Integrated Dell Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers Version 3.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ________________________________________ Information in this publication is subject to change without notice. © 2010 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 iDRAC6 Enterprise Overview . . . . . . . . . . 19 . . . . . . . . . . . . . 20 . . . . . . . . . . . . . . . 20 IPv6 Ready Logo Certification . iDRAC6 Security Features . . . . . . . . . . 21 . . . . . . . . . . . . . . . . . . 23 iDRAC6 Enterprise and vFlash Media . Supported Platforms . Supported Operating Systems . Supported Web Browsers . . . . . . . . . . . . . . 23 . . . . . . . . . . . . . . . 24 . . . . . . . . 24 . . . . . . . . . . . . . . . . . . . . . .
Configure Platform Events . . . . . . . . . . . . . . . . . . . . . . . . . 35 Configure iDRAC6 Services . . . . . . . . . . . . . 36 Configure Secure Sockets Layer (SSL) . Configure Virtual Media. . . . . . . 36 . . . . . . . . . . . . . . 36 Configure a vFlash Media Card . . . . . . . . . . . Install the Managed Server Software . . . . . . . Configure the Managed Server for the Last Crash Screen Feature . . . . . . . Configuring Network Settings Using CMC Web Interface . . . . . . . . . .
Updating iDRAC6 Firmware Using RACADM . . . . 55 Using the DOS Update Utility . . . . . . . . . . . . 56 Updating the USC Repair Package . . . . . . . . . . . 56 . . . . 56 . . . . . . . . . 57 Configuring iDRAC6 For Use With IT Assistant . Using iDRAC6 Configuration Utility to Enable Discovery and Monitoring . . . Using iDRAC6 Web Interface to Enable Discovery and Monitoring . . . . . . . . Using IT Assistant to View iDRAC6 Status and Events . . . . . . . . . 3 . . . . . . . . 58 . . . .
Installing and Uninstalling RACADM on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 . . . . . . . . . . . . . 71 . . . . . . . . . . . . . . . . . 71 Installing a Java Runtime Environment (JRE) . Installing Telnet or SSH Clients Telnet with iDRAC6 Configuring the Backspace Key For Telnet Sessions . . . . . . . . . . . . . . . . . . . 71 SSH With iDRAC6 . . . . . . . . . . . . . . . . . . 72 Installing a TFTP Server . . . . . . . . . . . . . . . . . 73 . . . . . . . 74 .
Configuring the Network, IPMI, and VLAN Settings . . . . . . . . . . . . . . . . . Configuring IP Filtering and IP Blocking Configuring Platform Events . 82 . . . . . . 86 . . . . . . . . . . . . . . 88 Configuring Platform Event Filters (PEF) . . . . . . 89 Configuring Platform Event Traps (PET) . . . . . . 90 . . . . . . . . . . . . . 90 . . . . . . . . . . . . . . . 92 Configuring E-Mail Alerts . Configuring IPMI Over LAN Adding and Configuring iDRAC6 Users . . . . . . . . .
Updating iDRAC6 Firmware Using CMC iDRAC6 Firmware Rollback 6 . . . . . 119 . . . . . . . . . . . . 120 Using iDRAC6 Directory Service . . . . . . Using iDRAC6 With Microsoft Active Directory . Prerequisites for Enabling Active Directory Authentication for iDRAC6 . . . 121 . . . . . . . . . 122 Enabling SSL on a Domain Controller . . . . . . . Supported Active Directory Authentication Mechanisms . . . . . . . . . . . . . . . . . . . . . . Active Directory Schema Extensions . . . . . . .
Single Domain Versus Multiple Domain Scenarios . . . . . . . Configuring Standard Schema Active Directory to Access iDRAC6 . . . . . . . . . . . . . . . 147 Configuring Active Directory With Standard Schema Using iDRAC6 Web Interface . . . . . . . . . . . . . . . . . . . 147 Configuring Active Directory With Standard Schema Using RACADM . Testing Your Configurations . . . . . . . . . 151 . . . . . . . . . . . . . . 153 . . . . . . 154 . . . . . . . . . . .
Configuring Smart Card Authentication . . . . . . . . 172 Configuring Smart Card Login in iDRAC6 . . . . . . . 172 Logging Into iDRAC6 Using Active Directory Smart Card Authentication . . . . . . . . . . Frequently Asked Questions About SSO. . . . . . 173 . . . . . . . 174 . . 175 . . . . . . . 179 . . . . . . . . . . . . . . . . . . . 179 . . . . . . . . . . . . . . . . . . . . .
9 Configuring and Using Serial Over LAN . . . . . . . . . . . . . . . . Enabling Serial Over LAN in the BIOS. . . . . . . . . . . . 188 . . . . . . . . . . . . . . 191 Model for Redirecting SOL Over Telnet or SSH . . . . . . . . . . Model for the SOL Proxy . . . . . . . . . . 191 . . . . . . . . . . . . . . 192 Model for Redirecting SOL Over IPMItool . . . . . 192 . . . . . . 192 . . . . . . . . . . . . . . . 193 Disconnecting SOL session in iDRAC6 Command Line Console . . . . . . . . .
Opening a Virtual Console Session . . . . . . . . 214 . . . . . . . . . . . . . 217 . . . . . . . . . . . . . . . . 218 Virtual Console Preview Using the Video Viewer Synchronizing the Mouse Pointers . . . . . . . . 222 Disabling or Enabling Local Console . . . . . . . 222 . . . . . . . . 223 . . . . . . . . . . . . . . . . . . . . 223 Launching Virtual Console and Virtual Media Remotely . . . . . . . . . . . . URL Format General Error Scenarios . . . . . . . . . . . . .
Viewing Available Partitions Modifying a Partition . . . . . . . . . . . . 242 . . . . . . . . . . . . . . . . 243 Attaching and Detaching Partition . Deleting Existing Partitions . . . . . . . . . 243 . . . . . . . . . . . . 245 Downloading Partition Contents Booting to a Partition . . . . . . . . . . . 245 . . . . . . . . . . . . . . . 246 Managing vFlash Partitions Using RACADM . . . . . . 247 Creating a Partition . . . . . . . . . . . . . . . . . 248 Deleting a Partition . . . . .
Frequently Asked Questions . . . . . . . . . . . . . . 13 Using the RACADM Command Line Interface . . . . . . . . . . . . . RACADM Subcommands . . . . . . . . 263 . . . . . . . . . . . . . . . 264 . . . . . . . . . . . 266 . . . . . . . . . . . . . 267 Using local RACADM Commands Using the RACADM Utility to Configure iDRAC6 . . . . . . Displaying Current iDRAC6 Settings . . . . . . . Managing iDRAC6 Users with RACADM Adding an iDRAC6 User . 268 . . . . . . . . . . . . . 269 . . . . . . . .
Creating an iDRAC6 Configuration File . Configuration File Syntax . . . . . . . 285 . . . . . . . . . . . . . 286 Modifying iDRAC6 IP Address in a Configuration File . . . . . . . . . . . . . . . 288 Loading the Configuration File Into iDRAC6 . . . . . . . . . . . . . . . . . . . . . 288 . . . . . . . . . . . . . 290 Configuring Multiple iDRAC6s. 14 Power Monitoring and Power Management . . . . . . . . . . . . . . . Configuring and Managing Power Power Monitoring . . . . . . . . . . .
Navigating the MAP Address Space Targets . . . . . . . . . 310 . . . . . . . . . . . . . . . . . . . . . . 310 Using the Show Verb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 . . . . . . . . . . . . . . 311 Using the -display Option . Using the -level Option Using the -output Option iDRAC6 SM-CLP Examples . . . . . . . . . . . . . . 311 . . . . . . . . . . . . . . 311 . . . . . . . . . . . 312 . . . . . . . . . . . . . . . .
Using the Virtual Media Command Line Interface Utility . . . . . . . . . . . . . . . . . . . 326 . . . . . . . . . . . . 327 . . . . . . . . . . . . . . 328 . . . . . . . . . . . . . . . . 328 Installing the iVMCLI Utility . Command Line Options . iVMCLI Parameters . iVMCLI Operating System Shell Options 18 Using iDRAC6 Configuration Utility . Overview . 331 . . . . . . . . . 333 333 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334 . . . . . . . . . . . 334 . . . . .
Problem Solving Tools . . . . . . . . . . . . . . . . . Checking the System Health . . . . . . . . . . . Checking the System Event Log (SEL) Checking the Post Codes . . . . . . . 351 352 . . . . . Viewing the Most Recent Boot Sequences 354 . . . . . . . 355 . . . . . . . . . . . . . . . 363 Viewing System Information . . . . . . . . . . . 364 Identifying the Managed Server in the Chassis . . . . . . . . . . . . . . . . . . . 364 Using the Diagnostics Console . . . . . . . . . .
iDRAC6 Enterprise Overview 1 The Integrated Dell Remote Access Controller (iDRAC6) Enterprise is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for the Dell PowerEdge systems. iDRAC6 uses an integrated system-on-chip microprocessor for the remote monitor/control system, and co-exists on the system board with the managed Dell PowerEdge server.
NOTE: It is recommended that you isolate or separate the chassis management network, used by iDRAC6 and CMC, from your production network(s). Mixing management and production or application network traffic may cause congestion or network saturation resulting in CMC and iDRAC6 communication delays. The delays may cause unpredictable chassis behavior such as CMC displaying that iDRAC6 is offline even though it is operating properly. This may also cause other unpredictable behavior.
• Secure Shell (SSH), which uses an encrypted transport layer for higher security • Login failure limits per IP address, with login blocking from that IP address when the limit is exceeded • Configurable client IP address range for clients connecting to iDRAC6 iDRAC6 Enterprise and vFlash Media iDRAC6 Enterprise provides SD card slots for vFlash Media. For more information about iDRAC6 Enterprise and vFlash Media, see your Hardware Owner’s Manual at support.dell.com/manuals.
Table 1-1.
Table 1-1. iDRAC6 Feature List (continued) Feature iDRAC6 Enterprise iDRAC6 Enterprise with vFlash Media vFlash Monitoring Sensor Monitoring and Alerting Real-time Power Monitoring Real-time Power Graphing Historical Power Counters Logging System Event Log (SEL) RAC Log Trace Log Remote Syslog = Supported; =Not Supported Supported Platforms For the latest supported platforms, see iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.dell.com/manuals.
Supported Web Browsers For the latest information, see iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.dell.com/manuals. NOTE: Support for SSL 2.0 has been discontinued because of security flaws. Ensure that your browser is configured to enable SSL 3.0. Supported Remote Access Connections Table 1-2 lists the connection features. Table 1-2. Supported Remote Access Connections Connection Features iDRAC6 NIC • 10Mbps/100Mbs/1Gbps Ethernet via CMC Gb Ethernet port.
Table 1-3. iDRAC6 Server Listening Ports (continued) Port Number Function 443* HTTPS 623 RMCP/RMCP+ 3668, 3669 Virtual Media Service 3670, 3671 Virtual Media Secure Service 3672 vFlash Service 5900* Virtual Console keyboard/mouse 5901* Virtual Console video 5988* Used for WSMAN * Configurable port Table 1-4.
Other Documents You May Need In addition to this guide, the following documents provide additional information about the setup and operation of iDRAC6 in your system. You can access these guides available on the Dell Support website at support.dell.com/manuals. On the Manuals page, click Software Systems Management. Click on the appropriate product link on the right-side to access the documents. 26 • iDRAC6 online help provides information about using the Web interface.
• The iDRAC6 CIM Element Mapping and iDRAC6 SM-CLP Property Database documents available on the Dell Enterprise Technology Center at www.delltechcenter.com provide information on iDRAC6 SM–CLP Property Database, mappings between WS–MAN classes and SM–CLP targets and Dell implementation details.
iDRAC6 Enterprise Overview
Configuring iDRAC6 Enterprise 2 This section provides information about how to establish access to iDRAC6 and to configure your management environment to use iDRAC6.
For greater security, access to iDRAC6 configuration through iDRAC6 Configuration Utility or the local RACADM CLI can be disabled by means of a RACADM command (see iDRAC6 Administrator Reference Guide available on support.dell.com/manuals) or from the GUI (see "Enabling or Disabling Local Configuration Access" on page 114.) NOTE: Using more than one configuration interface at the same time may generate unexpected results. Table 2-1.
Table 2-1. Configuration Interfaces (continued) Interface Description Chassis LCD Panel The LCD panel on the chassis containing iDRAC6 can be used to view the high-level status of the servers in the chassis. During initial configuration of CMC, the configuration wizard allows you to enable DHCP configuration of iDRAC6 networking. Local and Remote RACADM The local RACADM command line interface runs on the managed server. It is accessed from a Virtual Console session initiated from iDRAC6 Web interface.
Table 2-1. Configuration Interfaces (continued) Interface Description SM-CLP SM-CLP is the Server Management Workgroup Server Management-Command Line Protocol (SM-CLP) implementation incorporated in iDRAC6. The SM-CLP command line is accessed by logging in to iDRAC6 using Telnet or SSH and typing smclp at the CLI prompt. SM-CLP commands implement a useful subset of the local RACADM commands. The commands are useful for scripting since they can be executed from a management station command line.
Configuration Tasks This section is an overview of the configuration tasks for the management station, iDRAC6, and the managed server. The tasks to be performed include configuring iDRAC6 so that it can be accessed remotely, configuring iDRAC6 features you want to use, installing the operating system on the managed server, and installing management software on your management station and the managed server. The configuration tasks that can be used to perform each task are listed beneath the task.
• Chassis LCD Panel — See the Dell Chassis Management Controller Firmware User Guide • iDRAC6 Configuration Utility — See "Using iDRAC6 Configuration Utility" on page 333 • CMC Web interface — See "Configuring Network Settings Using CMC Web Interface" on page 37 • Remote and local RACADM — See cfgLanNetworking in the iDRAC6 Administrator Reference Guide available on support.dell.com/manuals Configure iDRAC6 Users Set up the local iDRAC6 users and permissions.
Configure IP Filtering and IP Blocking In addition to user authentication, you can prevent unauthorized access by rejecting connection attempts from IP addresses outside of a defined range and by temporarily blocking connections from IP addresses where authentication has failed multiple times within a configurable timespan.
Configure iDRAC6 Services Enable or disable iDRAC6 network services — such as Telnet, SSH, and the Web server interface — and reconfigure ports and other service parameters. • iDRAC6 Web interface — See "Configuring iDRAC6 Services" on page 115 • RACADM — See "Configuring iDRAC6 Telnet and SSH Services Using Local RACADM" on page 282 Configure Secure Sockets Layer (SSL) Configure SSL for iDRAC6 Web server.
Install the Managed Server Software Install the operating system on the Dell PowerEdge server using virtual media and then install the Dell OpenManage software on the managed Dell PowerEdge server and set up the last crash screen feature.
3 Click iDRAC for the server you want to manage. The iDRAC GUI is launched in a new browser window. To launch iDRAC6 Web interface for a single server from CMC: 1 Log in to CMC Web interface. 2 Expand Server Overview in the system tree. All of the servers appear in the expanded Servers list. 3 Click the server you want to view. The Server Status screen for the server you selected displays. 4 Click Launch iDRAC6 GUI.
NOTE: If the server is removed from the chassis, iDRAC6 IP address is changed, or there is a problem in iDRAC6 network connection, then clicking the Launch iDRAC6 GUI icon may display an error screen. Configuring Networking for iDRAC6 1 Click System Remote Access iDRAC6. 2 Click the Network/Security tab: To enable or disable Serial Over LAN: a Click Serial Over LAN. The Serial Over LAN screen appears. b Select the Enable Serial Over LAN check box.
Viewing FlexAddress Mezzanine Card Fabric Connections The M1000e includes FlexAddress, an advanced multilevel, multistandard networking system. FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/MAC) for each managed server port connection. NOTE: In order to avoid errors that may lead to an inability to power on the managed server, you must have the correct type of mezzanine card installed for each port and fabric connection.
