Dell Chassis Management Controller Firmware Version 3.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death. ____________________ Information in this publication is subject to change without notice. © 2010 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . What’s New For This Release . . . . . . . . . . . . . . 19 . . . . . . . . . . . . . . 20 Security Features . . . . . . . . . . . . . . . . . . . . 21 Chassis Overview . . . . . . . . . . . . . . . . . . . . 22 CMC Management Features . Hardware Specifications TCP/IP Ports . . . . . . . . . . . . . . . . 23 . . . . . . . . . . . . . . . . . . . . 23 . . . . . . . . 24 . . . . . . . . . . . . . . . . . .
Daisy-chain CMC Network Connection . . . . . . 31 . . . . . . . . . 35 . . . . . . . . . . . 35 Installing Remote Access Software on a Management Station . . . . . . . . . Installing RACADM on a Linux Management Station . . . . . Uninstalling RACADM From a Linux Management Station . . . . . . . . . . . . . . . . 36 . . . . . . . . . . . . . . 36 . . . . . . . . . . . . . . . . . . . . 37 Configuring a Web Browser . Proxy Server Microsoft Phishing Filter . . . . . . . . . . . . . .
Understanding the Redundant CMC Environment. About the Standby CMC . . . 53 . . . . . . . . . . . . . . 53 Active CMC Election Process . . . . . . . . . . . Obtaining Health Status of Redundant CMC 3 54 . . . . 54 . . . . . 55 . . . . . 55 Using a Serial, Telnet, or SSH Console . . . . . . . . . 56 Using a Telnet Console With the CMC . . . . . . . . . 56 . . . . . . . . . . . . . . . . 56 Configuring CMC to Use Command Line Consoles . . . . . . . . . . . . . . . .
4 Using the RACADM Command Line Interface . . . . . . . . . . . . . . . . . . . . . 69 . . . . . . . . . 69 Logging in to the CMC . . . . . . . . . . . . . . . 70 Starting a Text Console . . . . . . . . . . . . . . . 70 . . . . . . . . . . . . . . . . . . . . . 70 Using a Serial, Telnet, or SSH Console Using RACADM . RACADM Subcommands . . . . . . . . . . . . . . Accessing RACADM Remotely . . . . . . . . . . . Enabling and Disabling the RACADM Remote Capability . . . . . . . . . . . . .
Deleting the Public Keys . . . . . . 93 . . . . . . . . . . . . . . . 93 Configuring SNMP and E-mail Alerting . . . . . 94 . . . . . . . . 95 . . . . . . . . . . . . . . . . . . . 96 Creating a CMC Configuration File . Modifying the CMC IP Address . 5 . . . . . . . . 100 . . . . . . . . . . . . . . . . . . . . . 101 Using the CMC Web Interface . Accessing the CMC Web Interface Logging In . 99 . . . . . . . . . . Using RACADM to Configure Properties on iDRAC . . . . . . . . . . . . . . .
Viewing Chassis and Component Summaries . . . . . . . . . . . . Viewing Power Budget Status . . . . . . . . 116 . . . . . . . . . . 117 Viewing Server Model Name and Service Tag . . . . . . . . . . . . . . . . . . . . Viewing the Health Status of All Servers . Editing Slot Names . . . . 117 . . . . . . . . . . . . . . . . 121 Using Server’s Host Name as the Slot Name . . . . . . . . . . . . . . . . . . . . . Setting the First Boot Device for Servers .
Configuring and Managing Microsoft Active Directory Certificates . . . . . Common Settings . . . . . . . . . . 159 . . . . . . . . . . . . . . . . . 159 Standard Schema Settings . . . . . . . . . . . . . 163 Extended Schema Settings . . . . . . . . . . . . . 163 . . . . . . . . 164 . . . . . . . . . . . . . . . . . . . . . 165 Managing Active Directory Certificates Kerberos Keytab Configuring and Managing Generic Lightweight Directory Access Protocol Services . . . . . . . . . .
Updating Firmware . . . . . . . . . . . . . . . . Recovering iDRAC Firmware Using the CMC . . . . . . . . . . . . . . . Managing iDRAC . . . . . . . . 192 . . . . . . . . . . . . . . . . . . . 193 iDRAC QuickDeploy . . . . . . . . . . . . . . . . iDRAC Network Settings . . . . . . . . . . . . . Launching Remote Console from CMC GUI . . . . . . . . . . . . . . . . . . . . . Launching iDRAC using Single Sign-On FlexAddress 197 199 200 . . . . . . . . . . . . . . . . . . . . . .
Viewing FlexAddress Status Using the CLI . . . . . . . 221 . . . . . . . . 222 . . . . . . . . . 222 . . . . . . . . . . . . . . 222 . . . . . . . . . . . . . . . . . . 226 Configuring FlexAddress Using the GUI. Wake-On-LAN with FlexAddress . Troubleshooting FlexAddress Command Messages . FlexAddress DELL SOFTWARE LICENSE AGREEMENT . . . . . 7 Using FlexAddress Plus . Activating FlexAddress Plus . . . . . . . . . . . . 233 233 . . . . . . . . . . . . . . FlexAddress vs FlexAddress Plus .
Extended Schema Overview . . . . . . . . . . . . . . Active Directory Schema Extensions . . . . . . . Overview of the RAC Schema Extensions Active Directory Object Overview . . . . 248 248 . . . . . . Extending the Active Directory Schema . . . . . Installing the Dell Extension to the Active Directory Users and Computers Snap-In . Adding CMC Users and Privileges to Active Directory . . . . . . . . . . . . 252 252 . . . . 258 . . . . . .
Enabling Smart Card Authentication . Configuring the Browser For Smart Card Login . . . . . . . . . . . . . 277 . . . . . . . . . . . . 277 Logging into the CMC Using Smart Card . . . . . . 277 . . . . . . 278 . . . . . . . . . . . 279 Troubleshooting the Smart Card Login . Using the CMC with Generic LDAP Configuring the Generic LDAP Directory to Access CMC . . . . . . . . . . . . . . Selecting Your LDAP Servers . . . . . 281 . . . . . . . . . . . 283 Managing LDAP Group Settings 284 .
Power Supply and Redundancy Policy Changes in System Event Log . . . . . . . . . . . 302 . . . . . . . . . 303 . . . . . . . . . . 303 Redundancy Status and Overall Power Health . . . . . . . . . . Configuring and Managing Power. . . . . . 303 . . . . . . . 306 . . . . . . . . . . 310 Viewing the Health Status of the PSUs . Viewing Power Consumption Status Viewing Power Budget Status Configuring Power Budget and Redundancy . . . . . . . . . . . . . . . . . . . .
iKVM Connection Precedences Using OSCAR . 331 . . . . . . . . . . Tiering Through the ACI Connection . . . . . . . . 331 . . . . . . . . . . . . . . . . . . . . . . 332 Navigation Basics Configuring OSCAR . 333 . . . . . . . . . . . . . . . . Managing Servers With iKVM . Viewing and Selecting Servers . . . . . . . 336 . . . . . . . . . . 336 . . . . . . . . . . . . . 340 . . . . . . . . . . . . . . . 344 Setting Console Security . Scanning Your System 336 . . . . . . . . . . . . .
Monitoring IOM Health . . . . . . . . . . . . . . . . Viewing the Health Status of an Individual IOM . . . . . . . . . . . . . . . . . . Configuring Network Settings for an Individual IOM . . . . . . . . . . . . . . . . . . Troubleshooting IOM Network Settings . . . . . . . 369 . . . . . . . . . . . . . . . . . . . . . . . 369 . . . . . . . . . . . . . . . Gathering Configuration information and Chassis Status and Logs . . . . . . . . . 369 . . . . . . . . . . . . . . . . . . . . . . .
Viewing Chassis and Component Health Status . . . . . . . . . . . Viewing the Event Logs . . . . . . . . . . . . 390 . . . . . . . . . . . . . . . . . 391 . . . . . . . . . . . . 391 . . . . . . . . . . . . . . . 393 Viewing the Hardware Log . Viewing the CMC Log . . . . . . . . . . . . . . 394 . . . . . . . . . . . . . . . . . 395 Using the Diagnostic Console . Resetting Components .
Contents
1 Overview The Dell Chassis Management Controller (CMC) is a hot-pluggable systems management hardware and software solution designed to provide remote management capabilities and power control functions for Dell PowerEdge M1000e chassis systems. You can configure the CMC to send e-mail alerts or SNMP trap alerts for warnings or errors related to temperatures, hardware misconfigurations, power outages, and fan speeds.
• A virtual Keyboard-Video-Mouse (remote console) session for a server • One-time session specific timeout for CMC web interface login CMC Management Features The CMC provides the following management features: 20 • Redundant CMC Environment • Dynamic Domain Name System (DDNS) registration for IPv4 and IPv6 • Remote system management and monitoring using SNMP, a Web interface, iKVM, or Telnet or SSH connection • Support for Microsoft Active Directory authentication — Centralizes CMC user IDs an
• Launch point for the Integrated Dell Remote Access Controller (iDRAC) Web interface • Support for WS-Management • FlexAddress feature — Replaces the factory-assigned World Wide Name/Media Access Control (WWN/MAC) IDs with chassis-assigned WWN/MAC IDs for a particular slot, an optional upgrade. For more information, see "Using FlexAddress" on page 215.
• Limited IP address range for clients connecting to the CMC • Secure Shell (SSH), which uses an encrypted layer for higher security • Single Sign-on, Two-Factor Authentication, and Public Key Authentication Chassis Overview Figure 1-1 shows the facing edge of a CMC (inset) and the locations of the CMC slots in the chassis. Figure 1-1.
Hardware Specifications TCP/IP Ports You must provide port information when opening firewalls for remote access to a CMC. Table 1-1. CMC Server Listening Ports Port Number Function 22* SSH 23* Telnet 80* HTTP 161 SNMP Agent 443* HTTPS * Configurable port Table 1-2.
Supported Remote Access Connections Table 1-3.
Supported Web Browsers The following Web Browsers are supported for CMC3.0: • Microsoft Internet Explorer 8.0 for Windows 7, Windows Vista, Windows XP, and Windows Server 2003 family. • Microsoft Internet Explorer 7.0 for Windows 7, Windows Vista, Windows XP, and Windows Server 2003 family. • Mozilla Firefox 1.5 (32-bit) – limited functionality. To view localized versions of the CMC Web interface: 1 Open the Windows Control Panel. 2 Double-click the Regional Options icon.
Access to WS-Management requires logging in using local user privileges with basic authentication over Secured Socket Layer (SSL) protocol at port 443. For information on setting user accounts, see the Session Management database property section in the Dell Chassis Management Controller Firmware Administrator Reference Guide. The data available through WS-Management is a subset of data provided by the CMC instrumentation interface mapped to the following DMTF profiles version 1.0.
Dell Chassis Management Controller Firmware Administrator Reference Guide. Web services interfaces can be utilized by leveraging client infrastructure, such as Windows WinRM and Powershell CLI, open source utilities like WSMANCLI, and application programming environments like Microsoft .NET. For client connection using Microsoft WinRM, the minimum required version is 2.0. For more information, refer to the Microsoft article, .
• The Dell OpenManage Server Administrator’s User’s Guide provides information about installing and using Server Administrator. • The Dell Update Packages User's Guide provides information about obtaining and using Dell Update Packages as part of your system update strategy.
2 Installing and Setting Up the CMC This section provides information about how to install your CMC hardware, establish access to the CMC, configure your management environment to use the CMC, and guides you through the next steps for configuring the CMC: • Set up initial access to the CMC • Access the CMC through a network • Add and configure CMC users • Update the CMC firmware For more information about installing and setting up redundant CMC environments see "Understanding the Redundant CMC Env
Checklist for Integration of a Chassis The following steps enable you to setup the chassis accurately: 1 Your CMC and the management station where you use your browser must be on the same network, which is called the management network. Cable the CMC Ethernet port labelled GB to management network. NOTE: Do not place a cable in the CMC Ethernet port labelled STK. For more information to cable the STK port, see "Understanding the Redundant CMC Environment" on page 53.
Each CMC has two RJ-45 Ethernet ports, labeled GB (the uplink port) and STK (the stacking or cable consolidation port). With basic cabling, you connect the GB port to the management network and leave the STK port unused. CAUTION: Connecting the STK port to the management network can have unpredictable results. Cabling GB and STK to the same network (broadcast domain) can cause a broadcast storm.
Figure 2-1.
Figure 2-2, Figure 2-3, and Figure 2-4 show examples of incorrect cabling of the CMC. Figure 2-2. Incorrect Cabling for CMC Network Connection - 2 CMCs Figure 2-3.
Figure 2-4. Incorrect Cabling for CMC Network Connection - 2 CMCs Follow these steps to daisy-chain up to four chassis: 1 Connect the GB port of the active CMC in the first chassis to the management network. 2 Connect the GB port of the active CMC in the second chassis to the STK port of the active CMC in the first chassis. 3 If you have a third chassis, connect the GB port of its active CMC to the STK port of the active CMC in the second chassis.
To get started with the CMC, see "Installing Remote Access Software on a Management Station" on page 35. Installing Remote Access Software on a Management Station You can access the CMC from a management station using remote access software, such as the Telnet, Secure Shell (SSH), or serial console utilities provided on your operating system or using the Web interface.
NOTE: On the Red Hat Enterprise Linux 5 operating system, DVDs are auto-mounted with the -noexec mount option. This option does not allow you to run any executable from the DVD. You need to mount the DVD-ROM manually and then run the executables. 4 Navigate to the SYSMGMT/ManagementStation/linux/rac directory. To install the RAC software, type the following command: rpm -ivh *.rpm 5 For help on the RACADM command, type racadm help after you run the previous commands.
Your CMC and the management station where you use your browser must be on the same network, which is called the management network. Depending on your security requirements, the management network can be an isolated, highly secure network. NOTE: Ensure that security measures on the management network, such as firewalls and proxy servers, do not prevent your Web browser from accessing the CMC.
3 Click Advanced and then click the Network tab. 4 Click Settings. 5 Select the Manual Proxy Configuration. 6 In the No Proxy for field, type the addresses for CMCs and iDRACs on the management network to the comma-separated list. You can use DNS names and wildcards in your entries. Microsoft Phishing Filter If the Microsoft Phishing Filter is enabled in Internet Explorer 7 on your management system, and your CMC does not have Internet access, accessing the CMC may be delayed by a few seconds.
Downloading Files From CMC With Internet Explorer When you use Internet Explorer to download files from the CMC you may experience problems when the Do not save encrypted pages to disk option is not enabled. Follow these steps to enable the Do not save encrypted pages to disk option: 1 Start Internet Explorer. 2 Click Tools Internet Options, then click Advanced. 3 Scroll to the Security section and check Do not save encrypted pages to disk.
The CMC is connected to the management network. All external access to the CMC and iDRACs is accomplished through the CMC. Access to the managed servers, conversely, is accomplished through network connections to I/O modules (IOMs). This allows the application network to be isolated from the management network. NOTE: It is recommended to isolate chassis management from the data network. Dell cannot support or guarantee uptime of a chassis that is improperly integrated into your environment.
You can perform the initial network configuration of the CMC before or after the CMC has an IP address.
The LCD is located on the bottom left corner on the front of the chassis. Figure 2-5 illustrates the LCD panel. Figure 2-5. LCD Display 1 2 3 4 1 LCD screen 2 selection ("check") button 3 scroll buttons (4) 4 status indicator LED The LCD screen displays menus, icons, pictures, and messages.
A status indicator LED on the LCD panel provides an indication of the overall health of the chassis and its components. • Solid blue indicates good health. • Blinking amber indicates that at least one component has a fault condition. • Blinking blue is an ID signal, used to identify one chassis in a group of chassis. Navigating in the LCD Screen The right side of the LCD panel contains five buttons: four arrow buttons (up, down, left, and right) and a center button.
4 Press the center button to continue to the CMC Network Settings screen. 5 Select your network speed (10Mbps, 100Mbps, Auto (1 Gbps)) using the down arrow button. NOTE: The Network Speed setting must match your network configuration for effective network throughput. Setting the Network Speed lower than the speed of your network configuration increases bandwidth consumption and slows network communication. Determine whether your network supports the above network speeds and set it accordingly.
8 Select the mode in which you want the CMC to obtain the NIC IP addresses: Dynamic Host Configuration Protocol (DHCP) The CMC retrieves IP configuration (IP address, mask, and gateway) automatically from a DHCP server on your network. The CMC will be assigned a unique IP address allotted over your network. If you have selected the DHCP option, press the center button. The Configure iDRAC? screen appears; go to step 10.
Set the DNS IP Address using the right or left arrow keys to move between positions, and the up and down arrow keys to select a number for each position. When you have finished setting the DNS IP address, press the center button to continue. 10 Indicate whether you want to configure iDRAC: – No: Skip to step 13. – Yes: Press the center button to proceed. You can also configure iDRAC from the CMC GUI. 11 Select the Internet Protocol (IPv4, IPv6, or both) that you want to use for the servers.
the installed servers, highlight the No icon and press the center button and continue to step c. c On the next iDRAC Configuration screen, to apply all iDRAC network settings to newly installed servers, highlight the Accept/Yes icon and press the center button; when a new server is inserted into the chassis, the LCD will prompt the user on whether to automatically deploy the server using the previously configured network settings/policies.
