Integrated Dell Remote Access Controller 8 Version 2.75.75.75 User’s Guide June 2020 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Overview.......................................................................................................................14 Benefits of using iDRAC with Lifecycle Controller...........................................................................................................14 Key features..........................................................................................................................................................................
Chapter 3: Setting up managed system and management station...................................................... 38 Setting up iDRAC IP address............................................................................................................................................. 38 Setting up iDRAC IP using iDRAC settings utility...................................................................................................... 39 Setting up iDRAC IP using CMC web interface..........................
Chapter 4: Configuring iDRAC........................................................................................................76 Viewing iDRAC information................................................................................................................................................ 77 Viewing iDRAC information using web interface....................................................................................................... 77 Viewing iDRAC information using RACADM..............
Configuring multiple iDRACs using RACADM..................................................................................................................96 Creating an iDRAC configuration file...........................................................................................................................97 Disabling access to modify iDRAC configuration settings on host system..................................................................
Chapter 7: Configuring user accounts and privileges.......................................................................123 Recommended characters in user names and passwords............................................................................................123 Configuring local users...................................................................................................................................................... 124 Configuring local users using iDRAC web interface.............
Setting alert recurrence events using RACADM..................................................................................................... 152 Setting event actions........................................................................................................................................................ 152 Setting event actions using web interface...............................................................................................................
Inventorying and monitoring network devices............................................................................................................... 169 Monitoring network devices using web interface....................................................................................................169 Monitoring network devices using RACADM........................................................................................................... 170 Inventorying and monitoring FC HBA devices..........
Controller operations in non-RAID - HBA mode......................................................................................................205 Running RAID configuration jobs on multiple storage controllers......................................................................... 205 Managing PCIe SSDs........................................................................................................................................................206 Inventorying and monitoring PCIe SSDs..........
Mapping virtual drive................................................................................................................................................... 231 Unmapping virtual drive.............................................................................................................................................. 232 Setting boot order through BIOS....................................................................................................................................
Using iDRAC Service Module on Windows Nano OS....................................................................................................261 Chapter 20: Using USB port for server management...................................................................... 262 Accessing iDRAC interface over direct USB connection.............................................................................................262 Configuring iDRAC using server configuration profile on USB device.........................
Resetting iDRAC to factory default settings using iDRAC settings utility............................................................281 Chapter 24: Frequently asked questions........................................................................................283 System Event Log.............................................................................................................................................................283 Network security.....................................................
1 Overview The Integrated Dell Remote Access Controller (iDRAC) is designed to make server administrators more productive and improve the overall availability of Dell servers. iDRAC alerts administrators to server issues, helps them perform remote server management, and reduces the need for physical access to the server. iDRAC with Lifecycle Controller technology is part of a larger data center solution that helps keep business critical applications and workloads available always.
• Enhanced Embedded Management through Lifecycle Controller – Lifecycle Controller provides deployment and simplified serviceability through Lifecycle Controller GUI for local deployment and Remote Services (WS-Management) interfaces for remote deployment integrated with Dell OpenManage Essentials and partner consoles. For more information on Lifecycle Controller GUI, see Lifecycle Controller User’s Guide and for remote services, see Lifecycle Controller Remote Services User’s Guide available at dell.
○ PCIe SSD devices: ▪ Inventory and remotely monitor the health of PCIe SSD devices in the server. ▪ Prepare the PCIe SSD to be removed. ▪ Securely erase the data. ○ Set the backplane mode (unified or split mode). ○ Blink or unblink component LEDs. ○ Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update • • • • • • • Manage iDRAC licenses.
• • • • • • • • • Single Sign-On and Public Key Authentication. Role-based authorization, to configure specific privileges for each user. SNMPv3 authentication for user accounts stored locally in the iDRAC. It is recommended to use this, but it is disabled by default. User ID and password configuration. Default login password modification. Set user passwords and BIOS passwords using one-way hash format for improved security. FIPS 140-2 Level 1 capability. Support for TLS 1.2, 1.1, and 1.0.
Managing licenses iDRAC features are available based on the purchased license (Basic Management, iDRAC Express, or iDRAC Enterprise). Only licensed features are available in the interfaces that allow you to configure or use iDRAC. For example, iDRAC Web interface, RACADM, WSMAN, OpenManage Server Administrator, and so on. Some features, such as dedicated NIC or vFlash requires iDRAC ports card. This is optional on 200-500 series servers.
Importing license after replacing motherboard You can use the Local iDRAC Enterprise License Installation Tool if you have recently replaced the motherboard and need to reinstall the iDRAC Enterprise license locally (with no network connectivity) and activate the dedicated NIC. This utility installs a 30-day trial iDRAC Enterprise license and allows you to reset the iDRAC to change from shared NIC to dedicated NIC.
Table 1.
Table 1.
Table 1.
Table 1.
Interfaces and protocols to access iDRAC The following table lists the interfaces to access iDRAC. NOTE: Using more than one interface at the same time may generate unexpected results. Table 2. Interfaces and protocols to access iDRAC Interface or Protocol Description iDRAC Settings Utility Use the iDRAC Settings utility to perform pre-OS operations. It has a subset of the features that are available in iDRAC web interface along with other features.
Table 2. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description NOTE: Telnet is not a secure protocol and is disabled by default. Telnet transmits all data, including passwords in plain text. When transmitting sensitive information, use the SSH interface. SSH Use SSH to run RACADM and SMCLP commands. It provides the same capabilities as the Telnet console using an encrypted transport layer for higher security. The SSH service is enabled by default on iDRAC.
Table 3. Ports iDRAC listens for connections (continued) Port number Type Function Configurable port Maximum encryption level 443 TCP HTTPS Yes 256-bit SSL 623 UDP RMCP/RMCP+ No 128-bit SSL 5900 TCP Virtual console keyboard and mouse redirection, Virtual Media, Virtual folders, and Remote File Share Yes 128-bit SSL 5901 TCP VNC Yes 128-bit SSL NOTE: Port 5901 opens when VNC feature is enabled. The following table lists the ports that iDRAC uses as a client. Table 4.
• • • • • • The iDRAC Service Module User's Guide provides information to install the iDRAC Service Module. The Dell OpenManage Server Administrator Installation Guide contains instructions to help you install Dell OpenManage Server Administrator. The Dell OpenManage Management Station Software Installation Guide contains instructions to help you install Dell OpenManage management station software that includes Baseboard Management Utility, DRAC Tools, and Active Directory Snap-In.
• From the Dell EMC Support site: 1. Go to https://www.dell.com/support. 2. Click Browse all products. 3. From All products page, click Software, and then click the required link from the following: ○ Analytics ○ Client Systems Management ○ Enterprise Applications ○ Enterprise Systems Management ○ Mainframe ○ Operating Systems ○ Public Sector Solutions ○ Serviceability Tools ○ Support ○ Utilities ○ Virtualization Solutions 4.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. The default user name is root and the default password is calvin. You can also log in using Single Sign-On or Smart Card. NOTE: • You must have Login to iDRAC privilege to log in to iDRAC. • iDRAC GUI does not support browser buttons such as Back, Forward, or Refresh.
NOTE: If the default HTTPS port number (port 443) was changed, enter: https://[iDRAC-IP-address]:[portnumber] where, [iDRAC-IP-address] is the iDRAC IPv4 or IPv6 address and [port-number] is the HTTPS port number. The Login page is displayed. 3. For a local user: • • In the Username and Password fields, enter your iDRAC user name and password. From the Domain drop-down menu, select This iDRAC. 4.
NOTE: If the default HTTPS port number (port 443) has been changed, type: https://[IP address]:[port number] where, [IP address] is the IP address for the iDRAC and [port number] is the HTTPS port number. 2. Insert the Smart Card into the reader and click Login. A prompt is displayed for the Smart Card’s PIN. A password in not required. 3. Enter the Smart Card PIN for local Smart Card users. You are logged in to the iDRAC.
Related concepts Configuring iDRAC SSO login for Active Directory users on page 145 Logging in to iDRAC SSO using iDRAC web interface Before logging in to iDRAC using Single Sign-On, make sure that: • • You have logged in to your system using a valid Active Directory user account. Single Sign-On option is enabled during Active Directory configuration. To log in to iDRAC using web interface: 1. Log in to your management station using a valid Active Directory account. 2.
2. Find the location of the default CA certificate bundle on the management station. For example, for RHEL5 64 bit, it is /etc/pki/tls/ cert.pem. 3. Append the PEM formatted CA certificate to the management station CA certificate. For example, use the cat command: cat testcacert.pem >> cert.pem 4. Generate and upload the server certificate to iDRAC.
Table 5. Multiple iDRAC sessions Interface Number of Sessions iDRAC Web Interface 6 Remote RACADM 4 Firmware RACADM / SMCLP SSH - 2 Telnet - 2 Serial - 1 Changing default login password The warning message that allows you to change the default password is displayed if: • • • • You log in to iDRAC with Configure User privilege. Default password warning feature is enabled. Credentials for any currently enabled account are root/calvin. Force Change of Password (FCP) is enabled.
NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user names and passwords on page 123. Changing default login password using iDRAC settings utility To change the default login password using iDRAC Settings Utility: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings.User Configuration page is displayed. 2. In the Change Password field, enter the new password.
NOTE: When consecutive login attempts are refused from the client IP address, some SSH clients may display the following message: ssh exchange identification: Connection closed by remote host . Table 6. Login Retry Restriction Properties Property Definition Enables the IP blocking feature. When consecutive failures ( iDRAC.IPBlocking.BlockEnable iDRAC.IPBlocking.FailCount ) from a single IP address are encountered within a specific amount of time ( iDRAC.IPBlocking.
Table 7. iDRAC web interface behavior with incorrect login attempts (continued) Login attempts Blocking (seconds) Error logged (USR0003 4) Third incorrect login 600 Yes GUI display message • • RAC0212: Login failed. Verify that username and password is correct. Login delayed for 600 seconds. SNMP alert (if enabled) Yes Try again button is disabled for 600 seconds. NOTE: By default, the fail counter resets after 600 seconds.
3 Setting up managed system and management station To perform out-of-band systems management using iDRAC, you must configure iDRAC for remote accessibility, set up the management station and managed system, and configure the supported web browsers. NOTE: In case of blade servers, install CMC and I/O modules in the chassis and physically install the system in the chassis before performing the configurations. Both iDRAC Express and iDRAC Enterprise ship from the factory with a default static IP address.
• • Chassis or Server LCD panel (see the system’s Hardware Owner’s Manual) NOTE: In case of blade servers, you can configure the network setting using the Chassis LCD panel only during initial configuration of CMC. After the chassis is deployed, you cannot reconfigure iDRAC using the Chassis LCD panel. CMC Web interface (see Dell Chassis Management Controller Firmware User’s Guide) In case of rack and tower servers, you can set up the IP address or use the default iDRAC IP address 192.168.0.
NOTE: For information about the options, see the iDRAC Settings Utility Online Help. 1. Under Enable NIC, select the Enabled option. 2. From the NIC Selection drop-down menu, select one of the following ports based on the network requirement: • Dedicated — Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC).
5. Under Network Speed, select either 10 Mbps or 100 Mbps. NOTE: You cannot manually set the Network Speed to 1000 Mbps. This option is available only if Auto Negotiation option is enabled. 6. Under Duplex Mode, select Half Duplex or Full Duplex option. NOTE: If you enable Auto Negotiation, this option is grayed-out. Common settings If network infrastructure has DNS server, register iDRAC on the DNS.
3. In the Encryption Key box, enter the encryption key in the format 0 to 40 hexadecimal characters (without any blanks characters.) The default value is all zeros. VLAN settings You can configure iDRAC into the VLAN infrastructure. To configure VLAN settings, perform the following steps: NOTE: On blade servers that are set as Chassis (Dedicated), the VLAN settings are read-only and can be changed only using CMC. If the server is set in shared mode, you can configure VLAN settings in shared mode in iDRAC.