The chassis–assigned MAC address is stored in CMC non–volatile memory and is sent to iDRAC6 during an iDRAC6 boot or when CMC FlexAddress page settings are changed.
See the Dell Chassis Management Controller Administrator Reference Guide for more information on CMC RACADM subcommands. Remote Syslog iDRAC6 Remote Syslog feature allows you to remotely write the RAC log and the System Event Log (SEL) to an external syslog server. You can read all logs from the entire server farm from a central log. The Remote Syslog protocol does not need any user authentication.
NOTE: The severity levels defined by the Remote Syslog protocol differ from the standard IPMI System Event Log (SEL) severity levels. Hence all iDRAC6 Remote Syslog entries are reported in the syslog server with severity level as Notice.
3 In the system tree, select SystemSetup tabFirst Boot Device. The First Boot Device screen is displayed. Table 2-3 lists the First Boot Device settings. Table 2-3. First Boot Device Attribute Description First Boot Device Select the first boot device from the drop-down list. The system will boot from the selected device on next and subsequent reboots. Boot Once Selected = Enabled; Deselected = Disabled. Check this option to boot from the selected device on the next boot.
The CIFS shared image path should be in the format: //// The NFS shared image path should be in the format: :/ If a username contains a domain name, then the username must be entered in the form of @. For example, user1@dell.com is a valid username whereas dell\user1 is not.
Table 2-4 lists the remote file share settings. Table 2-4. Remote File Server Settings Attribute Description User Name Username to connect for NFS/CIFS file system. Password Password to connect for NFS/CIFS file system. Image File Path Path of the file to be shared through remote file share. Status Connected: The file is shared. Not Connected: The file is not shared. Connecting... : Busy connecting to the share Click Connect to establish a file share connection.
Internal Dual SD Module Internal Dual SD Module (IDSDM) is available only on applicable platforms. IDSDM provides redundancy on the hypervisor SD card by using another SD card that mirrors the first SD card’s content. The iDRAC6 vFlash SD card, with the second SD card, can be set to IDSDM by setting the Redundancy option to Mirror mode in the Integrated Devices screen of the system BIOS setup.
Viewing Internal Dual SD Module Status Using GUI 1 Log in to iDRAC Web GUI. 2 In the System tree, click Removable Flash Media. The Removable vFlash Media page is displayed. This page displays the following two sections: • • Internal Dual SD Module — Displayed only if IDSDM is in redundant mode. The Redundancy Status is displayed as Full. If this section is not present, then the card is in the non-redundant mode state.
Table 2-6. SD1 and SD2 Card States (continued) State Description Write Protected The card is write protected by the physical latch on the SD card. IDSDM cannot use a write-protected card. Updating iDRAC6 Firmware Updating iDRAC6 firmware installs a new firmware image in the flash memory.
NOTE: The chassis fans run at 100% during iDRAC6 firmware update. When the update is complete, normal fan speed regulation resumes. This is normal behavior, designed to protect the server from overheating during a time when it cannot send sensor information to CMC. To use a Dell Update Package for Linux or Microsoft Windows, execute the operating-specific DUP on the managed server.
To use the standard verification procedure, perform the following steps: 1 Download the Dell Linux public GnuPG key by navigating to lists.us.dell.com and clicking the Dell Public GPG key link. Save the file to your local system. The default name is linux-security-publickey.txt. 2 Import the public key to your GPG trust database by running the following command: gpg --import NOTE: You must have your private key to complete the process.
Your decision? d Enter 5, then press . The following prompt appears: Do you really want to set this key to ultimate trust? (y/N) e Enter y to confirm your choice. f Enter quit to exit the GPG key editor. You must import and validate the public key only once. 4 Obtain the package you need (for example, the Linux DUP or self-extracting archive) and its associated signature file from the Dell Support website at support.dell.com/support/downloads.
security@dell.com>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 3 Set the GPG trust level for the Dell public key, if you haven’t done so previously. a Enter the following command: gpg --edit-key 23B66A9D b At the command prompt, enter the following commands: fpr trust c Enter 5, then press to choose I trust ultimately from the menu. d Enter y to confirm your choice. e Enter quit to exit the GPG key editor. This completes validation of the Dell public key.
Using iDRAC6 Web Interface NOTE: If iDRAC6 firmware update progress is interrupted before it completes, iDRAC6 firmware may be corrupted. In such cases, you can recover iDRAC6 using CMC Web interface. NOTE: The firmware update, by default, retains the current iDRAC6 settings. During the update process, you have the option to reset iDRAC6 configuration to the factory defaults. If you set the configuration to the factory defaults, external network access will be disabled when the update completes.
NOTE: If you deselect the Preserve Configuration check box, iDRAC6 resets to its default settings. In the default settings, the LAN is disabled, and you cannot log in to iDRAC6 Web interface. You must reconfigure the LAN settings using iDRAC6 Configuration Utility during BIOS POST or through CMC. 6 By default, the Preserve Configuration option is enabled (checked) to preserve the current settings on iDRAC6 after an upgrade.
Using the DOS Update Utility To update iDRAC6 firmware using the DOS update utility, boot the managed server to DOS, and execute the idrac16d command. The syntax for the command is: idrac16d [-f] [-i=] [-l=] When executed with no options, the idrac16d command updates iDRAC6 firmware using the firmware image file firmimg.imc in the current directory. The options are as follows: • -f — Forces the update. The -f option can be used to downgrade the firmware to an earlier image.
Using iDRAC6 Configuration Utility to Enable Discovery and Monitoring To set up iDRAC6 for IPMI discovery and sending alert traps at iDRAC6 Configuration Utility level, restart your managed server (blade) and observe its power-up using the Virtual Console and either a remote monitor and console keyboard or a Serial over LAN (SOL) connection. When Press for Remote Access Setup displays, press . When iDRAC6 Configuration Utility screen appears, use the arrow keys to scroll down.
Using iDRAC6 Web Interface to Enable Discovery and Monitoring IPMI Discovery can also be enabled through the remote Web interface: 1 Open a supported Web browser window. 2 Log in to iDRAC6 Web interface using a login and password with Administrator rights. 3 In the system tree, select SystemRemote AccessiDRAC6. 4 Click the Network/Security tab. The Network screen appears. 5 Click IPMI Settings. 6 Ensure the Enable IPMI Over LAN check box is selected (checked).
Dell highly recommends that for security purposes you create a separate User for IPMI commands with its own user name, IPMI over LAN privileges, and password: 1 In the system tree, select SystemRemote AccessiDRAC6. 2 Click the Network/Security tab, and then click Users. The Users screen appears, displaying a list of all users (defined or undefined). 3 Click the User ID of an undefined User. The User Configuration screen for the selected User ID appears.
Configuring iDRAC6 Enterprise
Configuring the Management Station 3 A management station is a computer used to monitor and manage the Dell PowerEdge servers and other modules in the chassis. This section describes software installation and configuration tasks that set up a management station to work with iDRAC6 Enterprise. Before you begin configuring iDRAC6, follow the procedures in this section to ensure that you have installed and configured the tools you will need.
Using iDRAC6 Virtual Console feature (see "Configuring and Using Serial Over LAN" on page 187), you can access the managed server’s console even if you do not have network access to the server’s ports. You can also perform several management functions on the managed server, such as rebooting the computer and using iDRAC6 facilities. To access network and application services hosted on the managed server, however, you may need an additional NIC in the managed server.
5 Select Medium-Low from the drop-down menu and click Reset. Click OK to confirm. You will need to re-enter the Custom Level dialog by clicking its button.
In the Scripting section: • Active scripting: Enable • Allow paste operations via script: Enable • Scripting of Java applets: Enable 7 Select ToolsInternet OptionsAdvanced.
• Check for signatures on downloaded programs: checked • Use SSL 2.0: unchecked • Use SSL 3.0: checked • Use TLS 1.0: checked • Warn about invalid site certificates: checked • Warn if changing between secure and not secure mode: checked • Warn if forms submittal is being redirected: checked NOTE: If you choose to alter any of the above settings, It is recommended that you learn and understand the consequences of doing so.
To add iDRAC6 IP address to the list of trusted domains in IE8, do the following: 1 Select Tools Internet Options SecurityTrusted sitesSites. 2 Enter iDRAC6 IP address to the Add this website to the zone. 3 Click Add. 4 Click OK. 5 Click Close. 6 Click OK and then refresh your browser. When you launch Virtual Console for the first time through IE8 with Active-X plug-in, a "Certificate Error: Navigation Blocked" message may be displayed. 1 Click Continue to this website.
certain functions/letters. For more details on how to use localized keyboards in these situations, see "Using the Video Viewer" on page 218. Use of other keyboards is not supported and may cause unexpected problems. NOTE: See the browser documentation on how to configure or setup different languages and view localized versions of iDRAC6 Web interface. Setting the Locale in Linux The Virtual Console viewer requires a UTF-8 character set to display correctly.
Updated entry: LANG="zh_CN.UTF-8" SUPPORTED="zh_CN.UTF8:zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" 6 Log out and then log in to the operating system. When you switch from any other language, ensure that this fix is still valid. If not, repeat this procedure. Disabling the Whitelist Feature in Firefox Firefox has a "whitelist" security feature that requires user permission to install plugins for each distinct site that hosts a plugin.
Installing iDRAC6 Software on the Management Station Your system includes the Dell Systems Management Tools and Documentation DVD.
Installing a Java Runtime Environment (JRE) NOTE: If you use Internet Explorer, an ActiveX control is provided for the Virtual Console viewer. You can also use the Java Virtual Console viewer with Firefox if you install a JRE and configure the Virtual Console viewer in iDRAC6 Web interface before you launch the viewer. See "Configuring Virtual Console and Virtual Media in iDRAC6 Web Interface" on page 212 for more information. You can choose to use the Java viewer instead before you launch the viewer.
Installing Telnet or SSH Clients By default, iDRAC6 Telnet service is disabled and the SSH service is enabled. Since Telnet is an insecure protocol, you should use it only if you cannot install an SSH client or your network connection is otherwise secured. NOTE: iDRAC6 supports up to 4 Telnet sessions and 4 SSH sessions simultaneously. Telnet with iDRAC6 Telnet is included in Windows and Linux operating systems, and can be run from a command shell.
To configure a Linux Telnet session to use the key, perform the following steps: 1 Open a shell and enter: stty erase ^h 2 At the prompt, enter: telnet SSH With iDRAC6 Secure Shell (SSH) is a command line connection with the same capabilities as a Telnet session, but with session negotiation and encryption to improve security. iDRAC6 supports SSH version 2 with password authentication. SSH is enabled by default on iDRAC6.
Table 3-1.
You can use the netstat -a command on Windows or Linux operating systems to see if a TFTP server is already listening. Port 69 is the TFTP default port. If no server is running, you have the following options: • Find another computer on the network running a TFTP service. • If you are using Linux, install a TFTP server from your distribution. • If you are using Windows, install a commercial or free TFTP server.
Configuring the Managed Server 4 This section describes tasks to set up the managed server to enhance your remote management capabilities. These tasks include installing the Dell Open Manage Server Administrator software and configuring the managed server to capture the last crash screen. Installing the Software on the Managed Server The Dell management software includes the following features: • RACADM CLI — Allows you to configure and administer iDRAC6.
Configuring the Managed Server to Capture the Last Crash Screen iDRAC6 can capture the last crash screen so that you can view it in the Web interface to help troubleshoot the cause of the managed server crash. Follow these steps to enable the last crash screen feature. 1 Install the managed server software. For more information, see the Dell OpenManage Server Administrator Installation Guide and the Dell OpenManage Management Station Software Installation Guide.
Disabling the Windows Automatic Reboot Option To ensure that iDRAC6 can capture the last crash screen, disable the Automatic Reboot option on managed servers running Windows Server or Windows Vista. 1 Open the Windows Control Panel and double-click the System icon. 2 Click the Advanced tab. 3 Under Startup and Recovery, click Settings. 4 Deselect the Automatically Reboot check box. 5 Click OK twice.
Configuring the Managed Server
Configuring iDRAC6 Enterprise Using the Web Interface 5 iDRAC6 provides a Web interface that enables you to configure iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. You would typically use the Web interface to perform your daily system management tasks. This chapter provides information about how to perform common systems management tasks with iDRAC6 Web interface and provides links to related information.
Accessing the Web Interface To access iDRAC6 Web interface, perform the following steps: 1 Open a supported Web browser window. 2 In the Address field, enter https:// and press . If the default HTTPS port number (port 443) has been changed, enter: https://: where iDRAC6-IP-address is the IP address for iDRAC6 and port-number is the HTTPS port number. iDRAC6 Log in window appears.
2 In the Password field, enter either your iDRAC6 user password, Active Directory user password, or LDAP password. Passwords are case-sensitive. 3 Click OK or press . Logging Out 1 In the upper-right corner of the main window, click Log out to close the session. 2 Close the browser window. NOTE: The Log out button does not appear until you log in. NOTE: Closing the browser without gracefully logging out may cause the session to remain active until the session timeout is reached.
Table 5-1. User Privilege Behavior in Supported Browsers Browser Tab Behavior Window Behavior Microsoft IE7 and IE8 From latest session opened New session Firefox 2 and Firefox 3 From latest session opened From latest session opened Configuring iDRAC6 NIC This section assumes that iDRAC6 has already been configured and is accessible on the network. See "Configure iDRAC6 Networking" on page 33 for help with the initial iDRAC6 network configuration.
Table 5-2. Network Settings (continued) Setting Description Enable NIC When checked, indicates that the NIC is enabled and activates the remaining controls in this group. When a NIC is disabled, all communication to and from iDRAC6 through the network is blocked. The default is Unchecked. Common Settings Register iDRAC6 on DNS Registers iDRAC6 name on the DNS server. DNS iDRAC6 Name Displays iDRAC6 name.
Table 5-2. Network Settings (continued) Setting Description Use DHCP to obtain DNS server addresses Select the DHCP Enable option to obtain DNS server addresses by selecting the Use DHCP to obtain DNS server addresses check box. When not using DHCP to obtain the DNS server addresses, provide the IP addresses in the Preferred DNS Server and Alternate DNS Server fields. Preferred DNS Server Allows you to enter or edit a static IP address for the preferred DNS server.
Table 5-2. Network Settings (continued) Setting Description Gateway Configures the static IPv6 gateway for iDRAC6 NIC. To change this setting, you must first disable Autoconfiguration Enable by deselecting the associated check box. Use DHCPv6 to Enable DHCP to obtain IPv6 DNS server addresses by selecting obtain DNS Server the Use DHCPv6 to obtain DNS Server addresses check box.
Table 5-4. VLAN Settings Button Description Enable VLAN ID Yes—Enabled. No—Disabled. If enabled, only matched Virtual LAN (VLAN) ID traffic is accepted. NOTE: The VLAN settings can only be configured through CMC Web Interface. iDRAC6 only displays the current enablement status; you can not modify the settings on this screen. VLAN ID VLAN ID field of 802.1g fields. Displays a value from 1 to 4094 except 4001 to 4020. Priority Priority field of 802.1g fields.
The Network Security screen appears. 4 Configure IP filtering and blocking settings as needed. See Table 5-6 for descriptions of the IP filtering and blocking settings. 5 Click Apply. 6 Click the appropriate button to continue. See Table 5-7. Table 5-6. IP Filtering and Blocking Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a range of IP addresses that can access iDRAC6. The default is Disabled.
Table 5-7. Network Security Buttons (continued) Button Description Apply Saves any new settings that you made to the Network Security screen. Go Back to Returns to the Network screen. Network Configuration Page Configuring Platform Events Platform event configuration provides a mechanism for configuring iDRAC6 to perform selected actions on certain event messages.
