Integrated Dell™ Remote Access Controller 6 (iDRAC6) Version 1.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ___________________ Information in this document is subject to change without notice. © 2009 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 iDRAC6 Overview . . . . . . . . . . . . . . . . . . . iDRAC6 Express Management Features. . . . . . . . . 27 . . . . . . . . . 29 . . . . . . . . . . . . . . . . . . 32 iDRAC6 Enterprise and vFlash Media . Supported Platforms . Supported Operating Systems . Supported Web Browsers . . . . . . . . . . . . . . 32 . . . . . . . . . . . . . . . 33 Supported Remote Access Connections iDRAC6 Ports . 27 . . . . . . . . 33 . . . . . . . . . . . . . . . . . . . . . .
Configuring Your iDRAC6 . . . . . . . . . . . . . . . . . . 43 . . . . . . 43 . . . . . . . . . 44 . . . . . . . . . . . . . . . . . 44 Installing the Software on the Managed System Installing the Software on the Management Station . . . . . . . . . . . . . . . . . . . . Installing and Removing RACADM on a Linux Management Station . Installing RACADM Uninstalling RACADM . . . . . . . . . . . . . . . . Updating the iDRAC6 Firmware Before You Begin 45 . . . . . . . . . . . . . . . . . . 45 . .
Logging Out . . . . . . . . . . . . . . . . . . . . . Configuring the iDRAC6 NIC . . . . . . . . . . . . . . . Configuring the Network and IPMI LAN Settings . . . . . . . . . . . . . . . . . . . . 54 60 . . . . . . . . . . . . . . 62 Configuring Platform Event Filters (PEF) . . . . . . 63 Configuring Platform Event Traps (PET) . . . . . . 64 . . . . . . . . . . . . . 65 . . . . . . . . . . . . . . . . . . 66 Configuring E-Mail Alerts . Configuring IPMI Configuring iDRAC6 Users . . . . .
Configuring iDRAC6 for Viewing Serial Output Remotely Over SSH/Telnet . . . Configuring the iDRAC6 Settings to Enable SSH/Telnet . . . . . . . . . . . . . . . 85 . . . . . . . . . . 86 Starting a Text Console Through Telnet or SSH . . . . . . . . . . . . . . . . . . Using a Telnet Console . . . . . . 87 . . . . . . . . . . . . . . . 87 Using the Secure Shell (SSH) . . . . . . . . . . . . Configuring Linux for Serial Console Redirection During Boot . . . . . . . . . . . . . . . . . . . . .
RACADM Synopsis . RACADM Options . RACADM Subcommands . . . . . . . . . . 112 . . . . . . . . . . . . . 112 Frequently Asked Questions About RACADM Error Messages . . . . . 114 . . . . . . . . Configuring Multiple iDRAC6 Controllers . 114 . . . . . . . . . . . . . 116 . . . . . . . . . . . . . . . . . . . 118 Creating an iDRAC6 Configuration File . Modifying the iDRAC6 IP Address Frequently Asked Questions about Network Security . . . . . . . . . Adding and Configuring iDRAC6 Users . . . .
7 Using the iDRAC6 With Microsoft Active Directory . . . . . . . . . . . . . . . . . . 133 Prerequisites for Enabling Active Directory Authentication for the iDRAC6 . . . . . . . . . . . . . 134 Supported Active Directory Authentication Mechanisms . . . . . . . . . . . . . . . . . . . . . . 134 Extended Schema Active Directory Overview . . . . 135 . . . . . 135 . . . . . . 135 Extending the Active Directory Schema Active Directory Schema Extensions . . . . 136 . . . . . . . . 136 . . .
Testing Your Configurations . Enabling SSL on a Domain Controller . 161 . . . . . . . . . Exporting the Domain Controller Root CA Certificate to the iDRAC . . . . . . . . . Importing the iDRAC6 Firmware SSL Certificate . . . . . . . . . . . . . . . . . . . . 162 . . . . . . . 163 Using Active Directory to Log In to the iDRAC6 . Using Active Directory Single Sign-On . . . . . 164 . . . . . . . . 165 Configuring the iDRAC6 to Use Single Sign-On . . . . . . . . . . . . . . . . . . . . . . .
9 Enabling Kerberos Authentication Prerequisites for single sign-on and Active Directory Authentication Using Smart Card . . . . . 179 . . . . . 180 Configuring the iDRAC6 for single sign-on and Active Directory Authentication Using Smart Card . . . . . . . . . . . . . . . . . . . . . . . 182 Configuring Active Directory Users for single sign-on Logon . . . . . . . . . . . . . . . . . . . . . 182 Logging Into the iDRAC6 Using single sign-on for Active Directory Users . . . . . . . . . . . . . .
Using the WS-MAN Interface Supported CIM Profiles iDRAC6 SM-CLP Support 195 . . . . . . . . . . 199 . . . . . . . . . . . . . . . . 199 . . . . . . . . . . . . . . . . . . . . 200 Using SM-CLP 200 . . . . . . . . . . . . . . . . . . . SM-CLP Targets 200 . . . . . . . . . . . . . . . . . . 13 Deploying Your Operating System Using VMCLI . . . . Before You Begin 195 . . . . . . . . . . . . . . . . . 12 Using the iDRAC6 SM-CLP Command Line Interface . . SM-CLP Features . . . . . . . . .
14 Configuring Intelligent Platform Management Interface (IPMI) . Configuring IPMI . . . . . . . 217 . . . . . . . . . . . . . . . . . . . 217 Configuring IPMI Using the Web-Based Interface . . . . . . . . . . . . . . . . . . . . . 218 Using the IPMI Remote Access Serial Interface . 222 Configuring Serial Over LAN Using the Web-Based Interface . . . . . . . . . . . . . . . . . 222 . . . . . . . . . . . . . 223 . . . . . . . . . . . . . . . . . . . . . . .
