Integrated Dell Remote Access Controller 8 Version 2.70.70.70 User’s Guide September 2019 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Overview.....................................................................................................................14 Benefits of using iDRAC with Lifecycle Controller.................................................................................................... 14 Key features........................................................................................................................................................................ 15 New in this release........
Chapter 3: Setting up managed system and management station................................................ 38 Setting up iDRAC IP address..........................................................................................................................................38 Setting up iDRAC IP using iDRAC settings utility................................................................................................ 39 Setting up iDRAC IP using CMC web interface..........................................
Chapter 4: Configuring iDRAC..................................................................................................... 78 Viewing iDRAC information............................................................................................................................................. 79 Viewing iDRAC information using web interface................................................................................................. 79 Viewing iDRAC information using RACADM.........................
Configuring multiple iDRACs using RACADM.............................................................................................................98 Creating an iDRAC configuration file......................................................................................................................99 Disabling access to modify iDRAC configuration settings on host system.........................................................99 Chapter 5: Viewing iDRAC and managed system information..................
Chapter 7: Configuring user accounts and privileges.................................................................. 127 Recommended characters in user names and passwords..................................................................................... 127 Configuring local users................................................................................................................................................... 128 Configuring local users using iDRAC web interface..........................
Setting alert recurrence events using RACADM................................................................................................157 Setting event actions......................................................................................................................................................157 Setting event actions using web interface.......................................................................................................... 157 Setting event actions using RACADM.......
Inventorying and monitoring network devices..........................................................................................................175 Monitoring network devices using web interface.............................................................................................. 175 Monitoring network devices using RACADM...................................................................................................... 176 Inventorying and monitoring FC HBA devices..........................
Controller operations in non-RAID - HBA mode................................................................................................. 213 Running RAID configuration jobs on multiple storage controllers..................................................................214 Managing PCIe SSDs...................................................................................................................................................... 214 Inventorying and monitoring PCIe SSDs.......................
Mapping virtual drive................................................................................................................................................239 Unmapping virtual drive...........................................................................................................................................240 Setting boot order through BIOS................................................................................................................................
Using iDRAC Service Module on Windows Nano OS............................................................................................. 270 Chapter 20: Using USB port for server management..................................................................272 Accessing iDRAC interface over direct USB connection...................................................................................... 272 Configuring iDRAC using server configuration profile on USB device..........................................
Resetting iDRAC to factory default settings using iDRAC settings utility..................................................292 Chapter 24: Frequently asked questions.................................................................................... 293 System Event Log...........................................................................................................................................................293 Network security....................................................................
1 Overview The Integrated Dell Remote Access Controller (iDRAC) is designed to make server administrators more productive and improve the overall availability of Dell servers. iDRAC alerts administrators to server issues, helps them perform remote server management, and reduces the need for physical access to the server. iDRAC with Lifecycle Controller technology is part of a larger data center solution that helps keep business critical applications and workloads available always.
● Enhanced Embedded Management through Lifecycle Controller – Lifecycle Controller provides deployment and simplified serviceability through Lifecycle Controller GUI for local deployment and Remote Services (WS-Management) interfaces for remote deployment integrated with Dell OpenManage Essentials and partner consoles. For more information on Lifecycle Controller GUI, see Lifecycle Controller User’s Guide and for remote services, see Lifecycle Controller Remote Services User’s Guide available at dell.
■ Create or change security keys. ○ PCIe SSD devices: ■ Inventory and remotely monitor the health of PCIe SSD devices in the server. ■ Prepare the PCIe SSD to be removed. ■ Securely erase the data. ○ Set the backplane mode (unified or split mode). ○ Blink or unblink component LEDs. ○ Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update ● Manage iDRAC licenses.
● Single Sign-On and Public Key Authentication. ● Role-based authorization, to configure specific privileges for each user. ● SNMPv3 authentication for user accounts stored locally in the iDRAC. It is recommended to use this, but it is disabled by default. ● User ID and password configuration. ● Default login password modification. ● Set user passwords and BIOS passwords using one-way hash format for improved security. ● FIPS 140-2 Level 1 capability. ● Support for TLS 1.2, 1.1, and 1.0.
Supported OS, Hypervisors iDRAC is supported on the following OS, Hypervisors: ● Microsoft ● VMware ● Citrix ● RedHat ● SuSe NOTE: For the list of supported versions, see the iDRAC Release Notes available at dell.com/idracmanuals. Managing licenses iDRAC features are available based on the purchased license (Basic Management, iDRAC Express, or iDRAC Enterprise). Only licensed features are available in the interfaces that allow you to configure or use iDRAC.
● Replace — Change a license type such as an evaluation license with a purchased license, or extend an expired license. ○ An evaluation license may be replaced with an upgraded evaluation license or with a purchased license. ○ A purchased license may be replaced with an updated license or with an upgraded license. ● Learn More — Learn more about an installed license, or the licenses available for a component installed in the server.
Table 1.
Table 1.
Table 1.
Table 1.
Table 1. Licensed features in iDRAC7 and iDRAC8 (continued) Feature Basic iDRAC8 Manage Basic ment (iDRAC 7) iDRAC7 Express iDRAC8 iDRAC7 iDRAC8 Express Express Express for for Blades Blades iDRAC7 Enterprise iDRAC8 Enterprise Lifecycle Log No Yes No Yes No Yes No Yes Work notes No Yes No Yes No Yes No Yes Remote Syslog No No No No No No Yes Yes License management No Yes No Yes No Yes No Yes [1] Requires vFlash SD card media.
Table 2. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description Server LCD Panel/ Chassis LCD Panel Use the LCD on the server front panel to: ● View alerts, iDRAC IP or MAC address, user programmable strings. ● Set DHCP ● Configure iDRAC static IP settings. For blade servers, the LCD is on the chassis front panel and is shared between all the blades. To reset iDRAC without rebooting the server, press and hold the System Identification button 16 seconds.
Table 2. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description ● Lifecycle Controller-Remote Services User’s Guide available at dell.com/idracmanuals. ● Lifecycle Controller Integration Best Practices Guide available at dell.com/support/manuals. ● Lifecycle Controller page on Dell TechCenter — delltechcenter.com/page/Lifecycle +Controller ● Lifecycle Controller WSMAN Script Center — delltechcenter.
Table 4. Ports iDRAC uses as client (continued) Port number Type Function Configurable port Maximum encryption level 3269 TCP LDAPS for global catalog (GC) No 256-bit SSL 5353 UDP mDNS No None 514 UDP Remote syslog Yes None Other documents you may need In addition to this guide, the following documents available on the Dell Support website at dell.com/support/manuals provide additional information about the setup and operation of iDRAC in your system.
Social media reference To know more about the product, best practices, and information about Dell solutions and services, you can access the social media platforms such as Dell TechCenter. You can access blogs, forums, whitepapers, how-to videos, and so on from the iDRAC wiki page at www.delltechcenter.com/idrac. For iDRAC and other related firmware documents, see dell.com/idracmanuals and dell.com/esmmanuals.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. The default user name is root and the default password is calvin. You can also log in using Single Sign-On or Smart Card. NOTE: ● You must have Login to iDRAC privilege to log in to iDRAC. ● iDRAC GUI does not support browser buttons such as Back, Forward, or Refresh.
NOTE: If the default HTTPS port number (port 443) was changed, enter: https://[iDRAC-IP-address]:[portnumber] where, [iDRAC-IP-address] is the iDRAC IPv4 or IPv6 address and [port-number] is the HTTPS port number. The Login page is displayed. 3. For a local user: ● In the Username and Password fields, enter your iDRAC user name and password. ● From the Domain drop-down menu, select This iDRAC. 4.
NOTE: If the default HTTPS port number (port 443) has been changed, type: https://[IP address]:[port number] where, [IP address] is the IP address for the iDRAC and [port number] is the HTTPS port number. 2. Insert the Smart Card into the reader and click Login. A prompt is displayed for the Smart Card’s PIN. A password in not required. 3. Enter the Smart Card PIN for local Smart Card users. You are logged in to the iDRAC.
Logging in to iDRAC SSO using iDRAC web interface Before logging in to iDRAC using Single Sign-On, make sure that: ● You have logged in to your system using a valid Active Directory user account. ● Single Sign-On option is enabled during Active Directory configuration. To log in to iDRAC using web interface: 1. Log in to your management station using a valid Active Directory account. 2.
3. Append the PEM formatted CA certificate to the management station CA certificate. For example, use the cat command: cat testcacert.pem >> cert.pem 4. Generate and upload the server certificate to iDRAC. Accessing iDRAC using local RACADM For information to access iDRAC using local RACADM, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Table 5. Multiple iDRAC sessions Interface Number of Sessions iDRAC Web Interface 6 Remote RACADM 4 Firmware RACADM / SMCLP SSH - 2 Telnet - 2 Serial - 1 Changing default login password The warning message that allows you to change the default password is displayed if: ● You log in to iDRAC with Configure User privilege. ● Default password warning feature is enabled. ● Credentials for any currently enabled account are root/calvin. ● Force Change of Password (FCP) is enabled.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user names and passwords on page 127. Changing default login password using iDRAC settings utility To change the default login password using iDRAC Settings Utility: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings.User Configuration page is displayed. 2.
As consecutive login failures accumulate from a specific IP address, they are aged by an internal counter. When the user logs in successfully, the failure history is cleared and the internal counter is reset. NOTE: When consecutive login attempts are refused from the client IP address, some SSH clients may display the following message: ssh exchange identification: Connection closed by remote host . Table 6. Login Retry Restriction Properties Property Definition Enables the IP blocking feature.
Table 7. iDRAC web interface behavior with incorrect login attempts (continued) Login attempts Blocking (seconds) Error logged (USR0003 4) GUI display message SNMP alert (if enabled) Second incorrect login 0 No None No Third incorrect login 600 Yes ● RAC0212: Login failed. Verify that username and password is correct. Login delayed for 600 seconds. Yes ● Try again button is disabled for 600 seconds. NOTE: By default, the fail counter resets after 600 seconds.
3 Setting up managed system and management station To perform out-of-band systems management using iDRAC, you must configure iDRAC for remote accessibility, set up the management station and managed system, and configure the supported web browsers. NOTE: In case of blade servers, install CMC and I/O modules in the chassis and physically install the system in the chassis before performing the configurations. Both iDRAC Express and iDRAC Enterprise ship from the factory with a default static IP address.
● Dell Deployment Toolkit (see Dell Deployment Toolkit User’s Guide) ● Chassis or Server LCD panel (see the system’s Hardware Owner’s Manual) NOTE: In case of blade servers, you can configure the network setting using the Chassis LCD panel only during initial configuration of CMC. After the chassis is deployed, you cannot reconfigure iDRAC using the Chassis LCD panel.
Network settings To configure the Network Settings: NOTE: For information about the options, see the iDRAC Settings Utility Online Help. 1. Under Enable NIC, select the Enabled option. 2. From the NIC Selection drop-down menu, select one of the following ports based on the network requirement: ● Dedicated — Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC).
4. Under Auto Negotiation, select On if iDRAC must automatically set the duplex mode and network speed. This option is available only for dedicated mode. If enabled, iDRAC sets the network speed to 10, 100, or 1000 Mbps based on the network speed. 5. Under Network Speed, select either 10 Mbps or 100 Mbps. NOTE: You cannot manually set the Network Speed to 1000 Mbps. This option is available only if Auto Negotiation option is enabled. 6. Under Duplex Mode, select Half Duplex or Full Duplex option.
● In the Static Alternate DNS Server box, enter the static alternate DNS server. IPMI settings To enable the IPMI Settings: 1. Under Enable IPMI Over LAN, select Enabled. 2. Under Channel Privilege Limit, select Administrator, Operator, or User. 3. In the Encryption Key box, enter the encryption key in the format 0 to 40 hexadecimal characters (without any blanks characters.) The default value is all zeros. VLAN settings You can configure iDRAC into the VLAN infrastructure.
Provisioning server works with a static IP address. DHCP, DNS server, or the default DNS host name discovers the provisioning server. If DNS is specified, the provisioning server IP is retrieved from DNS and the DHCP settings are not required. If the provisioning server is specified, discovery is skipped so neither DHCP nor DNS is required. You can enable the Provisioning Server feature using iDRAC Settings Utility or using Lifecycle Controller.