Accessing the CMC Through a Network After you have configured the CMC network settings, you can remotely access the CMC using any of the following interfaces: • Web interface • Telnet console • SSH • Remote RACADM NOTE: Since telnet is not as secure as the other interfaces, it is disabled by default. Enable Telnet using web, ssh, or remote RACADM. Table 2-1. CMC Interfaces Interface Description Web interface Provides remote access to the CMC using a graphical user interface.
NOTE: The CMC default user name is root and the default password is calvin. You can access the CMC and iDRAC Web interfaces through the CMC Network Interface using a supported Web browser; you can also launch them from the Dell Server Administrator or Dell OpenManage IT Assistant. For a list of supported Web browsers, see the Supported Browsers section in the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com/manuals.
NOTE: During updates of CMC firmware, it is normal for some or all of the fan units in the chassis to spin at 100%. NOTE: The firmware update, by default, retains the current CMC settings. During the update process, you have the option to reset the CMC configuration settings back to the factory default settings. NOTE: If you have redundant CMCs installed in the chassis, it is important to update both to the same firmware version.
Configuring CMC Properties You can configure CMC properties such as power budgeting, network settings, users, and SNMP and e-mail alerts using the Web interface or RACADM. For more information about using the Web interface, see "Accessing the CMC Web Interface" on page 103. For more information about using RACADM, see "Using the RACADM Command Line Interface" on page 69. CAUTION: Using more than one CMC configuration tool at the same time may generate unexpected results.
Adding and Configuring Users You can add and configure CMC users using either RACADM or the CMC Web interface. You can also utilize Microsoft Active Directory to manage users. For instructions on adding and configuring public key users for the CMC using RACADM, see "Using RACADM to Configure Public Key Authentication over SSH" on page 89. For instructions on adding and configuring users using the Web interface, see "Adding and Configuring CMC Users" on page 150.
Understanding the Redundant CMC Environment You can install a standby CMC that takes over if your active CMC fails. Your redundant CMC may be pre-installed or can be added at a later date. It is important that the CMC network is properly cabled to ensure full redundancy or best performance. Failovers can occur when you: • Run the RACADM cmcchangeover command. (See the cmcchangeover command section in the Dell Chassis Management Controller Administrator Reference Guide.
Active CMC Election Process There is no difference between the two CMC slots; that is, slot does not dictate precedence. Instead, the CMC that is installed or booted first assumes the role of the active CMC. If AC power is applied with two CMCs installed, the CMC installed in CMC chassis slot 1 (the left) normally assumes the active role. The active CMC is indicated by the blue LED.
3 Configuring CMC to Use Command Line Consoles This section provides information about the CMC command line console (or serial/Telnet/Secure Shell console) features, and explains how to set up your system so you can perform systems management actions through the console. For information on using the RACADM commands in CMC through the command line console, see "Using the RACADM Command Line Interface" on page 69.
Using a Serial, Telnet, or SSH Console When you connect to the CMC command line, you can enter these commands: Table 3-1. CMC Command Line Commands Command Description racadm RACADM commands begin with the keyword racadm and are followed by a subcommand, such as getconfig, serveraction, or getsensorinfo. See "Using the RACADM Command Line Interface" on page 69 for details on using RACADM. connect Connects to the serial console of a server or I/O module.
When an error occurs during the login procedure, the SSH client issues an error message. The message text is dependent on the client and is not controlled by the CMC. Review the RACLog messages to determine the cause of the failure. NOTE: OpenSSH should be run from a VT100 or ANSI terminal emulator on Windows. You can also run OpenSSH using Putty.exe. Running OpenSSH at the Windows command prompt does not provide full functionality (that is, some keys do not respond and no graphics are displayed).
The CMC SSH implementation supports multiple cryptography schemes, as shown in Table 3-2. Table 3-2.
Configuring Linux Minicom Minicom is a serial port access utility for Linux. The following steps are valid for configuring Minicom version 2.0. Other Minicom versions may differ slightly but require the same basic settings. Use the information in "Required Minicom Settings" on page 60 to configure other versions of Minicom. Configuring Minicom Version 2.0 NOTE: For best results, set the cfgSerialConsoleColumns property to match the number of columns. Be aware that the prompt consumes two characters.
10 Select Save setup as config_name and press . 11 Select Exit From Minicom and press . 12 At the command shell prompt, type minicom . 13 Press , , to exit Minicom. Ensure that the Minicom window displays a login prompt. When the login prompt appears, your connection is successful. You are now ready to login and access the CMC command line interface. Required Minicom Settings Use Table 3-3 to configure any version of Minicom. Table 3-3.
While in a serial/Telnet/SSH console, the CMC supports the connect command to establish a serial connection to server or IOM modules. The server serial console contains both the BIOS boot and setup screens, as well as the operating system serial console. For I/O modules, the switch serial console is available. CAUTION: When executed from the CMC serial console, the connect -b option stays connected until the CMC resets. This connection is a potential security risk.
To connect to a managed server serial console, use the command connect server-n, where -n is the slot number of the server; you can also use the racadm connect server-n command. When you connect to a server using the b option, binary communication is assumed and the escape character is disabled. If the iDRAC is not available, you will see a No route to host error message. The connect server-n command enables the user to access the server's serial port.
5 Enable Redirection After Boot (default value is disabled). This option enables BIOS console redirection across subsequent reboots. 6 Save the changes and exit. 7 The managed server reboots. Configuring Windows for Serial Console Redirection There is no configuration necessary for servers running the Microsoft Windows Server versions, starting with Windows Server 2003. Windows will receive information from the BIOS, and enable the Special Administration Console (SAC) console one COM1.
The following example shows the changes described in this procedure. # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes # to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to /, e.g. # root (hd0,0) # kernel /boot/vmlinuz-version ro root= /dev/sdal # initrd /boot/initrd-version.img # #boot=/dev/sda default=0 timeout=10 #splashimage=(hd0,2)/grub/splash.xpm.
When you edit the /etc/grub.conf file, use the following guidelines: • Disable GRUB's graphical interface and use the text-based interface; otherwise, the GRUB screen will not be displayed in console redirection. To disable the graphical interface, comment out the line starting with splashimage.
# id:3:initdefault: # System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc l1:1:wait:/etc/rc.d/rc l2:2:wait:/etc/rc.d/rc l3:3:wait:/etc/rc.d/rc l4:4:wait:/etc/rc.d/rc l5:5:wait:/etc/rc.d/rc l6:6:wait:/etc/rc.d/rc 0 1 2 3 4 5 6 # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now.
4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 # Run xdm in runlevel 5 # xdm is now a separate service x:5:respawn:/etc/X11/prefdm -nodaemon Edit the file /etc/securetty, as follows: • Add a new line, with the name of the serial tty for COM2: ttyS1 The following example shows a sample file with the new line.
Configuring CMC to Use Command Line Consoles
Using the RACADM Command Line Interface 4 RACADM provides a set of commands that allow you to configure and manage the CMC through a text-based interface. RACADM can be accessed using a Telnet/SSH or serial connection, using the Dell CMC console on the iKVM, or remotely using the RACADM command line interface installed on a management station.
Logging in to the CMC After you have configured your management station terminal emulator software and managed node BIOS, perform the following steps to log in to the CMC: 1 Connect to the CMC using your management station terminal emulation software. 2 Type your CMC user name and password, and then press . You are logged in to the CMC. Starting a Text Console You can log in to the CMC using Telnet or SSH through a network, serial port, or a Dell CMC console through the iKVM.
RACADM Subcommands Table 4-1 provides a brief list of common subcommands used in RACADM. For a complete list of RACADM subcommands, including syntax and valid entries, see the RACADM Subcommands chapter in the Dell Chassis Management Controller Administrator Reference Guide. NOTE: The connect command is available as both—RACADM command and builtin CMC command. The exit, quit, and logout commands are built-in CMC commands, not RACADM commands. None of these commands can be used with remote RACADM.
Table 4-1. RACADM Subcommands (continued) Command Description feature Displays active features and feature deactivation. featurecard Displays feature card status information. fwupdate Performs system component firmware updates, and displays firmware update status. getassettag Displays the asset tag for the chassis. getchassisname Displays the name of the chassis. getconfig Displays the current CMC configuration properties.
Table 4-1. RACADM Subcommands (continued) Command Description getsysinfo Displays general CMC and system information. gettracelog Displays the CMCtrace log. If used with the -i option, the command displays the number of entries in the CMC trace log. getversion Displays the current software version, model information, and whether or not the device can be updated. ifconfig Displays the current CMC IP configuration. krbkeytabupload Uploads a Kerberos Keytab to the CMC.
Table 4-1. RACADM Subcommands (continued) Command Description setslotname Sets the name of a slot in the chassis. setsysinfo Sets the name and location of the chassis. sshpkauth Uploads up to 6 different SSH public keys, deletes existing keys, and views the keys already in the CMC. sslcertdownload Downloads a certificate authority-signed certificate. sslcertupload Uploads a certificate authority-signed certificate or server certificate to the CMC.
Table 4-2. Remote RACADM Subcommand Options (continued) Option Description -i Instructs RACADM to interactively query the user for user name and password. -u Specifies the user name that is used to authenticate the command transaction. If the -u option is used, the -p option must be used, and the -i option (interactive) is not allowed. -p Specifies the password used to authenticate the command transaction. If the -p option is used, the -i option is not allowed.
Enabling and Disabling the RACADM Remote Capability NOTE: Dell recommends that you run these commands at the chassis. The RACADM remote capability on the CMC is enabled by default. In the following commands, -g specifies the configuration group the object belongs to, and -o specifies the configuration object to configure.
If you do not know your user ID, try different values for n. NOTE: The RACADM remote capability is supported only on management stations through a supported browser. For more information, see the Supported Browsers section in the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com/manuals. NOTE: When using the RACADM remote capability, you must have write permissions on the folders where you are using the RACADM subcommands involving file operations.
Using RACADM to Configure the CMC NOTE: In order to configure CMC the first time. You must be logged in as user root to execute RACADM commands on a remote system. Another user can be created that will give him or her the permission to configure the CMC. The CMC Web interface is the quickest way to configure the CMC (see "Using the CMC Web Interface" on page 103).
Viewing Current IPv4 Network Settings To view a summary of NIC, DHCP, network speed, and duplex settings, type: racadm getniccfg or racadm getconfig -g cfgCurrentLanNetworking Viewing Current IPv6 Network Settings To view a summary of the network settings, type: racadm getconfig -g cfgIpv6LanNetworking To view IPv4 and IPv6 addressing information for the chassis type: racadm getsysinfo By default, the CMC requests and obtains a CMC IP address from the Dynamic Host Configuration Protocol (DHCP) server auto
To view IP address and DHCP, MAC address, and DNS information for the chassis, type: racadm getsysinfo Configuring the Network LAN Settings NOTE: To perform the following steps, you must have Chassis Configuration Administrator privilege. NOTE: The LAN settings, such as community string and SMTP server IP address, affect both the CMC and the external settings of the chassis.
To enable/disable the CMC IPv6 addressing, type: racadm config -g cfgIpv6LanNetworking -o cfgIPv6Enable 1 racadm config -g cfgIpv6LanNetworking -o cfgIPv6Enable 0 NOTE: The CMC IPv6 addressing is disabled by default. By default, for IPv4, the CMC requests and obtains a CMC IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. You can disable the DHCP feature and specify static CMC IP address, gateway, and subnet mask.
Enabling or Disabling DHCP for the CMC Network Interface Address When enabled, the CMC’s DHCP for NIC address feature requests and obtains an IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. This feature is enabled by default. You can disable the DHCP for NIC address feature and specify a static IP address, subnet mask, and gateway. For more information, see "Setting Up Initial Access to the CMC" on page 78.
For IPv6, to set the preferred and secondary DNS IP Server addresses, type: racadm config -g cfgIPv6LanNetworking -o cfgIPv6DNSServer1 racadm config -g cfgIPv6LanNetworking -o cfgIPv6DNSServer2 Configuring DNS Settings (IPv4 and IPv6) • CMC Registration — To register the CMC on the DNS server, type: racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1 NOTE: Some DNS servers will only register names of 31 characters or fewer.
You can disable auto negotiation and specify the duplex mode and network speed by typing: racadm config -g cfgNetTuning -o cfgNetTuningNicAutoneg 0 racadm config -g cfgNetTuning -o cfgNetTuningNicFullDuplex where: is 0 (half duplex) or 1 (full duplex, default) racadm config -g cfgNetTuning -o cfgNetTuningNicSpeed where: is 10 or 100(default).
You can also specify both the VLAN ID and the VLAN priority with a single command: racadm setniccfg -v For example: racadm setniccfg -v 1 7 Removing the CMC VLAN To remove the CMC VLAN, disable the VLAN capabilities of the external chassis management network: racadm config -g cfgLanNetworking -o cfgNicVLanEnable 0 You can also remove the CMC VLAN using the following command: racadm setniccfg -v Setting up a Server VLAN Specify the VLAN ID and priority of a particular server with
Removing a Server VLAN To remove a server VLAN, disable the VLAN capabilities of the specified server's network: racadm setniccfg -m server- -v The valid values for are 1-16. For example: racadm setniccfg -m server-1 -v Setting the Maximum Transmission Unit (MTU) (IPv4 and IPv6) The MTU property allows you to set a limit for the largest packet that can be passed through the interface.
Enabling IP Range Checking (IPv4 Only) IP filtering compares the IP address of an incoming login to the IP address range that is specified in the following cfgRacTuning properties: • cfgRacTuneIpRangeAddr • cfgRacTuneIpRangeMask A login from the incoming IP address is allowed only if both the following are identical: • cfgRacTuneIpRangeMask bit-wise and with incoming IP address • cfgRacTuneIpRangeMask bit-wise and with cfgRacTuneIpRangeAddr Using RACADM to Configure Users Before You Begin You can c
NOTE: When you manually enable or disable a user with the RACADM config subcommand, you must specify the index with the -i option. Observe that the cfgUserAdminIndex object displayed in the previous example contains a # character. Also, if you use the racadm config -f racadm.cfg command to specify any number of groups/objects to write, the index cannot be specified. A new user is added to the first available index.
To verify that the user was added successfully with the correct privileges, type the following command: racadm getconfig –g cfgUserAdmin –i 2 Using RACADM to Configure Public Key Authentication over SSH Before You Begin You can configure up to 6 public keys that can be used with the service username over SSH interface. Before adding or deleting public keys, be sure to use the view command to see what keys are already set up so a key is not accidentally overwritten or deleted.
For example, if two public keys are set up one with comment PC1 and one with comment PC2: racadm getssninfo Type User SSH PC1 x.x.x.x IP Address 06/16/2009 09:00:00 Login Date/Time SSH PC2 x.x.x.x 06/16/2009 09:00:00 For more information on the sshpkauth, see the Dell Chassis Management Controller Administrator Reference Guide. Generating Public Keys for Windows Before adding an account, a public key is required from the system that will access the CMC over SSH.
Generating Public Keys for Linux The ssh-keygen application for Linux clients is a command line tool with no graphical user interface. Open a terminal window and at the shell prompt type: ssh-keygen –t rsa –b 1024 –C testing where, –t option must be dsa or rsa. –b option specifies the bit encryption size between 768 and 4096. –C option allows modifying the public key comment and is optional. the passphrase is optional. Follow the instructions.
NOTE: You can only use the file upload option with remote RACADM. For more information, see "Accessing RACADM Remotely" on page 74 and subsequent sections. For public key privileges, see Table 3-1 in the Database Property chapter of Dell Chassis Management Controller Administrator Reference Guide.
you can use the Pageant application. It runs in the background and makes entering the passphrase transparent. For Linux clients, you can use the sshagent. For setting up and using either of these applications, see the documentation provided from that application. Enabling a CMC User With Permissions To enable a user with specific administrative permissions (role-based authority), first locate an available user index by performing the steps in "Before You Begin" on page 87.
NOTE: The Test TRAP functionality does not detect improper choices based on current network configuration. For example, using an IPv6 destination in an IPv4-only environment. Configuring Multiple CMCs in Multiple Chassis Using RACADM, you can configure one or more CMCs with identical properties. When you query a specific CMC card using its group ID and object ID, RACADM creates the racadm.cfg configuration file from the retrieved information.
The getconfig -f myfile.cfg subcommand (step 1) requests the CMC configuration for the active CMC and generates the myfile.cfg file. If required, you can rename the file or save it to a different location. You can use the getconfig command to perform the following actions: • Display all configuration properties in a group (specified by group name and index) • Display all configuration properties for a user by user name The config subcommand loads the information into other CMCs.
is configured. If a modified object represents a new index, the index is created on the CMC during configuration. • You cannot specify a desired index in a .cfg file. Indexes may be created and deleted. Over time the group may become fragmented with used and unused indexes. If an index is present, it is modified. If an index is not present, the first available index is used.
For Example: # # This is a comment [cfgUserAdmin] cfgUserAdminPageModemInitString= • All group entries must be surrounded by open- and close-brackets ([ and ]). The starting [ character that denotes a group name must be in column one. This group name must be specified before any of the objects in that group. Objects that do not include an associated group name generate an error.
NOTE: You may create an indexed group manually using the following command: racadm config -g -o -i • The line for an indexed group cannot be deleted from a .cfg file. If you do delete the line with a text editor, RACADM will stop when it parses the configuration file and alert you of the error.