1. Turn on the managed system. 2. During POST, press F2, and go to iDRAC Settings > Remote Enablement. The iDRAC Settings Remote Enablement page is displayed. 3. Enable auto-discovery, enter the provisioning server IP address, and click Back. NOTE: Specifying the provisioning server IP is optional. If it is not set, it is discovered using DHCP or DNS settings (step 7). 4. Click Network. The iDRAC Settings Network page is displayed. 5. Enable NIC. 6. Enable IPv4.
4. config.xml — If the option 60 filename, service tag-based, and model number-based files are not available, use the default config.xml file. NOTE: To set the workload profile along with other attributes using SCP, ensure that you run the SCP import job twice to get the correct configuration changes. NOTE: If none of these files are on the network share, then the server configuration profile import job is marked as failed for file not found. For iDRAC firmware 2.70.70.
The DHCP Option 60 identifies and associates a DHCP client with a particular vendor. Any DHCP server configured to take action based on a client’s vendor ID should have Option 60 and Option 43 configured. With Dell PowerEdge servers, the iDRAC identifies itself with vendor ID: iDRAC. Therefore, you must add a new ‘Vendor Class’ and create a ‘scope option’ under it for ‘code 60,’ and then enable the new scope option for the DHCP server.
• • • NOTE: For more information on file naming rules, see Configuring servers and server components using Auto Config. Sharename (-n) — Indicates the name of the network share. ShareType (-s) — Indicates the share type. 0 indicates NFS and 2 indicates CIFS. NOTE: Alongside supporting NFS and CIFS-based file sharing, iDRAC firmware also supports accessing profile files by using HTTP and HTTPS.
• • ShareType (-s) — Indicates the share type. 0 indicates NFS, 2 indicates CIFS, 5 indicates HTTP, and 6 indicates HTTPS. IPAddress (-i) — Indicates the IP address of the file share. NOTE: Sharename (-n), ShareType (-s), and IPAddress (-i) are required attributes that must be passed. • • Username (-u) — Indicates the user name required to access the network share. This information is required only for CIFS. Password (-p) — Indicates the password required to access the network share.
Enabling Auto Config using RACADM To enable Auto Config feature using RACADM, use the iDRAC.NIC.AutoConfig object. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. For more information on the Auto Config feature, see the Zero-Touch Bare Metal Server Provisioning using Dell iDRAC with Lifecycle Controller Auto Config white paper available at the delltechcenter.com/idrac.
3. After setting the password, the normal plain text password authentication works except that SNMP v3 and IPMI authentication fails for iDRAC user accounts that had passwords updated with hash. Setting up management station A management station is a computer used for accessing iDRAC interfaces to remotely monitor and manage the PowerEdge server(s). To set up the management station: 1. 2. 3. 4. Install a supported operating system. For more information, see the release notes.
Modifying local administrator account settings After setting the iDRAC IP address, you can modify the local administrator account settings (that is, user 2) using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings User Configuration page is displayed. 2. Specify the details for User Name, LAN User Privilege, Serial Port User Privilege, and Change Password. For information about the options, see the iDRAC Settings Utility Online Help. 3.
1. In the iDRAC Web interface, go to Overview > Hardware > Fans > Setup. The Fan Setup page is displayed. 2. Specify the following: • Thermal Profile — Select the thermal profile: ○ Default Thermal Profile Settings — Implies that the thermal algorithm uses the same system profile settings that is defined under System BIOS > System BIOS Settings.System Profile Settings page. By default, this is set to Default Thermal Profile Settings.
The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting during system reboot, power cycling, iDRAC, or BIOS updates. A few Dell servers may or may not support some or all of these custom user cooling options. If the options are not supported, they are not displayed or you cannot provide a custom value. 3. Click Apply to apply the settings.
Table 8. Thermal Settings (continued) Object Description Usage Example Make sure to specify the value depending on the type of object. For more information, see RACADM help. To set the limit to the default value: racadm set system.thermalsettin gs.AirExhaustTemp 255 FanSpeedHighOffsetVal • • • Values from 0-100 Getting this variable reads the fan speed offset value in %PWM for High Fan Speed Offset setting. This value depends on the system.
Table 8. Thermal Settings (continued) Object Description Usage Example results in fan speed increasing to full speed. racadm set system.thermalsettin gs FanSpeedOffset 3 FanSpeedMediumOffsetVa l • • • Values from 0-100 Getting this variable reads the fan speed offset value in %PWM for Medium Fan Speed Offset setting. This value depends on the system. Use FanSpeedOffset object to set this value using index value 2 racadm get system.
Table 8. Thermal Settings (continued) Object Description Usage Example MFSMinimumLimit Read Minimum limit for MFS Values from 0 to MFSMaximumLimit To display the lowest value that can be set using MinimumFanSpeed option. Default is 255 (means None) racadm get system.thermalsettin gs.MFSMinimumLimit MinimumFanSpeed • • • ThermalProfile • • Allows configuring the Minimum Fan speed that is required for the system to operate.
The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting during system reboot, power cycling, iDRAC, or BIOS updates. A few Dell servers may or may not support some or all of these custom user cooling options. If the options are not supported, they are not displayed or you cannot provide a custom value. 3. Click Back, click Finish, and then click Yes. The thermal settings are configured.
Configuring Internet Explorer to enable Active Directory SSO To configure the browser settings for Internet Explorer: 1. In Internet Explorer, navigate to Local Intranet and click Sites. 2. Select the following options only: • • Include all local (intranet) sites not listed on other zones. Include all sites that bypass the proxy server. 3. Click Advanced. 4. Add all relative domain names that will be used for iDRAC instances that is part of the SSO configuration (for example, myhost.example.com.) 5.
NOTE: On Windows, the "compat-libstdc++-33-3.2.3-61" related package may be included in the .NET framework package or the operating system package. 6. If you are using MAC operating system, select the Enable access for assistive devices option in the Universal Access window. For more information, see the MAC operating system documentation.
Internet explorer is available in both 32–bit and 64–bit versions on 64–bit browsers. You can use any version, but if you install the plug-in in the 64–bit browser, and then try to run the viewer in a 32–bit browser you have to install the plug-in again. NOTE: You can use ActiveX plug-in only with Internet Explorer.
Clearing browser cache If you have issues when operating the Virtual Console, (out of range errors, synchronization issues, and so on) clear the browser’s cache to remove or delete any old versions of the viewer that may be stored on the system and try again. NOTE: You must have administrator privilege to clear the browser’s cache. Clearing earlier Java versions To clear older versions of Java viewer in Windows or Linux, do the following: 1. At the command prompt, run javaws-viewer or javaws-uninstall.
• Simplified Chinese (zh-cn) The ISO identifiers in parentheses denote the supported language variants. For some supported languages, resizing the browser window to 1024 pixels wide is required to view all features. iDRAC Web interface is designed to work with localized keyboards for the supported language variants. Some features of iDRAC Web interface, such as Virtual Console, may require additional steps to access certain functions or letters.
Table 9. Image file types and dependencies .D7 Image iDRAC DUP Interface Supported Requires LC enabled Supported Requires LC enabled BMCFW64.
When you check for updates, the version marked as Available does not always indicate that it is the latest version available. Before you install the update, ensure that the version you choose to install is newer than the version currently installed. If you want to control the version that iDRAC detects, create a custom repository using Dell Repository Manager (DRM) and configure iDRAC to use that repository to check for updates.
Updating firmware using repository A repository is a storage location where update packages can be stored and accessed. Dell Repository Manager (DRM) allows you to create and manage a repository that iDRAC can check for updates. There are several advantages of creating and using custom firmware update repositories because it provides complete control of which devices or components are updated. Using iDRAC, you can perform repository update in either attended or fully attended mode.
The Firmware Update page is displayed. 2. On the Update tab, select the desired option in File Location—FTP, TFTP, or HTTP. 3. Enter the required details in the fields that are displayed. For information about the fields, see the iDRAC Online Help. 4. Click Check for Update. 5. After the upload is complete, the Update Details section displays a comparison report showing the current firmware versions and the firmware versions available in the repository.
Related concepts Updating device firmware on page 61 Viewing and managing staged updates on page 68 Scheduling automatic firmware update using web interface To schedule automatic firmware update using web Interface: NOTE: Do not create the next scheduled occurrence of an automatic update job if a job is already Scheduled. It overwrites the current scheduled job. 1. In the iDRAC web interface, go to Overview > iDRAC Settings > Update and Rollback. The Firmware Update page is displayed. 2.
• To view the current firmware update schedule: racadm AutoUpdateScheduler view • To disable automatic firmware update: racadm set lifecycleController.lcattributes.AutoUpdate.Enable 0 • To clear the schedule details: racadm AutoUpdateScheduler clear Updating firmware using CMC web interface You can update iDRAC firmware for blade servers using the CMC Web interface. To update iDRAC firmware using the CMC Web interface: 1. Log in to CMC Web interface. 2. Go to Server > Overview > .
• Using fwupdate command: racadm -r -u -p fwupdate –f –d path • the location on the FTP server where firmimg.d7 is stored. Using update command: racadm -r -u -p update —f For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Related tasks Updating device firmware on page 61 Viewing and managing staged updates using iDRAC web interface To view the list of scheduled jobs using iDRAC web interface, go to Overview > Server > Job Queue. The Job Queue page displays the status of jobs in the Lifecycle Controller job queue. For information about the displayed fields, see the iDRAC Online Help. To delete job(s), select the job(s) and click Delete.
• Lifecycle Controller-Remote Services Related tasks Rollback firmware using iDRAC web interface on page 70 Rollback firmware using CMC web interface on page 70 Rollback firmware using RACADM on page 70 Rollback firmware using Lifecycle Controller on page 71 Rollback firmware using Lifecycle Controller-Remote Services on page 71 Rollback firmware using iDRAC web interface To roll back device firmware: 1. In the iDRAC Web interface, go to Overview > iDRAC Settings > Update and Rollback > Rollback.
Rollback firmware using Lifecycle Controller For information, see Lifecycle Controller User’s Guide available at dell.com/idracmanuals. Rollback firmware using Lifecycle Controller-Remote Services For information, see Lifecycle Controller Remote Services Quick Start Guide available at dell.com/idracmanuals. Recovering iDRAC iDRAC supports two operating system images to make sure a bootable iDRAC.
○ vFlash SD card is inserted, enabled, and initialized. ○ vFlash SD card has at least 100 MB free space to store the backup file. The backup file contains encrypted user sensitive data, configuration information, and firmware images that you can use for import server profile operation. Backup events are recorded in the Lifecycle Log.
4. Select one of the following to save the backup file image: • Network to save the backup file image on a CIFS or NFS share. NOTE: CIFS supports both IPv4 and IPv6 addresses and NFS supports only IPv4 address. • vFlash to save the backup file image on the vFlash card. 5. Enter the backup file name and encryption passphrase (optional). 6. If Network is selected as the file location, enter the network settings.
When the import is in-progress, if you initiate an import operation again, the following error message is displayed: Restore is already running Import events are recorded in the Lifecycle Log. Easy Restore NOTE: Easy Restore is available only on 13th generation PowerEdge servers that have the Easy Restore flash memory. Easy Restore is not available on PowerEdge R930.
Importing server profile using RACADM To import the server profile using RACADM, use the systemconfig restore command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Restore operation sequence The restore operation sequence is: 1. 2. 3. 4. 5. 6. 7. 8. Host system shuts down. Backup file information is used to restore the Lifecycle Controller. Host system turns on. Firmware and configuration restore process for the devices is completed.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see Managing licenses.