NOTE: On systems with iDRAC version 2.20.20.20 or later, if the filename parameter is not present in DHCP option 60, the iDRAC server configuration agent automatically generates the configuration filename using the server Service Tag, model number, or the default filename—config.xml. The iDRAC server configuration agent uses the rules in the following sequence to determine which SCP file on the file share to apply for each iDRAC: 1. The filename specified in DHCP option 60. 2. -config.
The DHCP Option 43 is used to send information from the DHCP server to the DHCP client. The option is defined as a text string. This text string is set to contain the values of the XML filename, share location and the credentials to access the location. For example, option myname code 43 = text; subnet 192. 168.0.0 netmask 255.255.255.0 { # default gateway option routers 192.168.0.1; option subnet-mask 255.255.255.0; option nis-domain "domain.org"; option domain-name "domain.
9. On the DHCP window, right-click IPv4 and select Set Predefined Options. 10. From the Option class drop-down menu, select iDRAC (created in step 4) and click Add. 11. In the Option Type dialog box, enter the following information: ● ● ● ● Name — iDRAC Data Type — String Code — 060 Description — Dell vendor class identifier 12. Click OK to return to the DHCP window. 13. Expand all items under the server name, right-click Scope Options and select Configure Options. 14. Click the Advanced tab. 15.
2. Set the option 43 and use the name vendor class identifier for option 60. option myname code 43 = text; subnet 192.168.0.0 netmask 255.255.0.0 { #default gateway option routers 192.168.0.1; option subnet-mask 255.255.255.0; option nis-domain "domain.org"; option domain-name "domain.org"; option domain-name-servers 192.168.1.1; option time-offset -18000; # Eastern Standard Time option vendor-class-identifier "iDRAC"; set vendor-string = option vendor-class-identifier; option myname "-f system_config.
Prerequisites before enabling Auto Config Before enabling the Auto config feature, make sure that following are already set: ● Supported network share (NFS or CIFS) is available on the same subnet as the iDRAC and DHCP server. Test the network share to ensure that it can be accessed and that the firewall and user permissions are set correctly. ● Server configuration profile is exported to the network share.
If the password of the iDRAC user account is set with the SHA256 password hash only and not the other hashes (SHA1v3Key or MD5v3Key), then authentication through SNMP v3 is not available. Hash password using RACADM To set hash passwords, use the following objects with the set command: ● iDRAC.Users.SHA256Password ● iDRAC.Users.
Related concepts Installing and using VMCLI utility on page 242 Related tasks Configuring supported web browsers on page 57 Accessing iDRAC remotely To remotely access iDRAC Web interface from a management station, make sure that the management station is in the same network as iDRAC. For example: ● Blade servers — The management station must be on the same network as CMC.
Setting up managed system location using web interface To specify the system location details: 1. In the iDRAC web interface, go to Overview > Server > Properties > Details. The System Details page is displayed. 2. Under System Location, enter the location details of the managed system in the data center. For information about the options, see the iDRAC Online Help. 3. Click Apply. The system location details are saved in iDRAC.
■ ■ Optimized for lowest system power consumption based on optimum fan power state. Generally, lower fan speeds at idle and stress loads. NOTE: Selecting Maximum Performance or Minimum Power, overrides thermal settings associated to System Profile setting under System BIOS > System BIOS Settings.System Profile Settings page. ● Maximum Exhaust Temperature Limit — From the drop-down menu, select the maximum exhaust air temperature. The values are displayed based on the system.
Modifying thermal settings using RACADM To modify the thermal settings, use the objects in the system.thermalsettings group with the set sub command as provided in the following table. Table 8. Thermal Settings Object Description Usage Example AirExhaustTemp Allows you to set the maximum air exhaust temperature limit. To check the existing setting Set to any of the following on the system: values (based on the system): ● 0 — Indicates 40°C racadm get ● 1 — Indicates 45°C system.
Table 8. Thermal Settings (continued) Object Description Usage Example To set the limit to the default value: racadm set system.thermalsetti ngs.AirExhaustTemp 255 FanSpeedHighOffsetVal ● Getting this variable reads the fan speed offset value in %PWM for High Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 1. Values from 0-100 racadm get system.
Table 8. Thermal Settings (continued) Object Description Usage Example fan speed increasing to full speed. racadm set system.thermalsetti ngs FanSpeedOffset 3 FanSpeedMediumOffsetV al ● Getting this variable reads the fan speed offset value in %PWM for Medium Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 2 Values from 0-100 racadm get system.thermalsetti ngs FanSpeedMediumOffse tVal This returns a value such as “47”.
Table 8. Thermal Settings (continued) Object Description Usage Example MFSMinimumLimit Read Minimum limit for MFS Values from 0 to MFSMaximumLimit To display the lowest value that can be set using MinimumFanSpeed option. Default is 255 (means None) racadm get system.thermalsetti ngs.MFSMinimumLimit MinimumFanSpeed ThermalProfile ● Allows configuring the Minimum Fan speed that is required for the system to operate.
For information about the fields, see the Modifying thermal settings using web interface. The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting during system reboot, power cycling, iDRAC, or BIOS updates. A few Dell servers may or may not support some or all of these custom user cooling options. If the options are not supported, they are not displayed or you cannot provide a custom value. 3.
To add iDRAC IP address to the trusted-sites list: 1. Click Tools > Internet Options > Security > Trusted sites > Sites. 2. Enter the iDRAC IP address to the Add this website to the zone. 3. Click Add, click OK, and then click Close. 4. Click OK and then refresh your browser. Configuring Internet Explorer to enable Active Directory SSO To configure the browser settings for Internet Explorer: 1. In Internet Explorer, navigate to Local Intranet and click Sites. 2.
1. Make sure that a supported version of the browser (Internet Explorer (Windows), or Mozilla Firefox (Windows or Linux), Google Chrome, Safari) is installed. For more information about the supported browser versions, see the Release Notes available at dell.com/idracmanuals. 2. To use Internet Explorer, set IE to Run As Administrator. 3. Configure the Web browser to use ActiveX, Java, or HTML5 plug-in. ActiveX viewer is supported only with Internet Explorer.
To configure IE to use Java plug-in: ● Disable automatic prompting for file downloads in Internet Explorer. ● Disable Enhanced Security Mode in Internet Explorer. Related concepts Configuring virtual console on page 227 Configuring IE to use ActiveX plug-in You must configure the IE browser settings before you start and run ActiveX based Virtual Console and Virtual Media applications. The ActiveX applications are delivered as signed CAB files from the iDRAC server.
Additional settings for Windows Vista or newer Microsoft operating systems The Internet Explorer browsers in Windows Vista or newer operating systems have an additional security feature called Protected Mode. To launch and run ActiveX applications in Internet Explorer browsers with Protected Mode: 1. Run IE as an administrator. 2. Go to Tools > Internet Options > Security > Trusted Sites. 3. Make sure that the Enable Protected Mode option is not selected for Trusted Sites zone.
Importing CA certificate to ActiveX trusted certificate store You must use the OpenSSL command line tool to create the certificate Hash using Secure Hash Algorithm (SHA). It is recommended to use OpenSSL tool 1.0.x and later since it uses SHA by default. The CA certificate must be in Base64 encoded PEM format. This is one-time process to import each CA certificate. To import the CA certificate to the ActiveX trusted certificate store: 1. Open the OpenSSL command prompt. 2.
Updates that do not require a reboot are applied immediately. Updates that require a system reboot are staged and committed to run on the next system reboot. Only one system reboot is required to perform all updates. After the firmware is updated, the System Inventory page displays the updated firmware version and logs are recorded. The supported firmware image file types are: ● .exe — Windows-based Dell Update Package (DUP) ● .d7 — Contains both iDRAC and Lifecycle Controller firmware For files with .
Table 10.
Updating single device firmware Before updating the firmware using single device update method, make sure that you have downloaded the firmware image to a location on the local system. NOTE: Ensure that the file name for the single component DUP does not have any blank space. To update single device firmware using iDRAC web interface: 1. Go to Overview > iDRAC Settings > Update and Rollback. The Firmware Update page is displayed. 2. On the Update tab, select Local as the File Location. 3.
While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters. For more information, see Recommended characters in user names and passwords on page 127. For information about the fields, see the iDRAC Online Help. 4. Click Check for Update. The Update Details section displays a comparison report showing the current firmware versions and the firmware versions available in the repository.
Viewing and managing staged updates on page 70 Scheduling automatic firmware updates on page 67 Updating device firmware using RACADM To update device firmware using RACADM, use the update subcommand. For more information, see the RACADM Reference Guide for iDRAC and CMC available at dell.com/idracmanuals. Examples: ● To generate a comparison report using an update repository: racadm update –f catalog.xml –l //192.168.1.
NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters. ● FTP — Use the catalog file from the FTP site. Enter the FTP site details. 6. Based on the selection in step 5, enter the network settings or the FTP settings. For information about the fields, see the iDRAC Online Help. 7.
The Server Status page is displayed. 3. Click Launch iDRAC Web interface and perform iDRAC Firmware Update. Related concepts Updating device firmware on page 62 Updating firmware using iDRAC web interface on page 64 Updating firmware using DUP Before you update firmware using Dell Update Package (DUP), make sure to: ● Install and enable the IPMI and managed system drivers.
Updating firmware using Lifecycle Controller Remote Services For information to update the firmware using Lifecycle Controller–Remote Services, see Lifecycle Controller Remote Services Quick Start Guide available at dell.com/idracmanuals. Updating CMC firmware from iDRAC In the PowerEdge FX2/FX2s chassis, you can update the firmware for the Chassis Management Controller and any component that can be updated by CMC and shared by the servers from iDRAC.
You must have Server Control privilege to delete jobs. Viewing and managing staged updates using RACADM To view the staged updates using RACADM, use jobqueue sub-command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Rolling back device firmware You can roll back the firmware for iDRAC or any device that Lifecycle Controller supports, even if the upgrade was previously performed using another interface.
Rollback firmware using iDRAC web interface To roll back device firmware: 1. In the iDRAC Web interface, go to Overview > iDRAC Settings > Update and Rollback > Rollback. The Rollback page displays the devices for which you can rollback the firmware. You can view the device name, associated devices, currently installed firmware version, and the available firmware rollback version. 2. Select one or more devices for which you want to rollback the firmware. 3.
Rollback firmware using Lifecycle Controller-Remote Services For information, see Lifecycle Controller Remote Services Quick Start Guide available at dell.com/idracmanuals. Recovering iDRAC iDRAC supports two operating system images to make sure a bootable iDRAC. In the event of an unforeseen catastrophic error and you lose both boot paths: ● iDRAC bootloader detects that there is no bootable image. ● System Health and Identify LED is flashed at ~1/2 second rate.
Related concepts Scheduling automatic backup server profile on page 74 Importing server profile on page 75 Backing up server profile using iDRAC web interface To back up the server profile using iDRAC Web interface: 1. Go to Overview > iDRAC Settings > Server Profile. The Backup and Export Server Profile page is displayed. 2. Select one of the following to save the backup file image: ● Network to save the backup file image on a CIFS or NFS share. ● vFlash to save the backup file image on the vFlash card.
6. If Network is selected as the file location, enter the network settings. NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters. For information about the fields, see the iDRAC Online Help 7. In the Backup Window Schedule section, specify the backup operation start time and frequency of the operation (daily, weekly, or monthly). For information about the fields, see the iDRAC Online Help. 8.
Easy Restore NOTE: Easy Restore is available only on 13 th generation PowerEdge servers that have the Easy Restore flash memory. Easy Restore is not available on PowerEdge R930. After you replace the motherboard on your server, Easy Restore allows you to automatically restore the following data: ● ● ● ● System Service Tag Licenses data UEFI Diagnostics application System configuration settings—BIOS, iDRAC, and NIC Easy Restore uses the Easy Restore flash memory to back up the data.
Restore operation sequence The restore operation sequence is: 1. Host system shuts down. 2. Backup file information is used to restore the Lifecycle Controller. 3. Host system turns on. 4. Firmware and configuration restore process for the devices is completed. 5. Host system shuts down. 6. iDRAC firmware and configuration restore process is completed. 7. iDRAC restarts. 8. Restored host system turns on to resume normal operation.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see Managing licenses.