When a platform event occurs (for example, a Battery Probe Warning), a system event is generated and recorded in the System Event Log (SEL). If this event matches a platform event filter (PEF) that is enabled and you have configured the filter to generate an alert (PET or e-mail), then a PET or e-mail alert is sent to one or more configured destinations. If the same platform event filter is also configured to perform an action (such as rebooting the system), the action is performed.
Configuring Platform Event Traps (PET) NOTE: You must have Configure iDRAC permission to add or enable/disable an SNMP alert. The following options will not be available if you do not have Configure iDRAC permission. 1 Log in to iDRAC6 Web interface. 2 Ensure that you followed the procedures in "Configuring Platform Event Filters (PEF)" on page 89. 3 Click System, and then click the Alert Management tab. The Platform Events screen appears. 4 Click Trap Settings. The Trap Settings screen is displayed.
4 Click Email Alert Settings. The Email Alert Settings screen appears. 5 Configure your e-mail alert destination. a Select the Enabled check box for the first undefined e-mail alert. b Enter a valid e-mail address in the Destination Email Address field. c Click Apply. NOTE: To successfully send a test e-mail, the SMTP (Email) Server must be configured in the SMTP (Email) Server Address Settings section of the Email Alert Settings screen.
• If the field is "a string with @", and the DNS Domain Name is blank, then the source e-mail address is:@. e Click Send to test the configured e-mail alert (if desired). f To add an additional e-mail alert destination, repeat step a through step e. You may specify up to four e-mail alert destinations. Configuring IPMI Over LAN 1 Log in to iDRAC6 Web interface.
b Click the Serial Over LAN tab. c Select Enable Serial Over LAN. d Update the IPMI SOL Baud Rate, if needed, by selecting a data speed from the Baud Rate drop-down menu. NOTE: To redirect the serial console over the LAN, ensure that the SOL Baud Rate is identical to your managed server’s baud rate. e Click Apply. f Configure IP filtering and blocking settings as needed in the Advanced Settings page.
overwritten or deleted. When the PKA over SSH is set up and used correctly, you do not have to enter the password when logging into iDRAC6. This can be very useful for setting up automated scripts to perform various functions. When getting ready to set up this functionality, be aware of the following: • You can manage this feature with RACADM and also from the GUI. • When adding new public keys, ensure that the existing keys are not already at the index where the new key is added.
Generating Public Keys for Linux The ssh-keygen application for Linux clients is a command line tool with no graphical user interface. Open a terminal window and at the shell prompt, enter: ssh-keygen –t rsa –b 1024 –C testing NOTE: The options are case-sensitive. where, -t can be either dsa or rsa. –b specifies the bit encryption size between 768 and 4096. –C allows modifying the public key comment and is optional. After the command executes, upload the public file.
ssh username@ racadm getsel See "Uploading, Viewing, and Deleting SSH Keys Using RACADM" on page 270 for information on how to upload, view, and delete SSH keys using RACADM. Table 5-9. SSH Key Configurations Option Description Upload SSH Key(s) Allows the local user to upload a SSH public key file. If a key is uploaded, the content of the key file is displayed in a non-editable text box on the User Configuration page.
The View/Remove SSH Key(s) page enables you to view or remove the user's SSH public keys. Table 5-11. View/Remove SSH Key(s) Option Description Remove The uploaded key is displayed in the box. Select the Remove option and click Apply to delete the existing key. 1 If you select Configure User and click Next, the User Configuration page is displayed. 2 On the User Configuration screen, configure the user’s properties and privileges.
Table 5-12. General Properties (continued) Property Description User Name Specifies an iDRAC6 user name with up to 16 characters. Each user must have a unique user name. • 0-9 • A-Z • a-z • Special characters: + % = , - { ] ! ( ? ; _ } I # ) * : $ [ | § NOTE: If the user name is changed, the new name will not appear in the user interface until the next user login. Change Password Enables the New Password and Confirm New Password fields.
Table 5-13. IPMI LAN Privilege Property Description Maximum LAN User Privilege Granted Specifies the user’s maximum privilege on the IPMI LAN channel to one of the following user groups: None, Administrator, Operator, or User. Enable Serial Over LAN Allows the user to use IPMI Serial Over LAN. When Checked, this privilege is enabled. Table 5-14.
Table 5-14. Other Privilege (continued) Property Description Access Virtual Console Enables the user to run Virtual Console. CAUTION: This privilege is normally reserved for users who are members of the Administrator or Power User group on iDRAC. In addition to being able to use the Virtual Console, users with the Access Virtual Console privilege are allowed to view in the iDRAC6 Web interface the activities of anyone using the Virtual Console. For these reasons, assign this privilege carefully.
Table 5-16. User Configuration Buttons Button Action Print Prints the User Configuration values that appear on the screen. Refresh Reloads the User Configuration screen. Apply Saves any new settings made to the user configuration. Go Back To User Main Menu Returns to the User Main Menu screen.
The encryption process provides a high level of data protection. iDRAC6 employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America. iDRAC6 Web server has a Dell self-signed SSL digital certificate (Server ID) by default. To ensure high security over the Internet, replace the Web server SSL certificate with a certificate signed by a well-known Certificate Authority (CA).
Table 5-17. SSL Main Menu Options Field Description Generate a New Certificate Signing Request (CSR) Select the option and click Next to open the Generate Certificate Signing Request (CSR) screen. Upload Server Certificate Select the option and click Next to open the Certificate Upload screen and upload the certificate sent to you by the CA. NOTE: Each new CSR overwrites the previous CSR on the firmware.
3 Click Generate to create the CSR. 4 Click Download to save the CSR file to your remote management station. 5 Click the appropriate button to continue. See Table 5-20. Table 5-19. Generate Certificate Signing Request (CSR) Options Field Description Common Name The exact name being certified (usually the Web server's domain name, for example, www.xyzcompany.com). Only alphanumeric characters, spaces, hyphens, underscores, and periods are valid.
Table 5-20. Generate Certificate Signing Request (CSR) Buttons Button Description Print Prints the Generate Certificate Signing Request (CSR) values that appear on the screen. Refresh Reloads the Generate Certificate Signing Request (CSR) screen. Generate Generates a CSR and then prompts the user to save it to a specified directory. Download Downloads the certificate to the local computer. Go Back to SSL Main Menu Returns the user to the SSL screen.
Viewing a Server Certificate 1 On the SSL screen, select View Server Certificate and click Next. Table 5-22 describes the fields and associated descriptions listed in the View Server Certificate window. 2 Click the appropriate button to continue. See Table 5-23. Table 5-22.
Configuring and Managing Microsoft Active Directory Certificates NOTE: You must have Configure iDRAC permission to configure Active Directory and upload, download, and view an Active Directory certificate. NOTE: For more information about Active Directory configuration and how to configure Active Directory with the standard schema or an extended schema, see "Using iDRAC6 Directory Service" on page 121.
Table 5-25. Active Directory Buttons Button Definition Print Prints the Active Directory values that appear on the screen. Refresh Reloads the Active Directory screen. Configuring Active Directory (Standard Schema and Extended Schema) 1 On the Active Directory summary screen, click Configure Active Directory.
Table 5-26. Active Directory Configuration Settings (continued) Setting Description Current Active Directory CA Certificate Displays the Active Directory CA Certificate that was uploaded to iDRAC6. Step 2 of 4 Active Directory Configuration and Management Active Directory Enabled Select this option if you want to enable Active Directory. Enable Smart–Card Login Select this option to enable Smart Card login. You are prompted for a Smart Card logon during any subsequent logon attempts using the GUI.
Table 5-26. Active Directory Configuration Settings (continued) Setting Description User Domain Name Enter the User Domain Name entries. If configured, a list of user domain names appears on the login page as a drop-down menu. If not configured, Active Directory users can still log in by entering the user name in the format user_name@domain_name or domain_name\user_name. Add: Adds a new User Domain Name entry to the list. Edit: Modifies an existing User Domain Name entry.
Table 5-26. Active Directory Configuration Settings (continued) Setting Description Specify Domain Controller Addresses Select the Specify Domain Controller Addresses option to allow iDRAC6 to use the Active Directory Domain Controller server addresses that are specified. When this option is selected, DNS lookup is not performed. Specify the IP address or the Fully Qualified Domain Name (FQDN) of the domain controllers.
Table 5-26. Active Directory Configuration Settings (continued) Setting Description Standard Schema Selection Select this option if you want to use Standard Schema with Active Directory. Click Next to display the Step 4a of 4 Active Directory page. Select the Look Up Global Catalog Servers with DNS option and enter the Root Domain Name to use on a DNS lookup to obtain the Active Directory Global Catalog Servers. When this option is selected, Global Catalog Server Addresses 1-3 are ignored.
Table 5-27. Role Group Privileges Setting Description Role Group Privilege Level Specifies the user’s maximum iDRAC6 user privilege as one of the following: Administrator, Power User, Guest User, None, or Custom. See Table 5-28 for Role Group permissions. Login to iDRAC6 Allows the group login access to iDRAC6. Configure iDRAC6 Allows the group permission to configure iDRAC6. Configure Users Allows the group permission to configure users. Clear Logs Allows the group permission to clear logs.
Table 5-28. Role Group Permissions (continued) Property Description Custom Selects any combination of the following permissions: Login to iDRAC6, Configure iDRAC6, Configure Users, Clear Logs, Execute Server Control Commands, Access Virtual Console, Access Virtual Media, Test Alerts, Execute Diagnostic Commands None No assigned permissions Viewing an Active Directory CA Certificate On the Active Directory summary page, click Configure Active Directory.
Disabling Local Configuration Access 1 Click SystemRemote Access iDRAC6 Network/Security Services. 2 Under Local Configuration, click to select Disable iDRAC6 local USER Configuration Updates to disable access. 3 Click Apply. Configuring iDRAC6 Services NOTE: To modify these settings, you must have Configure iDRAC6 permission. NOTE: When you apply changes to services, the changes take effect immediately. Existing connections may be terminated without warning.
Table 5-30. Web Server Settings Setting Description Enabled Enables or disables iDRAC6 Web server. When Checked, indicates that the Web server is enabled. The default value is Checked. Max Sessions The maximum number of simultaneous Web server sessions allowed for this system. This field is not editable. There can be 4 simultaneous Web server sessions. Active Sessions The number of current sessions on the system, less than or equal to the Max Sessions. This field is not editable.
Table 5-32. Telnet Settings Setting Description Enabled Enables or disables Telnet. When Checked, Telnet is enabled. The default value is Unchecked. Max Sessions The maximum number of simultaneous Telnet sessions allowed for this system. 4 simultaneous Telnet sessions are supported. You can not edit this field. Active Sessions The number of current Telnet sessions on the system. You can not edit this field. Timeout The Telnet idle timeout, in seconds. Timeout range is 60 to 10800 seconds.
Updating iDRAC6 Firmware NOTE: If iDRAC6 firmware becomes corrupted, as could occur if iDRAC6 firmware update is interrupted before it completes, you can recover iDRAC6 using CMC. See your CMC Firmware User Guide for instructions. NOTE: The firmware update, by default, retains the current iDRAC6 settings. During the update process, you have the option to reset iDRAC6 configuration to the factory defaults.
NOTE: If you uncheck the Preserve Configuration check box, iDRAC6 resets to its default settings. In the default settings, the LAN is disabled. You will not be able to log in to iDRAC6 Web interface. You will have to reconfigure the LAN settings using CMC Web interface or Virtual Console using iDRAC6 Configuration Utility during BIOS POST. 6 By default the Preserve Configuration check box is Checked to preserve the current settings on iDRAC6 after an upgrade.
6 Click the Apply iDRAC6 Enterprise Update button below iDRAC6 component list. 7 Click Browse, browse to iDRAC6 firmware image you downloaded, and click Open. 8 Click Begin Firmware Update. After the firmware image file has been uploaded to CMC, iDRAC6 updates itself with the image. iDRAC6 Firmware Rollback iDRAC6 has the provision to maintain two simultaneous firmware images. You can choose to boot from (or rollback to) the firmware image of your choice.
Using iDRAC6 Directory Service 6 A directory service maintains a common database for storing information about users, computers, printers, etc. on a network. If your company uses either the Microsoft Active Directory or the LDAP Directory Service software, you can configure the software to provide access to iDRAC6, allowing you to add and control iDRAC6 user privileges to your existing users in your directory service.
Table 6-1. iDRAC6 User Privileges (continued) Privilege Description Execute Diagnostic Commands Enables the user to run diagnostic commands You can use Active Directory to log in to iDRAC6 using one of the following methods: • Web interface • Local RACADM • SSH or Telnet console for SM-CLP CLI The login syntax is the same for all three methods: or \ or / where username is an ASCII string of 1–256 bytes.
iDRAC6 uses the standard Public Key Infrastructure (PKI) mechanism to authenticate securely into the Active Directory; therefore, you would also require an integrated PKI into the Active Directory infrastructure. See the Microsoft website for more information on the PKI setup. To correctly authenticate to all the domain controllers, you also need to enable the Secure Socket Layer (SSL) on all domain controllers that iDRAC6 connects to.
Exporting the Domain Controller Root CA Certificate to iDRAC6 NOTE: If your system is running Windows 2000, the following steps may vary. NOTE: If you are using a standalone CA, the following steps may vary. 1 Locate the domain controller that is running the Microsoft Enterprise CA service. 2 Click StartRun. 3 In the Run field, enter mmc and click OK. 4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.
Importing iDRAC6 Firmware SSL Certificate NOTE: If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC6 Server certificate to the Active Directory Domain controller as well. This additional step is not required if the Active Directory does not perform a client authentication during an SSL session’s initialization phase.
Supported Active Directory Authentication Mechanisms You can use Active Directory to define user access on iDRAC6 through two methods: you can use the extended schema solution, which Dell has customized to add Dell-defined Active Directory objects. Or, you can use the standard schema solution, which uses Active Directory group objects only. See the sections that follow for more information about these solutions.
Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for our attributes and classes that are added into the directory service. • Dell extension is: dell • Dell base OID is: 1.2.840.113556.1.8000.
Figure 6-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization. Figure 6-1. Typical Setup for Active Directory Objects iDRAC Association Object User(s) Group(s) Privilege Object iDRAC Device Object(s) You can create as many or as few association objects as required.
Users, user groups, or nested user groups from any domain can be added into the Association Object. Extended Schema solutions support any user group type and any user group nesting across multiple domains allowed by Microsoft Active Directory. Accumulating Privileges Using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects.
For example, Priv1 has these privileges: Login, Virtual Media, and Clear Logs and Priv2 has these privileges: Login to iDRAC, Configure iDRAC, and Test Alerts. As a result, User1 now has the privilege set: Login to iDRAC, Virtual Media, Clear Logs, Configure iDRAC, and Test Alerts, which is the combined privilege set of Priv1 and Priv2.
Extending the Active Directory Schema Important: The schema extension for this product is different from the previous generations of Dell Remote Management products. You must extend the new schema and install the new Active Directory Users and Computers Microsoft Management Console (MMC) Snap-in on your directory. The old schema does not work with this product.
To use the LDIF files, see the instructions in the readme included in the LDIF_Files directory. To use the Dell Schema Extender to extend the Active Directory Schema, see "Using the Dell Schema Extender" on page 132. You can copy and run the Schema Extender or LDIF files from any location. Using the Dell Schema Extender CAUTION: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To ensure that the Dell Schema Extender utility functions properly, do not modify the name of this file.
Table 6-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.7.1.1 Description Represents the Dell iDRAC6 device. iDRAC6 must be configured as delliDRACDevice in Active Directory. This configuration enables iDRAC6 to send Lightweight Directory Access Protocol (LDAP) queries to Active Directory. Class Type Structural Class SuperClasses dellProduct Attributes dellSchemaVersion dellRacType Table 6-4. delliDRACAssociationObject Class OID 1.2.840.113556.1.8000.1280.1.7.1.
