Mirror. 6. Click Back and click Finish. 7. Click Yes to save the settings and press to exit System Setup.
23 Troubleshooting Managed System Using iDRAC You can diagnose and troubleshoot a remote managed system using: ● Diagnostic console ● Post code ● Boot and crash capture videos ● Last system crash screen ● System event logs ● Lifecycle logs ● Front panel status ● Trouble indicators ● System health Related tasks Using Diagnostic Console on page 265 Scheduling Remote Automated Diagnostics on page 266 Viewing Post Codes on page 267 Viewing Boot and Crash Capture Videos on page 267 Viewing Logs on page 267 Viewi
2. In the Command text box, enter a command and click Submit. For information about the commands, see the iDRAC Online Help. The results are displayed on the same page. Scheduling Remote Automated Diagnostics You can remotely invoke automated offline diagnostics on a server as a one-time event and return the results. If the diagnostics require a reboot, you can reboot immediately or stage it for a subsequent reboot or maintenance cycle (similar to updates).
Viewing Post Codes Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from power-on-reset, and allows you to diagnose any faults related to system boot-up. The Post Codes page displays the last system post code prior to booting the operating system. To view the Post Codes, go to Overview > Server > Troubleshooting > Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code.
Related concepts Enabling Last Crash Screen on page 78 Viewing Front Panel Status The Front Panel on the managed system summarizes the status of the following components in the system: ● Batteries ● Fans ● Intrusion ● Power Supplies ● Removable Flash Media ● Temperatures ● Voltages You can view the status of the front panel of the managed system: ● For rack and tower servers: LCD front panel and system ID LED status or LED front panel and system ID LED status. ● For blade servers: Only system ID LEDs.
● ● ● ● Loss of network connectivity Hard drive failure USB media failure Physical damage Based on the problem, use the following methods to correct the problem: ● Reseat the module or component and restart the system ● In case of a blade server, insert the module into a different bay in the chassis ● Replace hard drives or USB flash drives ● Reconnect or replace the power and network cables If problem persists, see the Hardware Owner’s Manual for specific troubleshooting information about the hardware de
● ● ● ● ● System, Lifecycle Controller, and component attributes Operating system and application information Active Lifecycle Controller logs (archived entries are not included) PCIe SSD logs Storage controller logs After the report is generated, you can view the report. It contains a bunch of XML files and log files. The report must be shared with tech support to troubleshoot the issue. Each time the data collection is performed, an event is recorded in the Lifecycle Controller log.
Generating Technical Support Report Manually When iSM is not installed, you can manually run the OS collector tool to generate the Technical Support Report. You must run OS Collector tool on the server OS to export the OS and application data. A virtual USB device labeled DRACRW appears in the server operating system. This device contains the OS Collector file that is specific for the host operating system.
If OS Collector tool was not run on the system, then the OS and Application Data option is grayed-out and it is not selectable. The message OS and Application Data (Timestamp: Never) is displayed. If OS Collector was run on the system in the past, then the timestamp displays when the operating system and application data was last collected: Last Collected: 3. Click Attach OS Collector. You are directed to access the host OS. A message asking you to launch Virtual Console is displayed. 4.
● Lifecycle Controller Data ● Embedded Diagnostics ● Embedded OS Driver Pack ● BIOS reset to default ● iDRAC reset to default Before performing system erase, make sure that: ● You have iDRAC Server Control privilege. ● Lifecycle Controller is enabled. The Lifecycle Controller Data option erases any content such as the LC Log, configuration database, rollback firmware, factory as-shipped logs, and the configuration information from the FP SPI (or management riser).
24 Frequently Asked Questions This section lists the frequently asked questions for the following: ● System Event Log ● Network Security ● Active Directory ● Single Sign On ● Smart Card Login ● Virtual Console ● Virtual Media ● vFlash SD Card ● SNMP Authentication ● Storage Devices ● iDRAC Service Module ● RACADM ● Miscellaneous Topics: • • • • • • • • • • • • • System Event Log Network Security Active Directory Single Sign-On Smart Card Login Virtual Console Virtual Media vFlash SD Card SNMP Authenticati
iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. This certificate is not issued by a trusted CA. To resolve this, upload a iDRAC server certificate issued by a trusted CA (for example, Microsoft Certificate Authority, Thawte or Verisign). Why the DNS server not registering iDRAC? Some DNS servers register iDRAC names that contain only up to 31 characters.
Certificate validation fails even if IP address is used as the domain controller address. How to resolve this? Check the Subject or Subject Alternative Name field of your domain controller certificate. Normally, Active Directory uses the host name and not the IP address of the domain controller in the Subject or Subject Alternative Name field of the domain controller certificate.