Modifying the CMC IP Address When you modify the CMC IP address in the configuration file, remove all unnecessary = entries. Only the actual variable group’s label with [ and ] remains, including the two = entries pertaining to the IP address change. Example: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.
Using RACADM to Configure Properties on iDRAC RACADM config/getconfig commands support the -m option for the following configuration groups: • cfgLanNetworking • cfgIPv6LanNetworking • cfgRacTuning • cfgRemoteHosts • cfgSerial • cfgSessionManagement NOTE: For more information on the property default values and ranges, see the Integrated Dell Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers User Guide.
Troubleshooting Table 4-3 lists common problems related to remote RACADM. Table 4-3. Using Serial/ RACADM Commands: Frequently Asked Questions Question Answer After performing a CMC reset (using the RACADM racreset subcommand), I enter a command and the following message is displayed: You must wait until the CMC completes the reset before issuing another command.
Table 4-3. Using Serial/ RACADM Commands: Frequently Asked Questions (continued) Question Answer While I was using remote RACADM, the prompt changed to a ">" and I cannot get the "$" prompt to return. If you type a non-matched double quotation mark (") or a non-matched single quotation (’) in the command, the CLI will change to the ">" prompt and queue all commands.
Using the CMC Web Interface 5 The CMC provides a Web interface that enables you to configure the CMC properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday chassis management, use the CMC Web interface. This chapter provides information about how to perform common chassis management tasks using the CMC Web interface.
To access the CMC Web interface over IPv6: 1 Open a supported Web browser window. For the latest information on supported Web browsers, see the Dell Systems Software Support Matrix located on the Dell Support website at support.dell.com/manuals. 2 Type the following URL in the Address field, and then press : https://[] NOTE: While using IPv6, you must enclose the in square brackets ([ ]).
You can log in as either a CMC user or as a Directory user. To log in: 1 In the Username field, type your user name: • CMC user name: • Active Directory user name: \, / or @. • LDAP user name: NOTE: This field is case sensitive. 2 In the Password field, type your CMC user password or Active Directory user password. NOTE: This field is case-sensitive. 3 Optionally, select a session timeout.
To set the chassis name: 1 Log in to the CMC Web interface. The Chassis Health page displays. 2 Click the Setup tab. The General Chassis Settings page displays. 3 Type the new name in the Chassis Name field, and then click Apply. Setting the Date and Time on the CMC You can set the date and time manually, or you can synchronize the date and time with a Network Time Protocol (NTP) server. 1 Log in to the CMC Web interface. The Chassis Health page displays. 2 Click the Setup tab.
The Chassis Component Summary section (also entitled "Chassis Health" when the overall chassis information is shown) displays the graphics and their associated information. You can hide this entire section by clicking the Close icon. The left half of the Chassis Component Summary section displays the graphics and Chassis Quick Links. The right half of this section displays information, links, and actions related to the selected component.
Table 5-1. Server Icon States Icon Description Server is powered on and is operating normally. Server is off. Server is reporting a non-critical error. Server is reporting a critical error.
Table 5-1. Server Icon States Icon Description No server is present. The Chassis Quick Links are displayed below the Chassis Graphics. Table 5-2.
Table 5-3. Chassis Page Information Field Description Model Displays the model of the Chassis LCD panel. Firmware Displays the firmware version of the active CMC. Service Tag Displays the service tag of the chassis. The service tag is a unique identifier that the manufacturer provides for support and maintenance. Asset Tag Displays the asset tag for the chassis. Input Power Amount of power that the chassis consumes presently. Power Cap User-assigned maximum Input Power to be consumed.
Table 5-4. Health and Performance Information - Servers Item Description Power State On/Off state of the server. See Table 5-23 for details on the various types of power states. Health Displays the text equivalent of the health icon. Power Consumption Amount of power that the server consumes at present. Power Allocated Amount of power budgeted for the server. Temperature Temperature read from the server temperature sensor. Table 5-5.
Table 5-6. Quick Links - Servers Item Description Launch Remote Invokes a Keyboard-Video-Mouse (KVM) session on the server if Console the server supports this operation. Launch iDRAC GUI Invokes an iDRAC management console for the server. Power On Server Apply power to a server that is in the "Off" state. Power Off Server Remove power from a server that is in the "On" state.
Table 5-9. Quick Links - I/O Modules Item Description IOM Status Navigate to I/O Modules Properties Status Launch IOM GUI If the Launch IOM GUI link is present for a particular I/O module, clicking it launches the IOM management console for that I/O module in a new browser window or tab. Table 5-10. Active CMC Health and Performance Item Description Redundancy Mode Displays failover readiness of the standby CMC.
Table 5-12. Quick Links - CMC Item Description CMC Status Navigate to Chassis Controller Properties Status Networking Navigate to Chassis Overview Network Network Firmware Update Navigate to Chassis Overview Update Firmware Update Table 5-13. iKVM Health and Performance Item Description OSCAR Console Displays whether the rear panel VGA connector is enabled (Yes or No) for access to the CMC. Table 5-14. iKVM Properties Item Description Name Displays the name of the iKVM.
Table 5-17. Fan Properties Item Description Lower Critical Threshold Speed below which the fan is considered to have failed. Upper Critical Threshold Speed above which the fan is considered to have failed. Table 5-18. Quick Links - Fan Item Description Fan Status Navigate to Fans Properties Status Table 5-19.
Table 5-22. LCD Health and Performance Item Description LCD Health Displays the presence and health of the LCD panel. Chassis Health Displays the text description of Chassis Health. There are no Quick Links for the LCD. Monitoring System Health Status Viewing Chassis and Component Summaries The CMC displays a graphical representation of the chassis on the Chassis Health page that provides a visual overview of installed component status.
each component is displayed by clicking on that component. For instructions on viewing chassis and components summaries, see "Viewing Chassis Summaries" on page 386. Viewing Power Budget Status The Power Budget Status page displays the power budget status for the chassis, servers, and chassis power supply units (PSUs). For instructions on viewing power budget status, see "Viewing Power Consumption Status" on page 306. For more information about CMC power management, see "Power Management" on page 287.
• Amber caution sign - indicates that only warning alerts have been issued and that corrective action must be taken. • Red X - indicates at least one failure condition is present. This means that the CMC can still communicate with the component and the health status reported is critical. • Grayed out - indicates that the component is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition.
Table 5-23. Item Health All Servers Status Information (continued) Description OK Displays that the server is present and communicating with the CMC. Informational Displays information about the server when no change in health status has occurred. Launch Remote Console Warning Displays that only warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken, then critical failures that may affect the integrity of the device may occur.
Table 5-23. All Servers Status Information (continued) Item Description Launch Left click the button to launch the iDRAC management console for iDRAC GUI a server in a new browser window or tab.
Editing Slot Names The Slot Names page allows you to update slot names in the chassis. Slot names are used to identify individual servers. When choosing slot names, the following rules apply: • Names may contain a maximum of 15 non-extended ASCII characters (ASCII codes 32 through 126). • Slot names must be unique within the chassis. No two slots may have the same name. • Strings are not case-sensitive. Server-1, server-1, and SERVER-1 are equivalent names.
NOTE: The slot name setting in the CMC Web interface always overrides any change you make to the display name in the iDRAC interface. To edit a slot name: 1 Log in to the CMC Web interface. 2 Select Server Overview in the Chassis menu in the system tree. 3 Click Setup Slot Names. The Slot Names page displays. 4 Type the updated or new name for a slot in the Slot Name field. Repeat this action for each slot you want to rename. 5 Click Apply.
The boot device that you specify must exist and contain bootable media. Table 5-24. Boot Devices Boot Device Description PXE Boot from a Preboot Execution Environment (PXE) protocol on the network interface card. Hard Drive Boot from the hard drive on the server. Local CD/DVD Boot from a CD/DVD drive on the server. Virtual Floppy Boot from the virtual floppy drive.
Viewing the Health Status of an Individual Server The health status for an individual server can be viewed in two ways: from the Chassis Graphics section on the Chassis Health page or the Server Status page. The Chassis Health page provides a graphical overview of an individual server installed in the chassis. To view health status for individual servers using Chassis Graphics: 1 Log in to the CMC Web interface. The Chassis Health page is displayed.
NOTE: To use the iDRAC user interface, you must have an iDRAC user name and password. For more information about iDRAC and the using the iDRAC Web interface, see the Integrated Dell Remote Access Controller Firmware User’s Guide. To view the health status of an individual server: 1 Log in to the CMC Web interface. 2 Expand Server Overview in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server (slot) you want to view. The Server Status page displays.
Table 5-25. Individual Server Status - Properties (continued) Item Description Health OK Displays that the server is present and communicating with the CMC. In the event of a communication failure between the CMC and the server, the CMC cannot obtain or display health status for the server. Informational Displays information about the server when no change in health status (OK, Warning, Critical) has occurred.
Table 5-26. Individual Server Status - iDRAC System Event Log Item Description Severity OK Indicates a normal event that does not require corrective actions. Informational Indicates an informational entry on an event in which the Severity status has not changed. Unknown Indicates an unknown/uncategorized event. Warning Indicates a non-critical event for which corrective actions must be taken soon to avoid system failures.
Table 5-28. Individual Server Status - IPv4 iDRAC Network Settings Item Description Enabled Indicates if the IPv4 protocol is used on the LAN (Yes). If the server does not support IPv6, the IPv4 protocol is always enabled and this setting is not displayed. DHCP Enabled Indicates whether Dynamic Host Configuration Protocol (DHCP) is enabled (Yes) or disabled (No).
Table 5-30. Individual Server Status - WWN/MAC Address Item Description Slot Displays the slot(s) occupied by the server on the chassis. Location Displays the location occupied by the Input/Output modules. The six locations are identified by a combination of the group name (A, B, or C) and slot number (1 or 2). Location names are: A1, A2, B1, B2, C1, or C2. Fabric Displays the type of the I/O fabric.
The Chassis Health page is displayed. The lower section of Chassis Graphics depicts the rear view of the chassis and contains the health status for the IOMs. IOM health status is indicated by the overlay of the IOM subgraphic: • No overlay - IOM is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber caution sign - indicates that only warning alerts have been issued and that corrective action must be taken.
of all fans. Fan health status is indicated by the overlay of the fan subgraphic: • No overlay - the fan is present and running; there is no indication of an adverse condition. • Amber caution sign - indicates that only warning alerts have been issued and that corrective action must be taken. • Red X - indicates at least one failure condition is present. This means that the health status is reported as critical. • Grayed Out - indicates that the fan is present and not powered on.
Table 5-31. Fans Health Status Information Item Description Name Displays the fan name in the format FAN-n, where n is the fan number. Present Indicates whether the fan unit is present (Yes or No). Health Speed OK Indicates that the fan unit is present and communicating with the CMC. In the event of a communication failure between the CMC and the fan unit, the CMC cannot obtain or display health status for the fan unit. Critical Indicates that at least one Failure alert has been issued.
• Amber caution sign - indicates that only warning alerts have been issued and that corrective action must be taken. • Red X - indicates at least one failure condition is present. This means that the CMC can still communicate with the iKVM and that the health status reported is critical. • Grayed Out - indicates that the iKVM is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 2 Use the cursor to hover over the iKVM subgraphic.
status of all PSUs. PSU health status is indicated by the overlay of the PSU subgraphic: • No overlay - PSU is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber caution sign - indicates that only warning alerts have been issued and that corrective action must be taken. • Red X - indicates at least one failure condition is present. This means that the CMC can still communicate with the PSU and that the health status is reported as critical.
Table 5-32. Power Supply Health Status Information (continued) Item Description Health OK Indicates that the PSU is present and communicating with the CMC. Indicates that the health of the PSU is OK. In the event of a communication failure between the CMC and the fan unit, the CMC cannot obtain or display health status for the PSU. Critical Indicates that the PSU has a failure and the health is critical. Corrective action must be taken immediately.
Viewing Status of the Temperature Sensors The Temperature Sensors Status page displays the status and readings of the temperature probes on the entire chassis (chassis and servers). NOTE: The temperature probes value cannot be edited. Any change beyond the threshold will generate an alert that will cause the fan speed to vary. For example, if the CMC ambient temperature probe exceeds threshold, the speed of the fans on the chassis increases.
Temperature Sensors Health Status Information (continued) Table 5-34. Item Description Unknown Indicates that communication with the module has not been established. This is usually because the chassis is off or the chassis has not completed initialization. Reading Displays the current temperature in degrees Centigrade and Fahrenheit. Threshold Maximum Displays the highest temperature, in degrees Centigrade and Fahrenheit, at which a Failure alert is issued.
Viewing World Wide Name/Media Access Control (WWN/MAC) IDs The WWN/MAC Summary page allows you to view the WWN configuration and MAC address of a slot in the chassis. Fabric Configuration The Fabric Configuration section displays the type of Input/Output fabric that is installed for Fabric A, Fabric B, and Fabric C. A green check mark indicates that the fabric is enabled for FlexAddress.
Configuring CMC Network Properties NOTE: Network configuration changes can result in the loss of connectivity on current network login. Setting Up Initial Access to the CMC Before you can begin configuring the CMC, you must first configure the CMC network settings to allow the CMC to be managed remotely. This initial configuration assigns the TCP/IP networking parameters that enable access to the CMC. NOTE: You must have Chassis Configuration Administrator privilege to set up CMC network settings.
To configure IP range and IP blocking settings, click the Advanced Settings button (see "Configuring CMC Network Security Settings" on page 147.) To refresh the contents of the Network Configuration page, click Refresh. To print the contents of the Network Configuration page, click Print. Table 5-35. Network Settings Setting Description CMC MAC Address Displays the chassis’ MAC address, which is a unique identifier for the chassis over the computer network.
Table 5-35. Network Settings (continued) Setting Description Register CMC on DNS This property registers the CMC name on the DNS Server. Default: Unchecked (disabled) by default NOTE: Some DNS Servers will only register names of 31 characters or fewer. Make sure the designated name is within the DNS required limit. DNS CMC Name Displays the CMC name only when Register CMC on DNS is selected.
Table 5-35. Network Settings (continued) Setting Description Network Speed Set the network speed to 100 Mbps or 10 Mbps to match your network environment. NOTE: The Network Speed setting must match your network configuration for effective network throughput. Setting the Network Speed lower than the speed of your network configuration increases bandwidth consumption and slows network communication. Determine whether your network supports the above network speeds and set it accordingly.
Table 5-36. IPv4 Settings Setting Description Enable IPv4 Allow the CMC to use the IPv4 protocol to communicate on the network. Clearing this box does not prevent IPv6 networking from occurring. Default: Checked (enabled) DHCP Enable Enables the CMC to request and obtain an IP address from the IPv4 Dynamic Host Configuration Protocol (DHCP) server automatically.
Table 5-36. IPv4 Settings (continued) Setting Description Static Gateway Specifies the IPv4 gateway for the CMC Network Interface. NOTE: The Static IP Address, Static Subnet Mask, and Static Gateway fields are active only if DHCP Enable (the property field preceding these fields) is disabled (unchecked). In that case, you must manually type the Static IP Address, Static Subnet Mask, and Static Gateway for the CMC to use over the network.
Table 5-36. IPv4 Settings (continued) Setting Description Static Preferred DNS Server Specifies the static IP address for the preferred DNS Server. The Static Preferred DNS Server is implemented only when Use DHCP to Obtain DNS Server Addresses is disabled. Static Alternate DNS Server Specifies the static IP address for the alternate DNS Server. The Static Alternate DNS Server is implemented only when Use DHCP to obtain DNS Server addresses is disabled.
Table 5-37. IPv6 Settings Setting Description Enable IPv6 Allows the CMC to use the IPv6 protocol to communicate on the network. Unchecking this box does not prevent IPv4 networking from occurring. Default: Checked (enabled) AutoConfiguration Enable Allows the CMC to use the IPv6 protocol to obtain IPv6 related address and gateway settings from an IPv6 router configured to provide this information. The CMC will then have a unique IPv6 address on your network.
Table 5-37. IPv6 Settings (continued) Setting Description Static Preferred DNS Server Specifies the static IPv6 Address for the preferred DNS Server. The entry for Static Preferred DNS Server is considered only when Use DHCP to Obtain DNS Server Addresses is disabled or unchecked. There is an entry for this Server in both IPv4 and IPv6 configuration areas. Static Alternate DNS Specifies the static IPv6 Address for the alternate DNS Server Server.
Table 5-38. Network Security Page Settings (continued) Settings Description IP Range Mask Defines a specific range of IP addresses that can access the CMC, a process called IP range checking. IP range checking allows access to the CMC only from clients or management stations whose IP addresses are within the user-specified range. All other logins are denied. For example: IP range mask: 255.255.255.0 (11111111.11111111.11111111.00000000) IP range address:192.168.0.255 (11000000.10101000.00000000.
Configuring VLAN VLANs are used to allow multiple virtual LANs to co-exist on the same physical network cable and to segregate the network traffic for security or load management purposes. When you enable the VLAN functionality, each network packet is assigned a VLAN tag. 1 Log in to the Web interface. 2 Click the Network tabVLAN subtab. The VLAN Tag Settings page displays. VLAN tags are chassis properties. They remain with the chassis even when a component is removed.