Managing virtual media on page 235 Managing vFlash SD card on page 245 Setting first boot device on page 88 Enabling or disabling OS to iDRAC Pass-through on page 90 Related tasks Configuring iDRAC to send alerts on page 154 Topics: • • • • • • • • • • • • • Viewing iDRAC information Modifying network settings Cipher suite selection FIPS mode Configuring services Using VNC client to manage remote server Configuring front panel display Configuring time zone and NTP Setting first boot device Enabling or dis
NOTE: Changing the network settings may terminate the current network connections to iDRAC. Modifying network settings using web interface To modify the iDRAC network settings: 1. In the iDRAC Web interface, go to Overview > iDRAC Settings > Network. The Network page is displayed. 2. Specify the network settings, common settings, IPv4, IPv6, IPMI, and/or VLAN settings as per your requirement and click Apply.
NOTE: If you are using Dell Deployment Toolkit (DTK), see the Dell Deployment Toolkit User’s Guide for the privileges. Configure IP filtering using iDRAC web interface You must have Configure privilege to perform these steps. To configure IP filtering: 1. In iDRAC Web interface, go to Overview > iDRAC Settings > Network > Network. The Network page is displayed. 2. Click Advanced Settings. The Network Security page is displayed. 3. Specify the IP filtering settings.
Configuring cipher suite selection using iDRAC web interface CAUTION: Using OpenSSL Cipher Command to parse strings with invalid syntax may lead to unexpected errors. CAUTION: This is an advanced security option. Before you configure this option, ensure that you have thorough knowledge of the following: ● The OpenSSL Cipher String Syntax and its use ● Tools and Procedures to verify and validate the resultant Cipher Suite Configuration to ensure that the results align with the expectations and requirements.
NOTE: If you reinstall or upgrade iDRAC firmware, FIPS mode gets disabled. Enabling FIPS mode using web interface 1. On the iDRAC web interface, navigate to Overview > iDRAC Settings > Network. 2. Click Advanced Settings next to Options. 3. In FIPS Mode, select Enabled and click Apply. 4. A message appears prompting you to confirm the change. Click OK. iDRAC restarts in FIPS mode. Wait for at least 60 seconds before you reconnect to iDRAC. 5. Install a trusted certificate for iDRAC.
For information about the various settings, see the iDRAC Online Help. NOTE: Do not select the Prevent this page from creating additional dialogs check-box. Selecting this option prevents you from configuring services. Configuring services using RACADM To ● ● ● ● ● ● ● enable and configure services using RACADM, use the set command with the objects in the following object groups: iDRAC.LocalSecurity iDRAC.LocalSecurity iDRAC.SSH iDRAC.Webserver iDRAC.Telnet iDRAC.Racadm iDRAC.
Configuring TLS using RACADM To check the version of TLS configured: racadm get idrac.webserver.tlsprotocol To set the version of TLS: racadm set idrac.webserver.tlsprotocol =0 TLS 1.0 and Higher =1 TLS 1.1 and Higher =2 TLS 1.2 Only Using VNC client to manage remote server You can use a standard open VNC client to manage the remote server using both desktop and mobile devices such as Dell Wyse PocketCloud.
The VNC server is configured. Configuring VNC server using RACADM To configure the VNC server, use the set command with the objects in VNCserver. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
1. In iDRAC Web interface, go to Overview > Hardware > Front Panel. 2. In LCD Settings section, from the Set Home Message drop-down menu, select any of the following: ● ● ● ● ● ● ● ● ● ● ● Service Tag (default) Asset Tag DRAC MAC Address DRAC IPv4 Address DRAC IPv6 Address System Power Ambient Temperature System Model Host Name User Defined None If you select User Defined, enter the required message in the text box. If you select None, home message is not displayed on the server LCD front panel. 3.
● Blink On 1 Week Timeout ● Blink On 1 Month Timeout 3. Click Apply. The LED blinking on the front panel is configured. Configuring system ID LED setting using RACADM To configure system ID LED, use the setled command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Configuring time zone and NTP You can configure the time zone on iDRAC and synchronize the iDRAC time using Network Time Protocol (NTP) instead of BIOS or host system times.
NOTE: ● BIOS Setup (F2), Lifecycle Controller (F10), and BIOS Boot Manager (F11) cannot be set as permanent boot device. ● The first boot device setting in iDRAC Web Interface overrides the System BIOS boot settings. ● Use Redfish interface to set the value for UEFI device path. Booting to UEFI Device Path is supported on Dell 13 th generation or newer servers. Setting first boot device using web interface To set the first boot device using iDRAC Web interface: 1.
Enabling or disabling OS to iDRAC Pass-through In servers that have Network Daughter Card (NDC) or embedded LAN On Motherboard (LOM) devices, you can enable the OS to iDRAC Pass-through feature. This feature provides a high-speed bi-directional in-band communication between iDRAC and the host operating system through a shared LOM (rack or tower servers), a dedicated NIC (rack, tower, or blade servers), or through the USB NIC. This feature is available for iDRAC Enterprise license.
Table 11. OS to iDRAC Pass-through using LOM Category Manufacturer Type NDC Broadcom ● ● ● ● ● ● Intel ● i540 QP rNDC (10G BASE-T + 1G BASE-T) ● i350 QP rNDC 1G BASE-T ● x520/i350 rNDC 1GB Qlogic QMD8262 Blade NDC 5720 QP rNDC 1G BASE-T 57810S DP bNDC KR 57800S QP rNDC (10G BASE-T + 1G BASE-T) 57800S QP rNDC (10G SFP+ + 1G BASE-T) 57840 4x10G KR 57840 rNDC In-built LOM cards also support the OS to iDRAC pass-through feature.
For vSphere, you must install the VIB file before enabling USB NIC. For the following operating systems, if you install the Avahi and nss-mdns packages, then you can use https://idrac.local to launch the iDRAC from the host operating system. If these packages are not installed, use https://169.254.0.1 to launch the iDRAC. Table 12. Operating System details for USB NIC Operating System Firewall Status Avahi Package nss-mdns Package RHEL 5.9 32– bit Disable Install as a separate package (avahi-0.6.
Enabling or disabling OS to iDRAC Pass-through using web interface To enable OS to iDRAC Pass-through using Web interface: 1. Go to Overview > iDRAC Settings > Network > OS to iDRAC Pass-through. The OS to iDRAC Pass-through page is displayed. 2. Select any of the following options to enable OS to iDRAC pass-through: ● LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or NDC.
The default value is 169.254.0.1. However, if this IP address conflicts with an IP address of other interfaces of the host system or the local network, you must change it. Do not enter 169.254.0.3 and 169.254.0.4 IPs. These IPs are reserved for the USB NIC port on the front panel when a A/A cable is used 5. Click Back, click Finish, and then click Yes. The details are saved. Obtaining certificates The following table lists the types of certificates based on the login type. Table 13.
plugins such as vConsole with this level of encryption. For information about installing the policy files, see the documentation for Java. iDRAC Web server has a Dell self-signed unique SSL digital certificate by default. You can replace the default SSL certificate with a certificate signed by a well-known Certificate Authority (CA).
NOTE: Each new CSR overwrites any previous CSR data stored in the firmware. The information in the CSR must match the information in the SSL server certificate. Else, iDRAC does not accept the certificate. 1. In the iDRAC Web interface, go to Overview > iDRAC Settings > Network > SSL, select Generate Certificate Signing Request (CSR) and click Next. The Generate a New Certificate Signing Request page is displayed. 2. Enter a value for each CSR attribute. For more information, see iDRAC Online Help. 3.
Viewing server certificate You can view the SSL server certificate that is currently being used in iDRAC. Related concepts SSL server certificates on page 94 Viewing server certificate using web interface In the iDRAC Web interface, go to Overview > iDRAC Settings > Network > SSL. The SSL page displays the SSL server certificate that is currently in use at the top of the page. Viewing server certificate using RACADM To view the SSL server certificate, use the sslcertview command.
Downloading custom signing certificate To download the custom signing certificate using iDRAC Web interface: 1. Go to Overview > iDRAC Settings > Network > SSL. The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, select Download Custom SSL Certificate Signing Certificate and click Next. A pop-up message is displayed that allows you to save the custom signing certificate to a location of your choice.
1. Query the target iDRAC that contains the required configuration using the following command:. racadm get -f .xml -t xml The command requests the iDRAC configuration and generates the configuration file. NOTE: Redirecting the iDRAC configuration to a file using get -f is only supported with the local and remote RACADM interfaces. NOTE: The generated configuration file does not contain user passwords.
NOTE: If access is disabled, you cannot use Server Administrator or IPMITool to perform iDRAC configurations. However, you can use IPMI Over LAN.
5 Viewing iDRAC and managed system information You can view iDRAC and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.
The Hardware Inventory section displays the information for the following components available on the managed system: ● iDRAC ● RAID controller ● Batteries ● CPUs ● DIMMs ● HDDs ● Backplanes ● Network Interface Cards (integrated and embedded) ● Video card ● SD card ● Power Supply Units (PSUs) ● Fans ● Fibre Channel HBAs ● USB ● NVMe PCIe SSD devices The Firmware Inventory section displays the firmware version for the following components: ● BIOS ● Lifecycle Controller ● iDRAC ● OS driver pack ● 32-bit diagn
● Fan (available only for rack and tower servers) — Provides information about the system fans — fan redundancy and fans list that display fan speed and threshold values. ● CPU — Indicates the health and state of the CPUs in the managed system. It also reports processor automatic throttling and predictive failure. ● Memory — Indicates the health and state of the Dual In-line Memory Modules (DIMMs) present in the managed system. ● Intrusion — Provides information about the chassis.
Table 14. Sensor information using web interface and RACADM (continued) View sensor information For Using web interface Removable Flash Media Overview > Hardware > Removable Flash Media Temperature Overview > Server > Power/Thermal > Temperatures Using RACADM Overview > Server > Power/Thermal > Voltages Monitoring performance index of CPU, memory, and IO modules In Dell’s 13 th generation Dell PowerEdge servers, Intel ME supports Compute Usage Per Second (CUPS) functionality.
● Login privilege is required to monitor performance data. ● Configure privilege is required for setting warning thresholds and reset historical peaks. ● Login privilege and Enterprise license are required to read historical statics data. Monitoring performance index for of CPU, memory, and IO modules using web interface To monitor the performance index of CPU, memory, and I/O modules, in the iDRAC web interface, go to Overview > Hardware.
NOTE: You can track the temperature history even for systems that are not fresh air compliant. However, the threshold limits and fresh air related warnings generated are based on fresh air supported limits. The limits are 42ºC for warning and 47ºC for critical. These values correspond to 40ºC and 45ºC fresh air limits with 2ºC margin for accuracy.
2. In the Temperature Probes section, for the System Board Inlet Temp, enter the minimum and maximum values for the Warning Threshold in Centigrade or Fahrenheit. If you enter the value in centigrade, the system automatically calculates and displays the Fahrenheit value. Similarly, if you enter Fahrenheit, the value for Centigrade is displayed. 3. Click Apply. The values are configured.
Viewing FlexAddress mezzanine card fabric connections In blade servers, FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/ MAC) for each managed server port connection. You can view the following information for each installed embedded Ethernet and optional mezzanine card port: ● Fabrics to which the cards are connected. ● Type of fabric. ● Server-assigned, chassis-assigned, or remotely assigned MAC addresses.
6 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: ● iDRAC Web Interface ● Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only ● IPMI Serial Over LAN ● IPMI Over LAN ● Remote RACADM ● Local RACADM ● Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
Related concepts Communicating with iDRAC through serial connection using DB9 cable on page 110 Switching between RAC serial and serial console while using DB9 cable on page 113 Communicating with iDRAC using IPMI SOL on page 113 Communicating with iDRAC using IPMI over LAN on page 119 Enabling or disabling remote RACADM on page 120 Disabling local RACADM on page 121 Enabling IPMI on managed system on page 121 Configuring Linux for serial console during boot on page 121 Supported SSH cryptography schemes on
NOTE: This is applicable only for iDRAC on rack and tower servers. 1. Turn on or restart the system. 2. Press F2. 3. Go to System BIOS Settings > Serial Communication. 4. Select External Serial Connector to Remote Access device. 5. Click Back, click Finish, and then click Yes. 6. Press Esc to exit System Setup. Enabling RAC serial connection After configuring serial connection in BIOS, enable RAC serial in iDRAC. NOTE: This is applicable only for iDRAC on rack and tower servers.