Managing vFlash SD card on page 237 Setting first boot device on page 86 Enabling or disabling OS to iDRAC Pass-through on page 87 Related tasks Configuring iDRAC to send alerts on page 149 Topics: • • • • • • • • • • • • • Viewing iDRAC information Modifying network settings Cipher suite selection FIPS mode Configuring services Using VNC client to manage remote server Configuring front panel display Configuring time zone and NTP Setting first boot device Enabling or disabling OS to iDRAC Pass-through Obt
Modifying network settings using web interface To modify the iDRAC network settings: 1. In the iDRAC Web interface, go to Overview > iDRAC Settings > Network. The Network page is displayed. 2. Specify the network settings, common settings, IPv4, IPv6, IPMI, and/or VLAN settings as per your requirement and click Apply.
Configure IP filtering using iDRAC web interface You must have Configure privilege to perform these steps. To configure IP filtering: 1. In iDRAC Web interface, go to Overview > iDRAC Settings > Network > Network. The Network page is displayed. 2. Click Advanced Settings. The Network Security page is displayed. 3. Specify the IP filtering settings. For more information about the options, see iDRAC Online Help. 4. Click Apply to save the settings.
Configuring cipher suite selection using iDRAC web interface CAUTION: Using OpenSSL Cipher Command to parse strings with invalid syntax may lead to unexpected errors. CAUTION: This is an advanced security option.
NOTE: If you reinstall or upgrade iDRAC firmware, FIPS mode gets disabled. Enabling FIPS mode using web interface 1. 2. 3. 4. On the iDRAC web interface, navigate to Overview > iDRAC Settings > Network. Click Advanced Settings next to Options. In FIPS Mode, select Enabled and click Apply. A message appears prompting you to confirm the change. Click OK. iDRAC restarts in FIPS mode. Wait for at least 60 seconds before you reconnect to iDRAC. 5. Install a trusted certificate for iDRAC.
NOTE: Do not select the Prevent this page from creating additional dialogs check-box. Selecting this option prevents you from configuring services. Configuring services using RACADM To enable and configure services using RACADM, use the set command with the objects in the following object groups: • • • • • • • iDRAC.LocalSecurity iDRAC.LocalSecurity iDRAC.SSH iDRAC.Webserver iDRAC.Telnet iDRAC.Racadm iDRAC.
Configuring TLS using RACADM To check the version of TLS configured: racadm get idrac.webserver.tlsprotocol To set the version of TLS: racadm set idrac.webserver.tlsprotocol =0 TLS 1.0 and Higher =1 TLS 1.1 and Higher =2 TLS 1.2 Only Using VNC client to manage remote server You can use a standard open VNC client to manage the remote server using both desktop and mobile devices such as Dell Wyse PocketCloud.
Configuring VNC server using RACADM To configure the VNC server, use the set command with the objects in VNCserver. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Setting up VNC viewer with SSL encryption While configuring the VNC server settings in iDRAC, if the SSL Encryption option was enabled, then the SSL tunnel application must be used along with the VNC Viewer to establish the SSL encrypted connection with iDRAC VNC server.
• • • • • • • • DRAC IPv4 Address DRAC IPv6 Address System Power Ambient Temperature System Model Host Name User Defined None If you select User Defined, enter the required message in the text box. If you select None, home message is not displayed on the server LCD front panel. 3. Enable Virtual Console indication (optional). If enabled, the Live Front Panel Feed section and the LCD panel on the server displays the Virtual console session active message when there is an active Virtual Console session. 4.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Configuring time zone and NTP You can configure the time zone on iDRAC and synchronize the iDRAC time using Network Time Protocol (NTP) instead of BIOS or host system times. You must have Configure privilege to configure time zone or NTP settings. Configuring time zone and NTP using iDRAC web interface To configure time zone and NTP using iDRAC web interface: 1.
2. Select the required first boot device from the drop-down list, and click Apply. The system boots from the selected device for subsequent reboots. 3. To boot from the selected device only once on the next boot, select Boot Once. Thereafter, the system boots from the first boot device in the BIOS boot order. For more information about the options, see the iDRAC Online Help. Setting first boot device using RACADM • • To set the first boot device, use the iDRAC.ServerBoot.FirstBootDevice object.
• iDRAC Settings utility (pre-operating system environment) If the network configuration is changed through iDRAC Web interface, you must wait for at least 10 seconds before enabling OS to iDRAC Pass-through. If you are using the XML configuration file through RACADM or WSMAN and if the network settings are changed in this file, then you must wait for 15 seconds to either enable OS to iDRAC Pass-through feature or set the OS Host IP address.
• • • • Intel 10 GB NDC. Intel rNDC with two controllers – 10G controllers does not support. Qlogic bNDC PCIe, Mezzanine, and Network Interface Cards.
On the host system, while installing RHEL 5.9 operating system, the USB NIC pass-through mode is in disabled state. If it is enabled after the installation is complete, the network interface corresponding to the USB NIC device is not active automatically. You can do any of the following to make the USB NIC device active: • • • • Configure the USB NIC interface using Network Manager tool. Navigate to System > Administrator > Network > Devices > New > Ethernet Connection and select Dell computer corp.
NOTE: If the server is connected in shared LOM mode, then the OS IP Address field is disabled. 4. If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC. The default value is 169.254.0.1. It is recommended to use the default IP address. However, if this IP address conflicts with an IP address of other interfaces of the host system or the local network, you must change it. Do not enter 169.254.0.3 and 169.254.0.4 IPs.
Table 13. Types of certificate based on login type (continued) Login Type Certificate Type How to Obtain SHA-2 certificates are also supported. Smart Card login as a local or Active Directory user • • User certificate Trusted CA certificate • • User Certificate — Export the smart card user certificate as Base64encoded file using the card management software provided by the smart card vendor. Trusted CA certificate — This certificate is issued by a CA. SHA-2 certificates are also supported.
NOTE: While accessing iDRAC web interface through FQDN, Mozilla Firefox may not recognize the SSL certificate as trusted. To continue, add the certificate to the trusted list. You can also upload a custom signing certificate to sign the SSL certificate, rather than relying on the default signing certificate for this function. By importing one custom signing certificate into all management stations, all the iDRACs using the custom signing certificate are trusted.
Generating CSR using RACADM To generate a CSR using RACADM, use the set command with the objects in the iDRAC.Security group, and then use the sslcsrgen command to generate the CSR. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Uploading server certificate After generating a CSR, you can upload the signed SSL server certificate to the iDRAC firmware. iDRAC must be reset to apply the certificate.
Viewing server certificate using RACADM To view the SSL server certificate, use the sslcertview command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Uploading custom signing certificate You can upload a custom signing certificate to sign the SSL certificate. SHA-2 certificates are also supported. Uploading custom signing certificate using web interface To upload the custom signing certificate using iDRAC web interface: 1.
Deleting custom signing certificate using iDRAC web interface To delete the custom signing certificate using iDRAC web interface: 1. Go to Overview > iDRAC Settings > Network > SSL. The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, select Delete Custom SSL Certificate Signing Certificate and click Next. 3. A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as required.
Creating an iDRAC configuration file The configuration file can be: • • • Created. Obtained using racadm get -f .xml -t xml command. Obtained using racadm get -f .xml -t xml and then edited. For information about the get command, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/ idracmanuals. The configuration file is first parsed to verify that valid group and object names are present and the basic syntax rules are followed.
5 Viewing iDRAC and managed system information You can view iDRAC and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.
• • • • • • • • • • • • • • RAID controller Batteries CPUs DIMMs HDDs Backplanes Network Interface Cards (integrated and embedded) Video card SD card Power Supply Units (PSUs) Fans Fibre Channel HBAs USB NVMe PCIe SSD devices The Firmware Inventory section displays the firmware version for the following components: • • • • • • • • • • • • • • • BIOS Lifecycle Controller iDRAC OS driver pack 32-bit diagnostics System CPLD PERC controllers Batteries Physical disks Power supply NIC Fibre Channel Backplane E
• • • Memory — Indicates the health and state of the Dual In-line Memory Modules (DIMMs) present in the managed system. Intrusion — Provides information about the chassis. Power Supplies (available only for rack and tower servers) — Provides information about the power supplies and the power supply redundancy status. NOTE: If there is only one power supply in the system, the power supply redundancy is set to Disabled.
Table 14. Sensor information using web interface and RACADM (continued) View sensor information For Using web interface Using RACADM Overview > Server > Power/Thermal > Voltages Monitoring performance index of CPU, memory, and IO modules In Dell’s 13th generation Dell PowerEdge servers, Intel ME supports Compute Usage Per Second (CUPS) functionality. The CUPS functionality provides real-time monitoring of CPU, memory, and I/O utilization and system-level utilization index for the system.
Monitoring performance index for of CPU, memory, and IO modules using web interface To monitor the performance index of CPU, memory, and I/O modules, in the iDRAC web interface, go to Overview > Hardware. The Hardware Overview page displays the following: • • • Hardware section — Click the required link to view the health of the component.
• Critical band — Consists of the duration a system has operated above the temperature sensor critical threshold (47ºC). The system can operate in the critical band for 1% of the time for 12 months which also increments time in the warning band. The collected data is represented in a graphical format to track the 10% and 1% levels. The logged temperature data can be cleared only before shipping from the factory.
Viewing network interfaces available on host OS You can view information about all the network interfaces that are available on the host operating system such as the IP addresses that are assigned to the server. The iDRAC Service Module provides this information to iDRAC.
• Server-assigned, chassis-assigned, or remotely assigned MAC addresses. To view the Flex Address information in iDRAC, configure and enable the Flex Address feature in Chassis Management Controller (CMC). For more information, see the Dell Chassis Management Controller User Guide available at dell.com/support/manuals. Any existing Virtual Console or Virtual Media session terminates if the FlexAddress setting is enabled or disabled.
6 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: • • • • • • • iDRAC Web Interface Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only IPMI Serial Over LAN IPMI Over LAN Remote RACADM Local RACADM Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
Related concepts Communicating with iDRAC through serial connection using DB9 cable on page 107 Switching between RAC serial and serial console while using DB9 cable on page 110 Communicating with iDRAC using IPMI SOL on page 110 Communicating with iDRAC using IPMI over LAN on page 116 Enabling or disabling remote RACADM on page 117 Disabling local RACADM on page 117 Enabling IPMI on managed system on page 117 Configuring Linux for serial console during boot on page 117 Supported SSH cryptography schemes on
1. 2. 3. 4. 5. 6. Turn on or restart the system. Press F2. Go to System BIOS Settings > Serial Communication. Select External Serial Connector to Remote Access device. Click Back, click Finish, and then click Yes. Press Esc to exit System Setup. Enabling RAC serial connection After configuring serial connection in BIOS, enable RAC serial in iDRAC. NOTE: This is applicable only for iDRAC on rack and tower servers. Enabling RAC serial connection using web interface To enable RAC serial connection: 1.
Enabling serial connection IPMI mode using RACADM To configure the IPMI mode, disable the RAC serial interface and then enable the IPMI mode. racadm set iDRAC.Serial.Enable 0 racadm set iDRAC.IPMISerial.ConnectionMode n=0 — Terminal Mode n=1 — Basic Mode Enabling serial connection IPMI serial settings using RACADM 1. Change the IPMI serial-connection mode to the appropriate setting using the command. racadm set iDRAC.Serial.Enable 0 2. Set the IPMI Serial baud rate using the command. racadm set iDRAC.
• • New line sequence Input new line sequences For information about the options, see the iDRAC Online Help. 5. Click Apply. The terminal mode settings are configured. 6. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection. Configuring additional settings for IPMI serial terminal mode using RACADM To configure the Terminal Mode settings, use the set command with the objects in the idrac.