Adding and Configuring CMC Users To manage your system with the CMC and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs. User Types There are two types of users: CMC users and iDRAC users. CMC users are also known as "chassis users." Since iDRAC resides on the server, iDRAC users are also known as "server users.
Table 5-40. User Types (continued) Privilege Description Chassis Configuration Administrator User can add or change data that: • Identifies the chassis, such as chassis name and chassis location • Is assigned specifically to the chassis, such as IP mode (static or DHCP), static IP address, static gateway, and static subnet mask • Provides services to the chassis, such as date and time, firmware update, and CMC reset. • Is associated with the chassis, such as slot name and slot priority.
Table 5-40. User Types (continued) Privilege Description Server Administrator This a blanket privilege granting a CMC user all rights to perform any operation on any servers present in the chassis. When a user with Server Administrator privilege issues an action to be performed on a server, the CMC firmware sends the command to the targeted server without checking the user's privileges on the server.
Table 5-40. User Types (continued) Privilege Description Server Administrator (continued) Server Configuration Administrator: • Set IP address • Set gateway • Set subnet mask • Set first boot device Configure Users: • Set iDRAC root password • iDRAC reset Server Control Administrator: • Power on • Power off • Power cycle • Graceful shutdown • Server Reboot Test Alert User User can send test alert messages. Debug Command Administrator User can execute system diagnostic commands.
The CMC user groups provide a series of user groups that have pre-assigned user privileges. NOTE: If you select Administrator, Power User, or Guest User, and then add or remove a privilege from the pre-defined set, the CMC Group automatically changes to Custom. . Table 5-41.
Table 5-41. CMC Group Privileges (continued) User Group Privileges Granted Custom Select any combination of the following permissions: • CMC Login User • Chassis Configuration Administrator • User Configuration Administrator • Clear Logs Administrator • Chassis Control Administrator (Power Commands) • Super User • Server Administrator • Test Alert User • Debug Command Administrator • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator None Table 5-42. No assigned permissions.
Table 5-42.
Users can be logged in through Web interface, Telnet serial, SSH, and iKVM sessions. A maximum of 22 active sessions (Web interface, Telnet serial, SSH, and iKVM, in any combination) can be divided among users. NOTE: For added security, it is strongly recommended that you change the default password of the root (User 1) account. The root account is the default administrative account that ships with the CMC.
Table 5-43. General User Settings for Configuring a New or Existing CMC Username and Password (continued) Property Description User Name Sets or displays the unique CMC user name associated with the user. The user name can contain up to 16 characters. CMC user names cannot include forward slash (/) or period (.) characters. NOTE: If you change the user name, the new name does not appear in the user interface until your next login.
Configuring and Managing Microsoft Active Directory Certificates NOTE: To configure Active Directory settings for the CMC, you must have Chassis Configuration Administrator privilege. NOTE: For more information about Active Directory configuration and how to configure Active Directory with Standard Schema or Extended Schema, see "Using the CMC Directory Service" on page 239. You can use the Microsoft Active Directory service to configure your software to provide access to the CMC.
Table 5-44. Common Settings (continued) Field Description Enable Smart Card Enables Active Directory inter-operation based on the Kerberos Login Authentication supported by a Dell-supplied, auto-installed browser plug-in and Smart Card usage. To enable Smart Card, select the check box. To disable Smart Card, clear the check box. If you enable Smart Card, you must also configure your Microsoft Windows Client Workstation to correctly operate with Smart Card Reader functionality.
Table 5-44. Common Settings (continued) Field Description Enable SSL Certificate Validation Enables SSL certificate validation for the CMC's Active Directory SSL connection. To disable the SSL certificate validation, clear the check box. Warning: Disabling this feature may expose the authentication to a man-in-the-middle attack. The browser operation requires that the CMC be accessed through a HTTP URL which contains a fully qualified domain address for the CMC, that is http://cmc-6g2wxf1.dom.net.
Table 5-44. Common Settings (continued) Field Description Enabling Smart Card enforces a Smart Card Only policy for browser authentication. All other methods of browser authentication such as Local or Active Directory username/password authentication are restricted. If the Smart Card Only usage enforcement policy is to be adopted, it is important that the Smart Card operation be fully validated before all other access methods to the CMC are disabled.
Standard Schema Settings Displayed when Microsoft Active Directory (Standard Schema) is selected, this section presents the role groups with associated names, domains, and privileges for any role groups that have already been configured. To change the settings for a role group, click the role group button in the Role Groups list. NOTE: If you click a role group link prior to applying any new settings you have made, you lose those settings.
• CMC Domain Name - Displays the DNS name (string) of the domain where the Active Directory RAC Device Object resides. The CMC domain name must be a valid domain name consisting of x.y, where x is a 1-256 character ASCII string with no blank spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. Managing Active Directory Certificates This sections displays the properties for the Active Directory certificate that was recently uploaded to the CMC.
Kerberos Keytab You can upload a Kerberos Keytab generated on the associated Active Directory Server. You can generate the Kerberos Keytab from the Active Directory Server by executing the ktpass.exe utility. This keytab establishes a trust relationship between the Active Directory Server and the CMC. NOTE: The CMC does not have a Kerberos Keytab for Active Directory. You must upload a currently generated Kerberos Keytab. See "Configuring Single Sign-On" on page 269 for detailed information.
Table 5-45. Common Settings Setting Description Generic LDAP Enabled Enables the generic LDAP service on the CMC. See the CMC User Guide for details on LDAP. Use Distinguished Name to Search Group Membership Specifies the distinguished name (DN) of LDAP groups whose members are allowed access to the device. Enable SSL Certificate Validation If checked, CMC uses the CA certificate to validate the LDAP server certificate during SSL handshake.
Table 5-45. Common Settings (continued) Setting Description Network Timeout (seconds) Sets the time in seconds after which an idle LDAP session is automatically closed. Search Timeout (seconds) Sets the time in seconds after which a search is automatically closed. Selecting Your LDAP Servers You can configure the server to use with Generic LDAP in two ways. Static Servers allows the administrator to place a FQDN or IP address within the field.
Managing LDAP Group Settings The table in the Group Settings section lists role groups, displaying associated names, domains, and privileges for any role groups that are already configured. • To configure a new role group, click a role group name that does not have a name, domain, and privilege listed. • To change the settings for an existing role group, click the role group name. When you click a role group name, the Configure Role Group page appears.
Use the following controls to upload and download this certificate: • Upload - Initiates the upload process for the certificate. This certificate, which you obtain from your LDAP server, grants access to the CMC. • Download - Initiates the download process. You are prompted for the location to save the file. When you select this option and click Next, a File Download dialog box appears. Use this dialog box to specify a location on your management station or shared network for the server certificate.
This encryption process provides a high level of data protection. The CMC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America. The CMC Web server includes a Dell self-signed SSL digital certificate (Server ID). To ensure high security over the Internet, replace the Web server SSL certificate by submitting a request to the CMC to generate a new Certificate Signing Request (CSR).
NOTE: Any server certificate you upload must be current (not expired) and signed by a certificate authority. 1 Log in to the Web interface. 2 Click the Network tab, and then click the SSL subtab. The SSL Main Menu page appears. Use the SSL Main Menu page options to generate a CSR to send to a certificate authority. The CSR information is stored on the CMC firmware.
Table 5-46. SSL Main Menu Options (continued) Field Description Upload Webserver key and Certificate Select this option and click Next to open the Webserver Key and Certificate Upload page, where you can upload an existing Web server key and server certificate that your company holds title to and uses to control access to the CMC. NOTE: Only X.509, Base64 encoded certificates are accepted by the CMC. Binary DER-encoded certificates are not accepted.
To generate a CSR: 1 From the SSL Main Menu page, select Generate a New Certificate Signing Request (CSR), and then click Next. The Generate Certificate Signing Request (CSR) page displays. 2 Type a value for each CSR attribute value. 3 Click Generate. A File Download dialog box appears. 4 Save the csr.txt file to your management station or shared network. (You may also open the file at this time and save it later.) You will later submit this file to a certificate authority. Table 5-47.
Table 5-47. Generate Certificate Signing Request (CSR) Page Options (continued) Field Description Locality The city or other location of your organization (examples: Atlanta, Hong Kong). Valid: Alphanumeric characters (A–Z, a–z, 0–9) and spaces. Not Valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). State The state, province, or territory where the entity that is applying for a certification is located (examples: Texas, New South Wales, Andhra Pradesh).
Uploading Webserver Key and Certificate 1 Select Upload Webserver Key and Certificate option, and then click Next. 2 Enter Private Key File using the browse menu. 3 Enter Certificate File using the browse menu. 4 After both the files are uploaded, click Apply. If the Web server key and certificate do not match, an error message is displayed. NOTE: Only X509, Base-64 encoded certificates are accepted by the CMC. Certificates using other encoding schemes such as DER, are not accepted.
Managing Sessions The Sessions page displays all current instances of connections to the chassis and allows you to terminate any active session. NOTE: To terminate a session, you must have Chassis Configuration Administrator privilege. To manage or terminate a session: 1 Log in to the CMC through the Web. 2 Click the Network tab then click the Sessions subtab. 3 On the Sessions page, locate the session you want to terminate and click the appropriate button. Table 5-49.
Configuring Services The CMC includes a Web server that is configured to use the industry-standard SSL security protocol to accept and transfer encrypted data from and to clients over the Internet. The Web server includes a Dell self-signed SSL digital certificate (Server ID) and is responsible for accepting and responding to secure HTTP requests from clients. This service is required by the Web interface and remote CLI tool for communicating to the CMC.
Table 5-50. CMC Serial Console Settings Setting Description Enabled Enables Telnet console interface on the CMC. Default: Unchecked (disabled) Redirect Enabled Enables the serial/text console redirection to the server through your serial/Telnet/SSH client from the CMC. The CMC connects to iDRAC that internally connects to the server COM2 port.
Table 5-50. CMC Serial Console Settings (continued) Setting Description Escape Key Allows you to specify the Escape key combination that terminates serial/text console redirection when using the connect or racadm connect command. Default: ^\ (Hold and type a backslash (\) character) NOTE: The caret character ^ represents the key.
Table 5-51. Web Server Settings Setting Description Enabled Enables Web Server services (access through remote RACADM and the Web interface) for the CMC. Default: Checked (enabled) Max Sessions Displays the maximum number of simultaneous Web user interface sessions allowed for the chassis. A change to the Max Sessions property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-51. Web Server Settings (continued) Setting Description HTTP Port Number Displays the default port used by the CMC that listens for a server connection. NOTE: When you provide the HTTP address on the browser, the Web server automatically redirects and uses HTTPS.
Table 5-52. SSH Settings Setting Description Enabled Enables the SSH on the CMC. Default: Checked (enabled) Max Sessions The maximum number of simultaneous SSH sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-53. Telnet Settings Setting Description Enabled Enables Telnet console interface on the CMC. Default: Unchecked (disabled) Max Sessions Displays the maximum number of simultaneous Telnet sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-54. Remote RACADM Settings Setting Description Enabled Enables the remote RACADM utility access to the CMC. Default: Checked (enabled) Max Sessions Displays the maximum number of simultaneous RACADM sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-56. Remote Syslog Configuration Setting Description Enabled Enables the transmission and remote capture of the CMC log and Hardware log entries to the specified server(s). Valid values: Checked (enabled), unchecked (disabled) Default: unchecked (disabled) Syslog Server 1 The first of three possible servers to host a copy of the CMC and hardware log entries. Specified as a Host Name, an IPv6 address, or an IPv4 address.
Managing Firmware Updates This section describes how to use the Web interface to update firmware. The following Chassis components can be updated using the GUI or RACADM commands: • CMC — active and standby • iKVM • iDRAC • IOM infrastructure devices When you update firmware, there is a recommended process to follow that can prevent a loss of service if the update fails. See "Installing or Updating the CMC Firmware" on page 49 for guidelines to follow before you use the instructions in this section.
To view the updatable server components: 1 Log in to the Web interface. For more information, see "Accessing the CMC Web Interface" on page 103. 2 Click Server Overview in the system tree. 3 Click the Update tab. The Server Component Update appears. Updating Firmware NOTE: To update firmware on the CMC, you must have Chassis Configuration Administrator privilege. NOTE: The firmware update retains the current CMC and iKVM settings.
be running the updated image, only the standby CMC will have that image. In general, it is highly recommended to maintain identical firmware versions for the active and standby CMCs. NOTE: To avoid disconnecting other users during a reset, notify authorized users who might log in to the CMC and check for active sessions in the Sessions page. To open the Sessions page, select Chassis in the tree, click the Network tab, and then click the Sessions subtab.
NOTE: The update may take several minutes for the CMC. 5 For a standby CMC, when the update is complete the Update State field displays "Done". For an active CMC, during the final phases of the firmware update process, the browser session and connection with the CMC will be lost temporarily as the active CMC is taken offline. You must log in again after a few minutes, when the active CMC has rebooted. After the CMC resets, the new firmware is displayed on the Firmware Update page.
• To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. NOTE: The update may take up to two minutes for the iKVM. When the update is complete, iKVM resets and the new firmware is displayed on the Firmware Update page.
• Do not use the Refresh button or navigate to another page during the file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. NOTE: No file transfer timer is displayed when updating IOMINF firmware. The update process may cause a brief loss of connectivity to the IOM device since the device performs a restart when the update is complete.
• To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. NOTE: The update may take several minutes for the CMC or Server.
• To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. NOTE: It can take up to ten minutes to update the iDRAC firmware. Managing iDRAC The CMC provides the Deploy iDRAC page to allow the user to configure installed and newly inserted server's iDRAC network configuration settings.
Table 5-57. QuickDeploy Settings Setting Description QuickDeploy Enabled Enables/disables the QuickDeploy feature that automatically applies the iDRAC settings configured on this page to newly inserted servers; the auto configuration must be confirmed locally on the LCD panel. NOTE: This includes the root user password if the Set iDRAC Root Password on Server Insertion box is checked.
Table 5-57. QuickDeploy Settings (continued) Setting Description Starting iDRAC IPv4 Address (Slot 1) Specifies the static IP address of the iDRAC of the server in slot 1 of the enclosure. The IP address of each subsequent iDRAC is incremented by 1 for each slot from slot 1's static IP address. In the case where the IP address plus the slot number is greater than the subnet mask, an error message is displayed. NOTE: The subnet mask and the gateway are not incremented like the IP address.
5 To save the selections click the Save QuickDeploy Settings button. If you made changes to the iDRAC network setting, click the Apply iDRAC Network Settings button to deploy the settings to the iDRAC. 6 To update the table to the last saved QuickDeploy settings, and restore the iDRAC Network settings to the current values for each installed server, click Refresh. NOTE: Clicking the Refresh button deletes all iDRAC QuickDeploy and iDRAC Network configuration settings that have not been saved.
iDRAC Network Settings The iDRAC Network Settings section of the Deploy iDRAC page contains a table listing all installed server’s iDRAC IPv4 and IPv6 network configuration settings. Using this table you can configure the iDRAC network configurations settings for each installed server. The initial values displayed for each of the fields are the current values read from the iDRAC. Changing a field and clicking Apply iDRAC Network Settings saves the changed field to the iDRAC.
Table 5-58. iDRAC Network Settings (continued) Setting Description Change Root Password Enables (when checked) the ability to change the password of the iDRAC root user. The iDRAC Root Password and Confirm iDRAC Root Password fields must be provided for this operation to be successful. DHCP If selected DHCP is used to acquire the iDRAC IP address, subnet mask and default gateway, otherwise the values defined in the iDRAC network configuration fields are used.
6 To deploy the setting to iDRAC, click Apply iDRAC Network Settings button. If you made changes to the QuickDeploy settings, they will also be saved. 7 To restore the iDRAC Network settings to the current values for each installed server, and update the QuickDeploy table to the last saved QuickDeploy settings click Refresh. NOTE: Clicking Refresh button deletes all iDRAC QuickDeploy and iDRAC Network configuration settings that have not been saved.
The remote console feature is supported only when all of the following conditions are met: • The chassis power is on. • Server is PowerEdge M610, M610X, M710, M710HD, or M910. • The LAN interface on the server is enabled. • The iDRAC version is 2.20 or later. • The host system is installed with JRE (Java Runtime Environment) 6 Update 16 or later. • The browser on host system allows pop-up windows (pop-up blocking is disabled). NOTE: Remote Console can also be launched from the iDRAC GUI.
• A CMC user who has server administrative privilege, will automatically be logged into iDRAC using single sign-on. Once on the iDRAC site, this user is automatically granted Administrator privileges. This is true even if the same user does not have an account on iDRAC, or if the account does not have the Administrator’s privileges. • A CMC user who does NOT have the server administrative privilege, but has the same account on iDRAC will automatically be logged into iDRAC using single sign-on.
FlexAddress This section describes the FlexAddress Web interface screens. FlexAddress is an optional upgrade that allows server modules to replace the factoryassigned WWN/MAC ID with a WWN/MAC ID provided by the chassis. NOTE: You must purchase and install the FlexAddress upgrade to have access to the configuration screens. If the upgrade has not been purchased and installed, the following text will be displayed on the Web interface: Optional feature not installed.
Perform the following steps to view whether FlexAddress is active for the chassis: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 103). 2 Click Chassis Overview in the system tree. 3 Click the Setup tab. The General Setup page appears. The FlexAddress entry will have a value of Active or Not Active; a value of active means that the feature is installed on the chassis. A value of not active means that the feature is not installed and not in use on the chassis.