3. Click Apply. Enabling serial connection IPMI mode using RACADM To configure the IPMI mode, disable the RAC serial interface and then enable the IPMI mode. racadm set iDRAC.Serial.Enable 0 racadm set iDRAC.IPMISerial.ConnectionMode n=0 — Terminal Mode n=1 — Basic Mode Enabling serial connection IPMI serial settings using RACADM 1. Change the IPMI serial-connection mode to the appropriate setting using the command. racadm set iDRAC.Serial.Enable 0 2. Set the IPMI Serial baud rate using the command.
The Terminal Mode Settings page is displayed. 4. Specify the following values: ● ● ● ● ● ● Line editing Delete control Echo Control Handshaking control New line sequence Input new line sequences For information about the options, see the iDRAC Online Help. 5. Click Apply. The terminal mode settings are configured. 6. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection.
Related concepts Configuring BIOS for serial connection on page 114 Configuring iDRAC to use SOL on page 114 Enabling supported protocol on page 115 Configuring BIOS for serial connection NOTE: This is applicable only for iDRAC on rack and tower servers. 1. Turn on or restart the system. 2. Press F2. 3. Go to System BIOS Settings > Serial Communication. 4. Specify the following values: ● Serial Communication — On With Console Redirection ● Serial Port Address — COM2.
1. Enable IPMI Serial over LAN using the command. racadm set iDRAC.IPMISol.Enable 1 2. Update the IPMI SOL minimum privilege level using the command. racadm set iDRAC.IPMISol.MinPrivilege Parameter Privilege level = 2 User = 3 Operator = 4 Administrator NOTE: The IPMI SOL minimum privilege level determines the minimum privilege to activate IPMI SOL. For more information, see the IPMI 2.0 specification. 3. Update the IPMI SOL baud rate using the command.
● Telnet racadm set iDRAC.Telnet.Enable 1 ● SSH racadm set iDRAC.SSH.Enable 1 To change the SSH port racadm set iDRAC.SSH.Port You can use tools such as: ● IPMItool for using IPMI protocol ● Putty/OpenSSH for using SSH or Telnet protocol Related tasks SOL using IPMI protocol on page 116 SOL using SSH or Telnet protocol on page 116 SOL using IPMI protocol The IPMI-based SOL utility and IPMItool uses RMCP+ delivered using UDP datagrams to port 623.
SSH has improved security over Telnet. iDRAC only supports SSH version 2 with password authentication, and is enabled by default. iDRAC supports up to two SSH sessions and two Telnet sessions at a time. It is recommended to use SSH as Telnet is not a secure protocol. You must use Telnet only if you cannot install an SSH client or if your network infrastructure is secure.
NOTE: If required, you can change the default SSH or Telnet session time-out at Overview > iDRAC Settings > Network > Services. 1. Start a shell. 2. Connect to iDRAC using the following command: ● For SSH: ssh -l ● For Telnet: telnet NOTE: If you have changed the port number for the Telnet service from the default (port 23), add the port number to the end of the Telnet command. 3.
Configuring backspace key for your Telnet session Depending on the Telnet client, using the Backspace key may produce unexpected results. For example, the session may echo ^h. However, most Microsoft and Linux Telnet clients can be configured to use the Backspace key. To configure a Linux Telnet session to use the key, open a command prompt and type stty erase ^h. At the prompt, type telnet. To configure Microsoft Telnet clients to use the Backspace key: 1.
Configuring IPMI over LAN using RACADM 1. Enable IPMI over LAN. racadm set iDRAC.IPMILan.Enable 1 NOTE: This setting determines the IPMI commands that are executed using IPMI over LAN interface. For more information, see the IPMI 2.0 specifications at intel.com. 2. Update the IPMI channel privileges. racadm set iDRAC.IPMILan.PrivLimit Parameter Privilege level = 2 User = 3 Operator = 4 Administrator 3. Set the IPMI LAN channel encryption key ,if required.
Disabling local RACADM The local RACADM is enabled by default. To disable, see Disabling access to modify iDRAC configuration settings on host system. Enabling IPMI on managed system On a managed system, use the Dell Open Manage Server Administrator to enable or disable IPMI. For more information, see the Dell Open Manage Server Administrator’s User Guide at dell.com/support/manuals. NOTE: From iDRAC v2.30.30.30 or later, IPMI supports IPv6 address protocol for Linux-based operating systems.
4. To enable multiple GRUB options to start Virtual Console sessions through the RAC serial connection, add the following line to all options: console=ttyS1,115200n8r console=tty1 The example shows console=ttyS1,57600 added to the first option. NOTE: If the boot loader or operating system provides serial redirection such as GRUB or Linux, then the BIOS Redirection After Boot setting must be disabled. This is to avoid potential race condition of multiple components accessing the serial port.
In the file /etc/securetty add a new line with the name of the serial tty for COM2: ttyS1 The following example shows a sample file with the new line. NOTE: Use the Break Key Sequence (~B) to execute the Linux Magic SysRq key commands on serial console using IPMI Tool.
Table 16. SSH cryptography schemes (continued) Scheme Type Algorithms MAC hmac-sha1 hmac-ripemd160 umac-64@openssh.com Compression None NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell recommends not enabling DSA public key support. Using public key authentication for SSH iDRAC supports the Public Key Authentication (PKA) over SSH. This is a licensed feature.
● –b specifies the bit encryption size between 2048 and 4096. ● –C allows modifying the public key comment and is optional. NOTE: The options are case-sensitive. Follow the instructions. After the command executes, upload the public file. CAUTION: Keys generated from the Linux management station using ssh-keygen are in non-4716 format. Convert the keys into the 4716 format using ssh-keygen -e -f /root/.ssh/id_rsa.pub > std_rsa.pub. Do not change the permissions of the key file.
Viewing SSH keys using web interface To view the SSH keys: 1. In Web interface, go to Overview > iDRAC Settings > Network > User Authentication > Local Users. The Users page is displayed. 2. In the User ID column, click a user ID number. The Users Main Menu page is displayed. 3. Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next. The View/Remove SSH Key(s) page is displayed with the key details.
7 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. This default user name is root and the password is calvin. As an administrator, you can setup user accounts to allow other users to access iDRAC.
NOTE: The characters allowed in user names and passwords for network shares are determined by the network-share type. iDRAC supports valid characters for network share credentials as defined by the share type, except <, >, and , (comma). NOTE: To improve security, it is recommended to use complex passwords that have eight or more characters and include lowercase alphabets, uppercase alphabets, numbers, and special characters. It is also recommended to regularly change the passwords, if possible.
To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the RACADM Command Line Interface Guide available at dell.com/idracmanuals. If you use the configuration XML file, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol attributes to enable SNMPv3 authentication. Adding iDRAC user using RACADM 1. Set the index and user name. racadm set idrac.users..
You can configure user authentication through Active Directory to log in to the iDRAC. You can also provide role-based authority, which enables an administrator to configure specific privileges for each user. The iDRAC role and privilege names have changed from earlier generation of servers. The role names are: Table 19.
Related tasks Enabling SSL on domain controller on page 131 Enabling SSL on domain controller When iDRAC authenticates users with an Active Directory domain controller, it starts an SSL session with the domain controller. At this time, the domain controller must publish a certificate signed by the Certificate Authority (CA)—the root certificate of which is also uploaded into iDRAC.
Importing iDRAC firmware SSL certificate iDRAC SSL certificate is the identical certificate used for iDRAC Web server. All iDRAC controllers are shipped with a default self-signed certificate. If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC Server certificate to the Active Directory Domain controller.
Figure 1. Configuration of iDRAC with active directory standard schema In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to five role groups in each iDRAC.
Configuring Standard schema Active Directory To configure iDRAC for an Active Directory login access: 1. On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2. Create a group or select an existing group. Add the Active Directory user as a member of the Active Directory group to access iDRAC. 3. Configure the group name, domain name, and the role privileges on iDRAC using the iDRAC web interface or RACADM.
racadm set address of racadm set address of racadm set address of racadm set address of racadm set address of iDRAC.ActiveDirectory.DomainController2 iDRAC.ActiveDirectory.DomainController3 iDRAC.ActiveDirectory.GlobalCatalog1 iDRAC.ActiveDirectory.GlobalCatalog2 iDRAC.ActiveDirectory.
Best practices for extended schema The extended schema uses Dell association objects to join iDRAC and permission. This allows you to use iDRAC based on the overall permissions granted. The default Access Control List (ACL) of Dell Association objects allows Self and Domain Administrators to manage the permissions and scope of iDRAC objects. By default, the Dell Association objects do not inherit all permissions from the parent Active Directory objects.
Figure 2. Typical setup for active directory objects You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one iDRAC Device Object for each iDRAC device on the network that you want to integrate with Active Directory for Authentication and Authorization with iDRAC. The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects.
The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both iDRAC1 and iDRAC2.
2. Read and understand the warning and click Next. 3. Select Use Current Log In Credentials or enter a user name and password with schema administrator rights. 4. Click Next to run the Dell Schema Extender. 5. Click Finish. The schema is extended. To verify the schema extension, use the MMC and the Active Directory Schema Snap-in to verify that the classes and attributes classes and attributes exist. See the Microsoft documentation for details about using the MMC and the Active Directory Schema Snap-in.
Table 25. dellRAC4Privileges class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines the privileges (Authorization Rights) for iDRAC Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 26. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 28. List of attributes added to the active directory schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued forward link to the dellAssociationMembers backward link. Link ID: 12070 dellIsLoginUser 1.2.840.113556.1.8000.1280.1.1.2.3 TRUE TRUE if the user has Login rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsCardConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.
Table 28. List of attributes added to the active directory schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellAssociationMembers 1.2.840.113556.1.8000.1280.1.1.2.14 List of dellAssociationObjectMembers that belong to this Product. This attribute is the backward link to the dellProductMembers linked attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.
1. In the Console Root (MMC) window, right-click a container. 2. Select New > Dell Remote Management Object Advanced. The New Object window is displayed. 3. Enter a name for the new object. 4. Select Privilege Object and click OK. 5. Right-click the privilege object that you created, and select Properties. 6. Click the Remote Management Privileges tab and assign the privileges for the user or group.
Adding privileges To add privileges: Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC device. Only one privilege object can be added to an Association Object. 1. Select the Privileges Object tab and click Add. 2. Enter the privilege object name and click OK. 3.
1. Use the following commands: racadm set racadm set racadm set racadm set racadm set address of racadm set address of racadm set address of iDRAC.ActiveDirectory.Enable 1 iDRAC.ActiveDirectory.Schema 2 iDRAC.ActiveDirectory.RacName iDRAC.ActiveDirectory.RacDomain iDRAC.ActiveDirectory.DomainController1 iDRAC.ActiveDirectory.
Testing Active Directory settings using iDRAC web interface To test the Active Directory settings: 1. In iDRAC Web Interface, go to Overview > iDRAC Settings > User Authentication > Directory Services > Microsoft Active Directory. The Active Directory summary page is displayed. 2. Click Test Settings. 3. Enter a test user's name (for example, username@domain.com) and password and click Start Test. A detailed test results and the test log displays.
NOTE: If certificate validation is enabled, specify the LDAP Server’s FQDN and make sure that DNS is configured correctly under Overview > iDRAC Settings > Network. NOTE: In this release, nested group is not supported. The firmware searches for the direct member of the group to match the user DN. Also, only single domain is supported. Cross domain is not supported. 6. Click Next. The Generic LDAP Configuration and Management Step 3a of 3 page is displayed. 7. Click Role Group.
8 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Registering iDRAC as a computer in Active Directory root domain To register iDRAC in Active Directory root domain: 1. Click Overview > iDRAC Settings > Network > Network. The Network page is displayed. 2. Provide a valid Preferred/Alternate DNS Server IP address. This value is a valid DNS server IP address that is part of the root domain. 3. Select Register iDRAC on DNS. 4. Provide a valid DNS Domain Name. 5. Verify that network DNS configuration matches with the Active Directory DNS information.
3. Associate the device object and privilege object using the association object. 4. Add the preceding SSO user (login user) to the device object. 5. Provide access privilege to Authenticated Users for accessing the created association object. Related concepts Adding iDRAC users and privileges to Active Directory on page 142 Configuring iDRAC SSO login for Active Directory users Before configuring iDRAC for Active Directory SSO login, make sure that you have completed all the prerequisites.