Table 6-5. dellRAC4Privileges Class (continued) OID 1.2.840.113556.1.8000.1280.1.1.1.3 Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights).
Table 6-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.2 List of dellRacDevice and DelliDRACDevice Objects that belong to this role.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsVirtualMediaUser 1.2.840.113556.1.8000.1280.1.1.2.9 TRUE TRUE if the user has Virtual Media rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsTestAlertUser 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE if the user has Test Alert User rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.
Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC6 devices, Users and User Groups, iDRAC6 Associations, and iDRAC6 Privileges.
3 Click Add/Remove Snap-in. 4 Select the Active Directory Users and Computers Snap-in and click Add. 5 Click Close and click OK. Adding iDRAC6 Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC6 users and privileges by creating iDRAC6, Association, and Privilege objects.
5 Click OK. 6 Right-click the privilege object that you created, and select Properties. 7 Click the Remote Management Privileges tab and select the privileges that you want the user or group to have (see Table 5-14). Creating an Association Object NOTE: iDRAC6 Association Object is derived from Group and its scope is set to Domain Local. 1 In the Console Root (MMC) window, right-click a container. 2 Select New Dell Remote Management Object Advanced. This opens the New Object window.
Adding Users or User Groups 1 Right-click the Association Object and select Properties. 2 Select the Users tab and click Add. 3 Enter the user or User Group name and click OK. Adding Privileges 1 Select the Privileges Object tab and click Add. 2 Enter the Privilege Object name and click OK. Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC6 device.
If you do not want to validate the SSL certificate of your Active Directory servers, skip to step 7. 6 Under Upload Active Directory CA Certificate, enter the file path of the certificate or browse to find the certificate file, and then click Upload. NOTE: You must enter the absolute file path which includes the full path, complete file name, and file extension.
NOTE: iDRAC6 does not failover to the specified domain controllers when DNS lookup fails, or none of the servers returned by the DNS lookup works. 12 Select the Specify Domain Controller Addresses option to allow iDRAC6 to use the Active Directory Domain Controller server addresses that are specified. DNS lookup is not performed. Specify the IP address or the FQDN of the domain controllers.
NOTE: You must have a DNS server configured properly on iDRAC6 to support Active Directory log in. Navigate to the Network screen (click System Remote Access iDRAC6 and then click the Network/Security Network tab) to configure DNS server(s) manually or use DHCP to get DNS server(s). You have completed the Active Directory configuration with Extended Schema.
racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0 In this case, you do not have to upload a CA certificate. If you want to enforce the certificate validation during SSL handshake, enter the following RACADM command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 1 In this case, you must upload a CA certificate using the following RACADM command: racadm sslcertupload -t 0x2 -f Using the following RACADM command may be optional.
racadm config -g cfgUserDomain -o cfgUserDomainName -i You can configure up to 40 user domains with index numbers between 1 and 40. See "Using iDRAC6 With Microsoft Active Directory" on page 121 for details about user domains. 5 Press Enter to complete the Active Directory configuration with Extended Schema.
On the Active Directory side, a standard group object is used as a role group. A user who has iDRAC6 access will be a member of the role group. To give this user access to a specific iDRAC6 card, the role group name and its domain name need to be configured on the specific iDRAC6 card. Unlike the extended schema solution, the role and the privilege level is defined on each iDRAC6 card, not in the Active Directory. Up to five role groups can be configured and defined in each iDRAC6.
If all of the login users and role groups, or any of the nested groups, are from multiple domains, then Global Catalog server addresses are required to be configured on iDRAC6. In this multiple domain scenario, all of the role groups and nested groups, if any, must be Universal Group type.
The certificate information for the Active Directory CA certificate that you uploaded appears in the Current Active Directory CA Certificate section. 7 Click Next. The Step 2 of 4 Active Directory Configuration and Management screen is displayed. 8 Select the Active Directory Enabled check box. 9 Select Enable smart card Login to enable Smart–Card login. You are prompted for a Smart–Card logon during any subsequent logon attempts using the GUI.
addresses one by one until it makes a successful connection. If Standard Schema is selected, these are the addresses of the domain controllers where the user accounts and the role groups are located. NOTE: iDRAC6 does not failover to the specified domain controllers when DNS lookup fails, or none of the servers returned by the DNS lookup works. 15 Click Next. The Step 3 of 4 Active Directory Configuration and Management screen is displayed.
20 Click a Role Group button to add a role group. The Step 4b of 4 Configure Role Group screen appears. 21 Enter the Group Name. The group name identifies the role group in the Active Directory associated with iDRAC6. 22 Enter the Group Domain. The Group Domain is the fully qualified root domain name for the forest. 23 In the Role Group Privileges section, set the group privileges. See Table 5-14 for information on role group privileges.
Configuring Active Directory With Standard Schema Using RACADM Use the following commands to configure iDRAC6 Active Directory Feature with Standard Schema using the RACADM CLI instead of the Web-based interface.
NOTE: At least one of the 3 addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located.
Using the following RACADM command may be optional. See "Importing iDRAC6 Firmware SSL Certificate" on page 125 for additional information.
After you finish configuring settings in iDRAC6 Web interface, click Test Settings at the bottom of the screen. You will be required to enter a test user's name (for example, username@domain.com) and password to run the test. Depending on your configuration, it may take some time for all of the test steps to complete and display the results of each step. A detailed test log will display at the bottom of the results screen.
Configuring Generic LDAP Directory Service Using iDRAC6 Web-Based Interface 1 Open a supported Web browser window. 2 Log in to iDRAC6 Web-based interface. 3 Expand the System tree and click Remote Access iDRAC6 Network/Security tab Directory Service Generic LDAP Directory Service. 4 The Generic LDAP Configuration and Management page displays the current iDRAC6 generic LDAP settings. Scroll to the bottom of the Generic LDAP Configuration and Management page, and click Configure Generic LDAP.
CAUTION: Ensure that CN = open LDAP FQDN is set (for example, CN= openldap.lab) in the subject field of the LDAP server certificate during certificate generation. The CN field in the server certificate should be set to match the LDAP server address field in iDRAC6 for certificate validation to work. 6 Under Upload Directory Service CA Certificate, type the file path of the certificate or browse to find the certificate file.
13 In the Bind DN field, enter the DN of a user used to bind to the server when searching for the login user’s DN. If not specified, an anonymous bind is used. 14 Enter the Bind Password to use in conjunction with the Bind DN. This is required if anonymous bind is not allowed. 15 In the Base DN to Search field, enter the DN of the branch of the directory where all searches should start. 16 In the Attribute of User Login field, enter the user attribute to search for. Default is UID.
22 In the Role Group Privileges section, specify the privileges associated with the group by selecting the Role Group Privilege Level. For example, if you select Administrator, all of the privileges are selected for that level of permission. 23 Click Apply to save Role Group settings. iDRAC6 Web server automatically returns you to the Step 3a of 3 Generic LDAP Configuration and Management page where your Role Group settings are displayed. 24 Configure additional Role Groups if required.
I have configured Active Directory for a domain present in Windows Server 2008 Active Directory and have made these configurations. A child or sub domain is present for the domain, the User and Group is present in the same child domain, and the User is a member of that Group. Now if I try to log in to iDRAC6 using the User present in the child domain, Active Directory Single Sign-On login fails. This may be because of the wrong Group type.
I enabled certificate validation but my Active Directory log in failed. I ran the diagnostics from the GUI and the test results show the following error message. What could the problem be and how do I fix it? ERROR: Can't contact LDAP server, error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: Please check the correct Certificate Authority (CA) certificate has been uploaded to iDRAC.
1 Ensure that you use the correct user domain name during a log in and not the NetBIOS name. 2 If you have a local iDRAC6 user account, log in to iDRAC6 using your local credentials. a Ensure that the Active Directory Enabled check box is selected in the Step 2 of 4 Active Directory Configuration and Management page. b If you have enabled certificate validation, ensure that you have uploaded the correct Active Directory root CA certificate to iDRAC6.
• Re-issue the server certificate to use an IP address in the Subject or Subject Alternative Name field so it matches the IP address configured in iDRAC6. • Disable certificate validation if you choose to trust this domain controller without certificate validation during the SSL handshake. Why does iDRAC6 enable certificate validation by default? iDRAC6 enforces strong security to ensure the identity of the domain controller that iDRAC6 connects to.
Miscellaneous Does iDRAC6 always use LDAP over SSL? Yes. All the transportation is over secure port 636 and/or 3269. During test settings, iDRAC6 does a LDAP CONNECT only to help isolate the problem, but it does not do an LDAP BIND on an insecure connection. Does iDRAC6 support the NetBIOS name? Not in this release.
Using iDRAC6 Directory Service
7 Configuring iDRAC6 for Single SignOn and Smart Card Login This section provides information to configure iDRAC6 for Smart Card login for local users and Active Directory users, and Single Sign-On (SSO) login for Active Directory users. iDRAC6 supports Kerberos based Active Directory authentication to support Active Directory Smart Card and Single Sign-On (SSO) logins.
You can also use the following RACADM time zone offset command to synchronize the time: racadm config -g cfgRacTuning -o cfgRacTuneTimeZoneOffset Prerequisites for Active Directory SSO and Smart Card Authentication The pre-requisites for both Active Directory SSO and Smart Card authentication are: • Configure iDRAC6 for Active Directory login. For more information, see "Using iDRAC6 Directory Service" on page 121. • Register iDRAC6 as a computer in the Active Directory root domain.
information between the server and the KDC. The ktpass tool allows UNIX–based services that support Kerberos authentication to use the interoperability features provided by a Windows Server Kerberos KDC service. The keytab obtained from the ktpass utility is made available to iDRAC6 as a file upload and is enabled to be a kerberized service on the network.
NOTE: It is recommended that you use the latest ktpass utility to create the keytab file. Also, while generating the keytab file, use lowercase letters for the idracname and the Service Principal Name. This procedure will produce a keytab file that you should upload to iDRAC6. NOTE: The keytab contains an encryption key and should be kept secure. For more information on the ktpass utility, see the Microsoft website at: http://technet.microsoft.com/en-us/library/cc779157(WS.10).
Using Active Directory SSO You can enable iDRAC6 to use Kerberos—a network authentication protocol—to enable single sign-on. For more information on setting up iDRAC6 to use the Active Directory single sign-on feature, see "Prerequisites for Active Directory SSO and Smart Card Authentication" on page 166. Configuring iDRAC6 to Use SSO 1 Open a supported Web browser window. 2 Log in to iDRAC6 Web interface. 3 In the system tree, select System Remote Access iDRAC6 Network/Security tab Network.
9 Select the Enable Active Directory check box. 10 Select Enable Single Sign-on if you want to log into iDRAC6 directly after logging into your workstation without entering your domain user authentication credentials, such as user name and password. To log into iDRAC6 using this feature, you should have already logged into your system using a valid Active Directory user account. Also you should have already configured the user account to log into iDRAC6 using the Active Directory credentials.
13 For standard schema: a In the Active Directory Step 4a of 4 screen, enter the IP Address of the Global Catalog Server or select the Look Up Global Catalog Servers with DNS option and enter the Root Domain Name to use for a DNS lookup to obtain the Active Directory Global Catalog Servers. b Click any of the Role Groups and add the Role Group information that your valid Active Directory user is a member. The Active Directory Step 4b of 4 screen is displayed.
Configuring Smart Card Authentication iDRAC6 supports the two factor authentication (TFA) feature by enabling Smart Card Logon. The traditional authentication schemes use user name and password to authenticate users. This provides minimal security. TFA, on the other hand, provides a higher-level of security by making the users provide two factors of authentication - what you have and what you know–what you have is the Smart Card, a physical device, and what you know–a secret code like a password or PIN.
8 Select Enable Smart–Card Login to enable Smart Card login. You are prompted for a Smart Card logon during any subsequent logon attempts using the GUI. 9 Add User Domain Name, and enter the IP address of the Domain Controller Server Address. Select Next. 10 Select Standard Schema Settings on Step 3 of 4 Active Directory Configuration and Management page. Select Next. 11 On Step 4a of 4 Active Directory page, enter the IP Address of the Global Catalog Server.
where IP address is the IP address for iDRAC6 and port number is the HTTPS port number. iDRAC6 Login page is displayed prompting you to insert the Smart Card. 2 Insert the Smart Card. 3 Enter the PIN and click Log in. You are logged into iDRAC6 with your credentials as set in Active Directory. NOTE: You need not keep your Smart Card in the reader to stay logged in. Frequently Asked Questions About SSO SSO login fails on Windows 7 and Windows Server 2008 R2.
Troubleshooting the Smart Card Logon in iDRAC6 Use the following tips to help you debug an inaccessible Smart Card: It takes nearly 4 minutes to log into iDRAC6 using Active Directory Smart Card login.
• For 64–bit Windows platforms, iDRAC6 authentication plug–in is not installed properly if a 64–bit version of Microsoft Visual C++ 2005 Redistributable Package is deployed. You need to deploy the 32–bit version of Microsoft Visual C++ 2005 Redistributable Package for the plug–in to install and run properly. • If you receive the following error message "Not able to load the Smart Card Plug–in.
offset. You can also use cfgRacTuneDaylightoffset to allow for daylight savings variation. This saves you from having to change the time on those two occasions every year when the daylight savings adjustments are made, or just allow for it in the above offset using "300" in the preceding example.
Configuring iDRAC6 for Single Sign-On and Smart Card Login
Viewing the Configuration and Health of the Managed Server 8 System Summary The System Summary page allows you to view your system's health and other basic iDRAC6 information at a glance and provides you with links to access the system health and information pages. Also, you can quickly launch common tasks from this page and view recent events logged in the System Event Log (SEL). To access the System Summary page, click System Properties tabSystem Summary.
• Host Name — The DNS hostname associated with the managed server • OS Name — The name of the operating system installed on the managed server NOTE: The OS Name field is populated only if Dell OpenManage Server Administrator is installed on the managed system. An exception to this are VMware operating system names which are displayed even if Server Administrator is not installed on the managed system. • System Revision — The chassis revision number.
For more information about Integrated Network Card, see the Hardware Owner’s Manual available on the Dell Support website at support.dell.com/manuals. Auto Recovery This section of iDRAC6 Web interface details the current mode of operation of the Auto Recovery feature of the managed server as set by Open Manage Server Administrator: • Recovery Action — Action to be performed when a system fault or hang is detected. Available actions are No Action, Hard Reset, Power Down, or Power Cycle.
IPv4 Settings • Enabled — Displays whether IPv4 protocol support is enabled or disabled NOTE: The IPv4 protocol option is enabled by default.
Embedded NIC MAC Addresses • NIC 1 — Displays the Media Access Control (MAC) address(es) of the embedded Network Interface Controller (NIC) 1. MAC addresses uniquely identify each node in a network at the Media Access Control layer. Internet Small Computer System Interface (iSCSI) NIC is a network interface controller with the iSCSI stack running on the host computer. Ethernet NICs support the wired Ethernet standard and plug into the system bus of the server.
Server Health Click System Properties tab System Summary Server Health section to view important information about the health of iDRAC6 and components monitored by iDRAC6. The Status column shows the status for each component. For a list of status icons and their meaning, see Table 19-3. Click the component name in the Component column for more detailed information about the component. NOTE: Component information can also be obtained by clicking the component name in the left pane of the window.
Temperatures The Temperatures screen displays the status and readings of the on–board ambient temperature probe. Minimum and maximum temperature thresholds for warning and failure states are shown, along with the current health status of the probe. NOTE: Depending on the model of your server, temperature thresholds for warning and failure states and/or the health status of the probe may not be displayed.