16 Configuring the vFlash Media Card for Use With iDRAC6 . . . . . . . . . . . . Configuring the vFlash Media Card Using the iDRAC6 Web Interface . . . . . . . . . . . . . . . 237 . . . . . . . . . 238 . . . . . . . . . . . . . . . 239 Formatting the vFlash Media Card . . . . . . . . . 239 . . . . . . . . . . . 240 Viewing the Virtual Flash Key Size Configuring the vFlash Media Card Using RACADM . . . . . . . . . . Enabling or Disabling the vFlash Media Card Resetting the vFlash Media Card .
Viewing Power Monitoring . . . . . . . . . . . . . . Using the Web Interface . . . . . . . . . . . . . Executing Power Control Operations on the Server . . . . . . . . . . . . . 249 . . . . . . . . . . . . . 249 . . . . . . . . . . . . . . . . . 250 18 Using the iDRAC6 Configuration Utility Overview . . . . . . . . . . . . . . . . 251 . . . . . . . . . . . . . . . . . . . . . . . 251 Starting the iDRAC6 Configuration Utility . . . . . . . 252 . . . . . . . . 252 . . . . . . . . . . . . .
Disabling the Automatic Reboot Option in Windows Server 2003 . . . . . . . . Configuring Platform Events . . . . . . . 264 . . . . . . . . . . . . . . 264 Configuring Platform Event Filters (PEF) Configuring PET . . . . . . . 265 . . . . . . . . . . . . . . . . . . 266 . . . . . . . . . . . . . 268 . . . . . . . . . . . . . . . 269 Configuring E-Mail Alerts . Testing E-mail Alerting . . . . 270 . . . . . . . . 270 Testing the RAC SNMP Trap Alert Feature .
21 Recovering and Troubleshooting the iDRAC6 . . . . . . . . . . . . . . . . . Using the RAC Log . . . . . 281 . . . . . . . . . . . . . . . . . . . 281 Using the Command Line. . . . . . . . . . . . . . . . Using the Diagnostic Console . . . . . . . . . . . . . 283 Using the Trace Log . . . . . . . . . . . . . . . . . . 284 Using the racdump . . . . . . . . . . . . . . . . . . . 285 Using the coredump . . . . . . . . . . . . . . . . . . 285 . . . . . . . . . . . . . . . . . . . . . . . .
Securing iDRAC6 Communications Using SSL and Digital Certificates . . . . . . . . Secure Sockets Layer (SSL) . . . . . . . 295 . . . . . . . . . . . . 295 . . . . . . . . . 295 . . . . . . . . . . 296 Certificate Signing Request (CSR) Accessing the SSL Main Menu . . . . . 297 . . . . . . . . . . . . 298 . . . . . . . . . . . . . . 299 . . . . . . . . . . . . . . . . . .
ifconfig . . . . . . . . . . . . . . . . . . . . . . . . . 327 netstat . . . . . . . . . . . . . . . . . . . . . . . . . 327 . . . . . . . . . . . . . . . . . . . . . . . . . . 328 ping . setniccfg . . . . . . . . . . . . . . . . . . . . . . . . 328 getniccfg . . . . . . . . . . . . . . . . . . . . . . . . 330 getsvctag . . . . . . . . . . . . . . . . . . . . . . . . 331 racdump . . . . . . . . . . . . . . . . . . . . . . . . 332 racreset . . . . . . . . . . . . . . . . . . . . . . . .
testtrap . . . . . . . . . . . . . . . . . . . . . . . 352 . . . . . . . . . . . . . . . . . . . . . . . . . . 353 vmdisconnect vmkey 350 . . . . . . . . . . . . . . . . . . . . . . . . . usercertupload . usercertview . . . . . . . . . . . . . . . . . . . . . . 353 . . . . . . . . . . . . . . . . . . . . . . 355 localConRedirDisable . krbkeytabupload . . . . . . . . . . . . . . . . . . 356 . . . . . . . . . . . . . . . . . . . . 356 B iDRAC6 Property Database Group and Object Definitions .
cfgDNSRacName (Read/Write) . . . . . . . . . . cfgDNSRegisterRac (Read/Write) . . . . . . . . 366 cfgDNSServer1 (Read/Write) . . . . . . . . . . . 366 cfgDNSServer2 (Read/Write) . . . . . . . . . . . 367 . . . . . . . . . . . 367 cfgNicEnable (Read/Write) . cfgNicIpAddress (Read/Write) . . . . . . . . . . 367 cfgNicNetmask (Read/Write) . . . . . . . . . . . 368 cfgNicGateway (Read/Write) . . . . . . . . . . . 368 cfgNicUseDhcp (Read/Write) . . . . . . . . . . . 368 . . . . . . . .
cfgEmailAlertCustomMsg (Read/Write) cfgSessionManagement . . . . . . . 376 . . . . . . . . . . . . . . . . 377 . . . . . 377 . . . . . . . . 377 cfgSsnMgtRacadmTimeout (Read/Write) cfgSsnMgtConsRedirMaxSessions (Read/Write) . . . . . . . . . . . . cfgSsnMgtWebserverTimeout (Read/Write) . 378 . . . . . 378 . . . . . . 379 . . . . . . . . . . . . . . . . . . . . . . . . . 379 cfgSsnMgtSshIdleTimeout (Read/Write) . cfgSsnMgtTelnetTimeout (Read/Write) cfgSerial . . .
cfgRacTuneIpRangeMask (Read/Write) cfgRacTuneIpBlkEnable (Read/Write) . . . . . 387 . . . . . . 387 cfgRacTuneIpBlkFailCount (Read/Write) . . . . . cfgRacTuneIpBlkFailWindow (Read/Write) . . . 388 cfgRacTuneIpBlkPenaltyTime (Read/Write) . . . 388 . . . . . . . . 389 cfgRacTuneSshPort (Read/Write) cfgRacTuneTelnetPort (Read/Write) . . . . . . . . . . . 389 . . . . . . . 390 cfgRacTuneAsrEnable (Read/Write) . . . . . . . 390 cfgRacTuneDaylightOffset (Read/Write) . . . . .