Configuring BIOS for serial connection NOTE: This is applicable only for iDRAC on rack and tower servers. 1. 2. 3. 4. Turn on or restart the system. Press F2. Go to System BIOS Settings > Serial Communication. Specify the following values: • • • • • • Serial Communication — On With Console Redirection Serial Port Address — COM2. NOTE: You can set the serial communication field to On with serial redirection via com1 if serial device2 in the serial port address field is also set to com1.
Parameter Privilege level = 2 User = 3 Operator = 4 Administrator NOTE: The IPMI SOL minimum privilege level determines the minimum privilege to activate IPMI SOL. For more information, see the IPMI 2.0 specification. 3. Update the IPMI SOL baud rate using the command. racadm set iDRAC.IPMISol.BaudRate NOTE: To redirect the serial console over LAN, make sure that the SOL baud rate is identical to the managed system’s baud rate.
Related tasks SOL using IPMI protocol on page 113 SOL using SSH or Telnet protocol on page 113 SOL using IPMI protocol The IPMI-based SOL utility and IPMItool uses RMCP+ delivered using UDP datagrams to port 623. The RMCP+ provides improved authentication, data integrity checks, encryption, and the ability to carry multiple types of payloads while using IPMI 2.0. For more information, see http://ipmitool.sourceforge.net/manpage.html.
from the serial port of the managed system. The serial port usually attaches to a shell that emulates an ANSI- or VT100/VT220– terminal. The serial console is automatically redirected to the SSH or Telnet console. Related tasks Using SOL from PuTTY on Windows on page 114 Using SOL from OpenSSH or Telnet on Linux on page 114 Using SOL from PuTTY on Windows NOTE: If required, you can change the default SSH or Telnet time-out at Overview > iDRAC Settings > Network > Services.
The default (and maximum) size of the history buffer is 8192 characters. You can set this number to a smaller value using the command: racadm set iDRAC.Serial.HistorySize 4. Quit the SOL session to close an active SOL session.
Communicating with iDRAC using IPMI over LAN You must configure IPMI over LAN for iDRAC to enable or disable IPMI commands over LAN channels to any external systems. If IPMI over LAN is not configured, then external systems cannot communicate with the iDRAC server using IPMI commands. NOTE: From iDRAC v2.30.30.30 or later, IPMI also supports IPv6 address protocol for Linux-based operating systems. Configuring IPMI over LAN using web interface To configure IPMI over LAN: 1.
NOTE: The iDRAC IPMI supports the RMCP+ protocol. For more information, see the IPMI 2.0 specifications at intel.com. Enabling or disabling remote RACADM You can enable or disable remote RACADM using the iDRAC Web interface or RACADM. You can run up to five remote RACADM sessions in parallel. NOTE: Remote RACADM is enabled by default. Enabling or disabling remote RACADM using web interface 1. In iDRAC Web interface, go to Overview > iDRAC Settings > Network > Services. 2.
2. Append two options to the kernel line: kernel ............. console=ttyS1,115200n8r console=tty1 3. Disable GRUB's graphical interface and use the text-based interface. Else, the GRUB screen is not displayed in RAC Virtual Console. To disable the graphical interface, comment-out the line starting with splashimage. The following example provides a sample /etc/grub.conf file that shows the changes described in this procedure. # grub.
l1:1:wait:/etc/rc.d/rc 1 l2:2:wait:/etc/rc.d/rc 2 l3:3:wait:/etc/rc.d/rc 3 l4:4:wait:/etc/rc.d/rc 4 l5:5:wait:/etc/rc.d/rc 5 l6:6:wait:/etc/rc.d/rc 6 #Things to run in every runlevel. ud::once:/sbin/update ud::once:/sbin/update #Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now #When our UPS tells us power has failed, assume we have a few #minutes of power left. Schedule a shutdown for 2 minutes from now.
Table 16. SSH cryptography schemes Scheme Type Algorithms Asymmetric Cryptography Public key ssh-rsa ecdsa-sha2-nistp256 Symmetric Cryptography Key Exchange curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha1 Encryption chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com MAC hmac-sha1 hmac-ripemd160 umac-64@openssh.
Generating public keys for Windows To use the PuTTY Key Generator application to create the basic key: 1. Start the application and select RSA for the key type. 2. Enter the number of bits for the key. The number of bits must be between 2048 and 4096 bits. 3. Click Generate and move the mouse in the window as directed. The keys are generated. 4. You can modify the key comment field. 5. Enter a passphrase to secure the key. 6. Save the public and private key.
• • For local RACADM: racadm sshpkauth -i <2 to 16> -k <1 to 4> -f From remote RACADM using Telnet or SSH: racadm sshpkauth -i <2 to 16> -k <1 to 4> -t For example, to upload a valid key to iDRAC User ID 2 in the first key space using a file, run the following command: $ racadm sshpkauth -i 2 -k 1 -f pkkey.key NOTE: The -f option is not supported on telnet/ssh/serial RACADM. Viewing SSH keys You can view the keys that are uploaded to iDRAC.
7 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. This default user name is root and the password is calvin. As an administrator, you can setup user accounts to allow other users to access iDRAC.
NOTE: The characters allowed in user names and passwords for network shares are determined by the network-share type. iDRAC supports valid characters for network share credentials as defined by the share type, except <, >, and , (comma). NOTE: To improve security, it is recommended to use complex passwords that have eight or more characters and include lowercase alphabets, uppercase alphabets, numbers, and special characters. It is also recommended to regularly change the passwords, if possible.
To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the RACADM Command Line Interface Guide available at dell.com/idracmanuals. If you use the configuration XML file, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol attributes to enable SNMPv3 authentication. Adding iDRAC user using RACADM 1. Set the index and user name. racadm set idrac.users..
Table 19. iDRAC roles Current Generation Prior Generation Privileges Administrator Administrator Login, Configure, Configure Users, Logs, System Control, Access Virtual Console, Access Virtual Media, System Operations, Debug Operator Power User Login, Configure, System Control, Access Virtual Console, Access Virtual Media, System Operations, Debug Read Only Guest User Login None None None Table 20.
Related tasks Enabling SSL on domain controller on page 127 Enabling SSL on domain controller When iDRAC authenticates users with an Active Directory domain controller, it starts an SSL session with the domain controller. At this time, the domain controller must publish a certificate signed by the Certificate Authority (CA)—the root certificate of which is also uploaded into iDRAC.
NOTE: If your system is running Windows 2000, the following steps may vary. NOTE: If iDRAC firmware SSL certificate is CA-signed and the certificate of that CA is already in the domain controller's Trusted Root Certificate Authority list, do not perform the steps in this section. To import iDRAC firmware SSL certificate to all domain controller trusted certificate lists: 1. Download iDRAC SSL certificate using the following RACADM command: racadm sslcertdownload -t 1 -f 2. 3. 4. 5.
the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to five role groups in each iDRAC. Table reference no shows the default role group privileges. Table 21.
The Active Directory Configuration and Management Step 1 of 4 page is displayed. 4. Optionally, enable certificate validation and upload the CA-signed digital certificate used during initiation of SSL connections when communicating with the Active Directory (AD) server. For this, the Domain Controllers and Global Catalog FQDN must be specified. This is done in the next steps. And hence the DNS should be configured properly in the network settings. 5. Click Next.
In this case, you must upload the CA certificate using the following command: racadm sslcertupload -t 0x2 -f NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog FQDN. Ensure that DNS is configured correctly under Overview > iDRAC Settings > Network. Using the following RACADM command may be optional. racadm sslcertdownload -t 1 -f 2.
Overview of iDRAC schema extensions Dell has extended the schema to include an Association, Device, and Privilege property. The Association property is used to link together the users or groups with a specific set of privileges to one or more iDRAC devices. This model provides an administrator maximum flexibility over the different combinations of users, iDRAC privileges, and iDRAC devices on the network without much complexity.
Figure 3. Privilege accumulation for a user The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only.
If you use the LDIF script file, the Dell organizational unit is not added to the schema. The LDIF files and Dell Schema Extender are on your Dell Systems Management Tools and Documentation DVD in the following respective directories: • DVDdrive :\SYSMGMT\ManagementStation\support\OMActiveDirectory_Tools\Remote_Management_Advanced \LDIF_Files : \SYSMGMT\ManagementStation\support\OMActiveDirectory_Tools \Remote_Management_Advanced\Schema Extender • To use the LDIF files, see the instructions in
Table 24. delliDRACAssociationObject class OID 1.2.840.113556.1.8000.1280.1.7.1.2 Description Represents the Dell Association Object. The Association Object provides the connection between the users and the devices. Class Type Structural Class SuperClasses Group Attributes dellProductMembers dellPrivilegeMember Table 25. dellRAC4Privileges class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 27. dellProduct class (continued) OID 1.2.840.113556.1.8000.1280.1.1.1.5 Attributes dellAssociationMembers Table 28. List of attributes added to the active directory schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.
Table 28. List of attributes added to the active directory schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier TRUE if the user has Debug Command Admin rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellSchemaVersion 1.2.840.113556.1.8000.1280.1.1.2.12 The Current Schema Version is used to update the schema. Case Ignore String (LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.905) dellRacType 1.2.840.113556.1.8000.1280.1.1.2.
Creating iDRAC device object To create iDRAC device object: 1. In the MMC Console Root window, right-click a container. 2. Select New > Dell Remote Management Object Advanced. The New Object window is displayed. 3. Enter a name for the new object. The name must be identical to iDRAC name that you enter while configuring Active Directory properties using iDRAC Web interface. 4. Select iDRAC Device Object and click OK.
Adding users or user groups To add users or user groups: 1. Right-click the Association Object and select Properties. 2. Select the Users tab and click Add. 3. Enter the user or user group name and click OK. Adding privileges To add privileges: Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC device. Only one privilege object can be added to an Association Object. 1.
1. Use the following commands: racadm set racadm set racadm set racadm set racadm set address of racadm set address of racadm set address of • • • iDRAC.ActiveDirectory.Enable 1 iDRAC.ActiveDirectory.Schema 2 iDRAC.ActiveDirectory.RacName iDRAC.ActiveDirectory.RacDomain iDRAC.ActiveDirectory.DomainController1 iDRAC.ActiveDirectory.
Testing Active Directory settings using iDRAC web interface To test the Active Directory settings: 1. In iDRAC Web Interface, go to Overview > iDRAC Settings > User Authentication > Directory Services > Microsoft Active Directory. The Active Directory summary page is displayed. 2. Click Test Settings. 3. Enter a test user's name (for example, username@domain.com) and password and click Start Test. A detailed test results and the test log displays.
NOTE: In this release, nested group is not supported. The firmware searches for the direct member of the group to match the user DN. Also, only single domain is supported. Cross domain is not supported. 6. Click Next. The Generic LDAP Configuration and Management Step 3a of 3 page is displayed. 7. Click Role Group. The Generic LDAP Configuration and Management Step 3b of 3 page is displayed. 8. Specify the group distinguished name, the privileges associated with the group, and click Apply.
8 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Registering iDRAC as a computer in Active Directory root domain To register iDRAC in Active Directory root domain: 1. Click Overview > iDRAC Settings > Network > Network. The Network page is displayed. 2. Provide a valid Preferred/Alternate DNS Server IP address. This value is a valid DNS server IP address that is part of the root domain. 3. Select Register iDRAC on DNS. 4. Provide a valid DNS Domain Name. 5. Verify that network DNS configuration matches with the Active Directory DNS information.
4. Add the preceding SSO user (login user) to the device object. 5. Provide access privilege to Authenticated Users for accessing the created association object. Related concepts Adding iDRAC users and privileges to Active Directory on page 137 Configuring iDRAC SSO login for Active Directory users Before configuring iDRAC for Active Directory SSO login, make sure that you have completed all the prerequisites.