CPU The CPU screen reports the health of each CPU on the managed server. This health status is a roll-up of a number of individual thermal, power, and functional tests. POST The Post Code screen displays the last system post code (in hexadecimal) prior to booting the operating system of the managed server. Misc Health The Misc Health screen provides access to the following system logs: • System Event Log — Displays system-critical events that occur on the managed system.
Configuring and Using Serial Over LAN 9 Serial Over LAN (SOL) is an IPMI feature that allows a managed server’s text based console data that would traditionally be sent to the serial I/O port to be redirected over iDRAC6’s dedicated Out of Band Ethernet management network. The SOL out-of-band console enables system administrators to remotely manage the blade server’s text-based console from any location with network access.
Serial communication is off by default in BIOS. In order to redirect the host text console data to Serial over LAN, you must enable Virtual Console via COM1. To change the BIOS setting, perform the following steps: 1 Boot the managed server. 2 Press to enter the BIOS setup utility during POST. 3 Scroll down to Serial Communication and press .
4 Select a privilege level limit for Serial Over LAN. NOTE: Ensure that the SOL baud rate is identical to the Failsafe Baud Rate that was set in BIOS. 5 Click Apply if you have made any changes. Table 9-1. Serial Over LAN Configuration Settings Setting Description Enable Serial Over LAN When selected, the check box indicates that Serial Over LAN is enabled. Baud Rate Indicates the data speed. Select a data speed of 9600 bps, 19.2 kbps, 57.6 kbps, or 115.2 kbps.
Table 9-3. Serial Over LAN Configuration Advanced Settings Setting Description Character Accumulate Interval The typical amount of time iDRAC6 waits before sending a partial SOL data packet. This parameter is specified in milliseconds. Character Send Threshold Specifies the number of characters per SOL data packet.
8 Click Services to open the Services screen. NOTE: SSH and Telnet programs both provide access on a remote machine. 9 Click Enabled on either SSH or Telnet as required. 10 Click Apply. NOTE: SSH is a recommended method due to better security and encryption mechanisms. NOTE: SSH/Telnet session duration can be infinite as long as the timeout value is set to 0. The default timeout value is 1800 seconds.
See "Installing Telnet or SSH Clients" on page 71 for more information about using Telnet and SSH clients with iDRAC6. Model for the SOL Proxy Telnet Client (port 623) WAN connection SOL Proxy iDRAC6 server When the SOL Proxy communicates with the Telnet client on a management station, it uses the TCP/IP protocol. However, SOL proxy communicates with the managed server's iDRAC6 over the RMCP/IPMI/SOL protocol, which is a UDP-based protocol.
When you are ready to quit SOL redirection, press , , and then (press the keys in sequence, one after the other). The SOL session will close accordingly. The escape sequence is also printed on screen as soon as a SOL session is connected. When the managed server is off, it takes a bit longer to establish the SOL session. NOTE: If a SOL session is not closed successfully in the utility, more SOL sessions may not be available.
Using SOL over Telnet with Linux To start SOL from Telnet on a Linux management station, follow these steps: NOTE: If required, you can change the default Telnet timeout at System Remote Access iDRAC6 Network/Security Services. 1 Start a shell. 2 Connect to iDRAC6 with the following command: telnet NOTE: If you have changed the port number for the Telnet service from the default (port 23), add the port number to the end of the Telnet command.
Using SOL over IPMItool The Dell Systems Management Tools and Documentation DVD provides the IPMItool which can be installed on various operating systems. See the Software Quick Installation Guide for installation details. To start SOL with IPMItool on a management station, follow these steps: NOTE: If required, you can change the default SOL timeout at System Remote Access iDRAC6 Network/Security Services. 1 Locate IPMItool.exe under the proper directory.
Opening SOL with SOL proxy Serial-Over-LAN Proxy (SOL Proxy) is a Telnet daemon that allows LANbased administration of remote systems using the Serial over LAN (SOL) and IPMI protocols. Any standard Telnet client application, such as HyperTerminal on Microsoft Windows or Telnet on Linux, can be used to access the daemon's features. SOL can be used either in the menu mode or command mode.
The installation program copies the files to the following locations on Linux Enterprise Operating Systems: /etc/init.d/SOLPROXY.cfg /etc/SOLPROXY.cfg /usr/sbin/dsm_bmu_solproxy32d /usr/sbin/solconfig /usr/sbin/ipmish Initiating the SOL Proxy session For Windows 2003 To start the SOL Proxy service on Windows system after installation, you can reboot the system (SOL Proxy automatically starts on a reboot).
Using Telnet with SOL Proxy This assumes that the SOL Proxy service is already up and running on the management station. For Windows 2003: 1 Open a command prompt window on your management station. 2 Enter the telnet command in the command-line and provide localhost as the IP address if the SOL Proxy server is running in the same machine and the port number that you specified in the SOL Proxy installation (the default value is 623).
Connecting to the Remote Managed System's BMC After a SOL Proxy session is established successfully, you are presented with the following choices: 1. Connect to the Remote Server's BMC 2. Configure the Serial-Over-LAN for the Remote Server 3. Activate Virtual Console 4. Reboot and Activate Virtual Console 5. Help 6. Exit NOTE: While multiple SOL sessions can be active at the same time, only one Virtual Console session can be active at any given time for a managed system.
The SOL configuration menu appears. According to the current SOL status, the content of the SOL configuration menu varies: • If SOL is already enabled, the current settings are displayed and you are presented with three choices: 1. Disable Serial-Over-LAN 2. Change Serial-Over-LAN settings 3. Cancel • If SOL is enabled, ensure that the SOL baud rate is consistent with iDRAC6's and that the user has the administrator privilege.
Operating System Configuration Complete the steps below to configure generic Unix-like operating systems. This configuration is based on default installations of Red Hat Enterprise Linux 5.0, SUSE Linux Enterprise Server 10 SP1, and Windows 2003 Enterprise. Linux Enterprise Operating System 1 Edit the /etc/inittab file to enable hardware flow control and to allow users to log in through the SOL console. Add the line below to the end of #Run gettys in standard runlevels section.
Example of modified /etc/inittab: ______________________________________________________________ # # inittab This file describes how the INIT process should set up # the system in a certain run-level.
______________________________________________________________ Example of modified /etc/securetty: ______________________________________________________________ Console ttyS0 vc/1 vc/2 vc/3 vc/4 SKIP the rest of file ______________________________________________________________ 3 Edit the /boot/grub/grub.conf or /boot/grub/menu.list file to add boot options for SOL: a b Comment out the graphical display lines in the various Unix-like operating systems: • splashimage=(had0,0)/grub/splash.xpm.
Example of original /boot/grub/grub.conf in RHEL 5: ______________________________________________________________ # grub.conf generated by anaconda # # Note that you do not have to return grub after making changes to this # file # NOTICE: You have a /boot partition. This means that # eg. all kernel and initrd paths are relative to /boot/, # root (hd0,0) # kernel /vmlinux-version ro root= /dev/VolGroup00/LogVol00 # initrd /initrd-version.
# all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinux-version ro root= /dev/VolGroup00/LogVol00 # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 #splashimage=(hd0,0)/grub/splash.xpm/gz hiddenmenu # Redirect the OS boot via SOL title Red Hat Enterprise Linux 5 SOL redirection root (hd0,0) kernel /vmlinuz-2.6.18-8.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet console=tty1 console=ttyS0,115200 initrd /initrd-2.6.18-8.el5.
Example of modified /boot/grub/menu.list in SLES 10: ______________________________________________________________ #Modified by YaST2. Last modification on Sat Oct 11 21:52:09 UTC 2008 Default 0 Timeout 8 #gfxmenu (hd0.5)/boot/message ###Don't change this comment - YaST2 identifier: Original name: linux### title SUSE Linux Enterprise Server 10 SP1 SOL redirection root (hd0,5) kernel /boot/vmlinux-2.6.16-46-0.
Example of original bootcfg setting: ______________________________________________________________ Boot Loader Settings -------------------timeout:30 default:multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Boot Entries -----------Boot entry ID: 1 Os Friendly Name: Winodws Server 2003, Enterprise Path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS OS Load Options: /redirect /nonexecute=optout /fastdetect /usepmtimer ______________________________________________________________ Example of modified bootcfg s
Configuring and Using Serial Over LAN
Using GUI Virtual Console 10 This section provides information about using iDRAC6 Virtual Console feature. Overview iDRAC6 Virtual Console feature enables you to remotely access local consoles in graphic or text mode, allowing you to control one or more iDRAC6enabled systems from a single location.
second user. During the time that two sessions are concurrently active, the first user sees a message in the upper-right corner of the screen that identifies that the second user has an active session. If the neither the first or second user has administrator privileges, termination of the first user's active session automatically results in termination of the second user's session.
You can also run javaws -uninstall at the command prompt to remove all applications from the cache. Supported Screen Resolutions and Refresh Rates Table 10-1 lists the supported screen resolutions and corresponding refresh rates for a Virtual Console session that is running on the managed server. Table 10-1.
a In Internet Explorer, go to Tools Internet Options Security Trusted sites Custom level. NOTE: For Windows 7 64-bit, click Tools Internet Options Security Internet Custom level. b In the Security Settings window, select the Disable option for Automatic prompting for file downloads. c Click OK, and again click OK.
Table 10-2. Virtual Console Configuration Properties (continued) Property Description Active Sessions Displays the number of Active Console sessions. This field is read-only. Keyboard and Mouse Port The network port number used for connecting to the Number Virtual Console Keyboard/Mouse option. This traffic is always encrypted. You may need to change this number if another program is using the default port. The default is 5900.
Table 10-2. Virtual Console Configuration Properties (continued) Property Description Console Plug-In Type for IE When using Internet Explorer on a Windows operating system, you can choose from the following viewers: ActiveX - The ActiveX Virtual Console viewer Java - Java Virtual Console viewer NOTE: Depending on your version of Internet Explorer, additional security restrictions may need to be turned off (see "Configuring and Using Virtual Media" on page 251).
NOTE: Virtual Console launch from a Windows Vista management station may lead to Virtual Console restart messages. To avoid this, set the appropriate timeout values in the following locations: Control PanelPower OptionsPower SaverAdvanced Settings Hard Disk Turnoff Hard Disk After and in the Control Panel Power Options High–Performance Advanced Settings Hard Disk Turnoff Hard Disk After .
Table 10-4. Virtual Console Information (continued) Property Description Console Plug-in Type Shows the plug-in type currently configured. ActiveX — An Active-X viewer will be launched. Active-X viewer will only work on Internet Explorer while running on a Windows Operating System. Java — A Java viewer will be launched. The Java viewer can be used on any browser including Internet Explorer. If your client runs on an operating system other than Windows, then you must use the Java Viewer.
NOTE: If one or more Security Alert windows appear in the following steps, read the information in the window and click Yes to continue. The management station connects to iDRAC6 and the remote system’s desktop appears in iDRACView. 4 Two mouse pointers appear in the viewer window: one for the remote system and one for your local system. You must synchronize the two mouse pointers so that the remote mouse pointer follows your local mouse pointer. See "Synchronizing the Mouse Pointers" on page 222.
Using the Video Viewer The Video Viewer provides a user interface between the management station and the managed server, allowing you to see the managed server’s desktop and control its mouse and keyboard functions from your management station. When you connect to the remote system, the Video Viewer starts in a separate window. NOTE: The Virtual Console title bar displays the DNS name or the IP address of the iDRAC you are connected to from the management station.
Table 10-7. Viewer Menu Bar Selections (continued) Menu Item Item Description Keyboard Hold Right Alt Select this item before typing keys you want to Key combine with the right key. Hold Left Alt Key Select this item before typing keys you want to combine with the left key. Left Windows Key Select Hold Down before typing characters you want to combine with the left Windows key. Select Press and Release to send a left Windows key keystroke.
Table 10-7. Viewer Menu Bar Selections (continued) Menu Item Item Description Macros When you select a macro, or enter the hotkey specified for the macro, the action is executed on the remote system.
Table 10-7. Viewer Menu Bar Selections (continued) Menu Item Item Description Options Color Mode Allows you to select a color depth to improve performance over the network. For example, if you are installing software from virtual media, you can choose the lowest color depth, so that less network bandwidth is used by the Virtual Console viewer leaving more bandwidth for transferring data from the media. The color mode can be set to 15-bit color and 7-bit color.
Table 10-7. Viewer Menu Bar Selections (continued) Menu Item Item Description Help About iDRACView Displays iDRACView Version. Synchronizing the Mouse Pointers When you connect to a remote Dell PowerEdge system using Virtual Console, the mouse acceleration speed on the remote system may not synchronize with the mouse pointer on your management station, causing two mouse pointers to appear in the Video Viewer window. To synchronize the mouse pointers click Mouse Synchronize cursor or press .
2 Click System, click the Virtual Console/Media tab, and then click Configuration. 3 If you want to disable (turn off) local video on the server, in the Configuration screen, deselect Local Server Video Enabled and then click Apply. The default value is Enabled (checked). 4 If you want to enable (turn on) local video on the server, in the Configuration screen, select Local Server Video Enabled and then click Apply. The Virtual Console screen displays the status of the Local Server Video.
General Error Scenarios Table 10-8 lists general error scenarios, the reasons for those errors, and iDRAC6 behavior. Table 10-8. Error Scenarios Error Scenarios Reason Behavior Login failed You have entered either an invalid user name or an incorrect password. Same behavior when https:// is specified and login fails. Insufficient Privileges You do not have Virtual Console and virtual media privileges.
Table 10-9. Using Virtual Console: Frequently Asked Questions (continued) Question Answer Why does it take 15 seconds to turn off It gives a local user an opportunity to take the local video on the server after any action before the video is switched off. requesting to turn off the local video? Is there a time delay when turning on the local video? No, once a local video turn ON request is received by iDRAC6 the video is turned on instantly.
Table 10-9. Using Virtual Console: Frequently Asked Questions (continued) Question Answer How can I get the current status of the The status is displayed on the Virtual local server video? Console and Virtual Media screen of iDRAC6 Web interface. The RACADM CLI command racadm getconfig –g cfgRacTuning displays the status in the object cfgRacTuneLocalServerVideo. This racadm command can be executed from Telnet/SSH or a remote session to iDRAC6.
Table 10-9. Using Virtual Console: Frequently Asked Questions (continued) Question Answer Why doesn’t the mouse sync in DOS when performing Virtual Console? The Dell BIOS is emulating the mouse driver as a PS/2 mouse. By design, the PS/2 mouse uses relative position for the mouse pointer, which causes the lag in syncing. iDRAC6 has a USB mouse driver, which allows absolute position and closer tracking of the mouse pointer.
Table 10-9. Using Virtual Console: Frequently Asked Questions (continued) Question Answer Why can't I use a keyboard or mouse while installing a Microsoft operating system remotely by using iDRAC6 Virtual Console? When you remotely install a supported Microsoft operating system on a system with Virtual Console enabled in the BIOS, you receive an EMS Connection Message that requires that you select OK before you can continue. You cannot use the mouse to select OK remotely.
Table 10-9. Using Virtual Console: Frequently Asked Questions (continued) Question Answer What are the minimum system requirements for my management station to run Virtual Console? The management station requires an Intel Pentium III 500 MHz processor with at least 256 MB of RAM. After launching the Virtual Console, I can only use the mouse on the Virtual Console and not on my local system.
Using GUI Virtual Console
11 Configuring the vFlash SD Card and Managing vFlash Partitions The vFlash SD card is a Secure Digital (SD) card that plugs into the optional iDRAC6 Enterprise card slot at the back corner of the system. It provides storage space that behaves like a common USB Flash Key device. It is the storage location for user-defined partition(s) that can be configured to be exposed to the system as a USB device and also used to create a bootable USB device.