The status page presents the following information: Fabric Configuration Fabric A, Fabric B, and Fabric C display the type of the Input/Output fabric installed. iDRAC displays the server management MAC address. NOTE: If Fabric A is enabled, unpopulated slots display chassisassigned MAC addresses for Fabric A and MAC or WWNs for Fabrics B and C if they are in use by populated slots. WWN/MAC Addresses Displays FlexAddress configuration for each slot in the chassis.
4 Click the Setup tab, and the FlexAddress subtab. The Deploy FlexAddress page is displayed. This page allows you to view the WWN configuration and MAC addresses for the selected server. The status page presents the following information: FlexAddress Enabled Displays whether the FlexAddress feature is active or not active for the particular slot. Current State Displays the current FlexAddress configuration: • Chassis-Assigned - selected slot address is chassis assigned using the FlexAddress.
iDRAC firmware Displays the iDRAC version currently installed on the server. BIOS Version Displays the current BIOS version of the server module. Slot Slot number of the server associated with the fabric location. Location Displays the location of the Input/Output (I/O) module in the chassis by group number (A, B, or C) and slot number (1 or 2). Slot names: A1, A2, B1, B2, C1, or C2. Fabric Displays the type of fabric.
Chassis-Level Fabric and Slot FlexAddress Configuration At the chassis level, you can enable or disable the FlexAddress feature for fabrics and slots. FlexAddress is enabled on a per-fabric basis and then slots will be selected for participation in the feature. Both fabrics and slots must be enabled to successfully configure FlexAddress.
Server-Level Slot FlexAddress Configuration At the server level, you can enable or disable the FlexAddress feature for individual slots. Use the following steps to enable or disable an individual slot to use the FlexAddress feature: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 103). 2 Expand Server Overview in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server you want to view. The Server Status page displays.
Table 5-59. Remote File Sharing Settings Setting Description Image File Path Image File Path is only needed for connect and deploy operations. It does not apply to disconnect operations. The path name of the network drive is mounted to the server through a Windows SMB or Linux/Unix NFS protocol.
Table 5-59. Remote File Sharing Settings (continued) Setting Description Power State Displays the power status of the server: N/A – The CMC has not yet determined the power state of the server. Off – Either the server is off or the chassis is off. On – Both the chassis and the server are on. Powering On – Temporary state between Off and On. On success, the Power State is On. Powering Off – Temporary state between On and Off. On success, the Power State is Off.
Frequently Asked Questions Table 5-60 lists the frequently asked questions while managing or recovering a remote system. . Table 5-60. Managing and Recovering a Remote System Question Answer When accessing the CMC Web interface, I get a security warning stating the host name of the SSL certificate does not match the host name of the CMC. The CMC includes a default CMC server certificate to ensure network security for the Web interface and remote RACADM features.
Table 5-60. Managing and Recovering a Remote System (continued) Question Answer Why are the remote RACADM and Web-based services unavailable after a property change? It may take a minute for the remote RACADM services and the Web interface to become available after the CMC Web server resets.
Table 5-60. Managing and Recovering a Remote System (continued) Question Answer The following message is displayed for unknown reasons: As part of discovery, IT Assistant attempts to verify the device’s get and set community names. In IT Assistant, you have the get community name = public and the set community name = private. By default, the community name for the CMC agent is public.
Using the CMC Web Interface
6 Using FlexAddress The FlexAddress feature is an optional upgrade that allows server modules to replace the factory-assigned World Wide Name and Media Access Control (WWN/MAC) network IDs with WWN/MAC IDs provided by the chassis. Every server module is assigned unique WWN and/or MAC IDs as part of the manufacturing process.
Activating FlexAddress FlexAddress is delivered on a Secure Digital (SD) card that must be inserted into the CMC to activate the feature. To activate the FlexAddress feature, software updates may be required; if you are not activating FlexAddress these updates are not required. The updates, which are listed in the table below, include server module BIOS, I/O mezzanine BIOS or firmware, and CMC firmware. You must apply these updates before you enable FlexAddress.
NOTE: Any system ordered after June 2008 will have the correct firmware versions. To ensure proper deployment of the FlexAddress feature, update the BIOS and the firmware in the following order: 1 Update all mezzanine card firmware and BIOS. 2 Update server module BIOS. 3 Update iDRAC firmware on the server module. 4 Update all CMC firmware in the chassis; if redundant CMCs are present, ensure both are updated.
Use the following RACADM command to verify the SD feature card and its status: racadm featurecard -s Table 6-1. Status Messages Returned by featurecard -s Command Status Message Actions No feature card inserted. Check the CMC to verify that the SD card was properly inserted. In a redundant CMC configuration, make sure the CMC with the SD feature card installed is the active CMC and not the standby CMC. The feature card inserted is valid and No action required.
If there are no active features on the chassis, the command returns a message: racadm feature -s No features active on the chassis. Dell Feature Cards may contain more than one feature. Once any feature included on a Dell Feature Card has been activated on a chassis, any other features that may be included on that Dell Feature Card cannot be activated on a different chassis.
If the chassis is not powered-down prior to execution, the command will fail with the following error message: ERROR: Unable to deactivate the feature because the chassis is powered ON For further information on the command, see the feature command section of the Dell Chassis Management Controller Administrator Reference Guide. Configuring FlexAddress Using the CLI NOTE: You must enable both—the slot and fabric— for the chassis-assigned MAC address to be pushed to the iDRAC.
Where 0 is disable and 1 is enable. For additional information on the command, see the setflexaddr command section of the Dell Chassis Management Controller Administrator Reference Guide.
See "Configuring FlexAddress Using the CLI" on page 220 for additional details on FlexAddress configuration. For additional information on the command, see the getflexaddr command section of the Dell Chassis Management Controller Administrator Reference Guide. Configuring FlexAddress Using the GUI Wake-On-LAN with FlexAddress When the FlexAddress feature is deployed for the first time on a given server module, it requires a power-down and power-up sequence for FlexAddress to take effect.
3 What happens if the feature card is removed and a non-FlexAddress card is installed? No activation or modifications to the card should occur. The card will be ignored by CMC.
6 Does the SD card have a write protection lock on it? Yes it does. Before installing the SD card into the CMC module, verify the write protection latch is in the unlock position. The FlexAddress feature cannot be activated if the SD card is write protected. In this situation, the $racadm feature -s command will return this message: No features active on the chassis.
10 In a chassis with redundant CMCs, if you are replacing a CMC unit with one that has firmware prior to 1.10, the following procedure must be used to ensure the current FlexAddress feature and configuration will NOT be removed. a Ensure the active CMC firmware is always version 1.10 or later. b Remove the standby CMC and insert the new CMC in its place. c From the Active CMC, upgrade the standby CMC firmware to 1.10 or later. NOTE: If you do not update the standby CMC firmware to 1.
Command Messages The following table lists the RACADM commands and output for common FlexAddress situations. Table 6-2. FlexAddress Commands and Output Situation Command SD card in the active $racadm featurecard -s CMC module is bound to another service tag.
Table 6-2.
FlexAddress DELL SOFTWARE LICENSE AGREEMENT This is a legal agreement between you, the user, and Dell Products L.P. or Dell Global B.V. ("Dell"). This agreement covers all software that is distributed with the Dell product, for which there is no separate license agreement between you and the manufacturer or owner of the software (collectively the "Software"). This agreement is not for the sale of Software or any other intellectual property.
The Software is protected by United States copyright laws and international treaties. You may make one copy of the Software solely for backup or archival purposes or transfer it to a single hard disk provided you keep the original solely for backup or archival purposes.
AND ALL ACCOMPANYING WRITTEN MATERIALS. This limited warranty gives you specific legal rights; you may have others, which vary from jurisdiction to jurisdiction. IN NO EVENT SHALL DELL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR OTHER PECUNIARY LOSS) ARISING OUT OF USE OR INABILITY TO USE THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
documentation with only those rights set forth herein. Contractor/manufacturer is Dell Products, L.P., One Dell Way, Round Rock, Texas 78682. GENERAL This license is effective until terminated. It will terminate upon the conditions set forth above or if you fail to comply with any of its terms. Upon termination, you agree that the Software and accompanying materials, and all copies thereof, will be destroyed. This agreement is governed by the laws of the State of Texas.
Using FlexAddress
Using FlexAddress Plus 7 The FlexAddress Plus is a new feature added to the feature card version 2.0. It is an upgrade from FlexAddress feature card version 1.0. FlexAddress Plus contains more MAC addresses than the FlexAddress feature. Both features allow the chassis to assign WWN/MAC (World Wide Name/Media Access Control) addresses to Fibre Channel and Ethernet devices. Chassis assigned WWN/MAC addresses are globally unique and specific to a server slot.
FlexAddress vs FlexAddress Plus FlexAddress has 208 addresses divided into 16 server slots, thus each slot is allocated with 13 MACs. FlexAddress Plus has 2928 addresses divided into 16 server slots, thus each slot is allocated with 183 MACs. The table below shows the provision of the MAC addresses in both the features. Fabric A Fabric B Fabric C iDRAC Management Total MACs FlexAddress 4 4 4 1 13 FlexAddress 60 Plus 60 60 3 183 Figure 7-1.
Scheme 1 and Scheme 2 MAC Address Allocation For backward compatibility with FA, the addresses in FA+ are divided into two groups: the first group has 208 addresses and the second group has 2928 addresses. In the first group, 13 MACs are allocated to each of the 16 slots in the same way FA does. In the second group, 183 MACs are allocated for each slot. The allocation of the 13 MAC addresses of the first group for each server is divided as: one for iDRAC and four for each fabric, A, B, and C.
If a chassis currently has FA activated, FA does not need to be deactivated in order to add FA+. In this case, the MAC address allocations are applied as follows: • The MAC addresses of scheme 1 are allocated from FA of the feature card 1.0. There is no change in the previous WWN/MAC configuration. • The additional MAC addresses of scheme 2 are allocated from the scheme 2 addresses of FA+.
Fabric A port 2: 00:FA:AE:58:59:2E (from FA) 00:FA:AE:58:59:2F (from FA) 00:FB:AE:58:5A:00 (from FA+) 00:FB:AE:58:5A:01 (from FA+) Fabric B port 1: 00:FA:AE:58:59:30 (from FA) 00:FA:AE:58:59:31 (from FA) Fabric B port 2: 00:FA:AE:58:59:32 (from FA) 00:FA:AE:58:59:33 (from FA) Fabric C port 1: 00:FA:AE:58:59:34 (from FA) 00:FA:AE:58:59:35 (from FA) Fabric C port 2: 00:FA:AE:58:59:36 (from FA) 00:FA:AE:58:59:37 (from FA) When a chassis with no previous FA—either it has never been activated or it was
Fabric B port 2: 00:FB:AE:58:59:32 (FA) 00:FB:AE:58:59:33 (FA) Fabric C port 1: 00:FB:AE:58:59:34 (FA) 00:FB:AE:58:59:35 (FA) Fabric C port 2: 00:FB:AE:58:59:36 (FA) 00:FB:AE:58:59:37 (FA) 238 Using FlexAddress Plus
8 Using the CMC Directory Service A directory service maintains a common database of all information needed for controlling network users, computers, printers, and so on. If your company uses the Microsoft Active Directory service software or the LDAP Directory Service software, you can configure the CMC to use directory based user authentication.
Standard Schema Active Directory Overview Using standard schema for Active Directory integration requires configuration on both Active Directory and the CMC. On the Active Directory side, a standard group object is used as a role group. A user who has CMC access is a member of the role group. In order to give this user access to a specific CMC card, the role group name and its domain name need to be configured on the specific CMC card.
Table 8-1.
NOTE: The bit mask values are used only when setting Standard Schema with the RACADM. NOTE: For more information about user privileges, see "User Types" on page 150. There are two ways to enable Standard Schema Active Directory: • With the CMC Web interface. See "Configuring the CMC With Standard Schema Active Directory and Web Interface" on page 242. • With the RACADM CLI tool. See "Configuring the CMC With Standard Schema Active Directory and RACADM" on page 245.
5 In the Common Settings section: a Select the Enable Active Directory check box. b Type the Root Domain Name. NOTE: The Root domain name must be a valid domain name using the x.y naming convention, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. c Type the Timeout in seconds. Timeout range is 15–300 seconds.
14 Upload your domain forest Root certificate authority-signed certificate into the CMC. In the Certificate Management section, type the file path of the certificate or browse to the certificate file. Click the Upload button to transfer the file to the CMC. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension.
Configuring the CMC With Standard Schema Active Directory and RACADM To configure the CMC Active Directory Feature with Standard Schema using the RACADM CLI, use the following commands: 1 Open a serial/Telnet/SSH text console to the CMC, and type: racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g cfgActiveDirectory -o cfgADType 2 racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupName
2 Specify a DNS server using one of the following options: • If DHCP is enabled on the CMC and you want to use the DNS address obtained automatically by the DHCP server, type the following command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 • If DHCP is disabled on the CMC or you want manually to input your DNS IP address, type the following commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1
You can extend the Active Directory database by adding your own unique Attributes and Classes to address your company’s environment-specific needs. Dell has extended the schema to include the necessary changes to support remote management Authentication and Authorization. Each Attribute or Class that is added to an existing Active Directory Schema must be defined with a unique ID. To maintain unique IDs across the industry, Microsoft maintains a database of Active Directory Object Identifiers (OIDs).
Overview of the RAC Schema Extensions Dell provides a group of properties that you can configure. The Dell extended schema include Association, Device, and Privilege properties. The Association property links together users or groups with a specific set of privileges to one or more RAC devices. This model provides an Administrator maximum flexibility over the different combinations of users, RAC privileges, and RAC devices on the network without adding too much complexity.
Figure 8-2. Typical Setup for Active Directory Objects Association Object User(s) Group(s) Privilege Object RAC Device Object(s) RAC Privilege Object The Association Object allows for as many or as few users and/or groups as well as RAC Device Objects. However, the Association Object only includes one Privilege Object per Association Object. The Association Object connects the "Users" who have "Privileges" on the RACs (CMCs).
Figure 8-3. Setting Up Active Directory Objects in a Single Domain AO1 Group1 User1 User2 AO2 Priv1 User3 Priv2 RAC1 RAC2 To configure the objects for the single domain scenario: 1 Create two Association Objects. 2 Create two RAC Device Objects, RAC1 and RAC2, to represent the two CMCs. 3 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privilege. 4 Group user1 and user2 into Group1.
Figure 8-4 provides an example of Active Directory objects in multiple domains. In this scenario, you have two CMCs (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). User1 is in Domain1, and user2 and user 3 are in Domain2. In this scenario, configure user1 and user 2 with administrator privileges to both CMCs and configure user3 with login privileges to the RAC2 card. Figure 8-4.
4 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privilege. 5 Group user1 and user2 into Group1. The group scope of Group1 must be Universal. 6 Add Group1 as Members in Association Object 1 (A01), Priv1 as Privilege Objects in A01, and RAC1, RAC2 as RAC Devices in A01. 7 Add User3 as Members in Association Object 2 (A02), Priv2 as Privilege Objects in A02, and RAC2 as RAC Devices in A02.
You can extend your schema using one of the following methods: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema.
See your Microsoft documentation for more information on how to enable and use the Active Directory Schema Snap-In the MMC. Table 8-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) dellRacDevice 1.2.840.113556.1.8000.1280.1.1.1.1 dellAssociationObject 1.2.840.113556.1.8000.1280.1.1.1.2 dellRACPrivileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.
Table 8-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines Authorization Rights (privileges) for the CMC device. Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsTestAlertUser dellIsDebugCommandAdmin dellPermissionMask1 dellPermissionMask2 Table 8-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 8-8. List of Attributes Added to the Active Directory Schema Assigned OID/Syntax Object Identifier Single Valued Attribute: dellPrivilegeMember Description: List of dellPrivilege objects that belong to this attribute. OID: 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE Distinguished Name: (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) Attribute: dellProductMembers Description: List of dellRacDevices objects that belong to this role.
Table 8-8. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellIsUserConfigAdmin Description: TRUE if the user has User Configuration Administrator rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.5 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: delIsLogClearAdmin Description: TRUE if the user has Clear Logs Administrator rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.
Table 8-8. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellRacType Description: This attribute is the Current Rac Type for the dellRacDevice object and the backward link to the dellAssociationObjectMembers forward link. OID: 1.2.840.113556.1.8000.1280.1.1.2.13 TRUE Case Ignore String(LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.
For more information about the Active Directory User’s and Computers Snap-In, see your Microsoft documentation. Installing the Administrator Pack You must install the Administrator Pack on each system that is managing the Active Directory CMC Objects. If you do not install the Administrator Pack, you cannot view the Dell RAC Object in the container.
Creating a RAC Device Object 1 In the MMC Console Root window, right-click a container. 2 Select New Dell RAC Object. The New Object window appears. 3 Type a name for the new object. The name must be identical to the CMC Name that you will type in step 8a of "Configuring the CMC With Extended Schema Active Directory and the Web Interface" on page 262. 4 Select RAC Device Object. 5 Click OK.