cfgVirtualBootOnce (Read/Write) . . . . . . . . . . . . . 397 . . . . . . . 398 . . . . . . . . . . . . . . . . . . . 398 cfgVirMediaFloppyEmulation (Read/Write) cfgVirMediaKeyEnable (Read/Write) . cfgActiveDirectory . 397 cfgADRacDomain (Read/Write) . . . . . . . . . . 398 . . . . . . . . . . . 399 . . . . . . . . . . . . . 399 cfgADRacName (Read/Write) cfgADEnable (Read/Write) cfgADSSOEnable (Read/Write) . . . . . . . . . . . . . . 400 . . . . . . . . . .
cfgIpmiLanEnable (Read/Write) . . . . . . . . . . . . . . 408 . . . . . . 409 . . . . . . . 409 cfgIpmiLanPrivilegeLimit (Read/Write) . cfgIpmiLanAlertEnable (Read/Write) . cfgIpmiEncryptionKey (Read/Write) . . . . 409 . . . . . . . . . . . . . . . . . . . . . 410 cfgIpmiPetCommunityName (Read/Write) cfgIpmiPetIpv6 cfgIpmiPetIPv6Index (Read Only) . cfgIpmiPetIPv6AlertDestIpAddr . . . . . . . . 410 . . . . . . . . . 410 . . . . 410 . . . . . . . . . . . . . . . . . . . . . . .
cfgServerPeakPowerConsumptionTimestamp (Read Only) . . . . . . . . . . . . . . . . . . . cfgServerPowerConsumptionClear (Write Only) . . . . . . . . . . . . . . . 417 . . . . . . . . 417 . . . . . 417 . . . . . . 418 cfgServerPowerCapWatts (Read/Write) . cfgServerPowerCapBtuhr (Read/Write) . . . . 418 . . . . . . . . . . . . . . . . . 419 . . . . . . . . . . . . . . . . . . . 419 cfgServerPowerCapPercent (Read/Write) . cfgIPv6LanNetworking cfgIPv6Enable . . . . . . . . . . 419 . . . . . .
cfgIpmiSerialChanPrivLimit (Read/Write) . . . . 423 . . . . . 424 . . . . . . . . . 424 cfgIpmiSerialFlowControl (Read/Write) cfgIpmiSerialHandshakeControl (Read/Write) . . . . . . . . . . cfgIpmiSerialLineEdit (Read/Write) . . . . . . . . cfgIpmiSerialEchoControl (Read/Write) . . . . . 425 . . . . . . . . 426 cfgIpmiSerialInputNewLineSequence (Read/Write) . . . . . . . . . . . . . cfgSmartCard . . . . . . . 426 . . . . . . . . . . . . . . . . . . . . .
iDRAC6 Overview The Integrated Dell™ Remote Access Controller6 (iDRAC6) is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for Dell PowerEdge™ systems. The iDRAC6 uses an integrated System-on-Chip microprocessor for the remote monitor/control system. The iDRAC6 co-exists on the system board with the managed PowerEdge server.
• Monitoring — Provides access to system information and status of components • Access to system logs — Provides access to the system event log, the iDRAC6 log, and the last crash screen of the crashed or unresponsive system, that is independent of the operating system state • Dell OpenManage™ software integration — Enables you to launch the iDRAC6 Web interface from Dell OpenManage Server Administrator or Dell OpenManage IT Assistant • iDRAC6 alert — Alerts you to potential managed node issues throu
iDRAC6 Enterprise and vFlash Media Adds support for RACADM, virtual KVM, Virtual Media features, a dedicated NIC, and Virtual Flash (with an optional Dell vFlash Media card). Virtual Flash allows you to store emergency boot images and diagnostic tools on the vFlash Media. For more information about iDRAC6 Enterprise and vFlash Media, see your Hardware Owner’s Manual at support.dell.com\manuals. Table 1-1 lists the features available for BMC, iDRAC6 Express, iDRAC6 Enterprise, and vFlash Media. Table 1-1.
Table 1-1.
Table 1-1.
The iDRAC6 provides the following security features: • User authentication through Active Directory (optional) or hardware-stored user IDs and passwords • Role-based authority, which enables an administrator to configure specific privileges for each user • User ID and password configuration through the Web-based interface or SM-CLP • SM-CLP and Web interfaces, which support 128-bit and 40-bit encryption (for countries where 128 bit is not acceptable), using the SSL 3.
Supported Web Browsers For the latest information, see the iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.dell.com/manuals and on the Dell Systems Management Tools and Documentation DVD that was shipped with your system. NOTE: Due to serious security flaws, support for SSL 2.0 has been discontinued. Your browser must be configured to enable SSL 3.0 in order to work properly. Supported Remote Access Connections Table 1-2 lists the connection features. Table 1-2.
Table 1-3. iDRAC6 Server Listening Ports (continued) Port Number Function 623 RMCP/RMCP+ 5900* Console Redirection keyboard/mouse, Virtual Media Service, Virtual Media Secure Service, Console Redirection video * Configurable port Table 1-4.
• The Dell OpenManage Installation and Security User's Guide provides complete information on installation procedures and step–by–step instructions for installing, upgrading, and uninstalling Server Administrator for each supported operating system.
• Operating system documentation describes how to install (if necessary), configure, and use the operating system software. • Documentation for any components you purchased separately provides information to configure and install these options. • Updates are sometimes included with the system to describe changes to the system, software, and/or documentation. NOTE: Always read the updates first because they often supersede information in other documents.
Getting Started With the iDRAC6 The iDRAC6 enables you to remotely monitor, troubleshoot, and repair a Dell system even when the system is down. The iDRAC6 offers a rich set of features like console redirection, virtual media, virtual KVM, Smart Card authentication, and single sign-on. The management station is the system from which an administrator remotely manages a Dell system that has an iDRAC6. The systems that are monitored in this way are called managed systems.
Getting Started With the iDRAC6
Basic Installation of the iDRAC6 This section provides information about how to install and set up your iDRAC6 hardware and software.