NOTE: You can only perform a single vFlash operation at a time. The first operation must be completed before you perform another vflash operation. For example, if you start a create from image operation using RACADM, you cannot perform a create, download, or format operation using RACADM or GUI. You must wait until the operation is complete before performing the next vFlash operation. Installing a vFlash or Standard SD Card 1 Remove the blade from the chassis.
Removing a vFlash or Standard SD Card To remove the vFlash or standard SD card, push inward on the card to release it, and pull the card from the card slot. Configuring vFlash or Standard SD Card Using iDRAC6 Web Interface After you install the vFlash or standard SD card, you can view its properties, enable or disable vFlash, and initialize the card. The card must be enabled to perform partition management. When the card is disabled, you can only view its properties.
Table 11-1. SD Card Properties (continued) Attribute Description Available Space Displays the unused space on the SD card in MB. This space is available to create more partitions on the vFlash SD card. If the inserted SD card is uninitialized, then the available space displays that the card is uninitialized. Write Protected Displays whether the card is write-protected or not. Health Displays the overall health of the SD card.
If you click any option on the vFlash pages when an application such as WSMAN provider, iDRAC6 Configuration Utility, or RACADM is using vFlash, or if you navigate to some other page in the GUI, iDRAC6 may display the following message. SD card is temporarily unavailable. To retry, click Refresh. Configuring vFlash or Standard SD Card Using RACADM You can view and configure the vFlash or standard SD card using RACADM commands from local, remote, or Telnet/SSH console.
racadm config -g cfgvFlashsd -o cfgvflashSDEnable 0 NOTE: The RACADM command functions only if a vFlash or standard SD card is present. If a card is not present, the following message is displayed: ERROR: SD Card not present. Initializing the vFlash or Standard SD Card Open a telnet/SSH/Serial console to the server, log in, and enter the following command: racadm vflashsd initialize All existing partitions are deleted and the card is reset.
Managing vFlash Partitions Using iDRAC6 Web Interface You can perform the following: • Create an empty partition • Create a partition using an image file • Format a partition • View available partitions • Modify a partition • Attach/Detach a partition • Delete existing partitions • Download the contents of a partition • Boot to a partition Creating an Empty Partition An empty partition is similar to an empty USB key. You can create empty partitions on a vFlash or standard SD card.
• The card is write-protected. • The label name matches the label of an existing partition. • A non-integer value is entered for the partition size, the value exceeds the available space on the card, or the requested partition size is greater than 4GB. • An initialize operation is already being performed on the card. NOTE: The new partition is unformatted (RAW). Table 11-2. Create Empty Partition Page Options Field Description Index Select a partition index.
Creating a Partition Using an Image File You can create a new partition on vFlash or standard SD card using an image file (available in the .img or .iso format.) You can create a partition of type Floppy, Hard Disk, or CD. The created partition is read-only. NOTE: You must have Access Virtual Media privileges to create partitions. The size of the newly created partition is equal to the image file size. The image file size must be: • Less than or equal to the available space on the card.
An error message is displayed if: • The card is write-protected. • The label name matches the label of an existing partition. • The size of the image file is greater than 4GB or exceeds the available space on the card. • The image file does not exist or the image file extension is neither .img nor .iso. • An initialize operation is already being performed on the card. Table 11-3. Create Partition from Image File Page Options Field Description Index Select a partition index.
NOTE: You must have Access Virtual Media privileges to format partitions. Before formating the partition, ensure the following: • The card is enabled. • The partition is not attached. • The card is not write-protected. • An initialize operation is not already being performed on the card. To format vFlash partition: 1 On the iDRAC6 Web interface, select SystemvFlash tabFormat subtab. The Format page is displayed. 2 Enter the information mentioned in Table 11-4. 3 Click Apply.
Viewing Available Partitions Ensure that the vFlash or standard SD card is enabled to view the list of available partitions. To view the available partitions on the card: 1 On the iDRAC6 Web interface, select SystemvFlashManage subtab. The Manage Partitions page lists the available partitions. 2 For each partition, you can view the information mentioned in Table 11-5. Table 11-5. Viewing Available Partitions Field Description Index Partitions are indexed from 1 to 16.
Modifying a Partition Ensure that the card is enabled to modify the partition. NOTE: You must have Access Virtual Media privileges to modify a vFlash partition. You can change a read-only partition to read-write or vice-versa. To do this: 1 On the iDRAC6 Web interface, select SystemvFlash tabManage subtab. The Manage Partitions page is displayed.
Before attaching or detaching a partition, ensure the following: • The card is enabled. • An initialize operation is not already being performed on the card. To attach or detach partitions: 1 On the iDRAC6 Web interface, select SystemvFlash tabManage subtab. The Manage Partitions page is displayed. 2 In the Attached column, select the checkbox for the partition(s) that you want to attach or clear the checkbox for the partition(s) that you want to detach.
Deleting Existing Partitions NOTE: You can delete existing partitions for the vFlash or standard SD card. Before deleting existing partition(s), ensure the following: • The card is not write-protected. • The partition is not attached. • An initialize operation is not already being performed on the card. NOTE: You must have Access Virtual Media privileges to modify a partition. To delete an existing partition: 1 On the iDRAC6 Web interface, select SystemvFlash tabManage subtab.
4 Specify the location to save the file. If only the folder location is specified, then the partition label is used as the file name, along with the extension .iso for CD type partitions and .img for floppy and hard-disk type partitions. 5 Click Save. The contents of the selected partition are downloaded to the specified location. Booting to a Partition You can set an attached vFlash partition as the boot device for the next boot operation. The vFlash partition must contain a bootable image (in the .
Managing vFlash Partitions Using RACADM You can use the vFlashPartition subcommand to create, delete, list, or view the status of partitions on an already initialized vFlash or standard SD card. The format is: racadm vflashpartition NOTE: You must have Access Virtual Media privileges to perform vFlash partition management. Valid Options: -i Index of the partition for which this command applies. must be an integer from 1 to 16.
-t Create a partition of type . must be: • empty - Create an empty partition. • -s - Partition size in MB. • -f - Format type for the partition based on the type of file system. Valid options are RAW, FAT16, FAT32, EXT2, or EXT3. • image - Create a partition using an image file. The following options are valid with the image type: • -l - Specifies the remote path relative to the iDRAC.
Deleting a Partition • To delete a partition: racadm vflashpartition delete -i 1 • To delete all partitions, re-initialize the vFlash SD card. For information, see "Initializing the vFlash or Standard SD Card" on page 236.
Attaching or Detaching a Partition • To attach a partition: racadm config –g cfgvflashpartition cfgvflashPartitionAttachState 1 • –i 1 –o To detach a partition: racadm config –g cfgvflashpartition cfgvflashPartitionAttachState 0 –i 1 –o Modifying a Partition • To change a read-only partition to read-write: racadm config –g cfgvflashpartition cfgvflashPartitionAccessType 1 • –i 1 –o To change a read-write partition to read-only: racadm config –g cfgvflashpartition cfgvflashPartitionAccessType 0 –i
12 Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the Virtual Console viewer, provides the managed server access to media connected to a remote system on the network. Figure 12-1 shows the overall architecture of Virtual Media. Figure 12-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual Media requires a minimum available network bandwidth of 128 Kbps. Virtual Media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
Depending on your version of Internet Explorer, a custom security setting for ActiveX may be required: 1 Start Internet Explorer. 2 Click Tools Internet Options, and then click the Security tab. 3 Under Select a Web content zone to specify its security settings, click to select the desired zone. 4 Under Security level for this zone, click Custom Level. The Security Settings window appears.
Configuring Virtual Media 1 Log in to iDRAC6 Web interface. 2 Click System Virtual Console/Media Configuration. 3 In the Virtual Media section, select values for the settings. See Table 12-2 for information on Virtual Media configuration values. 4 Click Apply to save your settings. An alert dialog appears with the following message: You are about to change device configuration. All existing redirection sessions will be closed. Do you want to continue? 5 Click OK to continue.
Table 12-2. Virtual Media Configuration Values (continued) Attribute Value Floppy Emulation Indicates whether the Virtual Media appears as a floppy drive or as a USB key to the server. If Floppy Emulation is selected, the Virtual Media device appears as a floppy device on the server. If it is deselected, it appears as a USB Key drive. NOTE: On certain Windows Vista and Red Hat Enterprise Linux environments, you may not be able to virtualize a USB with Floppy Emulation enabled.
NOTE: Virtual Media may not function properly on Windows operating system clients that are configured with Internet Explorer Enhanced Security. To resolve this issue, see your Microsoft operating system documentation or contact your administrator. 4 Click Launch Virtual Console. NOTE: On Linux, the file jviewer.jnlp is downloaded to your desktop and a dialog box will ask what to do with the file.
9 Click the Connect button next to each selected media type. The media is connected and the Status window is updated. 10 Click Close. NOTE: Whenever a Virtual Media session is initiated or a vFlash is connected, an extra drive named "LCDRIVE" is displayed on the host operating system and the BIOS. The extra drive disappears when the vFlash or the Virtual Media session is disconnected. Disconnecting Virtual Media 1 Select Media Virtual Media Wizard. The Media Redirection Wizard appears.
The managed server attempts to boot from a bootable device based on the boot order. If the virtual device is connected and a bootable media is present, the system boots to the virtual device. Otherwise, the system overlooks the device—similar to a physical device without bootable media. Installing Operating Systems Using Virtual Media This section describes a manual, interactive method to install the operating system on your management station that may take several hours to complete.
Frequently Asked Questions Table 12-3 lists frequently asked questions and answers. Table 12-3. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my Virtual Media client connection drop. Why? When a network time-out occurs, iDRAC6 firmware drops the connection, disconnecting the link between the server and the Virtual Drive.
Table 12-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer An installation of the Windows operating system seems to take too long. Why? If you are installing the Windows operating system and have a slow network connection, the installation procedure may require an extended amount of time to access iDRAC6 Web interface due to network latency. While the installation window does not indicate the installation progress, the installation procedure is in progress.
Table 12-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer How can I make my USB key bootable? Search support.dell.com for the Dell Boot Utility, a Windows program you can use to make your Dell USB key bootable. You can also boot with a Windows 98 startup disk and copy system files from the startup disk to your USB key. For example, from the DOS prompt, enter the following command: sys a: x: /s where x: is the USB key you want to make bootable.
Table 12-3. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy device on a system running Red Hat Enterprise Linux or the SUSE Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
13 Using the RACADM Command Line Interface The RACADM command line interface (CLI) provides access to iDRAC6 management features on the managed server. RACADM provides access to most of the features on iDRAC6 Web interface. RACADM can be used in scripts to ease configuration of multiple servers, instead of using the Web interface, which, is more useful for interactive management.
CAUTION: The latest iDRAC6 firmware supports only the latest RACADM version. You may encounter errors if you use an older version of RACADM to query iDRAC6 with the latest firmware. Install the RACADM version shipped with your latest Dell OpenManage DVD media. RACADM Subcommands Table 13-1 provides a description of each RACADM subcommand that you can run in RACADM.
Table 13-1. RACADM Subcommands (continued) Command Description getsysinfo Displays information about iDRAC6 and the managed server, including IP configuration, hardware model, firmware versions, and operating system information. gettracelog Displays iDRAC6 trace log. If used with -i, the command displays the number of entries in iDRAC6 trace log. help Lists iDRAC6 subcommands. help Lists usage statement for the specified subcommand.
Table 13-1. RACADM Subcommands (continued) Command Description sslcertdownload Downloads a CA certificate. sslcertupload Uploads a CA certificate or server certificate to iDRAC6. sslcertview Views a CA certificate or server certificate in iDRAC6. sslcsrgen Generates and downloads the SSL CSR. testemail Forces iDRAC6 to send an e-mail over iDRAC6 NIC. testtrap Forces iDRAC6 to send an SNMP alert over iDRAC6 NIC.
Without options, the RACADM command displays general use information. To display the RACADM subcommand list, enter: racadm help or racadm getconfig -h The subcommand list includes all RACADM commands that are supported by iDRAC6. To get help for a subcommand, enter: racadm help The command displays the syntax and command-line options for the subcommand. Using the RACADM Utility to Configure iDRAC6 This section describes how to use RACADM to perform various iDRAC6 configuration tasks.
Managing iDRAC6 Users with RACADM NOTE: Use caution when using the racresetcfg command, as all configuration parameters are reset to the original defaults. Any previous changes are lost. NOTE: If you are configuring a new iDRAC6 or if you ran the racadm racresetcfg command, the only current user is root with the password calvin. NOTE: Users can be enabled and disabled over time. As a result, a user may have a different index number on each iDRAC6.
Adding an iDRAC6 User To add a new user to iDRAC6, perform the following steps: 1 Set the user name. 2 Set the password. 3 Set the Login to iDRAC6 user privilege. 4 Enable the user.
Table 13-2. Bit Masks for User Privileges (continued) User Privilege Privilege Bit Mask Clear Logs 0x00000008 Execute Server Control Commands 0x00000010 Access Virtual Console 0x00000020 Access Virtual Media 0x00000040 Test Alerts 0x00000080 Execute Debug Commands 0x00000100 For example, to allow the user Configure iDRAC6, Configure Users, Clear Logs, and Access Virtual Console privileges, add the values 0x00000002, 0x00000004, 0x00000008, and 0x00000010 to construct the bitmap 0x0000002E.
View The view mode allows the user to view a key specified by the user or all keys. racadm sshpkauth -i <2 to 16> -v -k <1 to 4> racadm sshpkauth -i <2 to 16> -v -k all Delete The delete mode allows the user to delete a key specified by the user or all keys. racadm sshpkauth -i <2 to 16> -d -k <1 to 4> racadm sshpkauth -i <2 to 16> -d -k all CAUTION: This privilege is normally reserved for users who are members of the Administrator user group on iDRAC.
racadm testemail -i 2 (-i 2 is for the index entry #2 in the e–mail alert table) NOTE: Ensure that the SMTP and E-mail Alert settings are configured before testing the e-mail alert feature. See "Configuring E-Mail Alerts" on page 90 for more information. Testing iDRAC6 SNMP Trap Alert Feature iDRAC6 SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed server.
racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.255.0 racadm config -g cfgLanNetworking -o cfgNicGateway 192.168.0.120 racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 192.168.0.5 racadm config -g cfgLanNetworking -o cfgDNSServer2 192.168.0.
Configuring IPMI Over LAN 1 Configure IPMI over LAN by entering the following command: racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications.
a Update the IPMI SOL minimum privilege level using the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolMinPrivilege where is one of the following: • 2 (User) • 3 (Operator) • 4 (Administrator) For example, to configure the IPMI privileges to 2 (User), enter the following command: racadm config -g cfgIpmiSol -o cfgIpmiSolMinPrivilege 2 NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate is identical to your managed server’s baud rate.
Configuring PEF You can configure the action you wish iDRAC6 to take for each platform alert. Table 13-3 lists the possible actions and the value to identify them in RACADM. Table 13-3. Platform Event Action Action Value No action 0 Power off 1 Reboot 2 Power Cycle 3 Configure PEF actions using the following command: racadm config -g cfgIpmiPef -o cfgIpmiPefAction -i where is the PEF index (Table 5-8), and is a value from Table 13-3.
3 Configure your PET policy using the following command: racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIPAddr -i where is the PET destination index and is the destination IP address of the system that receives the platform event alerts. 4 Configure the Community Name string. At the command prompt, enter: racadm config -g cfgIpmiLan -o cfgIpmiPetCommunityName where is the PET Community Name.
racadm config -g cfgRemoteHosts -o cfgRhostsSmtpServerIpAddr 5 To configure a custom message, enter the following command: racadm config -g cfgEmailAlert -o cfgEmailAlertCustomMsg -i where is the e-mail destination index and is the custom message. 6 Test the configured e-mail alert, if desired, by entering the following command: racadm testemail -i where is the e-mail destination index to test.