For example, if you select Universal, the association objects are only available when the Active Directory Domain is functioning in Native Mode or above. 1 In the Console Root (MMC) window, right-click a container. 2 Select New Dell RAC Object. This opens the New Object window. 3 Type a name for the new object. 4 Select Association Object. 5 Select the scope for the Association Object. 6 Click OK.
Click the Products tab to add one or more RAC devices to the association. The associated devices specify the RAC devices connected to the network that are available for the defined users or user groups. Multiple RAC devices can be added to an Association Object. Adding RAC Devices or RAC Device Groups To add RAC devices or RAC device groups: 1 Select the Products tab and click Add. 2 Type the RAC device or RAC device group name and click OK. 3 In the Properties window, click Apply and click OK.
6 Optional: If you want the directed call to search the domain controller and global catalog, select the Search AD Server to search (Optional) check box, then: a In the Domain Controller text field, type the server where your Active Directory service is installed. b In the Global Catalog text field, type the location of the global catalog on the Active Directory domain controller. The global catalog provides a resource for searching an Active Directory forest. NOTE: Setting the IP address as 0.0.0.
NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. SSL certificate validation is required by default. There is a new setting in the cfgActiveDirectory RACADM group and within the GUI to disable the certificate check. WARNING: It is risky to disable the certificate check.
Configuring the CMC With Extended Schema Active Directory and RACADM Using the following commands to configure the CMC Active Directory Feature with Extended Schema using the RACADM CLI tool instead of the Web interface.
(FQDNs) of the servers. The FQDNs consist of the host names and the domain names of the servers. To specify an LDAP server, type: racadm config -g cfgActiveDirectory -o cfgADDomainController To specify a Global Catalog server, type: racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog NOTE: Setting the IP address as 0.0.0.0 disables the CMC from searching for a server.
Frequently Asked Questions Table 8-9. Using CMC With Active Directory: Frequently Asked Questions Question Answer Can I log into the CMC using Active Directory across multiple trees? Yes. The CMC’s Active Directory querying algorithm supports multiple trees in a single forest. Does the login to the CMC using Active Directory work in mixed mode (that is, the domain controllers in the forest run different operating systems, such as Microsoft Windows 2000 or Windows Server 2003)? Yes.
Table 8-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question Answer I created and uploaded a new RAC certificate and now the Web interface does not launch. If you use Microsoft Certificate Services to generate the RAC certificate, you may have inadvertently chose User Certificate instead of Web Certificate when creating the certificate.
Table 8-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question What can I do if I cannot log into the CMC using Active Directory authentication? How do I troubleshoot the issue? Answer 1 Ensure that you use the correct user domain name during a login and not the NetBIOS name. 2 If you have a local CMC user account, log into the CMC using your local credentials.
Starting with CMC version 2.10, the CMC can use Kerberos to support two additional types of login mechanisms—single sign-on and Smart Card login. For single sign-on login, the CMC uses the client system’s credentials, which are cached by the operating system after you log in using a valid Active Directory account. NOTE: Selecting a login method does not set policy attributes with respect to other login interfaces, for example, SSH. You must set other policy attributes for other login interfaces as well.
CMC • The CMC must have firmware version 2.10 or later • Each CMC must have an Active Directory account • The CMC must be a part of the Active Directory domain and Kerberos Realm Configuring Settings Prerequisites • The Kerberos realm & Key Distribution Center (KDC) for Active Directory (AD) has been setup (ksetup).
NOTE: The cmcname.domainname.com must be lower case as required by RFC and the REALM name, @REALM_NAME must be uppercase. In addition the CMC supports the DES-CBC-MD5 type of cryptography for Kerberos authentication. This procedure produces a keytab file that you must upload to the CMC. NOTE: The keytab contains an encryption key and must be kept secure. For more information on the ktpass utility, see the Microsoft website at: technet2.microsoft.
Enabling Single Sign-On 1 Click Chassis Management Controller Network Security tab Active Directory Configure Active Directory. The Active Directory Configuration and Management page is displayed. 2 On the Active Directory Configuration and Management page, select: • Single Sign-On — this option enables you to log in to the CMC using the cached credentials obtained when you log in to the Active Directory.
The Local Intranet dialog box is displayed. 4 Click Advanced. The Local Intranet Advance Settings dialog box is displayed. 5 In the Add this site to the zone, type the name of the CMC and the domain it belongs to and click Add. NOTE: You can use a wildcard (*) to specify all devices/users in that domain. Mozilla Firefox 1 In Firefox, type about:config in the Address bar. NOTE: If the browser displays the This might void your warranty warning, click I'll be careful. I promise.
The CMC Single Sign-On page is displayed. 3 Click Login. The CMC logs you in, using the Kerberos credentials that were cached by your browser when you logged in using your valid Active Directory account. If the login fails, the browser is redirected to the normal CMC login page. NOTE: If you did not log in to the Active Directory domain and are using a browser other then Internet Explorer, the login fails and the browser only displays a blank page.
Configuring Active Directory 1 Set up Kerberos realm & Key Distribution Center (KDC) for Active Directory, if not already configured (ksetup). NOTE: Ensure a robust NTP and DNS infrastructure to avoid issues with clock drift & reverse lookup. 2 Create Active Directory users for each CMC, configured to use Kerberos DES encryption but not pre-authentication. 3 Register the CMC users to the Key Distribution Center with Ktpass (this also outputs a key to upload to the CMC).
Enabling Smart Card Authentication 1 Navigate to the User Authentication tab Directory Services subtab. Ensure that Microsoft Active Directory Standard or Extended Schema is selected. 2 In the Common Settings Section, select: • Smart Card — this option requires that you insert a Smart Card into reader and enter the PIN number. NOTE: All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM remain unchanged for this option.
2 Access the CMC Web page using https:// For example, cmc-6G2WXF1.cmcad.lab where cmc-6G2WXF1 is the cmc-name cmcad.lab is the domain-name. NOTE: If you changed the default HTTPS port number (port 80), access the CMC Web page using :, where cmcname is the CMC host name for the CMC, domain-name is the domain name, and port number is the HTTPS port number. The CMC Single Sign-On page is displayed prompting you to insert the Smart Card.
Incorrect Smart Card PIN Check to see if the Smart Card has been locked out due to too many attempts with an incorrect PIN. In such cases, the issuer of the Smart Card in the organization will be able to help you get a new Smart Card. Unable to Log into CMC as an Active Directory User If you cannot log into the CMC as an Active Directory user, try logging into the CMC without enabling the Smart Card logon.
Figure 8-5. Configuration of CMC with Generic LDAP Configuration on Generic LDAP Side Role Group Configuration on CMC Side Role Group Name and Domain Name Role Definition User Configuring the Generic LDAP Directory to Access CMC The CMC's Generic LDAP implementation uses two phases in granting access to a user. Phase 1 begins with user authentication, followed by phase 2 for user authorization.
4 Unbind and perform a bind with the user's DN and password. 5 If the bind fails, then the login fails. If these steps succeed then the user is considered authenticated. The next phase is authorization. The CMC stores a maximum of 5 groups and their corresponding privileges. A user has the option to be added to multiple groups within the directory service. If the user is a member of multiple groups, then the user obtains the privileges of all their groups.
Table 8-10. Common Settings Setting Description Generic LDAP Enabled Enables the generic LDAP service on the CMC. Use Distinguished Name to Search Group Membership Specifies the distinguished name (DN) of LDAP groups whose members are allowed access to the device. Enable SSL Certificate Validation If checked, CMC uses the CA certificate to validate the LDAP server certificate during SSL handshake.
Table 8-10. Common Settings Setting Description Search Timeout (seconds) Sets the time in seconds after which a search is automatically closed. Selecting Your LDAP Servers You can configure the server to use with Generic LDAP in two ways. Static Servers allows the administrator to place a FQDN or IP address within the field. Alternatively, a list of LDAP servers can be retrieved by looking up their SRV record within the DNS.
Managing LDAP Group Settings The table in the Group Settings section lists role groups, displaying associated names, domains, and privileges for any role groups that are already configured. • To configure a new role group, click a role group name that does not have a name, domain, and privilege listed. • To change the settings for an existing role group, click the role group name. When you click a role group name, the Configure Role Group page appears.
Configuring Generic LDAP Directory Service Using RACADM NOTE: This feature supports both IPv4 and IPv6. There are many options to configure LDAP logins. In most of the cases, some options can be used with their default settings. NOTE: It is highly recommended to use the 'racadm testfeature -f LDAP' command to test the LDAP settings for first time setups. This feature supports both IPv4 and IPv6.
Using the CMC Directory Service
9 Power Management Overview The Dell PowerEdge M1000e server enclosure is the most power-efficient modular server in the market. It is designed to include highly-efficient power supplies and fans, has an optimized layout so that air flows more easily through the system, and contains power-optimized components throughout the enclosure.
When you configure a system for AC redundancy, the PSUs are divided into grids: PSUs in slots 1, 2, and 3 are in the first grid while PSUs in slots 4, 5, and 6 are in the second grid. The CMC manages power so that if there is a failure of either grid the system will continue to operate without any degradation. AC redundancy also tolerates failures of individual PSUs.
NOTE: In the event of a single PSU failure in this configuration, the remaining PSUs in the failing grid are marked as Online. In this state, any of the remaining PSUs can fail without interrupting operation of the system. If a PSU fails, the chassis health is marked non-critical. If the smaller grid cannot support the total chassis power allocations then AC redundancy status is reported as No Redundancy and Chassis health is displayed as Critical.
No Redundancy Mode The no redundancy mode is the factory default setting for 3 PSU configuration and indicates that the chassis does not have any power redundancy configured. In this configuration, the overall redundancy status of the chassis always indicates No Redundancy. The CMC does not require the PSU units to be present in any specific PSU slot positions when No Redundancy is configured. NOTE: All PSUs in the chassis are Online if DPSE is disabled when in No Redundancy mode.
When you enable DPSE, the extra PSUs may be placed in Standby mode to increase efficiency and save power. For more information, see "Dynamic Power Supply Engagement" on page 294. Power Budgeting for Hardware Modules Figure 9-4 illustrates a chassis that contains a six-PSU configuration. The PSUs are numbers 1-6, starting on the left-side of the enclosure. Figure 9-4.
The iDRAC provides the CMC with its power envelope requirements before powering up the server. The power envelope consists of the maximum and minimum power requirements necessary to keep the server operating. iDRAC’s initial estimate is based on its initial understanding of components in the server. After operation commences and further components are discovered, iDRAC may increase or decrease its initial power requirements.
Configuration changes, such as an additional server in the chassis, may require the System Input Power Cap to be increased. Power needs in a modular enclosure also increase when thermal conditions change and the fans are required to run at higher speed, which causes them to consume additional power. Insertion of I/O modules and iKVM also increases the power needs of the modular enclosure.
If an administrator manually powers on the low priority server modules before the higher priority ones, then the low priority server modules will be the first modules to have their power allocation lowered down to the minimum value, in order to accommodate the higher priority servers. So after the available power for allocation is exhausted, then the CMC reclaims power from lower or equal priority servers until they are at their minimum power level.
DPSE can be enabled for all three power supply redundancy configurations explained above — No Redundancy, Power Supply Redundancy, and AC Redundancy. • In a No Redundancy configuration with DPSE, the M1000e can have up to five power supply units in Standby state. In a six PSU configuration, some PSU units will be placed in Standby and stay unutilized to improve power efficiency.
Redundancy Policies Redundancy policy is a configurable set of properties that determine how the CMC manages power to the chassis. The following redundancy policies are configurable with or without dynamic PSU engagement: • AC Redundancy • Power Supply Redundancy • No Redundancy The default redundancy configuration for a chassis depends on how many PSUs it contains, as shown in Table 9-1. Table 9-1.
No Redundancy Power from up to three PSUs is used to power the entire chassis. So in a 6-PSU chassis, a chassis continues to operate at full capacity if any 3 PSUs fail. CAUTION: The No Redundancy mode uses only a minimum number of PSUs without a backup. Failure of one of the active PSUs could cause servers to lose power and data. Power Conservation and Power Budget Changes The CMC performs power conservation when the user-configured maximum power limit is reached.
In maximum power conservation mode, all servers start functioning at their minimum power levels, and all subsequent server power allocation requests are denied. In this mode, the performance of powered on servers may be degraded. Additional servers cannot be powered on, regardless of server priority. The system is restored to full performance when the user or an automated command line script clears the maximum conservation mode.
Using the Web Interface Verify that the 110 V circuit is rated for the current expected, and then perform the following steps: 1 Click Chassis Overview in the system tree. 2 Click Power Configuration. 3 Select Allow 110 VAC Operation and click Apply. Using RACADM Verify that your 110 V circuit is rated for the expected current, and then perform the following steps: 1 Open a serial/Telnet/SSH text console to the CMC and log in.
The highest amount of sustained power required to run the chassis and all of the servers, including the new one, at full power is the worst-case power requirement. If that amount of power is available, then no servers are allocated power that is less than the worst-case power needed and the new server is allowed to power up. If the worst-case power requirement cannot be met, power is reduced to the lower priority servers until enough power is freed to power up the new server.
Table 9-3. Chassis Impact from PSU Failure or Removal (continued) PSU Configuration Dynamic PSU Firmware Response Engagement Power Supply Redundancy Disabled CMC alerts you of loss of Power Supply Redundancy. No Redundancy Disabled Decrease power to low priority servers, if needed. AC Redundancy Enabled CMC alerts you of loss of AC Redundancy. PSUs in standby mode (if any) are turned on to compensate for power budget lost from the PSU failure or removal.
Power Supply and Redundancy Policy Changes in System Event Log Changes in the power supply state and power redundancy policy are recorded as events. Events related to the power supply that record entries in the system event log (SEL) are power supply insertion and removal, power supply input insertion and removal, and power supply output assertion and de-assertion. Table 9-4 lists the SEL entries that are related to power supply changes. Table 9-4.
Redundancy Status and Overall Power Health The redundancy status is a factor in determining the overall power health. When the power redundancy policy is set, for example, to AC Redundancy and the redundancy status indicates that the system is operating with redundancy, the overall power health will typically be OK. However, if the conditions for operating with AC redundancy cannot be met, the redundancy status will be No, and the overall power health will be Critical.
2 The Chassis Status page is displayed. The lower section of Chassis Graphics depicts the rear view of the chassis and contains the health status of all PSUs. PSU health status is indicated by the color of the PSU subgraphic: • Green — PSU is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber — Indicates a PSU failure. See the CMC log for details on the failure condition.
Table 9-6. Power Supplies (continued) Item Description Health OK Indicates that the PSU is present and communicating with the CMC. In the event of a communication failure between the CMC and the power supply, the CMC cannot obtain or display health status for the PSU. Warning Indicates that only Warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken, it could lead to critical or severe power failures that can affect the integrity of the chassis.
For more information about getpminfo, including output details, see the Chassis Management Controller Administrator Reference Guide on the Dell Support website at support.dell.com. Viewing Power Consumption Status The CMC provides the actual input power consumption for the entire system on the Power Consumption Status page. Using the Web Interface NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. 1 Log in to the CMC Web interface.
Table 9-8. Real-Time Power Statistics Item Description System Input Power Displays the current cumulative power consumption of all modules in the chassis measured from the input side of the PSUs. The value for system input power is indicated in both watts and BTU/h units. Peak System Power Displays the maximum system level input power consumption since the value was last cleared.
Table 9-8. Real-Time Power Statistics (continued) Item Description Minimum System Displays the date and time recorded when the minimum system Power Start Time power consumption value was last cleared. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year.
Table 9-9. Real-Time Energy Statistics Status Item Description System Energy Consumption Displays the current cumulative energy consumption for all modules in the chassis measured from the input side of the power supplies. The value is displayed in KWh and it is a cumulative value. System Energy Consumption Start Time Displays the date and time recorded when the system energy consumption value was last cleared, and the new measurement cycle began.
Table 9-11. Server Modules Item Description Slot Displays the location of the server module. The Slot is a sequential number (1–16) that identifies the server module by its location within the chassis. Name Displays the server name. The server name can be redefined by the user. Present Displays whether the server is present in the slot (Yes or No). If this field displays Extension of # (where the # will be 1-8), then number that follows it is the main slot of a multi-slot server.
Table 9-12 through Table 9-15 describe the information displayed on the Power Budget Status page. See "Configuring Power Budget and Redundancy" on page 315 for information about configuring the settings for this information. Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm getpbinfo For more information about getpbinfo, including output details, see the getpbinfo command section in the Chassis Management Controller Administrator Reference Guide. Table 9-12.
Table 9-12. System Power Policy Configuration (continued) Item Description Redundancy Policy Displays the current redundancy configuration: AC Redundancy, Power Supply Redundancy, and No Redundancy. AC Redundancy — Power input is load-balanced across all PSUs. Half of them should be cabled to one AC grid and the other half should be cabled to another grid. When the system is running optimally in AC Redundancy mode, power is load-balanced across all active supplies.
Table 9-13. Power Budgeting Item Description System Input Max Power Capacity Maximum input power that the available power supplies can supply to the system (in watts). Input Redundancy Reserve Displays the amount of redundant power (in watts) in reserve that can be utilized in the event of an AC grid or power supply unit (PSU) failure.
Table 9-14. Server Modules Item Description Slot Displays the location of the server module. The Slot is a sequential number (1–16) that identifies the server module by its location within the chassis. Name Displays the server name. The server name is defined by the user. Type Displays the type of the server. Priority Displays the priority level allotted to the server slot in the chassis for power budgeting.