Configuring Your System to Use an iDRAC6 To configure your system to use an iDRAC6, use the iDRAC6 Configuration Utility. To run the iDRAC6 Configuration Utility: 1 Turn on or restart your system. 2 Press when prompted during POST. If your operating system begins to load before you press , allow the system to finish booting, and then restart your system and try again. 3 Configure the LOM. 40 a Use the arrow keys to select LAN Parameters and press . NIC Selection is displayed.
• Shared with Failover LOM2 — Select this option to share the network interface with the host operating system. The remote access device network interface is fully functional when the host operating system is configured for NIC teaming. The remote access device receives data through NIC 1 and NIC 2, but transmits data only through NIC 1. If NIC 1 fails, the remote access device fails over to NIC 2 for all data transmission. The remote access device continues to use NIC 2 for data transmission.
Software Installation and Configuration Overview This section provides a high-level overview of the iDRAC6 software installation and configuration process. For more information about the iDRAC6 software components, see "Installing the Software on the Managed System." Installing Your iDRAC6 Software To install your iDRAC6 software: 1 Install the software on the managed system. See "Installing the Software on the Managed System." 2 Install the software on the management station.
Installing the Software on the Managed System Installing software on the managed system is optional. Without the managed system software, you cannot use the RACADM locally, and the iDRAC6 cannot capture the last crash screen. To install the managed system software, install the software on the managed system using the Dell Systems Management Tools and Documentation DVD.
For information about Server Administrator, IT Assistant, and Unified Server Configurator, see the Server Administrator User's Guide, the IT Assistant User’s Guide, and the Lifecycle Controller User’s Guide available on the Dell Support website at support.dell.com\manuals. Installing and Removing RACADM on a Linux Management Station To use the remote RACADM functions, install RACADM on a management station running Linux.
Updating the iDRAC6 Firmware Use one of the following methods to update your iDRAC6 firmware.
Updating the iDRAC6 Firmware Using the Web-Based Interface For detailed information, see "Updating the iDRAC6 Firmware/System Services Recovery Image." Updating the iDRAC6 Firmware Using RACADM You can update the iDRAC6 firmware using the CLI-based RACADM tool. If you have installed Server Administrator on the managed system, use local RACADM to update the firmware. 1 Download the iDRAC6 firmware image from the Dell Support website at support.dell.com to the managed system. For example: C:\downloads\firmim
These errors are cosmetic in nature and should be ignored. These messages are caused due to reset of the USB devices during the firmware update process and are harmless. Clearing the Browser Cache After the firmware upgrade, clear the Web browser cache. See your Web browser’s online help for more information. Configuring a Supported Web Browser The following sections provide instructions for configuring the supported Web browsers.
32-bit and 64-bit Web Browsers The iDRAC6 Web-based interface is not supported on 64-bit Web browsers. If you open a 64-bit Browser, access the Console Redirection page, and attempt to install the plug-in, the installation procedure fails. If this error was not acknowledged and you repeat this procedure, the Console Redirect Page loads even though the plug-in installation fails during your first attempt.
Linux If you are running Console Redirection on a Red Hat® Enterprise Linux® (version 4) client with a Simplified Chinese GUI, the viewer menu and title may appear in random characters. This issue is caused by an incorrect encoding in the Red Hat Enterprise Linux (version 4) Simplified Chinese operating system. To fix this issue, access and modify the current encoding settings by performing the following steps: 1 Open a command terminal. 2 Type “locale” and press . The following output is displayed.
6 Log out and then log in to the operating system. 7 Relaunch the iDRAC6. When you switch from any other language to the Simplified Chinese language, ensure that this fix is still valid. If not, repeat this procedure. For advanced configurations of the iDRAC6, see "Advanced iDRAC6 Configuration.
Configuring the iDRAC6 Using the Web Interface The iDRAC6 provides a Web interface that enables you to configure the iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the iDRAC6 Web interface. This chapter provides information about how to perform common systems management tasks with the iDRAC6 Web interface and provides links to related information.
Accessing the Web Interface To access the iDRAC6 Web interface, perform the following steps: 1 Open a supported Web browser window. To access the Web interface using an IPv4 address, go to step 2. To access the Web interface using an IPv6 address, go to step 3. 2 Access the Web interface using an IPv4 address; you must have IPv4 enabled: In the browser Address bar, type: https:// Then, press . 3 Access the Web interface using an IPv6 address; you must have IPv6 enabled.
Logging In You can log in as either an iDRAC6 user or as a Microsoft® Active Directory® user. The default user name and password for an iDRAC6 user are root and calvin, respectively. You must have been granted Login to iDRAC privilege by the administrator to log in to iDRAC6. To log in, perform the following steps: 1 In the Username field, type one of the following: • Your iDRAC6 user name. The user name for local users is case sensitive. Examples are root, it_user, or john_doe.
Logging Out 1 In the upper-right corner of the main window, click Logout to close the session. 2 Close the browser window. NOTE: The Logout button does not appear until you log in. NOTE: Closing the browser without gracefully logging out may cause the session to remain open until it times out. It is strongly recommended that you click the logout button to end the session; otherwise, the session may remain active until the session timeout is reached.
NOTE: You may see the following message if the system halts during POST: Strike the F1 key to continue, F2 to run the system setup program One possible reason for the error is a network storm event, which causes you to lose communication with the iDRAC6. After the network storm subsides, restart the system. 1 Click Remote Access→Configuration→Network. 2 On the Network page, you can enter Network Interface Card settings, Common iDRAC settings, IPv4 settings, IPv6 settings, IPMI settings, and VLAN settings.
Table 4-1. Network Interface Card Settings (continued) Setting Description Auto Negotiation If set to On, displays the Network Speed and Mode by communicating with the nearest router or hub. If set to Off, allows you to set the Network Speed and Duplex Mode manually (Off). If NIC Selection is not set to Dedicated, Auto Negotiation setting will always be enabled (On). Network Speed Enables you to set the Network Speed to 100 Mb or 10 Mb to match your network environment.