1. Run the technet.microsoft.com/en-us/library/dd560670(WS.10).aspx for the domain controller and domain policy. 2. Configure the computers to use the DES-CBC-MD5 cipher suite. These settings may affect compatibility with client computers or services and applications in your environment. The Configure encryption types allowed for Kerberos policy setting is located at Computer Configuration > Security Settings > Local Policies > Security Options. 3. 4. 5. 6.
Virtual Console Virtual Console session is active even if you have logged out of iDRAC Web interface. Is this the expected behavior? Yes. Close the Virtual Console Viewer window to log out of the corresponding session. Can a new remote console video session be started when the local video on the server is turned off? Yes.
This message is generated by Microsoft to alert the user that Virtual Console is enabled.To make sure that this message does not appear, always turn off Virtual Console in the iDRAC Settings utility before remotely installing an operating system.
When launching both the GUI and Virtual Console to the same iDRAC system on a management station, a session time-out for the iDRAC GUI occurs if the GUI is launched before the popup closes. If the iDRAC GUI is launched from the CMC Web interface after the popup with the Virtual Console closed, this issue does not appear. Why does Linux SysRq key not work with Internet Explorer? The Linux SysRq key behavior is different when using Virtual Console from Internet Explorer.
You can also boot with a Windows 98 startup disk and copy system files from the startup disk to the USB key. For example, from the DOS prompt, type the following command: sys a: x: /s where, x: is the USB key that is required to be set as a bootable device. The Virtual Media is attached and connected to the remote floppy. But, cannot locate the Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE Linux operating system.
To maximize Virtual Media performance, launch the Virtual Media with the Virtual Console disabled or do one of the following: ● Change the performance slider to Maximum Speed. ● Disable encryption for both Virtual Media and Virtual Console. NOTE: In this case, the data transfer between managed server and iDRAC for Virtual Media and Virtual Console will not be secured. ● If you are using any Windows server operating systems, stop the Windows service named Windows Event Collector.
Run the service.msc command. In the list of services displayed, see if there is a service called DSM iDRAC Service Module. ● On Linux: Run the command /etc/init.d/dcismeng status. If the iDRAC Service Module is installed and running, the status displayed is running. NOTE: Use the systemctl status dcismeng.service command instead of the init.d command to check if the iDRAC Service Module is installed on RedHat Enterprise Linux 7 operating system.
NOTE: You can reinstall iDRAC Service Module on the Vmware ESXi server as this is not a functional issue for the server. Where is the Replicated LifeCycle log available on the Operating System? To view the replicated Lifecycle logs: Operating System Location Microsoft Windows Event viewer > Windows Logs > System. All the iDRAC Service Module Lifecycle logs are replicated under the source name iDRAC Service Module.
● iDRAC is reset. ● A new SSL server certificate is uploaded. Why is an error message displayed if you try to delete a partition after creating it using local RACADM? This occurs because the create partition operation is in-progress. However, the partition is deleted after sometime and a message that the partition is deleted is displayed. If not, wait until the create partition operation is completed and then delete the partition.
For blade servers: ● Make sure that the LAN cable is connected to CMC. ● Make sure that NIC settings, IPv4 or IPv6 settings, and either Static or DHCP is enabled for your network. For rack and tower servers: ● In shared mode, make sure the LAN cable is connected to the NIC port where the wrench symbol is present. ● In Dedicated mode, make sure the LAN cable is connected to the iDRAC LAN port. ● Make sure that NIC settings, IPv4 and IPv6 settings and either Static or DHCP is enabled for your network.
25 Use Case Scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
Generating Technical Support Report on page 269 Inventory and Monitoring Storage Devices on page 183 Using iDRAC Service Module on page 248 Obtaining System Information and Assess System Health To obtain system information and assess system health: ● In iDRAC Web interface, go to Overview > Server > System Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan.
● Dell Remote Access Configuration Tool (DRACT) Performing Graceful Shutdown To perform graceful shutdown, in iDRAC Web interface, go to one of the following locations: ● Overview > Server > Power/Thermal > Power Configuration > Power Control. The Power Control page is displayed. Select Graceful Shutdown and click Apply. ● Overview > Server > Power/Thermal > Power Monitoring. From the Power Control drop-down menu, select Graceful Shutdown and click Apply. For more information, see the iDRAC Online Help.
NOTE: It is recommended that you set a cap close to the peak, and then use that capped level to determine how much capacity is remaining in the rack for adding more servers. Installing New Electronic License See License Operations for more information.