Table 9-15. Chassis Power Supplies Item Description Name Displays the name of the PSU in the format PS-n, where n, is the PSU number. Power State Displays the power state of the PSU — Initializing, Online, Stand By, In Diagnostics, Failed, Unknown, or Absent (missing). Input Volts Displays the present input voltage of the power supply. Input Current Displays the present input current of the power supply. Output Rated Power Displays the maximum output power rating of the power supply.
Table 9-16. Configurable Power Budget/Redundancy Properties Item Description System Input Power Cap System Input Power Cap is the maximum AC power that the system is allowed to allocate to servers and chassis infrastructure. It can be configured by the user to any value that exceeds the minimum power needed for servers that are powered on and the chassis infrastructure; configuring a value that falls below the minimum power needed for servers and the chassis infrastructure will fail.
Table 9-16. Configurable Power Budget/Redundancy Properties (continued) Item Description Redundancy Policy This option allows you to select one the following options: • No Redundancy: Power from the power supplies is used to power the entire chassis, including the chassis, servers, I/O modules, iKVM, and CMC. No power supplies must be kept in reserve. NOTE: The No Redundancy mode uses only the minimum required number of power supplies at a time.
Table 9-16. Configurable Power Budget/Redundancy Properties (continued) Item Description Enable Dynamic Power Supply Engagement On selection, enables dynamic power management. In Dynamic Engagement mode, the power supplies are turned ON (online) or OFF (standby) based on power consumption, optimizing the energy consumption of the entire chassis. For example, your power budget is 5000 watts, your redundancy policy is set to AC redundancy mode, and you have six power supply units.
where is 0 (No Redundancy), 1 (AC Redundancy), 2 (Power Supply Redundancy). The default is 0. For example, the following command: racadm config -g cfgChassisPower -o cfgChassisRedundancyPolicy 1 sets the redundancy policy to 1. • To enable or disable dynamic PSU engagement, type: racadm config -g cfgChassisPower -o cfgChassisDynamicPSUEngagementEnable where is 0 (disable), 1 (enable). The default is 0.
3 Click Power Server Priority. The Server Priority page appears, listing all of the servers in your chassis. 4 Select a priority level (1–9, with 1 holding the highest priority) for one, multiple, or all servers. The default value is 1. You can assign the same priority level to multiple servers. 5 Click Apply to save your changes.
5 Type a budget value of up to 11637 watts in the System Input Power Cap text field. NOTE: The power capacity of the chassis is limited to 11637 Watts. If you attempt to set an AC power budget value that exceeds the power capacity of your chassis, the CMC displays a failure message. NOTE: When value changes are specified in watts, the submitted value will exactly reflect what is actually applied.
Server Power Reduction to Maintain Power Budget The CMC reduces power allocations of lower priority servers when additional power is needed to maintain the system power consumption within the user-configured System Input Power Cap. For example, when a new server is engaged, the CMC may decrease power to low priority servers to allow more power for the new server.
5 Click the corresponding radio buttons to select one of the following Power Control Operations: • Power On System — Turns on the chassis power (the equivalent of pressing the power button when the chassis power is OFF). This option is disabled if the chassis is already powered ON. NOTE: This action powers on the chassis and other subsystems (iDRAC on the servers, IOMs, and iKVM). Servers will not power on. • Power Off System — Turns off the chassis power.
Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm chassisaction -m chassis where is powerup, powerdown, powercycle, nongraceshutdown or reset. Executing Power Control Operations on an IOM You can remotely execute a reset or power cycle on an individual IOM. NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. Using the Web Interface 1 Log in to the CMC Web interface. 2 Select I/O Modules Overview.
Executing Power Control Operations on a Server NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. The CMC enables you to remotely perform several power management actions, for example, an orderly shutdown, on an individual server in the chassis. Using the Web Interface 1 Log in to the CMC Web interface. 2 Expand Server Overview in the system tree, and then select the server on which you want to execute a power control operation.
• Reset Server (warm boot) — Reboots the server without powering off. This option is disabled if the server is powered off. • Power Cycle Server (cold boot) — Powers off and then reboots the server. This option is disabled if the server is powered off. 6 Click Apply. A dialog box appears requesting confirmation. 7 Click OK to perform the power management action (for example, cause the server to reset).
The overall power health is at least in Non-Critical state when the chassis is operating in 110V mode and the user has not acknowledged the 110V operation. The "Warning" icon is displayed on the GUI main page when in Non-Critical state. Mixed 110V and 220V operation is not supported. If the CMC detects that both voltages are in use then one voltage is selected and those power supplies connected to the other voltage are powered off and marked as failed.
Power Management
Using the iKVM Module 10 Overview The local access KVM module for your Dell M1000e server chassis is called the Avocent Integrated KVM Switch Module, or iKVM. The iKVM is an analog keyboard, video, and mouse switch that plugs into your chassis. It is an optional, hot-pluggable module to the chassis that provides local keyboard, mouse, and video access to the servers in the chassis, and to the active CMC’s command line.
Server Identification The CMC assigns slots names for all servers in the chassis. Although you can assign names to the servers using the OSCAR interface from a tiered connection, the CMC assigned names take precedence, and any new names you assign to servers using OSCAR will be overwritten. The CMC identifies a slot by assigning it a unique name. To change slot names using the CMC Web interface, see "Editing Slot Names.
iKVM Connection Precedences Only one iKVM connection is available at a time. The iKVM assigns an order of precedence to each type of connection so that when there are multiple connections, only one connection is available while others are disabled. The order of precedence for iKVM connections is as follows: 1 Front panel 2 ACI 3 Rear Panel For example, if you have iKVM connections in the front panel and ACI, the front panel connection remains active while the ACI connection is disabled.
Using OSCAR This section provides an overview of the OSCAR interface. Navigation Basics . Table 10-1. OSCAR Keyboard and Mouse Navigation Key or Key Sequence Result • Any of these key sequences can open OSCAR, depending on your Invoke OSCAR settings. You can enable two, three, or all of these key sequences by selecting boxes in the Invoke • - OSCAR section of the Main dialog box, and then clicking • - OK.
Table 10-1. OSCAR Keyboard and Mouse Navigation (continued) Key or Key Sequence Result , +<0> Immediately disconnects a user from a server; no server is selected. Status flag displays Free. (This action only applies to the =<0> on the keyboard and not the keypad.) , Immediately turns on screen saver mode and prevents access to that specific console, if it is password protected. Up/Down Arrow keys Moves the cursor from line to line in lists.
Changing the Display Behavior Use the Menu dialog box to change the display order of servers and set a Screen Delay Time for OSCAR. To access the Menu dialog box: 1 Press to launch OSCAR. The Main dialog box appears. 2 Click Setup and then Menu. The Menu dialog box appears. To choose the default display order of servers in the Main dialog box: 1 Select Name to display servers alphabetically by name. or Select Slot to display servers numerically by slot number. 2 Click OK.
Table 10-3. Flag OSCAR Status Flags Description Flag type by name Flag indicating that the user has been disconnected from all systems Flag indicating that Broadcast mode is enabled To access the Flag dialog box: 1 Press . The Main dialog box appears. 2 Click Setup and then Flag. The Flag dialog box appears. To specify how the status flag displays: 1 Select Displayed to show the flag all the time or Displayed and Timed to display the flag for only five seconds after switching.
Managing Servers With iKVM The iKVM is an analog switch matrix supporting up to 16 servers. The iKVM switch uses the OSCAR user interface to select and configure your servers. In addition, the iKVM includes a system input to establish a CMC command line console connection to the CMC. Peripherals Compatibility and Support The iKVM is compatible with the following peripherals: • Standard PC USB keyboards with QWERTY, QWERTZ, AZERTY, and Japanese 109 layouts. • VGA monitors with DDC support.
To access the Main dialog box: Press to launch the OSCAR interface. The Main dialog box appears. or If a password has been assigned, the Password dialog box appears. Type your password and click OK. The Main dialog box appears. For more information about setting a password, see "Setting Console Security" on page 340. NOTE: There are four options for invoking OSCAR.
Selecting Servers Use the Main dialog box to select servers. When you select a server, the iKVM reconfigures the keyboard and mouse to the proper settings for that server. • To select servers: Double-click the server name or the slot number. or If the display order of your server list is by slot (that is, the Slot button is depressed), type the slot number and press .
To configure OSCAR for soft switching: 1 Press to launch the OSCAR interface. The Main dialog box appears. 2 Click Setup and then Menu. The Menu dialog box appears. 3 Select Name or Slot for the Display/Sort Key. 4 Type the desired delay time in seconds in the Screen Delay Time field. 5 Click OK. To soft switch to a server: • To select a server, press .
Preemption Warning Normally, a user connected to a server console through the iKVM and another user connected to the same server console through the iDRAC GUI console redirection feature both have access to the console and are able to type simultaneously. To prevent this scenario, the remote user, before starting the iDRAC GUI console redirection, can disable the local console in the iDRAC Web interface.
Setting or Changing the Password 1 Single-click and press or double-click in the New field. 2 Type the new password in the New field and then press . Passwords are case sensitive and require 5–12 characters. They must include at least one letter and one number. Legal characters are: A–Z, a–z, 0–9, space, and hyphen. 3 In the Repeat field, type the password again, and then press . 4 Click OK if you only want to change your password, and then close the dialog box.
Logging In 1 Press to launch OSCAR. The Password dialog box appears. 2 Type your password and then click OK. The Main dialog box appears. Setting Automatic Logout You can set OSCAR to automatically log out of a server after a period of inactivity. 1 In the Main dialog box, click Setup and then Security. 2 In the Inactivity Time field, enter the length of time you want to stay connected to a server before it automatically disconnects you. 3 Click OK.
3 Select Energy if your monitor is ENERGY STAR compliant; otherwise select Screen. CAUTION: Monitor damage may result from the use of Energy mode with monitors not compliant with Energy Star. 4 Optional: To activate the screen saver test, click Test. The Screen Saver Test dialog box displays. Click OK to start the test. The test takes 10 seconds. When it concludes, you are returned to the Security dialog box. NOTE: Enabling screen saver mode disconnects the user from a server; no server is selected.
To reset a lost or forgotten password using RACADM, open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm racresetcfg -m kvm NOTE: Using the racresetcfg command resets the Front Panel Enable and Dell CMC Console Enable settings, if they are different from the default values. For more information about the racresetcfg subcommand, see the racresetcfg section in the Dell Chassis Management Controller Administrator Reference Guide.
To add servers to the scan list: 1 Press . The Main dialog box appears. 2 Click Setup and then Scan. The Scan dialog box appears, listing of all servers in the chassis. 3 Select the box next to the servers you wish to scan. or Double-click the server name or slot. or Press and the number of the server you wish to scan. You can select up to 16 servers.
To cancel scan mode: 1 If OSCAR is open and the Main dialog box is displayed, select a server in the list. or If OSCAR is not open, move the mouse or press any key on the keyboard. Scanning stops at the currently selected server. or Press . The Main dialog box appears; select a server in the list. 2 Click the Commands button. The Commands dialog box appears. 3 Clear the Scan Enable box.
3 Enable mouse and/or keyboard for the servers that are to receive the broadcast commands by selecting the boxes. or Press the up or down arrow keys to move the cursor to a target server. Then press to select the keyboard box and/or to select the mouse box. Repeat for additional servers. 4 Click OK to save the settings and return to the Setup dialog box. Click or press to return to the Main dialog box. 5 Click Commands. The Commands dialog box appears.
To enable or disable access to the iKVM from the front panel using the Web interface: 1 Log in to the CMC Web interface. 2 Select iKVM in the system tree. The iKVM Status page displays. 3 Click the Setup tab. The iKVM Configuration page displays. 4 To enable, select the Front Panel USB/Video Enabled check box. To disable, clear the Front Panel USB/Video Enabled check box. 5 Click Apply to save the setting.
• Green - iKVM is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - iKVM is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - iKVM is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over the iKVM subgraphic and a corresponding text hint or screen tip is displayed.
Table 10-5. iKVM Status Information (continued) Item Description Rear Panel Connected Indicates whether the monitor is connected to the rear panel VGA connector (Yes or No). This information is provided to the CMC so it can determine whether a local user has rearpanel access to the chassis. Tiering Port Connected The iKVM supports seamless tiering with external KVM appliances from Dell and Avocent using built-in hardware.
based on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays. Additional items to note: • Do not use the Refresh button or navigate to another page during the file transfer. • To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process.
Table 10-6. Troubleshooting iKVM Problem Likely Cause and Solution The message "User has been disabled by CMC control" appears on the monitor connected to the front panel. The front panel connection has been disabled by the CMC. You can enable the front panel using either the CMC Web interface or RACADM. To enable the front panel using the Web interface: 1 Log in to the CMC Web interface. 2 Select iKVM in the system tree. 3 Click the Setup tab. 4 Select the Front Panel USB/Video Enabled check box.
Table 10-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution The message "User has been disabled as another appliance is currently tiered" appears on the monitor connected to the rear panel. A network cable is connected to the iKVM ACI port connector and to a secondary KVM appliance. The iKVM’s amber LED is blinking. There are three possible causes: Only one connection is allowed at a time. The ACI tiering connection has precedence over the rear panel monitor connection.
Table 10-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution My iKVM is tiered through the ACI port to an external KVM switch, but all of the entries for the ACI connections are unavailable. The front panel connection is enabled and has a monitor connected. Because the front panel has precedence over all other iKVM connections, the ACI and rear panel connectors are disabled. All of the states are showing a yellow dot in the OSCAR interface.
Table 10-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution In the OSCAR menu, the Dell CMC connection is displaying a red X, and I cannot connect to the CMC. There are two possible causes: The Dell CMC console has been disabled. In this case, you can enable it using either the CMC Web interface or RACADM. To enable the Dell CMC console using the Web interface: 1 Log in to the CMC Web interface. 2 Select iKVM in the system tree. 3 Click the Setup tab.
Using the iKVM Module
I/O Fabric Management 11 The chassis can hold up to six I/O modules (IOMs), each of which can be pass-through or switch modules. The IOMs are classified into three groups—A, B, and C. Each group has two slots—Slot 1 and Slot 2. The slots are designated with letters, from left to right, across the back of the chassis: A1 | B1 | C1 | C2 | B2 | A2. Each server has slots for two mezzanine cards (MCs) to connect to the IOMs. The MC and the corresponding IOM must have the same fabric.
Fabric Management Fabric management helps avoid electrical, configuration, or connectivity related problems due to installation of an IOM or MC that has an incompatible fabric type from the chassis' established fabric type. Invalid hardware configurations could cause electric or functional problems to the chassis or its components. Fabric management will prevent invalid configurations from powering on. Figure 11-1 shows the location of IOMs in the chassis.
The CMC creates entries in both the hardware log and CMC logs for invalid hardware configurations. For example: • An Ethernet MC connected to a Fibre Channel IOM is an invalid configuration. However, an Ethernet MC connected to both an Ethernet switch and an Ethernet pass-through IOM installed in the same IOM group is a valid connection.
Invalid Mezzanine Card (MC) Configuration An invalid MC configuration occurs when a single server’s LOM or MC is not supported by its corresponding IOM. In this case, all the other servers in the chassis can be running, but the server with the mismatched MC card will not be allowed to power on. The power button on the server will flash Amber to alert a fabric mismatch. For information about the CMC and hardware logs, see "Viewing the Event Logs" on page 391.
A pass-through module and switch are allowed in the same group as long as their fabric is identical. Switches and pass-through modules can exist in the same group even if they are manufactured by different vendors. Monitoring IOM Health The health status for the IOMs can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the I/O Modules Status page. The Chassis Graphics page provides a graphical overview of the IOMs installed in the chassis.
4 Click the Status subtab. The I/O Modules Status page displays. Table 11-1. I/O Modules Status Information Item Description Slot Displays the location of the I/O module in the chassis by group number (A, B, or C) and Bank (1 or 2). IOM Enumeration: A1, A2, B1, B2, C1, or C2. Present Displays whether the IOM is present (Yes or No). Health OK Indicates that the IOM is present and communicating with the CMC.
Table 11-1. I/O Modules Status Information (continued) Item Description Fabric Displays the type of fabric for the IOM: Gigabit Ethernet, 10GE XAUI, 10GE KR, 10GE XAUI KR, FC 4 Gbps, FC 8 Gbps, SAS 3 Gbps, SAS 6 Gbps, Infiniband SDR, Infiniband DDR, Infiniband QDR, PCIe Bypass Generation 1, PCIe Bypass Generation 2. NOTE: Knowing the fabric types of the IOMs in your chassis is critical in preventing IOM mismatches within the same group.
Viewing the Health Status of an Individual IOM The I/O Module Status page (separate from the I/O Modules Status page) provides an overview of an individual IOM. To view the health status of an individual IOM: 1 Log in to the CMC Web interface. 2 Expand I/O Modules in the system tree. All of the IOMs (1–6) appear in the expanded I/O Modules list. 3 Click the IOM you want to view in the I/O Modules list in the system tree. 4 Click the Status subtab. The I/O Modules Status page displays. Table 11-2.