Uploading smart card user certificate on page 146 Enabling or disabling smart card login on page 147 Uploading smart card user certificate Before you upload the user certificate, make sure that the user certificate from the smart card vendor is exported in Base64 format. SHA-2 certificates are also supported. Related concepts Obtaining certificates on page 91 Uploading smart card user certificate using web interface To upload smart card user certificate: 1.
1. In iDRAC Web interface, while configuring Active Directory to set up an user account based on standard schema or extended schema, on the Active Directory Configuration and Management Step 1 of 4 page: • • • Enable certificate validation. Upload a trusted CA-signed certificate. Upload the keytab file. 2. Enable smart card login. For information about the options, see the iDRAC Online Help.
2. Select Enabled to enable smart card logon. Else, select Disabled. For more information about the options, see iDRAC Settings Utility Online Help. 3. Click Back, click Finish, and then click Yes. The smart card logon feature is enabled or disabled based on the selection.
9 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the predefined condition. If an event matches an event filter and you have configured this filter to generate an alert (email, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
Enabling or disabling alerts using web interface To enable or disable generating alerts: 1. In iDRAC Web interface, go to Overview > Server > Alerts. The Alerts page is displayed. 2. Under Alerts section: • • Select Enable to enable alert generation or perform an event action. Select Disable to disable alert generation or disable an event action. 3. Click Apply to save the setting. Enabling or disabling alerts using RACADM Use the following command: racadm set iDRAC.IPMILan.
• Critical 4. Click Apply. The Alert Results section displays the results based on the selected category and severity. Filtering alerts using RACADM To filter the alerts, use the eventfilters command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Setting event alerts You can set event alerts such as e-mail alerts, IPMI alerts, SNMP traps, remote system logs, operating system logs, and WS events to be sent to configured destinations.
Setting alert recurrence events using iDRAC web interface To set the alert recurrence value: 1. In the iDRAC Web interface, go to Overview > Server > Alerts > Alert Recurrence. The Alert Recurrence page is displayed. 2. In the Recurrence column, enter the alert frequency value for the required category, alert, and severity type(s). For more information, see the iDRAC Online help. 3. Click Apply. The alert recurrence settings are saved.
• You have configured the event filters. Related concepts Configuring IP alert destinations on page 153 Configuring email alert settings on page 154 Configuring IP alert destinations You can configure the IPv6 or IPv4 addresses to receive the IPMI alerts or SNMP traps. For information about the iDRAC MIBs required to monitor the servers using SNMP, see the SNMP Reference Guide available at dell.com/support/manuals.
Parameter Description Destination index. Allowed values are 1 through 8. A valid IPv4, IPv6, or FQDN address 3. Configure the SNMP community name string: racadm set idrac.ipmilan.communityname Parameter Description The SNMP Community Name. 4. To configure SNMP destination: • Set the SNMP trap destination for SNMPv3: racadm set idrac.SNMP.Alert..DestAddr • Set SNMPv3 users for trap destinations: racadm set idrac.SNMP.Alert.
1. Go to Overview > Server > Alerts > SNMP and Email Settings . 2. Select the State option to enable the email address to receive the alerts and type a valid email address. For more information about the options, see the iDRAC Online Help. 3. Click Send under Test Email to test the configured email alert settings. 4. Click Apply. Configuring email alert settings using RACADM 1. To enable email alert: racadm set iDRAC.EmailAlert.Enable.[index] [n] Parameter Description index Email destination index.
For more information about the fields, see the iDRAC Online Help. 5. Click Apply. The SMTP settings are configured. Configuring SMTP email server address settings using RACADM To configure the SMTP email server: racadm set iDRAC.RemoteHosts.
Monitoring chassis events using RACADM This setting is applicable only for PowerEdge FX2/FX2s servers and if Chassis Management at Server mode is set to Monitor or Manage and Monitor in CMC. To monitor chassis events using iDRAC RACADM: racadm get system.chassiscontrol.chassismanagementmonitoring For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Table 29.
Table 29.
10 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WSMAN interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
To display the number of SEL entries: racadm getsel -i To clear the SEL entries: racadm clrsel For more information, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utility, go to System Event Log. The iDRAC Settings.
Filtering Lifecycle logs You can filter logs based on category, severity, keyword, or date range. To filter the lifecycle logs: 1. In the Lifecycle Log page, under the Log Filter section, do any or all of the following: • • • • Select the Log Type from the drop-down list. Select the severity level from the Severity drop-down list. Enter a keyword. Specify the date range. 2. Click Apply. The filtered log entries are displayed in Log Results.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/support/manuals. Adding work notes Each user who logs in to iDRAC can add work notes and this is stored in the lifecycle log as an event. You must have iDRAC logs privilege to add work notes. A maximum of 255 characters are supported for each new work note. NOTE: You cannot delete a work note. To add a work note: 1. In the iDRAC Web interface, go to Overview > Server > Properties > Summary.
11 Monitoring and managing power You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: • • • • Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
Monitoring power using RACADM To view the power-monitoring information, use the get command with the objects in the System.Power group. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Setting warning threshold for power consumption You can set the warning threshold value for the power consumption sensor in the rack and tower systems.
Executing power control operations using RACADM To perform power actions, use the serveraction command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Power capping You can view the power threshold limits that covers the range of AC and DC power consumption that a system under heavy workload presents to the datacenter. This is a licensed feature.
Configuring power cap policy using RACADM To view and configure the current power cap values, use the following objects with the set command: • • • • System.Power.Cap.Enable System.Power.Cap.Watts System.Power.Cap.Btuhr System.Power.Cap.Percent For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Configuring power cap policy using iDRAC settings utility To view and configure power policies: 1.
• System.Power.PFC.Enable For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Configuring power supply options using iDRAC settings utility To configure the power supply options: 1. In iDRAC Settings utility, go to Power Configuration. NOTE: The Power Configuration link is available only if the server power supply unit supports power monitoring. The iDRAC Settings Power Configuration page is displayed. 2.
12 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: • • • • • Network Interface Cards (NICs) Converged Network Adapters (CNAs) LAN On Motherboards (LOMs) Network Daughter Cards (NDCs) Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and partition
Monitoring network devices using RACADM To view information about network devices, use the hwinventory and nicstatistics commands. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Additional properties may be displayed when using RACADM or WSMAN in addition to the properties displayed in the iDRAC web interface.
The values configured for virtual addresses, initiator and storage targets may change based on the way the main power is handled during system reset and whether the NIC, CNA, or FC HBA device has auxiliary power. The persistence of IO identity settings can be achieved based on the policy setting made using iDRAC. Only if the I/O identity feature is enabled, the persistence policies take effect. Each time the system resets or powers on, the values are persisted or cleared based on the policy settings.
Table 30.
Table 31. Virtual/Flex Address and Persistence Policy behavior (continued) Flex Address Feature State in CMC Mode set in iDRAC IO Identity Feature XML State in iDRAC Configuration Persistence Policy Clear Persistence Policy — Virtual Address Flex Address disabled Flex Address Mode Enabled VAM not configured Set to hardware MAC address No persistence supported.
Table 32.
Configuring persistence policy settings Using IO identity, you can configure policies specifying the system reset and power cycle behaviors that determine the persistence or clearance of the virtual address, initiator, and storage target settings. Each individual persistence policy attribute applies to all ports and partitions of all applicable devices in the system. The device behavior changes between auxiliary powered devices and non-auxiliary powered devices.
3. In the Persistence Policy section, select one or more of the following for each persistence policy: • • • A/C Power Loss - The virtual address or target settings persist when AC power loss conditions occur. Cold Boot - The virtual address or target settings persist when cold reset conditions occur. Warm Boot - The virtual address or target settings persist when warm reset condition occurs. 4. Click Apply. The persistence policies are configured.
Table 35. Iscsi storage target attributes — default values iSCSI Storage Target Attributes Default Values in IPv4 mode Default Values in IPv6 mode ConnectFirstTgt Disabled Disabled FirstTgtIpAddress 0.0.0.0 :: FirstTgtTcpPort 3260 3260 FirstTgtBootLun 0 0 FirstTgtIscsiName Value Cleared Value Cleared FirstTgtChapId Value Cleared Value Cleared FirstTgtChapPwd Value Cleared Value Cleared FirstTgtIpVer Ipv4 ConnectSecondTgt Disabled Disabled SecondTgtIpAddress 0.0.0.
13 Managing storage devices Beginning with iDRAC 2.00.00.00 release, iDRAC expands its agent-free management to include direct configuration of the new PERC9 controllers. It enables you to remotely configure the storage components attached to your system at run-time. These components include RAID and non-RAID controllers and the channels, ports, enclosures, and disks attached to them.
Table 36. PERC Capability (continued) PERC Capability CEM configuration Capable Controller (PERC 9.1 or later) CEM configuration Non-capable Controller (PERC 9.0 and lower) completed before applying the configuration at run-time. Run-time or realtime means, a reboot is not required. Staged If all the set operations are staged, the configuration is staged and applied after reboot or it is applied at real-time.
extended disk space. Another key aspect of RAID is the ability to maintain redundant data which can be used to restore data in the event of a disk failure. RAID uses different techniques, such as striping, mirroring, and parity, to store and reconstruct data. There are different RAID levels that use different methods for storing and reconstructing data. The RAID levels have different characteristics in terms of read/write performance, data protection, and storage capacity.
• • • • • Availability or fault-tolerance — Availability or fault-tolerance refers to the ability of a system to maintain operations and provide access to data even when one of its components has failed. In RAID volumes, availability or fault-tolerance is achieved by maintaining redundant data. Redundant data includes mirrors (duplicate data) and parity information (reconstructing data using an algorithm).
• • • Data is stored to the disks alternately. No redundant data is stored. When a disk fails, the large virtual disk fails with no means of rebuilding the data. Better read and write performance. RAID level 1 - mirroring RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks. If a physical disk fails, data can be rebuilt using the data from the other side of the mirror.
RAID 5 characteristics: • • • • • Groups n disks as one large virtual disk with a capacity of (n-1) disks. Redundant information (parity) is alternately stored on all disks. When a disk fails, the virtual disk still works, but it is operating in a degraded state. The data is reconstructed from the surviving disks. Better read performance, but slower write performance. Redundancy for protection of data.
• • • Better read performance, but slower write performance. Increased redundancy for protection of data. Two disks per span are required for parity. RAID 6 is more expensive in terms of disk space. RAID level 50 - striping over RAID 5 sets RAID 50 is striping over more than one span of physical disks. For example, a RAID 5 disk group that is implemented with three physical disks and then continues on with a disk group of three more physical disks would be a RAID 50.
RAID 60 characteristics: • • • • • • Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. Redundant information (parity) is alternately stored on all disks of each RAID 6 span. Better read performance, but slower write performance. Increased redundancy provides greater data protection than a RAID 50. Requires proportionally as much parity information as RAID 6. Two disks per span are required for parity.
RAID 10 characteristics: • • • • • Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. Improved read performance and write performance. Redundancy for protection of data.
Table 37. RAID level performance comparison (continued) RAID Level Data Availability Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses data intensive uses. RAID 6 Excellent Sequential reads: good. Transactional reads: Very good Fair, unless using writeback cache Poor N + 2 (N = at least two disks) Critical information. Databases and other read intensive transactional uses.
NOTE: Redundant Array of Inexpensive Disks (RBODS) that are connected to HBA controllers are not supported. Summary of supported features for storage devices The following table provides the features supported by the storage devices through iDRAC. NOTE: Features such as prepare to remove and blink or unblink component LED are not applicable for HHHL PCIe SSD cards. Table 38.
Table 38.
Table 38.
Monitoring backplane using iDRAC settings utility In the iDRAC Settings utility, go to System Summary. The iDRAC Settings.System Summary page is displayed. The Backplane Inventory section displays the backplane information. For information about the fields, see the iDRAC Settings Utility Online Help.