Related concepts Obtaining certificates on page 94 Uploading smart card user certificate on page 151 Enabling or disabling smart card login on page 152 Uploading smart card user certificate Before you upload the user certificate, make sure that the user certificate from the smart card vendor is exported in Base64 format. SHA-2 certificates are also supported.
Configuring iDRAC smart card login for Active Directory users Before configuring iDRAC Smart Card login for Active Directory users, make sure that you have completed the required prerequisites. To configure iDRAC for smart card login: 1. In iDRAC Web interface, while configuring Active Directory to set up an user account based on standard schema or extended schema, on the Active Directory Configuration and Management Step 1 of 4 page: ● Enable certificate validation.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Enabling or disabling smart card login using iDRAC settings utility To enable or disable the Smart Card logon feature: 1. In the iDRAC Settings utility, go to Smart Card. The iDRAC Settings Smart Card page is displayed. 2. Select Enabled to enable smart card logon. Else, select Disabled. For more information about the options, see iDRAC Settings Utility Online Help. 3.
9 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the predefined condition. If an event matches an event filter and you have configured this filter to generate an alert (email, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
Related concepts Filtering alerts on page 155 Configuring email alert, SNMP trap, or IPMI trap settings on page 158 Enabling or disabling alerts using web interface To enable or disable generating alerts: 1. In iDRAC Web interface, go to Overview > Server > Alerts. The Alerts page is displayed. 2. Under Alerts section: ● Select Enable to enable alert generation or perform an event action. ● Select Disable to disable alert generation or disable an event action. 3. Click Apply to save the setting.
● Updates ● Work Notes 3. Select one or more of the following severity levels: ● Informational ● Warning ● Critical 4. Click Apply. The Alert Results section displays the results based on the selected category and severity. Filtering alerts using RACADM To filter the alerts, use the eventfilters command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Setting alert recurrence event You can configure iDRAC to generate additional events at specific intervals if the system continues to operate at a temperature which is greater than the inlet temperature threshold limit. The default interval is 30 days. The valid range is 0 to 366 days. A value of ‘0’ indicates no event recurrence. NOTE: You must have Configure iDRAC privilege to set the alert recurrence value. Setting alert recurrence events using iDRAC web interface To set the alert recurrence value: 1.
Configuring email alert, SNMP trap, or IPMI trap settings The management station uses Simple Network Management Protocol (SNMP) and Intelligent Platform Management Interface (IPMI) traps to receive data from iDRAC. For systems with large number of nodes, it may not be efficient for a management station to poll each iDRAC for every condition that may occur. For example, event traps can help a management station with load balancing between nodes or by issuing an alert if an authentication failure occurs.
1. To enable traps: racadm set idrac.SNMP.Alert..Enable Parameter Description Destination index. Allowed values are 1 through 8. =0 Disable the trap =1 Enable the trap 2. To configure the trap destination address: racadm set idrac.SNMP.Alert..DestAddr Parameter Description Destination index. Allowed values are 1 through 8. A valid IPv4, IPv6, or FQDN address 3. Configure the SNMP community name string: racadm set idrac.ipmilan.
Configuring email alert settings You can configure the email address to receive the email alerts. Also, configure the SMTP server address settings. NOTE: If your mail server is Microsoft Exchange Server 2007, make sure that iDRAC domain name is configured for the mail server to receive the email alerts from iDRAC. NOTE: Email alerts support both IPv4 and IPv6 addresses. The DRAC DNS Domain Name must be specified when using IPv6.
4. To test the configured email alert, if required: racadm testemail -i [index] Parameter Description index Email destination index to be tested. Allowed values are 1 through 4. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/ idracmanuals. Configuring SMTP email server address settings You must configure the SMTP server address for email alerts to be sent to specified destinations.
Monitoring chassis events On the PowerEdge FX2/FX2s chassis, you can enable the Chassis Management and Monitoring setting in iDRAC to perform chassis management and monitoring tasks such as monitoring chassis components, configuring alerts, using iDRAC RACADM to pass CMC RACADM commands, and updating the chassis management firmware. This setting allows you to manage the servers in the chassis even if the CMC is not on the network. You can set the value to Disabled to forward the chassis events.
Table 29.
Table 29.
Table 29.
10 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WSMAN interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
If no arguments are specified, the entire log is displayed. To display the number of SEL entries: racadm getsel -i To clear the SEL entries: racadm clrsel For more information, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1.
Filtering Lifecycle logs You can filter logs based on category, severity, keyword, or date range. To filter the lifecycle logs: 1. In the Lifecycle Log page, under the Log Filter section, do any or all of the following: ● ● ● ● Select the Log Type from the drop-down list. Select the severity level from the Severity drop-down list. Enter a keyword. Specify the date range. 2. Click Apply. The filtered log entries are displayed in Log Results.
Exporting Lifecycle Controller logs using RACADM To export the Lifecycle Controller logs, use the lclog export command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/support/ manuals. Adding work notes Each user who logs in to iDRAC can add work notes and this is stored in the lifecycle log as an event. You must have iDRAC logs privilege to add work notes. A maximum of 255 characters are supported for each new work note.
11 Monitoring and managing power You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: ● Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
Monitoring power using RACADM To view the power-monitoring information, use the get command with the objects in the System.Power group. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Setting warning threshold for power consumption You can set the warning threshold value for the power consumption sensor in the rack and tower systems.
● Power Cycle System (cold boot) 3. Click Apply. For more information, see the iDRAC Online Help. Executing power control operations using RACADM To perform power actions, use the serveraction command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Power capping You can view the power threshold limits that covers the range of AC and DC power consumption that a system under heavy workload presents to the datacenter.
The Power Configuration page is displayed. The current power policy limit is displayed under the Currently Active Power Cap Policy section. 2. Select Enable under iDRAC Power Cap Policy. 3. Under User-Defined Limits section, enter the maximum power limit in Watts and BTU/hr or the maximum % of recommended system limit. 4. Click Apply to apply the values.
2. Under Power Supply Options, select the required options. For more information, see iDRAC Online Help. 3. Click Apply. The power supply options are configured. Configuring power supply options using RACADM To ● ● ● ● configure the power supply options, use the following objects with the set command: System.Power.RedundancyPolicy System.Power.Hotspare.Enable System.Power.Hotspare.PrimaryPSU System.Power.PFC.
12 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: ● Network Interface Cards (NICs) ● Converged Network Adapters (CNAs) ● LAN On Motherboards (LOMs) ● Network Daughter Cards (NDCs) ● Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and partition-l
Monitoring network devices using RACADM To view information about network devices, use the hwinventory and nicstatistics commands. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Additional properties may be displayed when using RACADM or WSMAN in addition to the properties displayed in the iDRAC web interface.
● Configure the initiator (for iSCSI and FCoE) and storage target settings (for iSCSI, FCoE, and FC). ● Specify persistence or clearance of the configured values over a system AC power loss, cold, and warm system resets. The values configured for virtual addresses, initiator and storage targets may change based on the way the main power is handled during system reset and whether the NIC, CNA, or FC HBA device has auxiliary power.
Table 30.
Table 31. Virtual/Flex Address and Persistence Policy behavior (continued) Flex Address Feature State in CMC Mode set in iDRAC IO Identity Feature State in iDRAC XML Configuration Persistence Policy Clear Persistence Policy — Virtual Address Flex Address disabled Flex Address Mode Enabled VAM not configured Set to hardware MAC address No persistence supported.
Table 32.
To view the I/O Identity Optimization setting, use the command: racadm get iDRAC.IOIDOpt Configuring persistence policy settings Using IO identity, you can configure policies specifying the system reset and power cycle behaviors that determine the persistence or clearance of the virtual address, initiator, and storage target settings. Each individual persistence policy attribute applies to all ports and partitions of all applicable devices in the system.
Configuring persistence policy settings using iDRAC web interface To configure the persistence policy: 1. In the iDRAC Web interface, go to Overview > Hardware > Network Devices. The Network Devices page is displayed. 2. Click I/O Identity Optimization tab. 3. In the Persistence Policy section, select one or more of the following for each persistence policy: ● A/C Power Loss - The virtual address or target settings persist when AC power loss conditions occur.
Table 34. iSCSI initiator —default values (continued) iSCSI Initiator Default Values in IPv4 mode Default Values in IPv6 mode IscsiInitiatorName Value Cleared Value Cleared IscsiInitiatorChapId Value Cleared Value Cleared IscsiInitiatorChapPwd Value Cleared Value Cleared IPVer Ipv4 Table 35. Iscsi storage target attributes — default values iSCSI Storage Target Attributes Default Values in IPv4 mode Default Values in IPv6 mode ConnectFirstTgt Disabled Disabled FirstTgtIpAddress 0.0.0.
13 Managing storage devices Beginning with iDRAC 2.00.00.00 release, iDRAC expands its agent-free management to include direct configuration of the new PERC9 controllers. It enables you to remotely configure the storage components attached to your system at run-time. These components include RAID and non-RAID controllers and the channels, ports, enclosures, and disks attached to them.
Table 36. PERC Capability (continued) PERC Capability CEM configuration Capable Controller (PERC 9.1 or later) CEM configuration Non-capable Controller (PERC 9.0 and lower) to be completed before applying the configuration at run-time. Run-time or real-time means, a reboot is not required. Staged If all the set operations are staged, the configuration is staged and applied after reboot or it is applied at real-time.
RAID RAID is a technology for managing the storage of data on the physical disks that reside or are attached to the system. A key aspect of RAID is the ability to span physical disks so that the combined storage capacity of multiple physical disks can be treated as a single, extended disk space. Another key aspect of RAID is the ability to maintain redundant data which can be used to restore data in the event of a disk failure.
Organizing data storage for availability and performance RAID provides different methods or RAID levels for organizing the disk storage. Some RAID levels maintain redundant data so that you can restore data after a disk failure. Different RAID levels also entail an increase or decrease in the I/O (read and write) performance of a system. Maintaining redundant data requires the use of additional physical disks. The possibility of a disk failure increases with an increase in the number of disks.
RAID 0 characteristics: ● ● ● ● Groups n disks as one large virtual disk with a capacity of (smallest disk size) *n disks. Data is stored to the disks alternately. No redundant data is stored. When a disk fails, the large virtual disk fails with no means of rebuilding the data. Better read and write performance. RAID level 1 - mirroring RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks.
● Redundancy for protection of data. ● RAID 1 is more expensive in terms of disk space since twice the number of disks are used than required to store the data without redundancy. RAID level 5 -striping with distributed parity RAID 5 provides data redundancy by using data striping in combination with parity information. Rather than dedicating a physical disk to parity, the parity information is striped across all physical disks in the disk group.
RAID 6 characteristics: ● ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n-2) disks. Redundant information (parity) is alternately stored on all disks. The virtual disk remains functional with up to two disk failures. The data is reconstructed from the surviving disks. Better read performance, but slower write performance. Increased redundancy for protection of data. Two disks per span are required for parity. RAID 6 is more expensive in terms of disk space.
RAID 50 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-1) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 5 span. ● Better read performance, but slower write performance. ● Requires as much parity information as standard RAID 5. ● Data is striped across all spans. RAID 50 is more expensive in terms of disk space.
RAID 60 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 6 span. ● Better read performance, but slower write performance. ● Increased redundancy provides greater data protection than a RAID 50. ● Requires proportionally as much parity information as RAID 6. ● Two disks per span are required for parity.
RAID 10 characteristics: ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. Improved read performance and write performance. Redundancy for protection of data.
Table 37. RAID level performance comparison (continued) RAID Level Data Availability Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential reads: good. Transactional reads: Very good Fair, unless using writeback cache Poor N + 2 (N = at least two disks) Critical information.
Supported enclosures iDRAC supports MD1200, MD1220, MD1400, and MD1420 enclosures. NOTE: Redundant Array of Inexpensive Disks (RBODS) that are connected to HBA controllers are not supported. Summary of supported features for storage devices The following table provides the features supported by the storage devices through iDRAC. NOTE: Features such as prepare to remove and blink or unblink component LED are not applicable for HHHL PCIe SSD cards. Table 38.
Table 38.
Table 38.
For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Monitoring backplane using iDRAC settings utility In the iDRAC Settings utility, go to System Summary. The iDRAC Settings.System Summary page is displayed. The Backplane Inventory section displays the backplane information. For information about the fields, see the iDRAC Settings Utility Online Help.