Table 4-3. IPv4 Settings Setting Description Enabled If NIC is enabled, this selects IPv4 protocol support and sets the other fields in this section to be enabled. Use DHCP (For NIC IP Address) Prompts the iDRAC6 to obtain an IP address for the NIC from the Dynamic Host Configuration Protocol (DHCP) server. The default is off. IP Address Specifies the iDRAC6 NIC IP address. Subnet Mask Allows you to enter or edit a static IP address for the iDRAC6 NIC.
Table 4-4. IPv6 Settings Setting Description Enabled If the checkbox is selected, IPv6 is enabled. If the checkbox is not selected, IPv6 is disabled. The default is disabled. Auto Config Checking this box allows the iDRAC6 to obtain the IPv6 address for the iDRAC6 NIC from the Dynamic Host Configuration Protocol (DHCPv6) server. Enabling Auto Config also deactivates and flushes out the static values for IP Address 1, Prefix Length, and IP Gateway.
Table 4-4. IPv6 Settings (continued) Setting Description Preferred DNS Server Configures the static IPv6 address for the preferred DNS server. To change this setting, you must first uncheck Use DHCP to obtain DNS Server Addresses. Alternate DNS Server Configures the static IPv6 address for the alternate DNS server. To change this setting, you must first uncheck Use DHCP to obtain DNS Server Addresses. Table 4-5.
Table 4-7. Network Configuration Page Buttons Button Description Print Prints the Network Configuration values that appear on the screen. Refresh Reloads the Network Configuration page. Advanced Settings Opens the Network Security page, allowing the user to enter IP Range and IP Blocking attributes. Apply Changes Saves any new settings made to the network configuration page.
Table 4-8. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a range of IP addresses that can access the iDRAC. The default is off. IP Range Address Determines the acceptable IP address bit pattern, depending on the 1's in the subnet mask. This value is bitwise AND’d with the IP Range Subnet Mask to determine the upper portion of the allowed IP address.
Table 4-9. Network Security Page Buttons Button Description Print Prints the Network Security values that appear on the screen. Refresh Reloads the Network Security page. Apply Changes Saves any new settings that you made to the Network Security page. Return to the Returns to the Network Configuration page. Network Configuration Page Configuring Platform Events Platform event configuration provides a mechanism for configuring the iDRAC6 to perform selected actions on certain event messages.
Table 4-10. Platform Event Filters (continued) Index Platform Event 12 Processor Absent 13 Power Supply Warning Assert 14 Power Supply Critical Assert 15 Power Supply Absent 16 Event Log Critical Assert 17 Watchdog Critical Assert 18 System Power Warning Assert 19 System Power Critical Assert When a platform event occurs (for example, a battery warning assert), a system event is generated and recorded in the System Event Log (SEL).
6 Select or deselect Generate Alert to enable or disable this action. NOTE: Generate Alert must be enabled for an alert to be sent to any valid, configured destination (PET or e-mail). 7 Click Apply Changes. You are returned to the Platform Events page where the changes you applied are displayed in the Platform Event Filters List. 8 Repeat steps 4 through 7 to configure additional platform event filters.
8 In the Community String field, enter the appropriate iDRAC SNMP community name. Click Apply Changes. NOTE: The destination community string must be the same as the iDRAC6 community string. 9 Repeat steps 4 through 7 to configure additional IPv4 or IPv6 destination numbers. Configuring E-Mail Alerts NOTE: E-Mail alerts support both IPv4 and IPv6 addresses. 1 Log in to the remote system using a supported Web browser. 2 Ensure that you followed the procedures in "Configuring Platform Event Filters (PEF).
Configuring IPMI 1 Log in to the remote system using a supported Web browser. 2 Configure IPMI over LAN. a In the System tree, click Remote Access. b Click the Configuration tab and click Network. c In the Network Configuration page under IPMI LAN Settings, select Enable IPMI Over LAN and click Apply Changes. d Update the IPMI LAN channel privileges, if required. NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface.
f Update the Minimum Required Privilege. This property defines the minimum user privilege that is required to use the Serial Over LAN feature. Click the Channel Privilege Level Limit drop-down menu, select User, Operator, or Administrator. g Click Apply Changes. 4 Configure IPMI Serial. a In the Configuration tab, click Serial. b In the Serial Configuration menu, change the IPMI serial connection mode to the appropriate setting.
If IPMI serial is in terminal mode, you can configure the following additional settings: • Delete control • Echo control • Line edit • New line sequences • Input new line sequences For more information about these properties, see the IPMI 2.0 specification. For additional information about terminal mode commands, see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at support.dell.com\manuals\.
Secure Sockets Layer (SSL) The iDRAC6 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. Built upon public-key and private-key encryption technology, SSL is a widely accepted technology for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.
Accessing SSL Through the Web-Based Interface 1 Click Remote Access→Configuration. 2 Click SSL to open the SSL page. Use the SSL page to perform one of the following options: • Generate a Certificate Signing Request (CSR) to send to a CA. The CSR information is stored on the iDRAC6 firmware. • Upload a server certificate. • View a server certificate. Table 4-11 describes the above SSL page options. Table 4-11.
3 Click Generate to create the CSR and download it onto to your local computer. 4 Click the appropriate button to continue. See Table 4-13. Table 4-12. Generate Certificate Signing Request (CSR) Attributes Field Description Common Name The exact name being certified (usually the iDRAC’s domain name, for example, www.xyzcompany.com). Alphanumeric characters, hyphens, underscores, spaces, and periods are valid. Organization Name The name associated with this organization (for example, XYZ Corporation).
Table 4-13. Generate Certificate Signing Request (CSR) Page Buttons Button Description Print Prints the Generate Certificate Signing Request values that appear on the screen. Refresh Reloads the Generate Certificate Signing Request page. Generate Generates a CSR and then prompts the user to save it to a specified directory. Go Back to SSL Main Menu Returns the user to the SSL page. Uploading a Server Certificate 1 On the SSL page, select Upload Server Certificate and click Next.