Table 11-2. I/O Module Health Status Information (continued) Item Description Warning Indicates that warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken, it could lead to critical or severe failures that can affect the integrity of the IOM. Examples of conditions causing Warnings: IOM fabric mismatch with the server's mezzanine card fabric; invalid IOM configuration, where the newly installed IOM does not match the existing IOM on the same group.
Table 11-2. I/O Module Health Status Information (continued) Item Description MAC Address Displays the MAC address for the IOM. The MAC address is a unique address assigned to a device by the hardware vendor as a means for identification. NOTE: Pass-throughs do not have MAC addresses. Only switches have MAC addresses. Role Displays the I/O module stacking membership when modules are linked together: • Member - the module is part of a stack set • Master - the module is a primary access point.
3 To configure network settings for I/O modules, type/select values for the following properties, and then click Apply. NOTE: Only IOMs that are powered on can be configured. NOTE: The IP address set on the IOMs from the CMC is not saved to the switch's permanent startup configuration.
Troubleshooting IOM Network Settings The following list contains troubleshooting items for IOM network settings: • The CMC can read the IP address setting too quickly after a configuration change; it will display 0.0.0.0 after clicking Apply. You must hit the refresh button in order to see if the IP address is set correctly on the switch. • If an error is made in setting the IP/mask/gateway, the switch will not set the IP address and will return a 0.0.0.0 in all fields.
12 Troubleshooting and Recovery Overview This section explains how to perform tasks related to recovering and troubleshooting problems on the remote system using the CMC Web interface.
• CMC information • Chassis information • Session information • Sensor information • Firmware build information Supported Interfaces • CLI RACADM • Remote RACADM • Telnet RACADM RACDUMP command can be run remotely from the serial, Telnet, or SSH console command prompt or through a normal command prompt.
Table 12-1. Subsystems and RACADM Commands Subsystem RACADM Command Redundancy information getredundancymode Trace log information gettracelog RAC event log gettraclog System event log getsel Usage racadm racdump Remote RACDUMP Remote RACADM is a client side utility, which can be executed from a management station through the out of band network interface.
NOTE: The -i option instructs RACADM to interactively prompt for user name and password. Without the -i option, you must provide the user name and password in the command using the -u and -p options. For example: racadm -r 192.168.0.120 -u root -p calvin racdump racadm -i -r 192.168.0.
Using the Web Interface To enable blinking for one, multiple, or all component LEDs: 1 Log in to the CMC Web interface. 2 Click Chassis in the system tree. 3 Click the Troubleshooting tab. 4 Click the Identify subtab. The Identify page displays, featuring a list of all components on the chassis. 5 To enable blinking for a component LED, check the box beside the device name and then click Blink. 6 To disable blinking for a component LED, check the box beside the device name and then click UnBlink.
You can configure the CMC to generate event traps. Table 12-2 provides an overview of the events that trigger SNMP and e-mail alerts. For information on e-mail alerts, see "Configuring E-mail Alerts" on page 379. NOTE: Starting with CMC version 2.10, SNMP is now IPv6 enabled. You can include an IPv6 address or fully qualified domain name (FQDN) in the destination for an event alert. Table 12-2.
Table 12-2. Chassis Events That Can Generate SNMP (continued) Event Description IOM Absent An expected IOM is not present. IOM Failure The IOM is not functioning. Firmware Version Mismatch There is a firmware mismatch for the chassis or server firmware. Chassis Power Threshold Error Power consumption within the chassis reached the System Input Power Cap. You can add and configure SNMP alerts using the Web interface or RACADM.
7 Type the SNMP Community String to which the destination management station belongs. NOTE: The community string on the Chassis Event Alert Destinations page differs from the community string on the Chassis Network Services page. The SNMP traps community string is the community that the CMC uses for outbound traps destined to management stations. The community string on the Chassis Network Services page is the community string that management stations use to query the SNMP daemon on the CMC.
To obtain the mask value, use a scientific calculator in hex mode and add the second values of the individual masks (1, 2, 4, etc.) using the key. For example, to enable trap alerts for Battery Probe Warning (0x2), Power Supply Failure (0x1000), and KVM failure (0x80000), key 2 1000 200000 and press the <=> key. The resulting hex value is 208002, and the mask value for the RACADM command is 0x208002. Table 12-3.
4 Enable traps alerting by typing: racadm config -g cfgTraps -o cfgTrapsEnable 1 -i where is a value 1–4. The index number is used by the CMC to distinguish up to four configurable destinations for traps alerts. Destinations may be specified as appropriately formatted numeric Addresses (IPv6 or IPv4), or Fully-qualified domain names (FQDNs).
Configuring E-mail Alerts When the CMC detects a chassis event, such as an environmental warning or a component failure, it can be configured to send an e-mail alert to one or more e-mail addresses. Table 12-2 provides an overview of the events that trigger e-mail and SNMP alerts. For information on SNMP alerts, see "Configuring SNMP Alerts" on page 373. You can add and configure e-mail alerts using the Web interface or RACADM.
b Enter the desired originator e-mail for the alert, or leave it blank to use the default e-mail originator. The default is cmc@ where is the IP address of the CMC. To enter a value, the syntax of the e-mail name is [@], and an e-mail domain can be optionally specified. If @ is not specified and there is an active CMC network domain, then the e-mail address of @ is used as the source e-mail.
3 Specify the events for which you want the CMC to generate by typing: racadm config -g cfgAlerting -o cfgAlertingFilterMask where is a hexadecimal value between 0x0 and 0x017fffdf and must be expressed with the leading 0x characters. Table 12-3 provides filter masks for each event type. For instructions on calclulating the hex value for the filter mask you want to enable, see step 3 on "Using RACADM" on page 376.
NOTE: The commands in steps 2–6 will overwrite any existing settings configured for the index you specify (1–4). To determine whether an index has previously configured values, type: racadm getconfig -g cfgEmailAlert -i . If the index is configured, values will appear for the cfgEmailAlertAddress and cfgEmailAlertEmailName objects.
Power Troubleshooting Use the items below to assist in troubleshooting power supply and power-related issues: • • Problem: Configured the Power Redundancy Policy to AC Redundancy, and a Power Supply Redundancy Lost event was raised. – Resolution A: This configuration requires at least one power supply in side 1 (the left three slots) and one power supply in side 2 (the right three slots) to be present and functional in the modular enclosure.
• • • Problem: Dynamic Power Supply Engagement is enabled, but none of the power supplies display in the Standby state. – Resolution A: There is insufficient surplus power. One or more power supplies will be moved into the Standby state only when the surplus power available in the enclosure exceeds the capacity of at least one power supply. – Resolution B: Dynamic Power Supply Engagement cannot be fully supported with the power supply units present in the enclosure.
– • Problem: A subset of servers lost power after an AC Grid failure, even when the chassis was operating in the AC Redundancy configuration with six power supplies. – • Resolution: This can occur if the power supplies are improperly connected to the redundant AC grids at the time the AC grid failure occurs. The AC Redundancy policy requires that the left three power supplies to be connected to one AC Grid, and right three power supplies to be connected to other AC Grid.
Viewing Chassis Summaries The CMC provides rollup overviews of the chassis, active and standby CMCs, iKVM, fans, temperature sensors, and I/O modules (IOMs). Using the Web Interface To view summaries of the chassis, CMCs, iKVM, and IOMs: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Summary tab. The Chassis Summary page displays. Table 12-4, Table 12-5, Table 12-6, and Table 12-7 describe the information provided. Table 12-4.
Table 12-5. CMC Summary Item Description Active CMC Information Name Displays the name of the CMC. For example, Active CMC or Standby CMC. Description Provides a brief description of the purpose of the CMC. Date/Time Displays the date and time set on the active CMC. Active CMC Location Displays the slot location of the active CMC. Redundancy Mode Displays if the standby CMC is present in the chassis. Primary Firmware Version Displays the firmware version of the active CMC.
Table 12-5. CMC Summary (continued) Item Description Standby CMC Information Present Displays (Yes, No) whether a second (standby) CMC is installed. Standby Firmware Version Displays the CMC firmware version installed on the standby CMC. Table 12-6. iKVM Summary Item Description Present Displays whether the iKVM module is present (Yes or No). Name Displays the name of the iKVM. The name identifies the iKVM on the network. Manufacturer Displays the iKVM model or manufacturer.
Table 12-7. IOM Summary Item Description Location Displays the slot occupied by the IOMs. Six slots are identified by group name (A, B, or C) and slot number (1 or 2). Slot names: A-1, A-2, B-1, B-2, C-1, or C-2. Present Displays whether the IOM is present (Yes or No). Name Displays the name of the IOM. Fabric Displays the type of fabric. Power Status Displays the power status of the IOM: On, Off, or N/A (Absent). Service Tag Displays the service tag of the IOM.
Viewing Chassis and Component Health Status Using the Web Interface To view chassis and component health summaries: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. The Chassis Health page displays. The Chassis Graphics section provides a graphical view of the front and rear of the chassis. This graphical representation provides a visual overview of the components installed within the chassis and its corresponding status.
Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm getmodinfo Viewing the Event Logs The Hardware Log and CMC Log pages display system-critical events that occur on the managed system. Viewing the Hardware Log The CMC generates a hardware log of events that occur on the chassis. You can view the hardware log using the Web interface and remote RACADM. NOTE: To clear the hardware log, you must have Clear Logs Administrator privilege.
Table 12-8 provides descriptions of the information provided on the Hardware Log page in the CMC Web interface. To view the hardware log: 1 Log in to the CMC Web interface. 2 Click Chassis in the system tree. 3 Click the Logs tab. 4 Click the Hardware Log subtab. The Hardware Log page displays. To save a copy of the hardware log to your managed station or network: 1 Click Save Log. A dialog box opens. 2 Select a location for a text file of the log.
Table 12-8. Hardware Log Information (continued) Item Description Severe Indicates a critical event that requires immediate corrective actions to avoid system failures. Date/Time Displays the exact date and time the event occurred (for example, Wed May 02 16:26:55 2007). If no date/time appears, then the event occurred at System Boot. Description Provides a brief description, generated by the CMC, of the event (for example, Redundancy lost, Server inserted).
2 Click Chassis in the system tree. 3 Click the Logs tab. 4 Click the CMC Log subtab. The CMC Log page displays. 5 To save a copy of the CMC log to your managed station or network, click Save Log. A dialog box opens; select a location for a text file of the log. Table 12-9. CMC Log Information Command Result Source Displays the interface (such as the CMC) that caused the event. Date/Time Displays the exact date and time the event occurred (for example, Wed May 02 16:26:55 2007).
3 Click the Troubleshooting tab. 4 Click the Diagnostics subtab. The Diagnostic Console page displays. To execute a diagnostic CLI command, type the command into the Enter RACADM Command field, and then click Submit to execute the diagnostic command. A diagnostic results page appears. To return to the Diagnostic Console page, click Go Back to Diagnostic Console Page or Refresh. The Diagnostic Console supports the commands listed in Table 12-10 as well as the RACADM commands. Table 12-10.
NOTE: To reset components, you must have Debug Command Administrator privilege. To access the Diagnostic Console page: 1 Log in to the CMC Web interface. 2 Click Chassis in the system tree. 3 Click the Troubleshooting tab. 4 Click the Reset Components subtab. The Reset Components page displays. The CMC Summary section of the Reset Components page displays the following information: Table 12-11. CMC Summary Attribute Description Health OK The CMC is present and communicating with its components.
5 The Virtual Reseat Server section of the Reset Components page displays the following information: Table 12-12. Virtual Reseat Server Attribute Description Slot Displays the slot occupied by the server in the chassis. Slot names are sequential IDs, from 1 to 16, to help identify the location of the server in the chassis. Name Displays the name of the server in each slot. Present Displays whether the server is present in the slot (Yes or No).
Table 12-12. Virtual Reseat Server Attribute Description iDRAC Status Displays the status of the server iDRAC embedded management controller: • N/A - Server is not present, or the chassis is not powered on. • Ready - iDRAC is ready and operating normally. • Corrupted - iDRAC firmware is corrupted. Use the iDRAC firmware update utility to repair the firmware. • Failed - Unable to communicate with iDRAC. Use the Virtual Reseat check box to clear the error.
Troubleshooting Network Time Protocol (NTP) Errors After configuring the CMC to synchronize its clock with a remote time server over the network, it may take 2-3 minutes before a change in the date and time occurs. If after this time there is still no change, it may be necessary to troubleshoot a problem. The CMC may not be able to synchronize its clock for a number of reasons: • There could be a problem with the NTP Server 1, NTP Server 2, and NTP Server 3 settings.
If an ‘*’ is not displayed against one of the configured servers, something may not be set up properly. The output of the above command also contains detailed NTP statistics that may be useful in debugging why the server does not synchronize. If you attempt to configure an NTP server that is Windows based, it may help to increase the MaxDist parameter for ntpd.
Interpreting LED Colors and Blinking Patterns The LEDs on the chassis provide information by color and blinking/not blinking: • Steadily glowing, green LEDs indicate that the component is powered on. If the green LED is blinking, it indicates a critical but routine event, such as a firmware upload, during which the unit is not operational. It does not indicate a fault. • A blinking amber LED on a module indicates a fault on that module.
Table 12-13.
Table 12-13.
Observing the LEDs to Isolate the Problem Facing the front of the CMC as it is installed in the chassis, you will see two LEDs on the left side of the card. Top LED — The top green LED indicates power. If it is NOT on: 1 Verify that you have AC present to at least one power supply. 2 Verify that the CMC card is seated properly. You can release/pull on the ejector handle, remove the CMC, reinstall the CMC making sure the board is inserted all the way and the latch closes correctly.
and then press . Sample prompts: recover1[self test] CMC 1 self test failure recover2[Bad FW images] CMC2 has corrupted images • If the prompt indicates a self test failure, there are no serviceable components on the CMC. The CMC is bad and must returned to Dell. • If the prompt indicates Bad FW Images, then follow the steps in "Recovering the Firmware Image" on page 405 to fix the problem. Recovering the Firmware Image The CMC enters recover mode when a normal CMC OS boot is not possible.
Troubleshooting Network Problems The internal CMC trace log allows you to debug CMC alerting and networking. You can access the trace log using the CMC Web interface (see "Using the Diagnostic Console") or RACADM (see "Using the RACADM Command Line Interface" and the gettracelog command section in the Dell Chassis Management Controller Administrator Reference Guide. The trace log tracks the following information: • DHCP — Traces packets sent to and received from a DHCP server.
To perform management actions, a user with Administrator privileges is required. If the administrator account password is forgotten, it can be reset using the PASSWORD_RST jumper on the CMC board. The PASSWORD_RST jumper uses a two-pin connector as shown in Figure 12-1.
Figure 12-1. Password Reset Jumper Location PASSWORD_RSET Table 12-14. CMC Password Jumper Settings PASSWORD_RSET (default) The password reset feature is disabled. The password reset feature is enabled. 3 Slide the CMC module into the enclosure. Reattach any cables that were disconnected. NOTE: Ensure that the CMC module becomes the active CMC, and remains the active CMC until the remaining steps are completed. 4 If the jumpered CMC module is the only CMC, then simply wait for it to finish rebooting.
a Navigate to the Chassis page, click the Power tab Control subtab. b Select the Reset CMC (warm boot) button. c Click Apply. The CMC automatically fails over to the redundant module, and that module now becomes active. 5 Log into the active CMC using the default administrator username:root and password: calvin, and restore any necessary user account settings. The existing accounts and passwords are not disabled and are still active.
Troubleshooting and Recovery
Index A ACI, 331 Activating FlexAddress Plus, 233 Active Directory, 239 adding CMC users, 259 configuring access to the CMC, 252 configuring and managing certificates, 159 extending schemas, 252 objects, 248 schema extensions, 246 using with standard schema, 240 viewing a server certificate, 175 CMC configuring, 242, 262 creating a configuration file, 95 downloading firmware, 49 feature sets, 20 installing, 29 log, 393 redundant environment, 53 setting up, 29 CMC VLAN, 84 command line console features, 55
E H Enabling or Disabling DCHP, 82 hardware log, 391 hardware specifications, 23 F fabric management, 357 I feature sets of CMC, 20 I/O fabric, 357 featurecard, 218 iDRAC recovering firmware, 192 firmware downloading, 49 managing, 186 updating, CMC, 187 updating, iKVM, 189 updating, IOM infrastructure device, 190 updating, Server iDRAC, 191 FlexAddress, 215 activating, 216 activation verification, 217 configuring using CLI, 220 deactivating, 219 license agreement, 228 Linux configuration, 221 trou
N Network LAN Settings, 80 network properties configuring manually, 78 configuring using racadm, 78 parsing rules, 96 Red Hat Enterprise Linux configuring for serial console redirection, 63 redundant environment, 53 remote access connection (RAC), 24 O OSCAR, 329 remote RACADM configuring, 48 P S parsing rules, 96 Secure Sockets Layer (SSL) about, 169 password disabling, 406 reset jumper location, 408 power budgeting configuring, 49 power conservation, 297 proxy server, 37 R RAC see Remote Access C
SNMP alerts adding and configuring, 373 specifications hardware, 23 standard schema using with Active Directory, 240 T telnet console using, 56 U Using FlexAddress Plus, 234 V Viewing Current IPv4 Network Settings, 79 Viewing Current IPv6 Network Settings, 79 W web browser configuring, 36 supported browsers, 25 web interface accessing, 103 configuring email alerts, 379 WS-Management, 25 414 Index