● If no virtual disks are present, create at least one virtual disk. ● If physical disks are in non-RAID mode convert them to RAID mode using iDRAC interfaces such as iDRAC web interface, RACADM, or WSMAN, or . If you have assigned a physical disk as a global hot spare in Add to Pending Operation mode, the pending operation is created but a job is not created. Then, if you try to unassign the same disk as global hot spare, the assign global hot spare pending operation is cleared.
Converting physical disks to RAID capable or non-RAID mode using the iDRAC web interface To convert the physical disks to RAID mode or non-RAID mode, perform the following steps: 1. In the iDRAC web interface, click Overview > Storage > Physical Disks > Setup. The Setup page is displayed. 2. From the Controller drop-down menu, select a controller. The physical disks associated with the selected controller are displayed. 3.
Creating virtual disks To implement RAID functions, you must create a virtual disk. A virtual disk refers to storage created by a RAID controller from one or more physical disks. Although a virtual disk may be created from several physical disks, it is seen by the operating system as a single disk. Before creating a virtual disk, you should be familiar with the information in Considerations Before Creating Virtual Disks. You can create a Virtual Disk using the Physical Disks attached to the PERC controller.
The maximum size is displayed and then updated as disks are selected. f. The Span Count field is displayed based on the selected physical disks (step 3). You cannot set this value. It is automatically calculated after selecting disks for multi-raid level. If you have selected RAID 10 and if the controller supports uneven RAID 10, then the span count value is not displayed. The controller automatically sets the appropriate value. 3. In the Select Physical Disks section, select the number of physical disks.
● Read ahead and write back requires cache. Therefore, if the controller does not have cache, it does not allow you to set the policy value. Similarly, if the PERC has cache but not battery and the policy is set that requires accessing cache, then data loss may occur if base of power off. So few PERCs may not allow that policy. Therefore, depending upon the PERC, the policy value is set.
The fast initialize task does not write zeroes to the disk blocks on the physical disks. It is because the Fast Initialize task does not perform a write operation, it causes less degradation to the disk. A fast initialization on a virtual disk overwrites the first and last 8 MB of the virtual disk, clearing any boot records or partition information. The operation takes only 2-3 seconds to complete and is recommended when you are recreating virtual disks.
2. From the Controller drop-down menu, select the controller for which you want to manage the virtual disks. 3. For one or more Virtual Disks, from each Action drop-down menu, select an action. You can specify more than one action for a virtual drive. When you select an action, an additional Action drop-down menu is displayed. Select another action from this drop-down menu. The action that is already selected does not appear in the additional Action drop-down menus.
● To check consistency of virtual disks (not supported on RAID0): racadm storage ccheck: To cancel the consistency check: racadm storage cancelcheck: ● To encrypt virtual disks: racadm storage encryptvd: ● To assign or unassign dedicated hot spares: racadm storage hotspare: -assign
● Reconstruct rate ● Enhanced auto import foreign configuration ● Create or change security keys You must have Login and Server Control privilege to configure the controller properties. Patrol read mode considerations Patrol read identifies disk errors to avoid disk failures, data loss, or corruption. The Patrol Read does not run on a physical disk in the following circumstances: ● The physical disk is not included in a virtual disk or assigned as a hot spare.
The check consistency rate, configurable between 0% and 100%, represents the percentage of the system resources dedicated to running the check consistency task. At 0%, the check consistency has the lowest priority for the controller, takes the most time to complete, and is the setting with the least impact to system performance. A check consistency rate of 0% does not mean that the check consistency is stopped or paused. At 100%, the check consistency is the highest priority for the controller.
● To specify the percentage of the controller's resources dedicated to reconstruct a disk group after adding a physical disk or changing the RAID level of a virtual disk residing on the disk group, use Storage.Controller.ReconstructRate object ● To enable or disable the enhanced auto import of foreign configuration for the controller, use Storage.Controller.
● Drives in the failed or offline state cannot be imported. ● The firmware does not allow you to import more than eight foreign configurations. Importing foreign configuration using web interface To import foreign configuration: 1. In the iDRAC Web interface, go to Overview > Storage > Controllers > Setup. The Setup Controllers page is displayed. 2. In the Foreign Configuration section, from the Controller drop-down menu, select the controller that you want to configure. 3.
Clearing foreign configuration using RACADM To clear foreign configuration: racadm storage clearconfig: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Resetting controller configuration You can reset the configuration for a controller. This operation deletes virtual disk drives and unassigns all hot spares on the controller. It does not erase any data other than removing the disks from the configuration.
NOTE: Ensure that a CMC license is available for PERC FD33xS and FD33xD storage sleds before you change the controller mode. For more information on CMC license for the storage sleds, see the Dell Chassis Management Controller Version 1.2 for PowerEdge FX2/FX2s User's Guide available at dell.com/support/manuals.
iDRAC interface supports only 12 Gbps SAS HBA controller and HBA330 internal controller in this release. You can perform the following for non-RAID controllers: ● View controller, physical disks, and enclosure properties as applicable for the non-RAID controller. Also, view EMM, fan, power supply unit, and temperature probe properties associated with the enclosure. The properties are displayed based on the type of controller. ● View software and hardware inventory information.
○ Enclosure or backplane mode ○ Patrol read unconfigured areas ● View all properties that are applicable to a RAID controller expect for virtual disks. ● Clear foreign configuration NOTE: If an operation is not supported in non-RAID mode, an error message is displayed. You cannot monitor the enclosure temperature probes, fans, and power supplies when the controller is in non-RAID mode.
● Hardware information: ○ PCIe SSD Extender card ○ PCIe SSD Backplane If the system has a dedicated PCIe backplane, two FQDDs are displayed. One FQDD is for regular drives and the other is for SSDs. If the backplane is shared (universal), only one FQDD is displayed. ● Software inventory includes only the firmware version for the PCIe SSD.
Preparing to remove PCIe SSD using web interface To prepare the PCIe SSD for removal: 1. In the iDRAC Web interface, go to Overview > Storage > Physical Disks > Setup. The Setup Physical Disk page is displayed. 2. From the Controller drop-down menu, select the extender to view the associated PCIe SSDs. 3. From the drop-down menus, select Prepare to Remove for one or more PCIe SSDs.
● Secure erase feature is not supported for hot-plugged PCIe SSDs. Erasing PCIe SSD device data using web interface To erase the data on the PCIe SSD device: 1. In the iDRAC Web interface, go to Overview > Storage > Physical Disks > Setup. The Setup Physical Disk page is displayed. 2. From the Controller drop-down menu, select the controller to view the associated PCIe SSDs. 3. From the drop-down menus, select Secure Erase for one or more PCIe SSDs.
● Configure universal mode or split mode ● View slot information (universal or shared) ● Set SGPIO mode Related concepts Summary of supported features for storage devices on page 195 Supported enclosures on page 195 Configuring backplane mode on page 218 Viewing universal slots on page 220 Setting SGPIO mode on page 221 Configuring backplane mode The Dell 13 th generation PowerEdge servers supports a new internal storage topology, where two storage controllers (PERCs) can be connected to a set of internal
Configuring backplane mode using web interface To configure backplane mode using iDRAC web interface: 1. In the iDRAC web interface, go to Overview > Storage > Enclosures > Setup The Enclosure Setup page is displayed. 2. From the Controller drop-down menu, select the controller to configure its associated enclosures. 3.
6. Run the following command to create a job: racadm jobqueue create -s TIME_NOW --realtime A job ID is returned. 7. Run the following command to query the job status: racadm jobqueue view -i JID_xxxxxxxx where, JID_xxxxxxxx is the job ID from step 6. The status is displayed as Pending. Continue to query the job ID until you view the Completed status (this process may take up to three minutes). 8.
● ● ● ● Slot Empty — If a slot is empty. PCIe Capable — If there are no PCIe capable slots, this column is not displayed. Bus Protocol — If it is a universal backplane with PCIe SSD installed in one of the slots, this column displays PCIe. Hotspare — This column is not applicable for PCIe SSD. NOTE: Hot swapping is supported for universal slots. If you want to remove a PCIe SSD drive and swap it with a SAS/ SATA drive, ensure that you first complete the PrepareToRemove task for the PCIe SSD drive.
● At Next Reboot — Select this option to apply the settings during the next system reboot. This is the default option for PERC 8 controllers. ● At Scheduled Time — Select this option to apply the settings at a scheduled day and time: ○ Start Time and End Time — Click the calendar icons and select the days. From the drop-down menus, select the time. The settings are applied between the start time and end time.
● Apply Now — Select this option to commit all the operations immediately. This option is available for PERC 9 controllers with the latest firmware versions. ● At Next Reboot — Select this option to commit all the operations during the next system reboot. This is the default option for PERC 8 controllers. This option is applicable for PERC 8 and later versions. ● At Scheduled Time — Select this option to commit the operations at a scheduled day and time.
○ Click Cancel to not create the job and remain on the page to perform more storage configuration operations. ● If the pending operation is not created successfully and if there are existing pending operations, then an error message is displayed. ○ Click Pending Operations to view the pending operations for the device. ○ Click Create Job For Successful Operations to create the job for the existing pending operations.
● Overview > Storage > Virtual Disks > Identify- Displays the Identify Virtual Disks page where you can blink or unblink the virtual disks. 2. If you are on the Identify Component LED page: ● Select or deselect all component LEDs — Select the Select/Deselect All option and click Blink to start blinking the component LEDs. Similarly, click Unblink to stop blinking the component LEDs.
14 Configuring and using virtual console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: ● A maximum of six simultaneous virtual console sessions are supported. All the sessions view the same managed server console simultaneously.
Table 39. Supported screen resolutions and refresh rates (continued) Screen Resolution Refresh Rate (Hz) 1024x768 60, 70, 72, 75, 85 1280x1024 60 It is recommended that you configure your monitor display resolution to 1280x1024 pixels or higher. NOTE: If you have an active Virtual Console session and a lower resolution monitor is connected to the Virtual Console, the server console resolution may reset if the server is selected on the local console.
Before launching the Virtual Console, make sure that: ● You have administrator privileges. ● Web browser is configured to use HTML5, Java, or ActiveX plug-ins. ● Minimum network bandwidth of one MB/sec is available. NOTE: If the embedded video controller is disabled in BIOS and if you launch the Virtual Console, the Virtual Console Viewer is blank.
NOTE: If you do not have Access Virtual Console privilege but have Access Virtual Media privilege, then using this URL launches the Virtual Media instead of the Virtual Console. Disabling warning messages while launching virtual console or virtual media using Java or ActiveX plug-in You can disable the warning messages while launching the Virtual Console or Virtual Media using Java plug-in. 1.
To launch the HTML5 virtual console, you must enable the virtual console feature from the iDRAC Virtual Console page and set the Virtual Console Type option to HTML5. You can launch virtual console as a pop-up window by using one of the following methods: ● From iDRAC Home page, click the Launch link available in the Console Preview session ● From iDRAC Virtual Console page, click Launch Virtual Console. ● From iDRAC login page, type https///console. This method is called as Direct Launch.
● Mouse Acceleration — Select the mouse acceleration based on the operating system. The following configuration options are displayed as a drop-down list: ○ Absolute (Windows, latest versions of Linux, Mac OS-X) ○ Relative, no acceleration ○ Relative (RHEL, earlier versions of Linux) ○ Linux RHEL 6.x and SUSE Linux Enterprise Server 11 or later Click Apply to apply the selected settings on the server. ● Virtual Media — Click Connect Virtual Media option to start the virtual media session.
Passing all keystrokes through virtual console for Java or ActiveX plug-in You can enable the Pass all keystrokes to server option and send all keystrokes and key combinations from the management station to the managed system through the Virtual Console Viewer. If it is disabled, it directs all the key combinations to the management station where the Virtual Console session is running.
● All the individual keys (not a combination of different keys, but a single key stroke) are always sent to the managed system. This includes all the Function keys, Shift, Alt, Ctrl key and Menu keys. Some of these keys affect both management station and managed system.
Using SSH or Telnet or external serial connector -directly connecting through serial cable 1. For telnet/SSH sessions, after logging in using the iDRAC username and password, at the /admin> prompt, run the command console com2. The localhost.localdomain prompt appears. 2. For console redirection using external serial connector directly connected to the system through a serial cable, the localhost.localdomain login prompt appears after the server boots to the operating system. 3.