Table 13-4. IP Address Filtering (IPRange) Properties Property Description cfgRacTuneIpRangeEnable Enables the IP range checking feature. cfgRacTuneIpRangeAddr Determines the acceptable IP address bit pattern, depending on the 1’s in the subnet mask. This property is bitwise anded with cfgRacTuneIpRangeMask to determine the upper portion of the allowed IP address. Any IP address that contains this bit pattern in its upper bits is allowed to log in.
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.212 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.252 The last byte of the range mask is set to 252, the decimal equivalent of 11111100b.
See the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals for a complete list of cfgRacTune properties. Table 13-5 lists the user-defined parameters. Table 13-5. Log In Retry Restriction (IP Blocking) Properties Property Definition cfgRacTuneIpBlkEnable Enables the IP blocking feature.
racadm config -g cfgRacTuning -o cfgRacTuneIpBlkPenaltyTime 300 The following example prevents more than three failed attempts within one minute, and prevents additional login attempts for an hour.
racadm config -g cfgRacTuning -o cfgRacTuneTelnetPort 8022 For a complete list of available RACADM CLI commands, see "Using the RACADM Command Line Interface" on page 263. Remote and SSH/Telnet RACADM Remote RACADM is a client side utility, which can be executed from a management station through the out of band network interface. A remote capability option (-r) is provided that allows you to connect to the managed system and execute RACADM subcommands from a remote console or management station.
ERROR: Unable to connect to iDRAC6 at specified IP address NOTE: When using the RACADM remote capability, you must have write permissions on the folders where you are using the RACADM subcommands involving file operations, for example: racadm getconfig -f or racadm sslcertdownload -t [-f ] Remote RACADM Usage racadm -r -u -p racadm -i -r For examp
Table 13-6. RACADM Command Options (continued) Option Description -i Instructs RACADM to interactively query the user for user name and password. -u Specifies the user name that is used to authenticate the command transaction. If the -u option is used, the -p option must be used, and the -i option (interactive) is not allowed. -p Specifies the password used to authenticate the command transaction. If the -p option is used, the -i option is not allowed.
To obtain a configuration file with the RACADM getconfig command, enter the following command: racadm -r -u -p getconfig -f myconfig.cfg This command creates the file myconfig.cfg in the current directory. Configuration File Syntax NOTE: Edit the configuration file with a plain text editor, such as Notepad on Windows or vi on Linux. The racadm utility parses ASCII text only. Any formatting confuses the parser and may corrupt iDRAC6 database.
• Parameters are specified as object=value pairs with no white space between the object, =, and value. White space that is included after the value is ignored. White space inside a value string remains unmodified. Any character to the right of the = is taken as is (for example, a second =, or a #, [, ], and so forth).
Modifying iDRAC6 IP Address in a Configuration File When you modify iDRAC6 IP address in the configuration file, remove all unnecessary = entries. Only the actual variable group’s label with "[" and "]" remains, including the two = entries pertaining to the IP address change. For example: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.
Errors in the configuration file are flagged with the line number and a message that explains the problem. You must correct all errors before the configuration file can update iDRAC6. NOTE: Use the racresetcfg subcommand to reset the database and iDRAC6 NIC settings to the original default settings and remove all users and user configurations. While the root user is available, other users’ settings are also reset to the default settings.
Configuring Multiple iDRAC6s Using a configuration file, you can configure other iDRAC6s with identical properties. Follow these steps to configure multiple iDRAC6s: 1 Create the configuration file from iDRAC6 settings you want to replicate to the others. Enter the following command: racadm -r -u -p getconfig -f where is the name of a file to save iDRAC6 properties, such a myconfig.cfg.
racadm racreset c Load the configuration file into iDRAC6 with the following command: racadm -r -u -p config -f where is the name of the configuration file you created. Include the full path if the file is not in the working directory.
Using the RACADM Command Line Interface
14 Power Monitoring and Power Management Dell PowerEdge systems incorporate many new and enhanced power management features. The entire platform, from hardware to firmware to systems management software, has been designed with a focus on power efficiency, power monitoring, and power management. NOTE: iDRAC6 power management logic utilizes a Complex Programmable Logic Device (CPLD) present in the blade server. A few platforms also support an extended CPLD.
Configuring and Managing Power You can use iDRAC6 Web interface and RACADM command line interface (CLI) to manage and configure power controls on the Dell PowerEdge system. Specifically, you can: • View the power status of the server. See "Viewing Power Monitoring" on page 295. • View power budget information for the server, including the minimum and maximum potential power consumption. See "Viewing Power Budget" on page 298. • View power budget threshold for the server.
Viewing Power Monitoring Using the Web Interface To view the power monitoring data: 1 Log in to iDRAC6 Web interface. 2 In the system tree, select Power Monitoring. The Power Monitoring screen appears, displaying the following information: Power Monitoring • Status: A green check indicates that the power status is normal, Warning indicates that a warning alert was issued, and Severe indicates a failure alert was issued. • Probe Name: Lists the name of the sensor.
– System Peak Amperage specifies the system peak amperage. The peak value is the highest value recorded between the Measurement Start Time and now. The peak time was the point in time when that peak value occurred. Click Reset at the end of the table row to set it back to the current instantaneous value (which, if the server is running, will not be 0). Clicking reset will also reset the measurement start time to the current time.
Show Graph Click Show Graph to display graphs illustrating iDRAC6 power consumption in Watts over the last hour, 24 hours, three days, and one week. Use the drop-down menu provided above the graph to select the time period. NOTE: Each data point plotted on the graphs represents the average of readings over a 5 minute period. As a result, the graphs may not reflect brief fluctuations in power or current consumption.
Hardware Owner’s Manual available on the Dell Support site at support.dell.com/manuals. For information about modifying the PCIe power allocation, see "Viewing and Modifying PCIe Power Allocation" on page 300. After the blade powers on, BIOS will boot and detect the actual power consumption of the installed PCIe expansion cards. This occurs during POST. iDRAC maintains the value used in the pre-init phase for the expansion-cards if both cards are present.
• Minimum Potential Power Consumption represents the lowest Power Budget Threshold value. • Maximum Potential Power Consumption represents the highest Power Budget Threshold value. This value is also the current system configuration's absolute maximum power consumption.
Using RACADM To view the Power Budget Threshold data from local RACADM, on the managed server, open a command line interface and enter: racadm getconfig -g cfgServerPower -o cfgServerPowerCapWatts returns racadm getconfig -g cfgServerPower -o cfgServerPowerCapBTUhr returns racadm getconfig -g cfgServerPower -o cfgServerPowerCapPercent returns NOTE: For more information about cfgServerPower, including output details, see cfgSer
Using the Web Interface 1 Log in to iDRAC6 Web interface. 2 In the system tree, select System. 3 Click the Power Management tab, and then click Power Budget. The PCIe Power Allocation table displays the current power allocation in the Power Threshold in Watts field. 4 Enter a required value or click Default Value to specify a default value. Valid values are 100W - 500W. Default value is 500W. 5 Click Apply to save the new value. The new value is used when the system boots.
Power Control iDRAC6 enables you to remotely perform a power-on, power off, reset, graceful shutdown, non-masking interruption (NMI), or power cycle. Use the Power Control screen to perform an orderly shutdown through the operating system when rebooting and powering on or off. Executing Power Control Operations on the Server NOTE: To perform power management actions, you must have Administrator privilege. iDRAC6 enables you to remotely perform a power-on, reset, graceful shutdown, NMI, or power cycle.
– Reset System (warm boot) reboots the system without powering off. This option is disabled if the system is already powered off. – Power Cycle System (cold boot) powers off and then reboots the system. This option is disabled if the system is already powered off. 5 Click Apply. A dialog box appears requesting confirmation. 6 Click OK to execute the power management action you selected.
Power Monitoring and Power Management
15 Using iDRAC6 Enterprise SM-CLP Command Line Interface This section provides information about the Server Management Workgroup (SMWG) Server Management-Command Line Protocol (SM-CLP) that is incorporated in iDRAC6. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SMWG SM-CLP specifications. For more information on these specifications, see the Distributed Management Task Force (DMTF) website at www.dmtf.org.
System Management With SM-CLP iDRAC6 SM-CLP enables you to manage the following system features from a command line: • Server Power Management — Turn on, shutdown, or reboot the system • System Event Log (SEL) Management — Display or clear the SEL records • iDRAC6 user account management • Active Directory configuration • iDRAC6 LAN configuration • SSL Certificate Signature Request (CSR) generation • Virtual media configuration iDRAC6 SM-CLP Support SM-CLP is hosted from iDRAC6 firmware, and s
Syntax: telnet $ (the CLI prompt is displayed) $smclp (at the CLI prompt, type smclp) SM-CLP Features The SM-CLP specification provides a common set of standard SM-CLP verbs that can be used for simple systems management through the CLI. SM-CLP promotes the concept of verbs and targets to provide system configuration capabilities through the CLI. The verb indicates the operation to perform and the target is the entity (or object) on which the operation is performed.
Table 15-1. Supported SM-CLP CLI Verbs (continued) Verb Description Options reset Resets the target. –examine, –help, –output, –version Syntax: reset [options] [target] set Sets the properties of a target Syntax: –examine, –help, –output, –version set [options] [target] = show Displays the target properties, verbs, and subtargets.
Table 15-2 describes the SM-CLP options. Some options have abbreviated forms, as shown in the table. Table 15-2. Supported SM-CLP Options SM-CLP Option Description -all, -a Instructs the verb to perform all possible functions. -destination Specifies the location to store an image in the dump command. Syntax: –destination -display, -d Filters the command output.
Navigating the MAP Address Space NOTE: The slash (/) and backslash (\) are interchangeable in SM-CLP address paths. However, a backslash at the end of a command line continues the command on the next line and is ignored when the command is parsed. Objects that can be managed with SM-CLP are represented by targets arranged in a hierarchical space called the Manageability Access Point (MAP) address space. An address path specifies the path from the root of the address space to an object in the address space.
To list only certain properties, qualify them, as in the following command: show –d properties=(userid,name) /admin1/system1/sp1/oemdcim_mfaaccount1 If you only want to show one property, you can omit the parentheses. Using the -level Option The show -level option executes show over additional levels beneath the specified target. To see all targets and properties in the address space, use the -l all option.
Server Power Management Table 15-3 provides examples of using SM-CLP to perform power management operations on a managed server. Enter "smclp" to start the SM-CLP console. Table 15-3. Server Power Management Operations Operation Syntax Logging in to iDRAC6 using the SSH interface >ssh 192.168.0.120 >login: root >password: Enter "smclp" to start the SM–CLP console.
Table 15-4. SEL Management Operations Operation Syntax Viewing the SEL ->show -d targets,properties,verbs /admin1/system1/logs1/log1 Might return: Targets: record1/ record2/...
Table 15-4. SEL Management Operations (continued) Operation Syntax Viewing the SEL record ->show /admin1/system1/logs1/log1/record4 Might return: ufip=/admin1/system1/logs1/log1/record4 Associations:LogManagesRecord= >/admin1/system1/logs1/log1 Properties: RecordData=*0.0.65*4 2*1245152621*65 65*4*31*0*true*111*1*255*255* RecordFormat= *IPMI_SensorNumber.IPMI_OwnerLUN.
Table 15-4. SEL Management Operations (continued) Operation Syntax Verbs: show exit version cd help delete Clearing the SEL ->delete /admin1/system1/logs1/log1/record* Returns: Records deleted successfully. Table 15-5. Map Target Navigation Operations Operation Syntax Navigate to the system target and reboot ->cd admin1/system1 ->reset NOTE: The current default target is /.
Using iDRAC6 Enterprise SM-CLP Command Line Interface
Using the WS-MAN Interface 16 Web Services for Management (WS–MAN) is a Simple Object Access Protocol (SOAP)–based protocol used for systems management. WS–MAN provides an interoperable protocol for devices to share and exchange data across networks. iDRAC6 uses WS–MAN to convey Distributed Management Task Force (DMTF) Common Information Model (CIM)–based management information; the CIM information defines the semantics and information types that can be manipulated in a managed system.
• ENUMERATE the contents of containers and collections, such as large tables and logs • EXECUTE specific management methods with strongly typed input and output parameters Supported CIM Profiles Table 16-1. Supported CIM Profiles Standard DMTF 1 Base Server Defines CIM classes for representing the host server. 2 Base Metrics Defines CIM classes for providing the ability to model and control metrics captured for managed elements.
Table 16-1. Supported CIM Profiles (continued) 10 DHCP Client Defines CIM classes for representing a DHCP client and its associated capabilities and configuration. 11 DNS Client Defines CIM classes for representing a DNS client in a managed system. 12 Record Log Defines CIM classes for representing different type of logs. iDRAC6 uses this profile to represent the System Event Log (SEL) and iDRAC6 RAC Log. 13 Role Based Authorization Defines CIM classes for representing roles.
Table 16-1. Supported CIM Profiles (continued) 3 OS Deployment Defines CIM and Dell extension classes for representing the configuration of OS Deployment features. It extends the management capability of referencing profiles by adding the capability to support OS deployment activities by manipulating OS Deployment features provided by the service processor.
Table 16-1. Supported CIM Profiles (continued) 12 iDRAC Card Defines CIM and Dell extension classes to represent the iDRAC6 inventory information. 13 Memory Defines CIM and Dell extension classes to represent the host's DIMM inventory information. 14 CPU Defines CIM and Dell extension classes to represent the host's CPU inventory information. 15 System Info Defines CIM and Dell extension classes to represent the host platform's inventory information.
Using the WS-MAN Interface
17 Deploying Your Operating System Using iVMCLI The Integrated Virtual Media Command Line Interface (iVMCLI) utility is a command-line interface that provides virtual media features from the management station to iDRAC6 in the remote system. Using iVMCLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the iVMCLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using iDRAC6 Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Windows systems. Creating an Image File for Linux Systems Use the Data Duplicator (dd) utility to create a bootable image file for your Linux system.
When you create the image file, do the following: • Follow standard network-based installation procedures. • Mark the deployment image as "read only" to ensure that each target system boots and executes the same deployment procedure. 4 Perform one of the following procedures: • Integrate IPMItool and the Virtual Media command line interface (iVMCLI) into your existing operating system deployment application. Use the sample ivmdeploy script as a guide to using the utility.
• is the password for iDRAC6 user—for example, calvin • is the path to an ISO9660 image of the operating system installation CD or DVD • is the path to the device containing the operating system installation CD or DVD The ivmdeploy script passes its command line options to the iVMCLI utility. See "Command Line Options" on page 328 for details about these options. The script processes the -r option slightly differently than the iVMCLI -r option.
CAUTION: It is recommended to use the interactive flag '-i' option, when starting up the iVMCLI command line utility. This ensures tighter security by keeping the username and password private because on many Windows and Linux operating systems, the username and password are visible in clear text when processes are examined by other users.
Command Line Options The iVMCLI interface is identical on both Windows and Linux systems. The utility uses options that are consistent with the RACADM utility options. For example, an option to specify iDRAC6 IP address requires the same syntax for both RACADM and iVMCLI utilities. The iVMCLI command format is as follows: iVMCLI [parameter] [operating_system_shell_options] Command-line syntax is case-sensitive. See "iVMCLI Parameters" on page 328 for more information.
This parameter provides iDRAC6 IP address and SSL port, which the utility needs to establish a Virtual Media connection with the target iDRAC6. If you enter an invalid IP address or DDNS name, an error message displays and the command terminates. is a valid, unique IP address or iDRAC6 Dynamic Domain Naming System (DDNS) name (if supported). If is omitted, port 443 (the default port) is used. The optional SSL port is not required unless you change iDRAC6 default SSL port.