Assigning or unassigning global hot spare using web interface To assign or unassign a global hot spare for a physical disk drive: 1. In the iDRAC web interface, go to Overview > Storage > Physical Disks > Setup. The Setup Physical Disk page is displayed. 2. From the Controller drop-down menu, select the controller to view the associated physical disks. 3. To assign as a global hotspare, from the drop-down menus in the Action-Assign to All column, select Global Hotspare for one or more physical disks. 4.
Converting physical disks to RAID capable or non-RAID mode using RACADM Depending on whether you want to convert to RAID or Non-RAID mode, use the following RACADM commands • • To convert to RAID mode, use the racadm storage converttoraid command. To convert to Non-RAID mode, use the racadm storage converttononraid command. For more information about the commands, see the iDRAC RACADM Command Line Reference Guide available at dell.com/ idracmanuals.
NOTE: If you create a virtual disk in Add to Pending Operation mode and a job is not created, and then if you delete the Virtual disk, then the create pending operation for the virtual disk is cleared. Considerations before creating virtual disks Before creating virtual disks, consider the following: • • • • • Virtual disk names not stored on controller—The names of the virtual disks that you create are not stored on the controller.
NOTE: Some of the controllers do not support all read or write policies. Therefore, when a policy is applied, an error message is displayed. The read policies indicate whether the controller must read sequential sectors of the virtual disk searching for data: • Adaptive Read Ahead — The controller initiates read ahead only if the two most recent reads requests accessed sequential sectors of the disk.
Checking virtual disk consistency This operation verifies the accuracy of the redundant (parity) information. This task only applies to redundant virtual disks. When necessary, the check consistency task rebuilds the redundant data. If the virtual drive has a degraded status, running a check consistency may be able to return the virtual drive to ready status. You can perform a consistency check using the web interface or RACADM. You can also cancel the check consistency operation.
You must have Login and Server Control privilege to manage the encryption keys. Assigning or unassigning dedicated hot spares A dedicated hot spare is an unused backup disk that is assigned to a virtual disk. When a physical disk in the virtual disk fails, the hot spare is activated to replace the failed physical disk without interrupting the system or requiring your intervention. You must have Login and Server Control privilege to run this operation.
NOTE: Consistency check is not supported on drives set up in RAID0 mode. • • Encrypt Virtual Disk — Encrypts the virtual disk drive. If the controller is encryption capable, you can create, change or delete the security keys. NOTE: The Encrypt Virtual Disk option is available only if the virtual disk is created using the Self-Encrypting Drive (SED) drives. Manage Dedicated Hotspares — Assign or unassign a physical disk as a dedicated hot spare. Only the valid dedicated hot spares are displayed.
Resetting controller configuration on page 203 Supported controllers on page 187 Summary of supported features for storage devices on page 188 Converting a physical disk to RAID or non-RAID mode on page 192 Configuring controller properties You can configure the following properties for the controller: • • • • • • • • • • • • Patrol read mode (auto or manual) Start or stop patrol read if patrol read mode is manual Patrol read unconfigured areas Check consistency mode Copyback mode Load balance mode Check
The background initialization rate, configurable between 0% and 100%, represents the percentage of the system resources dedicated to running the background initialization task. At 0%, the background initialization has the lowest priority for the controller, takes the most time to complete, and is the setting with the least impact to system performance. A background initialization rate of 0% does not mean that the background initialization is stopped or paused.
• • • • • To specify the percentage of the controller's resources dedicated to rebuild a failed disk, use Storage.Controller.RebuildRate object To specify the percentage of the controller's resources dedicated to perform the background initialization (BGI) of a virtual disk after it is created, useStorage.Controller.
• • Drives in the failed or offline state cannot be imported. The firmware does not allow you to import more than eight foreign configurations. Importing foreign configuration using web interface To import foreign configuration: 1. In the iDRAC Web interface, go to Overview > Storage > Controllers > Setup. The Setup Controllers page is displayed. 2. In the Foreign Configuration section, from the Controller drop-down menu, select the controller that you want to configure. 3.
Resetting controller configuration You can reset the configuration for a controller. This operation deletes virtual disk drives and unassigns all hot spares on the controller. It does not erase any data other than removing the disks from the configuration. Reset configuration also does not remove any foreign configurations. The real-time support of this feature is available only in PERC 9.1 firmware. Reset configuration does not erase any data.
• When you switch the PERC controller from HBA to RAID mode, the drives remain in Non-RAID state and are not automatically set to Ready state. Additionally, the RAIDEnhancedAutoImportForeignConfig attribute is automatically set to Enabled.
• Real-time monitoring for SMART enabled drives and SES enclosure sensors is only done for the 12 Gbps SAS HBA controllers and HBA330 internal controllers. NOTE: During warm boot, there may be LC Logs for PDR8 Drive Inserted. This is because the HBA sends drive inserted events to iDRAC due to loading and unloading of the HBA driver.
• Schedule multiple jobs to run at a later time using the scheduling options. Managing PCIe SSDs Peripheral Component Interconnect Express (PCIe) solid-state device (SSD) is a high-performance storage device designed for solutions requiring low latency, high Input Output Operations per Second (IOPS), and enterprise class storage reliability and serviceability. The PCIe SSD is designed based on Single Level Cell (SLC) and Multi-Level Cell (MLC) NAND flash technology with a high-speed PCIe 2.0 or PCIe 3.
Inventorying and monitoring PCIe SSDs using RACADM Use the racadm storage get controllers: command to inventory and monitor PCIe SSDs. To view all PCIe SSD drives: racadm storage get pdisks To view PCIe extender cards: racadm storage get controllers To view PCIe SSD backplane information: racadm storage get enclosures NOTE: For all the mentioned commands, PERC devices are also displayed. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.
If the job is not created, a message indicating that the job creation was not successful is displayed. Also, the message ID and the recommended response action is displayed. If the job is created successfully, a message indicating that the job ID is created for the selected controller is displayed. Click Job Queue to view the progress of the job in the Job Queue page. If pending operation is not created, an error message is displayed.
○ From the drop-down menu, select the type of reboot: ▪ ▪ ▪ ▪ No Reboot (Manually Reboot System) Graceful Shutdown Force Shutdown Power Cycle System (cold boot) NOTE: For PERC 8 or earlier controllers, Graceful Shutdown is the default option. For PERC 9 controllers, No Reboot (Manually Reboot System) is the default option. 5. Click Apply. If the job is not created, a message indicating that the job creation was not successful is displayed.
• • • • • • • Unified mode —This is the default mode. The primary PERC controller has access to all the drives connected to the backplane even if a second PERC controller is installed. Split mode — One controller has access to the first 12 drives and the second controller has access to the last 12 drives. The drives connected to the first controller are numbered 0-11 while the drives connected to the second controller are numbered 12-23.
For example, to set the BackplaneMode attribute to split mode: 1. Run the following command to view the current backplane mode: racadm get storage.enclosure.1.backplanecurrentmode The output is: BackplaneCurrentMode=UnifiedMode 2. Run the following command to view the requested mode: racadm get storage.enclosure.1.backplanerequestedmode The output is: BackplaneRequestedMode=None 3. Run the following command to set the requested backplane mode to split mode: racadm set storage.enclosure.1.
The output is: BackplaneRequestedMode=None 11. Run the following to verify is the backplane mode is set to split mode: racadm get storage.enclosure.1.backplanecurrentmode The output is: BackplaneCurrentMode=SplitMode 12. Run the following command and verify that only 0–11 drives are displayed: racadm storage get pdisks For more information about the RACADM commands, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Choosing operation mode to apply settings While creating and managing virtual disks, setting up physical disks, controllers, and enclosures or resetting controllers, before you apply the various settings, you must select the operation mode.
Viewing and applying pending operations You can view and commit all pending operations for the storage controller. All the settings are either applied at once, during the next reboot, or at a scheduled time based on the selected options. You can delete all the pending operations for a controller. You cannot delete individual pending operations. Pending Operations are created on the selected components (controllers, enclosures, physical disks, and virtual disks).
For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Storage devices — apply operation scenarios Case 1: selected an apply operation (apply now, at next reboot, or at scheduled time) and there are no existing pending operations If you have selected Apply Now, At Next Reboot, or At Scheduled Time and then clicked Apply, first the pending operation is created for the selected storage configuration operation.
• At any time, if you do not see the option to create a job on the storage configuration pages, go to Storage Overview > Pending Operations page to view the existing pending operations and to create the job on the required controller. • Only cases 1 and 2 are applicable for PCIe SSD. You cannot view the pending operations for PCIe SSDs and hence Add to Pending Operations option is not available. Use racadm command to clear the pending operations for PCIe SSDs.
Blinking or unblinking component LEDs using RACADM To blink or unblink component LEDs, use the following commands: racadm storage blink: racadm storage unblink: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
14 Configuring and using virtual console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: • A maximum of six simultaneous virtual console sessions are supported. All the sessions view the same managed server console simultaneously.
Table 39. Supported screen resolutions and refresh rates (continued) Screen Resolution Refresh Rate (Hz) 1280x1024 60 It is recommended that you configure your monitor display resolution to 1280x1024 pixels or higher. NOTE: If you have an active Virtual Console session and a lower resolution monitor is connected to the Virtual Console, the server console resolution may reset if the server is selected on the local console.
NOTE: If the embedded video controller is disabled in BIOS and if you launch the Virtual Console, the Virtual Console Viewer is blank. While launching Virtual Console using 32-bit or 64-bit IE browsers, use HTML5, or use the required plug-in (Java or ActiveX) that is available in the respective browser. The Internet Options settings are common for all browsers. While launching the Virtual Console using Java plug-in, occasionally you may see a Java compilation error.
Disabling warning messages while launching virtual console or virtual media using Java or ActiveX plug-in You can disable the warning messages while launching the Virtual Console or Virtual Media using Java plug-in. 1. Initially, when you launch Virtual Console or Virtual Media using Java plug-in, the prompt to verify the publisher is displayed. Click Yes. A certificate warning message is displayed indicating that a trusted certificate is not found.
• • • • • • • Keyboard Screen Capture Refresh Full Screen Disconnect Viewer Console Control Virtual Media The Pass all keystrokes to server option is not supported on HTML5 virtual console. Use keyboard and keyboard macros for all the functional keys. • • • • Console control — This has the following configuration options: ○ Keyboard ○ Keyboard Macros ○ Aspect Ratio ○ Touch Mode ○ Mouse Acceleration Keyboard — This keyboard uses open source code.
• Virtual Media — Click Connect Virtual Media option to start the virtual media session. The virtual media menu displays the Browse option to browse and map the ISO and IMG files. NOTE: You cannot map physical media such USB-based drives, CD, or DVD by using the HTML5 based virtual console.
For the Java client, the native library must be loaded for Pass all keystrokes to server and Single Cursor mode to function. If the native libraries are not loaded, the Pass all keystrokes to server and Single Cursor options are deselected. If you attempt to select either of these options, an error message is displayed indicating that the selected options are not supported. For the ActiveX client, the native library must be loaded for Pass all keystrokes to server function to work.
• • • When Pass all keystrokes to server is enabled, is passed to the operating system on the managed system. Magic SysRq keys are key combinations interpreted by the Linux Kernel. It is useful if the operating system on the management station or the managed system freezes and you need to recover the system. You can enable the magic SysRq keys on the Linux operating system using one of the following methods: ○ Add an entry to /etc/sysctl.
• • • When Pass All Keys is disabled, pressing F1 launches the application Help on both management station and managed system, and the following message is displayed: Click Help on the Virtual Console page to view the online Help The media keys may not be blocked explicitly. , , are not sent to the managed system and is interpreted by the operating system on the management station.
15 Managing virtual media Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: • • • • Remotely access media connected to a remote system over the network Install applications Update drivers Install an operating system on the managed system This is a licensed feature for rack and tower servers. It is available by default for blade servers.