15 Managing virtual media Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: ● Remotely access media connected to a remote system over the network ● Install applications ● Update drivers ● Install an operating system on the managed system This is a licensed feature for rack and tower servers. It is available by default for blade servers.
Supported drives and devices The following table lists the drives supported through virtual media. Table 40. Supported drives and devices Drive Supported Storage Media Virtual Optical Drives ● ● ● ● ● Virtual floppy drives ● CD-ROM/DVD image file in the ISO9660 format ● Floppy image file in the ISO9660 format USB flash drives ● USB CD-ROM drive with CD-ROM media ● USB Key image in the ISO9660 format Legacy 1.44 floppy drive with a 1.
Attached media state and system response The following table describes the system response based on the Attached Media setting. Table 41. Attached media state and system response Attached Media State System Response Detach Cannot map an image to the system. Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed.
Configuring virtual media on page 236 Disabling warning messages while launching virtual console or virtual media using Java or ActiveX plug-in on page 229 Launching virtual media without using virtual console Before you launch Virtual Media when the Virtual Console is disabled, make sure that ● Virtual Media is in Attach state. ● System is configured to unhide empty drives. To do this, in Windows Explorer, navigate to Folder Options, clear the Hide empty drives in the Computer folder option, and click OK.
work. Therefore, it is recommended not to move or delete the .img file while the image is being used. However, the .img file can be removed after the relevant entry is first deselected and then removed using Remove Image to remove the entry. Viewing virtual device details To view the virtual device details, in the Virtual Console Viewer, click Tools > Stats. In the Stats window, the Virtual Media section displays the mapped virtual devices and the read/write activity for each device.
If image is created in a different location, when you select Map Removable Disk, the created image is not available for selection in the drop-down menu. Click Browse to specify the image. 4. Select Read-only to map writable devices as read-only. For CD/DVD devices, this option is enabled by default and you cannot disable it. NOTE: The ISO and IMG files map as read-only files if you map these files by using the HTML5 virtual console. 5. Click Map Device to map the device to the host server.
4. Make sure that the virtual drive is enabled and listed as the first device with bootable media. If required, follow the on-screen instructions to modify the boot order. 5. Click OK, navigate back to System BIOS Settings page, and click Finish. 6. Click Yes to save the changes and exit. The managed system reboots. The managed system attempts to boot from a bootable device based on the boot order. If the virtual device is connected and a bootable media is present, the system boots to the virtual device.
16 Installing and using VMCLI utility The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network. NOTE: VMCLI supports only the TLS 1.0 security protocol.
NOTE: VMCLI syntax is case-sensitive. To ensure security, it is recommended to use the following VMCLI parameters: ● vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users. ● vmcli -r -S -u -p -c {< device-name > | < image-file >} — Indicates whether the iDRAC CA certificate is valid.
For example, using the greater-than character (>) followed by a filename overwrites the specified file with the printed output of the VMCLI utility. NOTE: The VMCLI utility does not read from standard input (stdin). Hence, stdin redirection is not required. ● Background execution — By default, the VMCLI utility runs in the foreground. Use the operating system's command shell features for the utility to run in the background.
17 Managing vFlash SD card The vFlash SD card is a Secure Digital (SD) card that plugs into the vFlash SD card slot in the system. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. If the card is not available in the system's vFlash SD card slot, the following error message is displayed in the iDRAC Web interface at Overview > Server > vFlash: SD card not detected.
Viewing vFlash SD card properties using RACADM To ● ● ● ● ● view the vFlash SD card properties using RACADM, use the get command with the following objects: iDRAC.vflashsd.AvailableSize iDRAC.vflashsd.Health iDRAC.vflashsd.Licensed iDRAC.vflashsd.Size iDRAC.vflashsd.WriteProtect For more information about these objects, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
3. Click Back, click Finish, and then click Yes. The vFlash functionality is enabled or disabled based on the selection. Initializing vFlash SD card The initialize operation reformats the SD card and configures the initial vFlash system information on the card. NOTE: If the SD card is write-protected, then the Initialize option is disabled. Initializing vFlash SD card using web interface To initialize the vFlash SD card: 1. In the iDRAC Web interface, go to Overview > Server > vFlash.
Managing vFlash partitions You can perform the following using the iDRAC Web interface or RACADM: NOTE: An administrator can perform all operations on the vFlash partitions. Else, you must have Access Virtual Media privilege to create, delete, format, attach, detach, or copy the contents for the partition.
2. Enter the command: racadm vflashpartition create -i 1 -o drive1 -t empty -e HDD -f fat16 -s [n] where [n] is the partition size. By default, an empty partition is created as read-write. Creating a partition using an image file You can create a new partition on the vFlash SD card using an image file (available in the .img or .iso format.) The partitions are of emulation types: Floppy (.img), Hard Disk (.img), or CD (.iso). The created partition size is equal to the image file size.
NOTE: Creating vFlash partition from an image file located on the CFS or NFS IPv6 enabled network share is not supported. Formatting a partition You can format an existing partition on the vFlash SD card based on the type of file system. The supported file system types are EXT2, EXT3, FAT16, and FAT32. You can only format partitions of type Hard Disk or Floppy, and not CD. You cannot format read-only partitions.
Modifying a partition You can change a read-only partition to read-write or vice-versa. Before modifying the partition, make sure that: ● The vFlash functionality is enabled. ● You have Access Virtual Media privileges. NOTE: By default, a read-only partition is created. Modifying a partition using web interface To modify a partition: 1. In the iDRAC Web interface, go to Overview > Server > vFlash > Manage. The Manage Partitions page is displayed. 2.
Attaching or detaching partitions using web interface To attach or detach partitions: 1. In the iDRAC Web interface, go to Overview > Server > vFlash > Manage. The Manage Partitions page is displayed. 2. In the Attached column: ● Select the checkbox for the partition(s) and click Apply to attach the partition(s). ● Clear the checkbox for the partition(s) and click Apply to detach the partition(s). The partitions are attached or detached, based on the selections.
Deleting existing partitions using RACADM To delete partitions: 1. Open a telnet, SSH, or Serial console to the system and log in. 2. Enter the following commands: ● To delete a partition: racadm vflashpartition delete -i 1 ● To delete all partitions, re-initialize the vFlash SD card. Downloading partition contents You can download the contents of a vFlash partition in the .img or .iso format to the: ● Managed system (where iDRAC is operated from) ● Network location mapped to a management station.
NOTE: When you run this command, the vFlash partition label is automatically set to boot once (iDRAC.ServerBoot.BootOnce is set to 1.) Boot once boots the device to the partition only once and does not keep it persistently first in the boot order.
18 Using SMCLP The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation.
Table 44.
Table 44.
Table 44.
Using the -level option The show -level option executes show over additional levels beneath the specified target. To see all targets and properties in the address space, use the -l all option. Using the -output option The -output option specifies one of four formats for the output of SM-CLP verbs: text, clpcsv, keyword, and clpxml. The default format is text, and is the most readable output. The clpcsv format is a comma-separated values format suitable for loading into a spreadsheet program.
Targets: Record1 Record2 Record3 Record4 Record5 Properties: InstanceID = IPMI:BMC1 SEL Log MaxNumberOfRecords = 512 CurrentNumberOfRecords = 5 Name = IPMI SEL EnabledState = 2 OperationalState = 2 HealthState = 2 Caption = IPMI SEL Description = IPMI SEL ElementName = IPMI SEL Commands: cd show help exit version ● To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord Log
The following output is displayed: All records deleted successfully Map target navigation The following examples show how to use the cd verb to navigate the MAP. In all examples, the initial default target is assumed to be /. Type the following commands at the SMCLP command prompt: ● To navigate to the system target and reboot: cd system1 reset The current default target is /. ● To navigate to the SEL target and display the log records: cd system1 cd logs1/log1 show ● To display current target: type cd .
19 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, RACADM, and WSMAN. You can configure the features monitored by the iDRAC Service Module to control the CPU and memory consumed on the server’s operating system.
● ● ● ● ● View operating system (OS) information Replicate Lifecycle Controller logs to operating system logs Perform automatic system recovery options Populate Windows Management Instrumentation (WMI) Management Providers Integrate with SupportAssist Collection. This is applicable only if iDRAC Service Module version 2.0 or later is installed. For more information, see Generating SupportAssist Collection. ● Prepare to Remove NVMe PCIe SSD.
You can perform automatic system recovery operations such as reboot, power cycle, or power off the server after a specified time interval. This feature is enabled only if the operating system watchdog timer is disabled. If OpenManage Server Administrator is installed, this monitoring feature is disabled to avoid duplicate watchdog timers.
Table 45. Examples (continued) CIM Interface WinRM WMIC CreationClassName=D CIM_Account +Name=iDRAC.Embedde d.1#Users.1+SystemC reationClassName=DC IM_SPComputerSystem +SystemName=systemm c} PowerShell 2',SystemCreationCl assName='DCIM_SPCom puterSystem',System Name='systemmc'}" namespace root/ cimv2/dcim Remote iDRAC Hard Reset By using iDRAC, you can monitor the supported servers for critical system hardware, firmware, or software issues.
iSM provides an executable command on all iSM supported Linux operating system. You can run this command by logging into the operating system by using SSH or equivalent. Invoke-iDRACHardReset Invoke-iDRACHardReset –f ● ESXi On all iSM supported ESXi operating systems, the iSM v2.3 supports a Common Management Programming Interface (CMPI) method provider to perform the iDRAC reset remotely by using the WinRM remote commands. winrm i iDRACHardReset http://schemas.dell.
○ Using the remote WMI interface: winrm i EnableInBandSNMPTraps wmi/root/cimv2/dcim/DCIM_iSMService? InstanceID="iSMExportedFunctions" @{state="[0/1]"} -u: -p: -r:http:///wsman a:Basic -encoding:utf-8 -skipCACheck –skipCNCheck - ● Linux operating system On all iSM supported Linux operating system, iSM provides an executable command. You can run this command by logging into the operating system by using SSH or equivalent. Beginning with iSM 2.4.
● Configure using iSM PowerShell script Installation by using MSI You can install this feature by using the web-pack. This feature is disabled on a typical iSM installation. If enabled, the default listening port number is 1266. You can modify this port number within the range 1024 through 65535. iSM redirects the connection to the iDRAC. iSM then creates an inbound firewall rule, OS2iDRAC.
Enable is required and is optional. IP range in format. Example: 10.95.146.98/24 Coexistence of OpenManage Server Administrator and iDRAC Service Module In a system, both OpenManage Server Administrator and the iDRAC Service Module can co-exist and continue to function correctly and independently.
You can view the replicated Lifecycle logs using the WMI or Windows PowerShell query: GetCimInstance –Namespace root/cimv2 – className win32_NTLogEvent By default, the logs are available at Event viewer > Applications and Services Logs > System.
20 Using USB port for server management In Dell PowerEdge 12 th generation servers, all USB ports are dedicated to the server. With the 13 th generation of servers, one of the front panel USB port is used by iDRAC for management purposes such as pre-provisioning and troubleshooting. The port has an icon to indicate that it is a management port. All 13 th generation servers with LCD panel support this feature. This port is not available in a few of the 200-500 model variations without the LCD panel.
4. Wait for the laptop and iDRAC to acquire IP address 169.254.0.4 and 169.254.0.3. It may take several seconds for the IP addresses to be acquired. 5. Start using iDRAC network interfaces such as the web interface, RACADM, or WSMan. 6. When iDRAC is using the USB port, the LED blinks indicating activity. The blink frequency is four per second. 7. After completing the desired actions, disconnect the USB cable from the system. The LED turns off.
● Actions: None. An ● ● ● error message is displayed and logged to Lifecycle Controller log when: You try to configure the USB management port without the Server Control user privilege. A USB device is in use by iDRAC and you attempt to modify the USB Management Port Mode. A USB device is in use by iDRAC and you remove the device. Configuring USB management port using web interface To configure the USB port: 1. In the iDRAC Web interface, go to Overview > Hardware > USB Management Port.
● Automatic — USB Port is used by iDRAC or the server’s operating system. ● Standard OS Use — USB port is used by the server OS. ● iDRAC Direct only — USB pot is used by iDRAC. 3. From the iDRAC Direct: USB Configuration XML drop-down menu, select options to configure a server by importing server configuration profile stored on a USB drive: ● Disabled ● Enabled while server has default credential settings only ● Enabled For information about the fields, see the iDRAC Settings Utility Online Help. 4.