Viewing a Server Certificate 1 On the SSL page, select View Server Certificate and click Next. The View Server Certificate page displays the server certificate that you uploaded to the iDRAC. Table 4-15 describes the fields and associated descriptions listed in the Certificate table. 2 Click the appropriate button to continue. See Table 4-16. Table 4-15.
Configuring and Managing Active Directory Certificates The page enables you to configure and manage Active Directory settings. NOTE: You must have Configure iDRAC permission to use or configure Active Directory. NOTE: Before configuring or using the Active Directory feature, ensure that your Active Directory server is configured to communicate with iDRAC6.
Table 4-17. Active Directory Configuration and Management Page Options (continued) Attribute Description User Domain Name This value holds up to 40 User Domain entries. If configured, the list of user domain names will appear in the login page as a pull-down menu for the login user to choose from. If not configured, Active Directory users are still able to log in by entering the user name in the format of user_name@domain_name, domain_name/user_name, or domain_name\user_name.
Table 4-17. Active Directory Configuration and Management Page Options (continued) Attribute Description Active Directory CA Certificate Certificate The certificate of the Certificate Authority that signs all the domain controllers’ Security Socket Layer (SSL) server certificate. Extended Schema Settings iDRAC Name: Specifies the name that uniquely identifies the iDRAC in Active Directory. This value is NULL by default.
Table 4-18. Active Directory Configuration and Management Page Buttons Button Definition Print Prints the values that are displayed on the Active Directory Configuration and Management page. Refresh Reloads the Active Directory Configuration and Management page. Configure Active Enables you to configure Active Directory. See "Using the iDRAC6 Directory With Microsoft Active Directory" for detailed configuration information.
Table 4-19. Local Configuration Setting Description Disable the iDRAC Local Configuration using option ROM Disables local configuration of iDRAC using option ROM. Option ROM resides in the BIOS and provides a user interface engine that allows BMC and iDRAC configuration. The option ROM prompts you to enter the setup module by pressing . Disable the iDRAC Local Configuration using RACADM Disables local configuration of iDRAC using local RACADM. Table 4-20.
Table 4-21. SSH Settings Setting Description Enabled Enables or disable SSH. When checked, the checkbox indicates that SSH is enabled. Timeout The secure shell idle timeout, in seconds. The Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 300. Port Number The port on which the iDRAC6 listens for an SSH connection. The default is 22. Table 4-22. Telnet Settings Setting Description Enabled Enables or disables telnet.
Table 4-25. Automated System Recovery Agent Setting Setting Description Enabled Enables/disables the Automated System Recovery Agent. When checked, the Automated System Recovery Agent is enabled. Table 4-26. Services Page Buttons Button Description Print Prints the Services page. Refresh Refreshes the Services page. Apply Changes Applies the Services page settings.
3 In the Upload/Rollback (Step 1 of 3) page, click Browse, or type the path to the firmware image that you downloaded from support.dell.com or the System Services recovery image. NOTE: If you are running Firefox, the text cursor does not appear in the Firmware Image field. For example: C:\Updates\V1.0\. OR \\192.168.1.10\Updates\V1.0\ The default firmware image name is firmimg.d6. 4 Click Upload. The file will be uploaded to the iDRAC6.
6 In the case of a firmware image, Preserve Configuration provides you with the option to preserve or clear the existing iDRAC6 configuration. This option is selected by default. NOTE: If you deselect the Preserve Configuration checkbox, the iDRAC6 will be reset to its default settings. In the default settings, the LAN is enabled. You may not be able to log in to the iDRAC6 Web interface. You will have to reconfigure the LAN settings using the iDRAC6 Configuration Utility during BIOS POST.
iDRAC6 Firmware Rollback iDRAC6 has the provision to maintain two simultaneous firmware images. You can choose to boot from (or rollback to) the firmware image of your choice. 1 Open the iDRAC6 Web-based interface and log in to the remote system. Click System→Remote Access, and then click the Update tab. 2 In the Upload/Rollback (Step 1 of 3) page, click Rollback. The current and the rollback firmware versions are displayed on the Status (Step 2 of 3) page.
Configuring the iDRAC6 Using the Web Interface
Advanced iDRAC6 Configuration This section provides information about advanced iDRAC6 configuration and is recommended for users with advanced knowledge of systems management and who want to customize the iDRAC6 environment to suit their specific needs. Before You Begin You should have completed the basic installation and setup of your iDRAC6 hardware and software. See "Basic Installation of the iDRAC6" for more information.
4 Set the Serial Communication screen options as follows: serial communication....On with serial redirection via com2 NOTE: You can set serial communication to On with serial redirection via com1 as long as the serial port address field, serial device2, is set to com1, also. serial port address....Serial device1 = com1, serial device2 = com2 external serial connector....Serial device 1 failsafe baud rate....115200 remote terminal type....vt100/vt220 redirection after boot....
Starting a Text Console Through Telnet or SSH After you have logged into the iDRAC6 through your management station terminal software with telnet or SSH, you can redirect the managed system text console by using console com2, which is a telnet/SSH command. Only one console com2 client is supported at a time.
Enabling Microsoft Telnet for Telnet Console Redirection NOTE: Some telnet clients on Microsoft operating systems may not display the BIOS setup screen correctly when BIOS console redirection is set for VT100/VT220 emulation. If this issue occurs, update the display by changing BIOS console redirection to ANSI mode. To perform this procedure in the BIOS setup menu, select Console Redirection →Remote Terminal Type →ANSI.
To configure a Linux telnet session to use the key: 1 Open a command prompt and type: stty erase ^h 2 At the prompt, type: telnet Using the Secure Shell (SSH) It is critical that your system’s devices and device management are secure. Embedded connected devices are the core of many business processes. If these devices are compromised, your business may be at risk, which requires new security demands for command line interface (CLI) device management software.