Table 40. Supported drives and devices Drive Supported Storage Media Virtual Optical Drives • • • • • Legacy 1.44 floppy drive with a 1.
Table 41. Attached media state and system response Attached Media State System Response Detach Cannot map an image to the system. Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed. Server settings for viewing virtual devices in virtual media You must configure the following settings in the management station to allow visibility of empty drives.
• • Virtual Media is in Attach state. System is configured to unhide empty drives. To do this, in Windows Explorer, navigate to Folder Options, clear the Hide empty drives in the Computer folder option, and click OK. To launch Virtual Media when Virtual Console is disabled: 1. In the iDRAC web Interface, go to Overview > Server > Virtual Console. The Virtual Console page is displayed. 2. Click Launch Virtual Console. The following message is displayed: Virtual Console has been disabled.
If the Virtual Media is launched without using the Virtual Console, then the Virtual Media section is displayed as a dialog box. It provides information about the mapped devices. Resetting USB To reset the USB device: 1. In the Virtual Console viewer, click Tools > Stats. The Stats window is displayed. 2. Under Virtual Media, click USB Reset. A message is displayed warning the user that resetting the USB connection can affect all the input to the target device including Virtual Media, keyboard, and mouse.
After the device/file is mapped, the name of its Virtual Media menu item changes to indicate the device name. For example, if the CD/DVD device is mapped to an image file named foo.iso, then the CD/DVD menu item on the Virtual Media menu is named foo.iso mapped to CD/DVD. A check mark for that menu item indicates that it is mapped.
Enabling boot once for virtual media You can change the boot order only once when you boot after attaching remote Virtual Media device. Before you enable the boot once option, make sure that: • • • You have Configure User privilege. Map the local or virtual drives (CD/DVD, Floppy, or USB flash device) with the bootable media or image using the Virtual Media options Virtual Media is in Attached state for the virtual drives to appear in the boot sequence.
16 Installing and using VMCLI utility The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network. NOTE: VMCLI supports only the TLS 1.0 security protocol.
• • vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users. vmcli -r -S -u -p c {< device-name > | < image-file >} — Indicates whether the iDRAC CA certificate is valid. If the certificate is not valid, a warning message is displayed when you run this command.
For example, under a Linux operating system, the ampersand character (&) following the command causes the program to be spawned as a new background process. This technique is useful in script programs, as it allows the script to proceed after a new process is started for the VMCLI command (otherwise, the script blocks until the VMCLI program is terminated). When multiple VMCLI sessions are started, use the operating system-specific facilities for listing and terminating processes.
17 Managing vFlash SD card The vFlash SD card is a Secure Digital (SD) card that plugs into the vFlash SD card slot in the system. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. If the card is not available in the system's vFlash SD card slot, the following error message is displayed in the iDRAC Web interface at Overview > Server > vFlash: SD card not detected.
Viewing vFlash SD card properties using RACADM To view the vFlash SD card properties using RACADM, use the get command with the following objects: • • • • • iDRAC.vflashsd.AvailableSize iDRAC.vflashsd.Health iDRAC.vflashsd.Licensed iDRAC.vflashsd.Size iDRAC.vflashsd.WriteProtect For more information about these objects, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/ idracmanuals.
NOTE: If the SD card is write-protected, then the Initialize option is disabled. Initializing vFlash SD card using web interface To initialize the vFlash SD card: 1. In the iDRAC Web interface, go to Overview > Server > vFlash. The SD Card Properties page is displayed. 2. Enable vFLASH and click Initialize. All existing contents are removed and the card is reformatted with the new vFlash system information.
• • Downloading partition contents Booting to a partition NOTE: If you click any option on the vFlash pages when an application such as WSMAN, iDRAC Settings utility, or RACADM is using vFlash, or if you navigate to some other page in the GUI, iDRAC may display the message: vFlash is currently in use by another process. Try again after some time. vFlash is capable of performing fast partition creation when there is no other on-going vFlash operation such as formatting, attaching partitions, and so on.
NOTE: The uploaded image and the emulation type must match. There are issues when iDRAC emulates a device with incorrect image type. For example, if the partition is created using an ISO image and the emulation type is specified as Hard Disk, then the BIOS cannot boot from this image. • • • The image type and the emulation type match. Image file size is less than or equal to the available space on the card. Image file size is less than or equal to 4 GB as the maximum partition size supported is 4 GB.
A warning message indicating that all the data on the partition will be erased is displayed. 3. Click OK. The selected partition is formatted to the specified file system type. An error message is displayed if: • • The card is write-protected. An initialize operation is already being performed on the card. Viewing available partitions Make sure that the vFlash functionality is enabled to view the list of available partitions.
Modifying a partition using RACADM To view the available partitions and their properties on the card: 1. Log in to the system using telnet, SSH, or Serial console. 2. Use one of the following: • Using set command to change the read-write state of the partition: ○ To change a read-only partition to read-write: racadm set iDRAC.vflashpartition..AccessType 1 ○ To change a read-write partition to read-only: racadm set iDRAC.vflashpartition..
Operating system behavior for attached partitions For Windows and Linux operating systems: • • • • The operating system controls and assigns the drive letters to the attached partitions. Read-only partitions are read-only drives in the operating system. The operating system must support the file system of an attached partition. Else, you cannot read or modify the contents of the partition from the operating system.
2. From the Label drop-down menu, select a partition that you want to download and click Download. NOTE: All existing partitions (except attached partitions) are displayed in the list. The first partition is selected by default. 3. Specify the location to save the file. The contents of the selected partition are downloaded to the specified location. NOTE: If only the folder location is specified, then the partition label is used as the file name, along with the extension .
18 Using SMCLP The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation.
Table 44.
Table 44.
Table 44. SMCLP targets (continued) Target Definitions admin1/system1/sp1/rolesvc3 admin1/system1/sp1/rolesvc3/Role1-3 admin1/system1/sp1/rolesvc3/Role1-3/ privilege1 CLP RBA Service CLP role CLP role privilege Related concepts Running SMCLP commands on page 246 Usage examples on page 251 Navigating the map address space Objects that can be managed with SM-CLP are represented by targets arranged in a hierarchical space called the Manageability Access Point (MAP) address space.
Using the -output option The -output option specifies one of four formats for the output of SM-CLP verbs: text, clpcsv, keyword, and clpxml. The default format is text, and is the most readable output. The clpcsv format is a comma-separated values format suitable for loading into a spreadsheet program. The keyword format outputs information as a list of keyword=value pairs one per line. The clpxml format is an XML document containing a response XML element.
Properties: InstanceID = IPMI:BMC1 SEL Log MaxNumberOfRecords = 512 CurrentNumberOfRecords = 5 Name = IPMI SEL EnabledState = 2 OperationalState = 2 HealthState = 2 Caption = IPMI SEL Description = IPMI SEL ElementName = IPMI SEL Commands: cd show help exit • version To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 200
• To navigate to the system target and reboot: • cd system1 reset The current default target is /. To navigate to the SEL target and display the log records: cd system1 cd logs1/log1 • show To display current target: • type cd . To move up one level: • type cd ..
19 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, RACADM, and WSMAN. You can configure the features monitored by the iDRAC Service Module to control the CPU and memory consumed on the server’s operating system.
• • • • • • View operating system (OS) information Replicate Lifecycle Controller logs to operating system logs Perform automatic system recovery options Populate Windows Management Instrumentation (WMI) Management Providers Integrate with SupportAssist Collection. This is applicable only if iDRAC Service Module version 2.0 or later is installed. For more information, see Generating SupportAssist Collection. Prepare to Remove NVMe PCIe SSD.
Windows Management Instrumentation providers WMI is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. WMI is Microsoft's implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF) to manage Server hardware, operating systems and applications.
Table 45. Examples (continued) CIM Interface WinRM WMIC PowerShell +SystemName=systemmc } Remote iDRAC Hard Reset By using iDRAC, you can monitor the supported servers for critical system hardware, firmware, or software issues. Sometimes, iDRAC may become unresponsive due to various reasons. During such scenarios, you must turn off the server and reset iDRAC. To reset the iDRAC CPU, you must either power off and power on the server or perform an AC power cycle.
On all iSM supported ESXi operating systems, the iSM v2.3 supports a Common Management Programming Interface (CMPI) method provider to perform the iDRAC reset remotely by using the WinRM remote commands. winrm i iDRACHardReset http://schemas.dell.
Beginning with iSM 2.4.0, you can configure Agent-x as the default protocol for in-band iDRAC SNMP alerts using the following command: ./Enable-iDRACSNMPTrap.sh 1/agentx –force If –force is not specified, ensure that the net-SNMP is configured and restart the snmpd service. ○ To enable this feature: Enable-iDRACSNMPTrap.sh 1 Enable-iDRACSNMPTrap.sh enable ○ To disable this feature: Enable-iDRACSNMPTrap.sh 0 Enable-iDRACSNMPTrap.
NOTE: Ensure that the Microsoft IP Helper Services is running on your system for this feature to function. To access the iDRAC Web interface, use the format https:// or OS-IP>:443/login.html in the browser, where: • • — Complete host name of the server on which iSM is installed and configured for iDRAC access via OS feature. You can use the OS IP address if the host name is not present. 443 — Default iDRAC port number.
When you re-enable these monitoring features through the iDRAC interfaces later, the same checks are performed and the features are enabled depending on whether OpenManage Server Administrator is running or not. Using iDRAC Service Module from iDRAC web interface To use the iDRAC Service Module from the iDRAC web interface: 1. Go to Overview > Server > Service Module. The iDRAC Service Module Setup page is displayed. 2.
20 Using USB port for server management In Dell PowerEdge 12th generation servers, all USB ports are dedicated to the server. With the 13th generation of servers, one of the front panel USB port is used by iDRAC for management purposes such as pre-provisioning and troubleshooting. The port has an icon to indicate that it is a management port. All 13th generation servers with LCD panel support this feature. This port is not available in a few of the 200-500 model variations without the LCD panel.
5. Start using iDRAC network interfaces such as the web interface, RACADM, or WSMan. 6. When iDRAC is using the USB port, the LED blinks indicating activity. The blink frequency is four per second. 7. After completing the desired actions, disconnect the USB cable from the system. The LED turns off. Configuring iDRAC using server configuration profile on USB device With the new iDRAC Direct feature, you can configure iDRAC at-the-server.
• • • You try to configure the USB management port without the Server Control user privilege. A USB device is in use by iDRAC and you attempt to modify the USB Management Port Mode. A USB device is in use by iDRAC and you remove the device. Configuring USB management port using web interface To configure the USB port: 1. In the iDRAC Web interface, go to Overview > Hardware > USB Management Port. The Configure USB Management Port page is displayed. 2.
3. From the iDRAC Direct: USB Configuration XML drop-down menu, select options to configure a server by importing server configuration profile stored on a USB drive: • • • Disabled Enabled while server has default credential settings only Enabled For information about the fields, see the iDRAC Settings Utility Online Help. 4. Click Back, click Finish and then click Yes to apply the settings.
5. LCD panel and LED (if present) display the status that an import job has started. 6. If there is a configuration that needs to be staged and the Shut Down Type is specified as No Reboot is specified in the control file, then you must reboot the server for the settings to be configured. Else, server is rebooted and the configuration is applied. Only when the server was already powered down, then the staged configuration is applied even if the No Reboot option is specified. 7.
21 Using iDRAC Quick Sync A few Dell 13th generation PowerEdge servers have the Quick Sync bezel that supports the Quick Sync feature. This feature enables atthe-server management with a mobile device. This allows you to view inventory and monitoring information and configure basic iDRAC settings (such as root credential setup and configuration of the first boot device) using the mobile device. You can configure iDRAC Quick Sync access for your mobile device (example, OpenManage Mobile) in iDRAC.