-f /tmp/myfloppy.img (Linux system) If the file is not write-protected, Virtual Media may write to the image file. Configure the operating system to write-protect a floppy image file that should not be overwritten. For example, a device is specified as: -f a:\ (Windows system) -f /dev/sdb4 # 4th partition on device /dev/sdb (Linux system) If the device provides a write-protection capability, use this capability to ensure that Virtual Media will not write to the media.
Root CA Certificate Validation -S This parameter is used to indicate if the iDRAC CA certificate is valid or not. If the certificate is not valid, the iVMCLI session is terminated and an error message is displayed indicating the certificate is not valid. If the certificate is valid, the iVMCLI session is established. Version Display -v This parameter is used to display the iVMCLI utility version. If no other non-switch options are provided, the command terminates without an error message.
For example, using the greater-than character (>) followed by a filename overwrites the specified file with the printed output of the iVMCLI utility. NOTE: The iVMCLI utility does not read from standard input (stdin). As a result, stdin redirection is not required. • Background execution — By default, the iVMCLI utility runs in the foreground. Use the operating system's command shell features to cause the utility to run in the background.
18 Using iDRAC6 Configuration Utility Overview iDRAC6 Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for iDRAC6 and for the managed system.
Starting iDRAC6 Configuration Utility You must use an iDRAC6 Virtual Console-connected console to access iDRAC6 Configuration Utility initially or after resetting iDRAC6 to the default settings. 1 At the keyboard connected to iDRAC6 Virtual Console, press to display iDRAC6 Virtual Console On Screen Configuration and Reporting (OSCAR) menu. Use and to highlight the slot containing your server, then press .
• The bottom line of the screen displays instructions for the current item. You can press to display help for the current item. • When you have finished using iDRAC6 Configuration Utility, press to view the exit menu, where you can choose to save or discard your changes or return to the utility. The following sections describe iDRAC6 Configuration Utility menu items. iDRAC6 LAN Use the left-arrow and right-arrow keys and the spacebar to select between On and Off.
LAN Parameters Press to display the LAN Parameters submenu. When you have finished configuring the LAN parameters, press to return to the previous menu. Table 18-1. LAN Parameters Item Description Common Settings MAC Address This is the non-editable MAC address of iDRAC6 network interface. VLAN Enable Displays On/Off. On will enable the Virtual LAN filtering for iDRAC6. VLAN ID Displays any any VLAN ID value between 1-4094.
Table 18-1. LAN Parameters (continued) Item Description Alert Destination 1 if LAN Alert Enabled is set to On, enter the IP address where PET LAN alerts will be forwarded. IPv4 Settings Enable or disable support for the IPv4 connection. IPv4 Select Enabled or Disabled IPv4 protocol support. The default is enabled. RMCP+ Encryption Press to edit the value and when finished. Key The RMCP+ Encryption key is a 40-character hexadecimal string (characters 0-9, a-f, and A-F).
Table 18-1. LAN Parameters (continued) Item Description DNS Server 1 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the second DNS server. IPv6 Settings IPv6 Enable or disable support for the IPv6 connection. IPv6 Address Source Select between AutoConfig and Static. When AutoConfig is selected, the IPv6 Address 1, Prefix Length, and Default Gateway fields are obtained from DHCP.
Table 18-1. LAN Parameters (continued) Item Description DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. Virtual Media Configuration Virtual Media Use the left-arrow and right-arrow keys to select Auto-Attached, Attached or Detached. • If you select Attached, the virtual media devices are attached to the USB bus, making them available for use during Virtual Console sessions.
Press to initialize the vFlash SD card. The initialize operation mail fail due to the following reasons: • SD card is currently not present. • vFlash is currently in use by another process. • vFlash is not enabled. • SD card is write-protected. • One or more partitions are currently in-use. • One or more partitions are currently attached.
System Services System Services Use the left-arrow and right-arrow keys to select Enabled or Disabled. If enabled, certain iDRAC6 features can be configured through the Lifecycle Controller. For more information, see the Lifecycle Controller User Guide, available on the Dell Support Website at support.dell.com/manuals. NOTE: Modifying this option restarts the server when you Save and Exit to apply the new settings. Cancel System Services Use the up-arrow and down-arrow keys to select Yes or No.
Table 18-2. Lan User Configuration Screen Item Description Auto-Discovery The auto-discovery feature enables automated discovery of unprovisioned systems on the network; further, it securely establishes initial credentials so that these discovered systems can be managed. This feature enables iDRAC6 to locate the provisioning server. iDRAC6 and provisioning service server mutually authenticate each other.
Table 18-2. Lan User Configuration Screen (continued) Item Description Auto–Discovery (continued...) Before adding your Dell system to the network and using the auto–discovery feature, ensure that: • Dynamic Host Configuration Protocol (DHCP) server/Domain Name System (DNS) are configured. • Provisioning Web services is installed, configured, and registered. Provisioning Server This field is used to configure the provisioning server.
Reset to Default Use the Reset to Default menu item to reset all of iDRAC6 configuration items to the factory defaults. This may be required, for example, if you have forgotten the administrative user password or if you want to reconfigure iDRAC6 from the default settings. NOTE: In the default configuration, iDRAC6 networking is disabled. You cannot reconfigure iDRAC6 over the network until you have enabled iDRAC6 network in iDRAC6 Configuration Utility. Press to select the item.
NOTE: You can only clear the SEL in iDRAC6 Configuration Utility or in iDRAC6 Web interface. To clear the SEL, select Clear System Event Log and press . When you have finished with the SEL menu, press to return to the previous menu. Exiting iDRAC6 Configuration Utility When you have finished making changes to iDRAC6 configuration, press the key to display the Exit menu. • Select Save Changes and Exit and press to retain your changes.
Using iDRAC6 Configuration Utility
19 Recovering and Troubleshooting the Managed System This section explains how to perform tasks related to diagnosing and troubleshooting a remote managed system using iDRAC6 utilities.
Trouble Indicators This section describes indications that there may be a problem with your system. LED Indicators LEDs on the chassis or on components installed in the chassis are generally the first indicators of system trouble. The following components and modules have status LEDs: • Chassis LCD display • Servers • Fans • CMCs • I/O modules • Power supplies The single LED on the chassis LCD summarizes the status of all of the components in the system.
Hardware Trouble Indicators Indications that a module has a hardware problem include the following: • Failure to power up • Noisy fans • Loss of network connectivity • Battery, temperature, voltage, or power monitoring sensor alerts • Hard drive failures • USB media failure • Physical damage caused by dropping, water, or other external stress When these kinds of problems occur, inspect the damage caused, and then try to correct the problem using these strategies: • Reseat the module and resta
Table 19-2. Trouble Indicators (continued) Look for: Action: Messages in iDRAC6 Log See "Viewing iDRAC6 Log" on page 363. Problem Solving Tools This section describes iDRAC6 utilities you can use to diagnose problems with your system, especially when you are trying to solve problems remotely.
Click any component on the Server Health section to see information about the component. Sensor readings are displayed for batteries, temperatures, voltages, and power monitoring, helping to diagnose some types of problems. iDRAC6 and CMC information screens provide useful current status and configuration information. Checking the System Event Log (SEL) The SEL Log screen displays messages for events that occur on the managed server.
Table 19-4. SEL Buttons (continued) Button Action Save As Opens a pop-up window that enables you to save the SEL to a directory of your choice. NOTE: If you are using Internet Explorer and encounter a problem when saving, be sure to download the Cumulative Security Update for Internet Explorer, located on the Microsoft Support website at support.microsoft.com. NOTE: When using Internet Explorer, if you are not able to save the SEL Log using Save As, it may be due to a browser setting.
Table 19-5. Post Code Buttons Button Action Print Prints the Post Code screen. Refresh Reloads the Post Code screen. Viewing the Last System Crash Screen NOTE: The last crash screen feature must be configured in the Server Administrator and in iDRAC6 Web interface. See "Configuring the Managed Server to Capture the Last Crash Screen" on page 76 for instructions on configuring this feature.
Viewing the Most Recent Boot Sequences If you experience boot problems, you can view the screen activity of what happened during the last three boot sequences from the Boot Capture screen. Playback of the boot screens occurs at a rate of 1 frame per second. iDRAC6 records fifty frames during boot time. Table 19-7 lists the available control actions. NOTE: You must have administrator privileges to view playback of the Boot Capture sequences. Table 19-7.
Checking the Server Status Screen for Error Messages When a flashing amber LED is lit, and a particular server has an error, the main Server Status Screen on the LCD will highlight the affected server in orange. Use the LCD navigation buttons to highlight the affected server, then click the center button. Error and warning messages will be displayed on the second line. The following table lists all of the error messages and their severity. Table 19-8.
Table 19-8.
Table 19-8.
Table 19-8.
Table 19-8.
Table 19-8.
Table 19-8.
Table 19-8.
Table 19-8. Server Status Screen (continued) Severity Message Cause Warning PCIE NonFatal Er: Non Fatal I/O This event is generated in Group sensor, PCIe error association with a CPU IERR () Viewing iDRAC6 Log iDRAC6 Log is a persistent log maintained in iDRAC6 firmware. The log contains a list of user actions (such as log in, log out, and security policy changes) and alerts issued by iDRAC6. The log gets erased after iDRAC6 firmware update.
Using iDRAC6 Log Buttons iDRAC6 Log screen provides the following buttons (see Table 19-10). Table 19-10. iDRAC6 Log Buttons Button Action Print Prints iDRAC6 Log screen. Clear Log Clears iDRAC6 Log entries. NOTE: The Clear Log button only appears if you have Clear Logs permission. Save As Opens a pop-up window that enables you to save iDRAC6 Log to a directory of your choice.
To identify the server: 1 Click System Remote AccessiDRAC6 Troubleshooting. 2 On the Identify screen, select Identify Server. 3 In the Identify Server Timeout field, enter the number of seconds that you want the LED to blink. Enter 0 if you want the LED to remain flashing until you disable it. 4 Click Apply. A blue LED on the server will flash for the number of seconds you specified.
Table 19-11. Diagnostic Commands Command Description arp Displays the contents of the Address Resolution Protocol (ARP) table. ARP entries may not be added or deleted. ifconfig Displays the contents of the network interface table. netstat Prints the content of the routing table. ping Verifies that the destination IP address is reachable from iDRAC6 with the current routing-table contents. A destination IP address must be entered in the field to the right of this option.
Managing Power on a Remote System iDRAC6 enables you to remotely perform several power management actions on the managed server. Use the Power Management screen to perform an orderly shutdown through the operating system when rebooting and powering on and off. NOTE: You must have Execute Server Action Commands permission to perform power management actions. See "Adding and Configuring iDRAC6 Users" on page 93 for help configuring user permissions.
Table 19-12. Power Control Actions (continued) Reset System (warm boot) Reboots the system without powering off (warm boot). Power Cycle System (cold boot) Powers off, then reboots the system (cold boot). See "Power Monitoring and Power Management" on page 293 for more information. Troubleshooting and Frequently Asked Questions Table 19-13 contains frequently asked questions about troubleshooting issues. Table 19-13.
Table 19-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of iDRAC6? From CMC Web interface: 1 Click Chassis Servers, then click the Setup tab. 2 Click Deploy. 3 Read the IP address for your server from the table that is displayed. From the Virtual Console: • Reboot the server and enter iDRAC6 Configuration Utility by pressing . • Watch for the IP address which displays during BIOS POST.
Table 19-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer How can I find the IP address of CMC? From iDRAC6 Web interface: • Click System Remote Access CMC. CMC IP address is displayed on the CMC Summary screen. From the Virtual Console: • Select the "Dell CMC" console in the OSCAR to log in to CMC through a local serial connection. CMC RACADM commands can be issued from this connection.
Table 19-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer I have forgotten iDRAC6 administrative user name and password. You must restore iDRAC6 to its default settings. 1 Reboot the server and press when prompted to enter iDRAC6 Configuration Utility. 2 On iDRAC6 Configuration Utility menu, highlight Reset to Default and press . NOTE: You can also reset iDRAC6 from local RACADM by issuing racadm racresetcfg.
Table 19-13. Frequently Asked Questions/Troubleshooting (continued) Question Answer When attempting to boot the managed server, the power indicator is green, but there is no POST or no video at all. This can happen if any of the following conditions is true: 372 • Memory is not installed or is inaccessible. • The CPU is not installed or is inaccessible. • The video riser card is missing or improperly connected. Also, look for error messages in iDRAC6 log from iDRAC6 Web interface or from the LCD.
Index A Active Directory adding DRAC 5 users, 138 configuring access to the DRAC 5, 130 managing certificates, 107 objects, 127 schema extensions, 126 using with extended schema, 126 using with standard schema, 145 using with the DRAC 5, 121 ActiveX console redirection plug-in, 216 alert management.
task overview, 33-37 configuring with the web interface, 90 configuring Local iDRAC6 users for Smart Card logon, 173 Empty Partition, 237 configuring multiple iDRACs with RACADM, 290 Enabling or Disabling SD card, 235 configuring Smart Card Login, 172 extended schema using with Active Directory, 126 console redirection configuring, 212 opening a session, 214 using, 209 F CSR about, 102 generating, 103 Firefox tab behavior, 81 file system types, 240 firewall, opening ports, 24 diagnostics conso
I Image File, 239 iDRAC creating a configuration file, 285 log, viewing, 363 recovering firmware, 119 securing communications, 101 updating the firmware, 49 instrumentation server, 75 iDRAC configuration utility configuring LAN user, 341 iDRAC KVM displaying OSCAR, 334 iDRAC service ports, 24 iDRAC6 configuring standard schema Active Directory, 155 resetting to factory defaults, 344 SSH, 72 iDRAC6 configuration utility, 30 configuring IPMI, 335 configuring network properties, 335 configuring virtual med
ivmdeploy script, 325 M Manageability Access Point.
configuring with iDRAC6 configuration utility, 335 configuring with RACADM, 272 configuring with the Web interface, 82 ping command, diagnostics console, 366 ping6, 366 Platform Event Filter. See PEF Platform Event Trap. See PET O platforms supported, 23 On Screen Configuration and Reporting.
configuring SSH service, 282 configuring telnet service, 282 installing and removing, 69 using, 263 RACADM subcommands clrraclog, 264 clrsel, 264 config, 76, 264 getconfig, 226, 264, 285 getniccfg, 264 getraclog, 264 getractime, 264 getssninfo, 264 getsvctag, 264 getsysinfo, 265 gettracelog, 265 racreset, 265 racresetcfg, 265 serveraction, 265 setniccfg, 265 sslcertdownload, 266 sslcertupload, 266 sslcertview, 266 sslcsrgen, 266 testemail, 266 testtrap, 266 reboot option disabling, 77 remote access connecti
configuring iDRAC service with RACADM, 282 configuring service with the web interface, 115 OpenSSH software for Linux, 72 PuTTY client for Windows, 72 Server Management Command Line Protocol. See SM-CLP server storage management, 75 services configuring with the web interface, 115 signature, verify, 50-53 Simple Network Management Protocol.
trusted domains list, adding iDRAC, 65 Two-factor-authentication TFA, 172 digital signature, 50-53 public key, 52-53 vFlash Partitions, 231 vFlash SD Card, 231 vFlash SD Card Properties, 235 U Unified Server Configurator, 341 System Services, 341 Update Packages verifying the digital signature, 50-53 USB flash drive emulation type, 339 user configuration, 97 users adding and configuring with the web interface, 93 configuring LAN user with iDRAC6 configuration utility, 341 Using iDRAC6 with LDAP Directory
configuring IP filtering, 85 configuring IPMI LAN properties, 82, 92 configuring network properties, 82 configuring PEF, 89 configuring PET, 88, 90, 276 configuring SOL, 92 configuring telnet service, 115 configuring the SSH service, 115 configuring the web server service, 115 logging in, 80 logging out, 81 updating firmware, 118 web server, iDRAC configuring with the web interface, 115 Index 381
Index