The iDRAC6 SSH implementation supports multiple cryptography schemes, as shown in Table 5-1. Table 5-1.
serial --unit=1 --speed=57600 terminal --timeout=10 serial 2 Append two options to the kernel line: kernel ............. console=ttyS1,115200n8r console=tty1 3 If the /etc/grub.conf contains a splashimage directive, comment it out. Table 5-2 provides a sample /etc/grub.conf file that shows the changes described in this procedure. Table 5-2. Sample File: /etc/grub.conf # grub.
Table 5-2. Sample File: /etc/grub.conf (continued) serial --unit=1 --speed=57600 terminal --timeout=10 serial title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.3smp ro root= /dev/sda1 hda=ide-scsi console=ttyS0 console= ttyS1,115200n8r initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 s initrd /boot/initrd-2.4.9-e.3.im When you edit the /etc/grub.
Table 5-3 shows a sample file with the new line. Table 5-3. Sample File: /etc/innitab # # inittab This file describes how the INIT process should set up # the system in a certain run-level. # # Author: Miquel van Smoorenburg # Modified for RHS Linux by Marc Ewing and Donnie Barnes # # Default runlevel.
Table 5-3. Sample File: /etc/innitab (continued) # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have power installed and your # UPS is connected and working correctly.
Edit the file /etc/securetty as follows: Add a new line with the name of the serial tty for COM2: ttyS1 Table 5-4 shows a sample file with the new line. Table 5-4.
To set up your system to use any of these interfaces, perform the following steps. Configure the BIOS to enable serial connection: 1 Turn on or restart your system. 2 Press immediately after you see the following message: = System Setup 3 Scroll down and select Serial Communication by pressing . 4 Set the Serial Communication screen as follows: external serial connector....remote access device Then, select Save Changes.
When you are connected serially with the previous settings, you should see a login prompt. Enter the iDRAC6 username and password (default values are root, calvin, respectively). From this interface, you can execute such features as RACADM.
Direct Connect Basic mode will enable you to use such tools as ipmish directly through the serial connection. For example, to print the System Event Log using ipmish via IPMI Basic mode, run the following command: ipmish -com 1 -baud 57600 sel get -flow cts -u root -p calvin Direct Connect Terminal mode will enable you to issue ASCII commands to the iDRAC6.
Switching Between RAC Serial Interface Communication Mode and Serial Console Redirection iDRAC6 supports Escape key sequences that allow switching between RAC Serial Interface communication and Serial console redirection. To set your system to allow this behavior, do the following: 1 Turn on or restart your system. 2 Press immediately after you see the following message: = System Setup 3 Scroll down and select Serial Communication by pressing .
To switch to RAC Serial Interface Communication Mode when in Serial Console Redirection Mode, use the following key sequence: + <9> The key sequence above directs you either to the "iDRAC Login" prompt (if the RAC is set to "RAC Serial" mode) or to the "Serial Connection" mode where terminal commands can be issued (if the RAC is set to "IPMI Serial Direct Connect Terminal Mode").
Configuring the Management Station Terminal Emulation Software iDRAC6 supports a serial or telnet text console from a management station running one of the following types of terminal emulation software: • Linux Minicom in an Xterm • Hilgraeve’s HyperTerminal Private Edition (version 6.3) • Linux Telnet in an Xterm • Microsoft Telnet Perform the steps in the following subsections to configure your type of terminal software. If you are using Microsoft Telnet, configuration is not required.
7 Press and set the Bps/Par/Bits option to 57600 8N1. 8 Press and set Hardware Flow Control to Yes and set Software Flow Control to No. 9 To exit the Serial Port Setup menu, press . 10 Select Modem and Dialing and press . 11 In the Modem Dialing and Parameter Setup menu, press to clear the init, reset, connect, and hangup settings so that they are blank. 12 Press to save each blank value.
Table 5-6. Minicom Settings for Serial Console Emulation (continued) Setting Description Required Setting Terminal emulation ANSI Modem dialing and parameter settings Clear the init, reset, connect, and hangup settings so that they are blank Window size 80 x 25 (to resize, drag the corner of the window) Configuring HyperTerminal for Serial Console Redirection HyperTerminal is the Microsoft Windows serial port access utility.
Table 5-7. Management Station COM Port Settings Setting Description Required Setting Bits per second 57600 Data bits 8 Parity None Stop bits 1 Flow control Hardware Configuring Serial and Terminal Modes Configuring IPMI and iDRAC6 Serial 1 Expand the System tree and click Remote Access. 2 Click the Configuration tab and then click Serial. 3 Configure the IPMI serial settings. See Table 5-8 for description of the IPMI serial settings. 4 Configure the iDRAC6 serial settings.
Table 5-8. IPMI Serial Settings (continued) Setting Description Flow Control • None — Hardware Flow Control Off • RTS/CTS — Hardware Flow Control On Channel Privilege Level Limit • Administrator • Operator • User Table 5-9. iDRAC6 Serial Settings Setting Description Enabled Enables or disables the iDRAC6 serial console. Checked= Enabled; Unchecked=Disabled Timeout The maximum number of seconds of line idle time before the line is disconnected. The range is 60 to 1920 seconds.
Configuring Terminal Mode 1 Expand the System tree and click Remote Access. 2 Click the Configuration tab and then click Serial. 3 In the Serial page, click Terminal Mode Settings. 4 Configure the terminal mode settings. See Table 5-11 for description of the terminal mode settings. 5 Click Apply Changes. 6 Click the appropriate Terminal Mode Settings page button to continue. See Table 5-12 for description of the terminal mode settings page buttons. Table 5-11.
Table 5-12. Terminal Mode Settings Page Buttons (continued) Button Description Return to Serial Port Configuration Return to the Serial Port Configuration page. Apply Changes Apply the terminal mode settings changes. Configuring the iDRAC6 Network Settings CAUTION: Changing your iDRAC6 Network settings may disconnect your current network connection.
Table 5-13 describes each iDRAC6 interface. Table 5-13. iDRAC6 Interfaces Interface Description Web-based interface Provides remote access to the iDRAC6 using a graphical user interface. The Web-based interface is built into the iDRAC6 firmware and is accessed through the NIC interface from a supported Web browser on the management station. RACADM Provides remote access to the iDRAC6 using a command line interface. RACADM uses the iDRAC6 IP address to execute RACADM commands.