If iDRAC Managed: USB XML Configuration was set to Enabled with default credentials and the BIOS setup password is not null or if one of the iDRAC user accounts have been modified, an error message is displayed and the operation stops. 5. LCD panel and LED (if present) display the status that an import job has started. 6.
21 Using iDRAC Quick Sync A few Dell 13 th generation PowerEdge servers have the Quick Sync bezel that supports the Quick Sync feature. This feature enables at-the-server management with a mobile device. This allows you to view inventory and monitoring information and configure basic iDRAC settings (such as root credential setup and configuration of the first boot device) using the mobile device. You can configure iDRAC Quick Sync access for your mobile device (example, OpenManage Mobile) in iDRAC.
You must have Server Control privilege to configure the settings. A server reboot is not required for the settings to take effect. An entry is logged to the Lifecycle Controller log when the configuration is modified. Configuring iDRAC Quick Sync settings using web interface To configure iDRAC Quick Sync: 1. In the iDRAC web interface, go to Overview > Hardware > Front Panel. 2.
22 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: ● Remote File Share ● Virtual Media Console Related tasks Deploying operating system using remote file share on page 279 Deploying operating system using virtual media on page 281 Topics: • • • Deploying operating system using remote file share Deploying operating system using virtual media Deploying embedded operating system on SD card Deploying operating system using remote file sha
NOTE: If ESXi is running on the managed system and if you mount a floppy image (.img) using RFS, the connected floppy image is not available to the ESXi operating system. RFS and Virtual Media features are mutually exclusive. ● If the Virtual Media client is not active, and you attempt to establish an RFS connection, the connection is established and the remote image is available to the host operating system.
where, user_defined_mount_point is any directory you choose to use for the mount similar to any mount command. For RHEL, the CD device (.iso virtual device) is /dev/scd0 and floppy device (.img virtual device) is /dev/sdc. For SLES, the CD device is /dev/sr0 and the floppy device is /dev/sdc.
Related tasks Configuring iDRAC on page 78 Installing operating system from multiple disks 1. Unmap the existing CD/DVD. 2. Insert the next CD/DVD into the remote optical drive. 3. Remap the CD/DVD drive. Deploying embedded operating system on SD card To install an embedded hypervisor on an SD card: 1. Insert the two SD cards in the Internal Dual SD Module (IDSDM) slots on the system. 2. Enable SD module and redundancy (if required) in BIOS. 3.
23 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: ● Diagnostic console ● Post code ● Boot and crash capture videos ● Last system crash screen ● System event logs ● Lifecycle logs ● Front panel status ● Trouble indicators ● System health Related tasks Using diagnostic console on page 283 Scheduling remote automated diagnostics on page 284 Viewing post codes on page 285 Viewing boot and crash capture videos on page 285 Viewing logs on page 285 Viewi
2. In the Command text box, enter a command and click Submit. For information about the commands, see the iDRAC Online Help. The results are displayed on the same page. Scheduling remote automated diagnostics You can remotely invoke automated offline diagnostics on a server as a one-time event and return the results. If the diagnostics require a reboot, you can reboot immediately or stage it for a subsequent reboot or maintenance cycle (similar to updates).
Viewing post codes Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from power-on-reset, and allows you to diagnose any faults related to system boot-up. The Post Codes page displays the last system post code prior to booting the operating system. To view the Post Codes, go to Overview > Server > Troubleshooting > Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code.
2. In iDRAC Web interface, go to Overview > Server > Troubleshooting > Last Crash Screen. The Last Crash Screen page displays the last saved crash screen from the managed system. Click Clear to delete the last crash screen.
Hardware trouble indicators The hardware related problems are: ● Failure to power up ● Noisy fans ● Loss of network connectivity ● Hard drive failure ● USB media failure ● Physical damage Based on the problem, use the following methods to correct the problem: ● Reseat the module or component and restart the system ● In case of a blade server, insert the module into a different bay in the chassis ● Replace hard drives or USB flash drives ● Reconnect or replace the power and network cables If problem persists
You can generate a health report of the server and then export the report to a location on the management station (local) or to a shared network location such as Common Internet File System (CIFS) or Network File Share (NFS). You can then share this report directly with the Tech Support. To export to a network share such as CIFS or NFS, direct network connectivity to the iDRAC shared or dedicated network port is required. The report is generated in the standard ZIP format.
● RAID Controller Log— export the SupportAssist collection of the RAID controller. ● OS and Application Data— export the SupportAssist collection of the OS and the application data. Under this option, select any one of the following: ○ Standard Data: Select this option to get the collection in standard format. ○ Filtered Data: Select this option to get the collection with filtered data. NOTE: By default, Hardware and OS and Application Data is selected. 3.
Generating SupportAssist Collection manually using iDRAC web interface To generate the SupportAssist collection manually: 1. In the iDRAC Web interface, go to Overview > Server > Troubleshooting > SupportAssist. The SupportAssist page is displayed. 2. To edit the data collection options, click Edit Collection Data: ● Hardware— export the SupportAssist collection of the hardware. ● RAID Controller Log— export the SupportAssist collection of the RAID controller.
Resetting iDRAC using iDRAC web interface You can restart iDRAC using one of the following methods. A normal reboot operation is performed on the iDRAC, after reboot, refresh the browser to reconnect and log in to iDRAC. ● Go to Overview > Server > Summary. Under Quick Launch Tasks, click Reset iDRAC. ● Go to Overview > Server > Troubleshooting > Diagnostics. Click Reset iDRAC. Resetting iDRAC using RACADM To restart iDRAC, use the racreset command.
Resetting iDRAC to factory default settings using iDRAC web interface To reset iDRAC to factory default settings using the iDRAC Web interface: 1. Go to Overview > Server > Troubleshooting > Diagnostics. The Diagnostics Console page is displayed. 2. Click Reset iDRAC to Default Settings. The completion status is displayed in percentage. iDRAC reboots and is restored to factory defaults. The iDRAC IP is reset and is not accessible. You can configure the IP using the front panel or BIOS.
24 Frequently asked questions This section lists the frequently asked questions for the following: ● System Event Log ● Network security ● Active Directory ● Single Sign On ● Smart card login ● Virtual console ● Virtual media ● vFlash SD card ● SNMP authentication ● Storage devices ● iDRAC Service Module ● RACADM ● Miscellaneous Topics: • • • • • • • • • • • • • System Event Log Network security Active Directory Single Sign-On Smart card login Virtual console Virtual media vFlash SD card SNMP authenticati
Network security While accessing the iDRAC Web interface, a security warning appears stating that the SSL certificate issued by the Certificate Authority (CA) is not trusted. iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. This certificate is not issued by a trusted CA. To resolve this, upload a iDRAC server certificate issued by a trusted CA (for example, Microsoft Certificate Authority, Thawte or Verisign).
● iDRAC date is not within the validity period of the server certificate or CA certificate. Check the iDRAC time and the validity period of your certificate. ● The domain controller addresses configured in iDRAC does not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP address, read the next question. If you are using FQDN, make sure you are using the FQDN of the domain controller and not the domain. For example, servername.example.
Always make sure that the group type is Security. You cannot use distribution groups to assign permission on any object, however use them to filter group policy settings. Single Sign-On SSO login fails on Windows Server 2008 R2 x64. What are the settings required to resolve this? 1. Run the technet.microsoft.com/en-us/library/dd560670(WS.10).aspx for the domain controller and domain policy. 2. Configure the computers to use the DES-CBC-MD5 cipher suite.
In general, check if the smart card CSPs are present on a particular client, insert the smart card in the reader at the Windows logon (Ctrl-Alt-Del) screen and check if Windows detects the smart card and displays the PIN dialog-box. Incorrect Smart Card PIN. Check if the smart card is locked due to too many attempts with an incorrect PIN. In such cases, contact the smart card issuer in the organization to get a new smart card.
Make sure that the Single Cursor option under Tools in the iDRAC Virtual Console menu is selected on iDRAC Virtual Console client. The default is two cursor mode. Can a keyboard or mouse be used while installing a Microsoft operating system remotely through the Virtual Console? No. When you remotely install a supported Microsoft operating system on a system with Virtual Console enabled in the BIOS, an EMS Connection Message is sent that requires that you select OK remotely.
After launching the Virtual Console, the mouse cursor is active on the Virtual Console, but not on the local system. Why does this occur and how to resolve this? This occurs if the Mouse Mode is set to USC/Diags. Press Alt + M hot key to use the mouse on the local system. Press Alt + M again to use the mouse on the Virtual Console.
● If you change the CD in the client system, the new CD may have an autostart feature. In this case, the firmware can time out and the connection is lost if the client system takes too long to read the CD. If a connection is lost, reconnect from the GUI and continue the previous operation. ● If the Virtual Media configuration settings are changed in the iDRAC web interface or through local RACADM commands, any connected media is disconnected when the configuration change is applied.
3. At the Linux prompt, run the following command: grep "hh:mm:ss" /var/log/messages where, hh:mm:ss is the timestamp of the message returned by grep in step 1. 4. In step 3, read the result of the grep command and locate the device name that is given to the Dell Virtual CD. 5. Make sure that the Virtual CD Drive is attached and connected. 6. At the Linux prompt, run the following command: mount /dev/sdx /mnt/CD where: /dev/sdx is the device name found in step 4 and /mnt/floppy is the mount point.
SNMP authentication Why is the message 'Remote Access: SNMP Authentication Failure' displayed? As part of discovery, IT Assistant attempts to verify the get and set community names of the device. In IT Assistant, you have the get community name = public and the set community name = private. By default, the SNMP agent community name for iDRAC agent is public.
This may happen when the host operating system routing table has multiple entries for the same destination mask and the USB NIC destination is not listed as the first one in routing order. Table 48. iDRAC Service Module Destination Gateway Genmask Flags Metric Ref Use Iface default 10.94.148.1 0.0.0.0 UG 1024 0 0 em1 10.94.148.0 0.0.0.0 255.255.255.0 U 0 0 0 em1 link-local 0.0.0.0 255.255.255.0 U 0 0 0 em1 link-local 0.0.0.0 255.255.255.
To see the list of Linux-dependent packages, see the Linux Dependencies section in the iDRAC Service Module User's Guide. RACADM After performing an iDRAC reset (using the racadm racreset command), if any command is issued, the following message is displayed. What does this indicate? ERROR: Unable to connect to RAC at specified IP address The message indicates that you must wait until the iDRAC completes the reset before issuing another command.
For more information on CMC RACADM commands, see the CMC RACADM Command Line Interface Reference Guide available at dell.com/cmcmanuals. For more information on iDRAC RACADM commands, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. ● Using local RACADM Use the command: racadm getsysinfo For example: $ racadm getniccfg -m server-1 DHCP Enabled = 1 IP Address = 192.168.0.1 Subnet Mask = 255.255.255.0 Gateway = 192.168.0.
In the Server Administrator web interface, go to Modular Enclosure > System/Server Module > Main System Chassis/ Main System > Remote Access. iDRAC network connection is not working. For blade servers: ● Ensure that the LAN cable is connected to CMC. ● Ensure that NIC settings, IPv4 or IPv6 settings, and either Static or DHCP is enabled for your network. For rack and tower servers: ● In shared mode, ensure that the LAN cable is connected to the NIC port where the wrench symbol is present.
25 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
Generating SupportAssist Collection on page 287 Inventorying and monitoring storage devices on page 197 Using iDRAC Service Module on page 263 Obtaining system information and assess system health To obtain system information and assess system health: ● In iDRAC Web interface, go to Overview > Server > System Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan.
● Dell Remote Access Configuration Tool (DRACT) Performing graceful shutdown To perform graceful shutdown, in iDRAC Web interface, go to one of the following locations: ● Overview > Server > Power/Thermal > Power Configuration > Power Control. The Power Control page is displayed. Select Graceful Shutdown and click Apply. ● Overview > Server > Power/Thermal > Power Monitoring. From the Power Control drop-down menu, select Graceful Shutdown and click Apply.
2. Based on the data, power infrastructure and cooling system limitations, enable the power cap policy and set the power cap values. NOTE: It is recommended that you set a cap close to the peak, and then use that capped level to determine how much capacity is remaining in the rack for adding more servers. Installing new electronic license See License operations for more information.