Configuring iDRAC Quick Sync settings using web interface To configure iDRAC Quick Sync: 1. In the iDRAC web interface, go to Overview > Hardware > Front Panel. 2. In the iDRAC Quick Sync section, from the Access drop-down menu, select one of the following to provide access to the Android mobile device: • • • Read-write Read-only Disabled 3. Enable the Timer. 4. Specify the Timeout value. For more information about the fields, see the iDRAC Online Help. 5. Click Apply to apply the settings.
22 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: • • Remote File Share Virtual Media Console Related tasks Deploying operating system using remote file share on page 269 Deploying operating system using virtual media on page 271 Topics: • • • Deploying operating system using remote file share Deploying operating system using virtual media Deploying embedded operating system on SD card Deploying operating system using remote file s
NOTE: If ESXi is running on the managed system and if you mount a floppy image (.img) using RFS, the connected floppy image is not available to the ESXi operating system. RFS and Virtual Media features are mutually exclusive. • • If the Virtual Media client is not active, and you attempt to establish an RFS connection, the connection is established and the remote image is available to the host operating system.
For RHEL, the CD device (.iso virtual device) is /dev/scd0 and floppy device (.img virtual device) is /dev/sdc. For SLES, the CD device is /dev/sr0 and the floppy device is /dev/sdc. To make sure that the correct device is used (for either SLES or RHEL), when you connect the virtual device, on the Linux OS you must immediately run the command: tail /var/log/messages | grep SCSI This displays the text that identifies the device (example, SCSI device sdc).
Installing operating system from multiple disks 1. Unmap the existing CD/DVD. 2. Insert the next CD/DVD into the remote optical drive. 3. Remap the CD/DVD drive. Deploying embedded operating system on SD card To install an embedded hypervisor on an SD card: 1. 2. 3. 4. Insert the two SD cards in the Internal Dual SD Module (IDSDM) slots on the system. Enable SD module and redundancy (if required) in BIOS. Verify if the SD card is available on one of the drives when you during boot.
23 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: • • • • • • • • • Diagnostic console Post code Boot and crash capture videos Last system crash screen System event logs Lifecycle logs Front panel status Trouble indicators System health Related tasks Using diagnostic console on page 273 Scheduling remote automated diagnostics on page 274 Viewing post codes on page 274 Viewing boot and crash capture videos on page 275 Viewing logs on page 275 Vie
Scheduling remote automated diagnostics You can remotely invoke automated offline diagnostics on a server as a one-time event and return the results. If the diagnostics require a reboot, you can reboot immediately or stage it for a subsequent reboot or maintenance cycle (similar to updates). When diagnostics are run, the results are collected and stored in the internal iDRAC storage. You can then export the results to an NFS, CIFS, HTTP, or HTTPS network share using the diagnostics export racadm command.
To view the Post Codes, go to Overview > Server > Troubleshooting > Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code. Viewing boot and crash capture videos You can view the video recordings of: • • Last three boot cycles — A boot cycle video logs the sequence of events for a boot cycle. The boot cycle videos are arranged in the order of latest to oldest. Last crash video — A crash video logs the sequence of events leading to the failure.
Viewing front panel status The Front Panel on the managed system summarizes the status of the following components in the system: • • • • • • • Batteries Fans Intrusion Power Supplies Removable Flash Media Temperatures Voltages You can view the status of the front panel of the managed system: • • For rack and tower servers: LCD front panel and system ID LED status or LED front panel and system ID LED status. For blade servers: Only system ID LEDs.
• • USB media failure Physical damage Based on the problem, use the following methods to correct the problem: • • • • Reseat the module or component and restart the system In case of a blade server, insert the module into a different bay in the chassis Replace hard drives or USB flash drives Reconnect or replace the power and network cables If problem persists, see the Hardware Owner’s Manual for specific troubleshooting information about the hardware device.
• • • Archived Lifecycle Controller logs PCIe SSD logs Storage controller logs NOTE: TTYLog collection for PCIe SSDs using the SupportAssist feature is not supported on Dell 12th generation PowerEdge servers. After the data is generated, you can view the data. It contains a bunch of XML files and log files. The data must be shared with tech support to troubleshoot the issue. Each time the data collection is performed, an event is recorded in the Lifecycle Controller log.
4. After the iDRAC Service Module has completed transferring the OS and application data to iDRAC, it is packaged along with the hardware data and the final report is generated. A message appears to save the report. 5. Specify the location to save the SupportAssist collection. Generating SupportAssist Collection manually When iSM is not installed, you can manually run the OS collector tool to generate the SupportAssist collection.
• OS and Application Data— export the SupportAssist collection of the OS and the application data. Under this option, select any one of the following: ○ Standard Data: Select this option to get the collection in standard format. ○ Filtered Data: Select this option to get the collection with filtered data. NOTE: By default, Hardware and OS and Application Data is selected. Based on the options selected, the time taken to collect the data is displayed next to these options.
Erasing system and user data You can erase system component(s) and user data for those components. The system components include: • • • • • Lifecycle Controller Data Embedded Diagnostics Embedded OS Driver Pack BIOS reset to default iDRAC reset to default Before performing system erase, ensure that: • • You have iDRAC Server Control privilege. Lifecycle Controller is enabled.
iDRAC Settings utility page is displayed. 3. Click Reset iDRAC configurations to defaults. The iDRAC Settings Reset iDRAC configurations to defaults page is displayed. 4. Click Yes. iDRAC reset starts. 5. Click Back and navigate to the same Reset iDRAC configurations to defaults page to view the success message.
24 Frequently asked questions This section lists the frequently asked questions for the following: • • • • • • • • • • • • • System Event Log Network security Active Directory Single Sign On Smart card login Virtual console Virtual media vFlash SD card SNMP authentication Storage devices iDRAC Service Module RACADM Miscellaneous Topics: • • • • • • • • • • • • • System Event Log Network security Active Directory Single Sign-On Smart card login Virtual console Virtual media vFlash SD card SNMP authenticat
iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. This certificate is not issued by a trusted CA. To resolve this, upload a iDRAC server certificate issued by a trusted CA (for example, Microsoft Certificate Authority, Thawte or Verisign). Why the DNS server not registering iDRAC? Some DNS servers register iDRAC names that contain only up to 31 characters.
Check the Subject or Subject Alternative Name field of your domain controller certificate. Normally, Active Directory uses the host name and not the IP address of the domain controller in the Subject or Subject Alternative Name field of the domain controller certificate. To resolve this, do any of the following: • • • Configure the host name (FQDN) of the domain controller as the domain controller address(es) on iDRAC to match the Subject or Subject Alternative Name of the server certificate.
3. 4. 5. 6. Make sure that the domain clients have the updated GPO. At the command line, type gpupdate /force and delete the old key tab with klist purge command. After the GPO is updated, create the new keytab. Upload the keytab to iDRAC. You can now log in to iDRAC using SSO. Why does SSO login fail with Active Directory users on Windows 7 and Windows Server 2008 R2? You must enable the encryption types for Windows 7 and Windows Server 2008 R2. To enable the encryption types: 1. 2. 3. 4. 5. 6.
Yes. Why does it take 15 seconds to turn off the local video on the server after requesting to turn off the local video? It gives a local user an opportunity to take any action before the video is switched off. Is there a time delay when turning on the local video? No, after a local video turn ON request is received by iDRAC, the video is turned on instantly. Can the local user also turn off or turn on the video? When the local console is disabled, the local user cannot turn off or turn on the video.
You are configuring a Virtual Console session from the local system. This is not supported. If a Virtual Console session is in-progress and a local user accesses the managed server, does the first user receive a warning message? No. If a local user accesses the system, both have control of the system. How much bandwidth is required to run a Virtual Console session? It is recommended to have a 5 MBPS connection for good performance. A 1 MBPS connection is required for minimal performance.
1. Activate the magic key function on the remote Linux server. You can use the following command to activate it on the Linux terminal: echo 1 > /proc/sys/kernel/sysrq 2. 3. 4. 5. Activate the keyboard pass-through mode of Active X Viewer. Press Ctrl+Alt+Print Screen. Release only Print Screen. Press Print Screen+Ctrl+Alt. NOTE: The SysRq feature is currently not supported with Internet Explorer and Java.
• • • • ISO 9660 image 1.44 Floppy disk or floppy image A USB key that is recognized by the operating system as a removable disk A USB key image How to make the USB key a bootable device? You can also boot with a Windows 98 startup disk and copy system files from the startup disk to the USB key. For example, from the DOS prompt, type the following command: sys a: x: /s where, x: is the USB key that is required to be set as a bootable device.
virtual media device, do not attach or detach one or more virtual media or vFlash devices. It is recommended that you connect all the required USB devices first before using them. What does the USB Reset do? It resets the remote and local USB devices connected to the server. How to maximize Virtual Media performance? To maximize Virtual Media performance, launch the Virtual Media with the Virtual Console disabled or do one of the following: • • Change the performance slider to Maximum Speed.
How to check whether iDRAC Service Module is installed in the host operating system? To know if the iDRAC Service Module is installed on the system, • On systems running Windows: • Open the Control Panel, verify if iDRAC Service Module is listed in the list of installed programs displayed. On systems running Linux: Run the command rpm —qi dcism. If the iDRAC Service Module is installed, the status displayed is installed.
○ To remove port group: esxcfg-vmknic -d -p "iDRAC Network" ○ To remove vSwitch: esxcfg-vswitch -d vSwitchiDRACvusb NOTE: You can reinstall iDRAC Service Module on the VMware ESXi server as this is not a functional issue for the server. Where is the Replicated Lifecycle log available on the operating system? To view the replicated Lifecycle logs: Table 49. Lifecycle logs Operating System Microsoft Windows Location Event viewer > Windows Logs > System.
Why are the remote RACADM and web-based services unavailable after a property change? It may take a while for the remote RACADM services and the Web-based interface to become available after the iDRAC web server resets. The iDRAC Web server is reset when: • • • • • The network configuration or network security properties are changed using the iDRAC web user interface. The iDRAC.Webserver.HttpsPort property is changed, including when a racadm set -f changes it. The racresetcfg command is used.
Current Gateway Speed Duplex = 10.35.155.1 = Autonegotiate = Autonegotiate NOTE: You can also perform this using remote RACADM. For more information on CMC RACADM commands, see the CMC RACADM Command Line Interface Reference Guide available at dell.com/cmcmanuals. For more information on iDRAC RACADM commands, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
iDRAC on blade server is not responding during boot. Remove and reinsert the server. Check CMC web interface to see if iDRAC is displayed as an upgradable component. If it does, follow the instructions in Updating firmware using CMC web interface. If the problem persists, contact technical support. When attempting to boot the managed server, the power indicator is green, but there is no POST or no video. This happens due to any of the following conditions: • • • Memory is not installed or is inaccessible.
25 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
Inventorying and monitoring storage devices on page 190 Using iDRAC Service Module on page 254 Obtaining system information and assess system health To obtain system information and assess system health: • • • In iDRAC Web interface, go to Overview > Server > System Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan.
Performing graceful shutdown To perform graceful shutdown, in iDRAC Web interface, go to one of the following locations: • • Overview > Server > Power/Thermal > Power Configuration > Power Control. The Power Control page is displayed. Select Graceful Shutdown and click Apply. Overview > Server > Power/Thermal > Power Monitoring. From the Power Control drop-down menu, select Graceful Shutdown and click Apply. NOTE: All Power options are dependent on the host operating system.
Installing new electronic license See License operations for more information. Applying IO Identity configuration settings for multiple network cards in single host system reboot If you have multiple network cards in a server that is part of a Storage Area Network (SAN) environment and you want to apply different virtual addresses, initiator and target configuration settings to those cards, use the I/O Identity Optimization feature to reduce the time in configuring the settings. To do this: 1. 2. 3. 4. 5.