Table 5-13. iDRAC6 Interfaces (continued) Interface Description SSH Interface Provides the same capabilities as the telnet console using an encrypted transport layer for higher security. IPMI Interface Provides access through the iDRAC6 to the remote system’s basic management features. The interface includes IPMI over LAN, IPMI over Serial, and Serial over LAN. For more information, see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at support.dell.com\manuals.
Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name Continuing execution. Use -S option for racadm to stop the execution on certificate-related errors. RACADM continues to execute the command. However, if you use the –S option, RACADM stops executing the command and displays the following message: Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name Racadm not continuing execution of the command.
If the HTTPS port number of the iDRAC6 has been changed to a custom port other than the default port (443), the following syntax must be used: racadm -r : -u -p racadm -i -r : RACADM Options Table 5-14 lists the options for the RACADM command. Table 5-14. racadm Command Options Option Description -r Specifies the controller’s remote IP address.
Enabling and Disabling the RACADM Remote Capability NOTE: It is recommended that you run these commands on your local system. The RACADM remote capability is enabled by default. If disabled, type the following RACADM command to enable: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 1 To disable the remote capability, type: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 0 RACADM Subcommands Table 5-15 provides a description of each RACADM subcommand that you can run in RACADM.
Table 5-15. RACADM Subcommands (continued) Command Description coredumpdelete Deletes the coredump stored in the iDRAC6. fwupdate Executes or displays status on iDRAC6 firmware updates. getssninfo Displays information about active sessions. getsysinfo Displays general iDRAC6 and system information. getractime Displays the iDRAC6 time. ifconfig Displays the current iDRAC6 IP configuration. netstat Displays the routing table and the current connections.
Frequently Asked Questions About RACADM Error Messages After performing an iDRAC6 reset (using the racadm racreset command), I issue a command and the following message is displayed: ERROR: Unable to connect to RAC at specified IP address What does this message mean? You must wait until the iDRAC6 completes the reset before issuing another command. When I use the racadm commands and subcommands, I get errors that I don’t understand.
To configure multiple iDRAC6 controllers, perform the following procedures: 1 Use RACADM to query the target iDRAC6 that contains the appropriate configuration. NOTE: The generated .cfg file does not contain user passwords. Open a command prompt and type: racadm getconfig -f myfile.cfg NOTE: Redirecting the iDRAC6 configuration to a file using getconfig -f is only supported with the local and remote RACADM interfaces. 2 Modify the configuration file using a simple text editor (optional).
The initial configuration file, racadm.cfg, is named by the user. In the following example, the configuration file is named myfile.cfg. To create this file, type the following at the command prompt: racadm getconfig -f myfile.cfg CAUTION: It is recommended that you edit this file with a simple text editor. The RACADM utility uses an ASCII text parser. Any formatting confuses the parser, which may corrupt the RACADM database. Creating an iDRAC6 Configuration File The iDRAC6 configuration file .
Use the following guidelines when you create a .cfg file: • If the parser encounters an indexed group, it is the value of the anchored object that differentiates the various indexes. The parser reads in all of the indexes from the iDRAC6 for that group. Any objects within that group are simple modifications when the iDRAC6 is configured. If a modified object represents a new index, the index is created on the iDRAC6 during configuration. • You cannot specify an index of your choice in a .cfg file.
Parsing Rules • All lines that start with '#' are treated as comments. A comment line must start in column one. A '#' character in any other column is treated as a '#' character. Some modem parameters may include # characters in its string. An escape character is not required. You may want to generate a .cfg from a racadm getconfig -f .cfg command, and then perform a racadm config -f .cfg command to a different iDRAC6, without adding escape characters.
• All parameters are specified as "object=value" pairs with no white space between the object, =, or value. White spaces that are included after the value are ignored. A white space inside a value string remains unmodified. Any character to the right of the '=' is taken as is (for example, a second '=', or a '#', '[', ']', and so forth). These characters are valid modem chat script characters. See the example in the previous bullet. • The .cfg parser ignores an index object entry.
Modifying the iDRAC6 IP Address When you modify the iDRAC6 IP address in the configuration file, remove all unnecessary =value entries. Only the actual variable group’s label with "[" and "]" remains, including the two =value entries pertaining to the IP address change. For example: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.
Configuring iDRAC6 Network Properties To generate a list of available network properties, type the following: racadm getconfig -g cfgLanNetworking To use DHCP to obtain an IP address, use the following command to write the object cfgNicUseDhcp and enable this feature: racadm config -g cfgLanNetworking -o cfgNicUseDHCP 1 The commands provide the same configuration functionality as the iDRAC6 Configuration Utility at boot-up when you are prompted to type .
racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1 racadm config -g cfgLanNetworking -o cfgDNSRacName RAC-EK00002 racadm config -g cfgLanNetworking -o cfgDNSDomainNameFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSDomainName MYDOMAIN NOTE: If cfgNicEnable is set to 0, the iDRAC6 LAN is disabled even if DHCP is enabled.
Frequently Asked Questions about Network Security When accessing the iDRAC6 Web-based interface, I get a security warning stating the hostname of the SSL certificate does not match the hostname of the iDRAC6. The iDRAC6 includes a default iDRAC6 server certificate to ensure network security for the Web-based interface and remote RACADM features.
The iDRAC6 Web server is reset after the following occurrences: • When the network configuration or network security properties are changed using the iDRAC6 Web user interface • When the cfgRacTuneHttpsPort property is changed (including when a config -f changes it) • When racresetcfg is used • When the iDRAC6 is reset • When a new SSL server certificate is uploaded Why doesn’t my DNS server register my iDRAC6? Some DNS servers only register names of 31 characters or fewer.
Adding and Configuring iDRAC6 Users To manage your system with the iDRAC6 and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs.
3 On the User Configuration page, configure the following: • The username, password, and access permissions for a new or existing iDRAC user. Table describes General User Settings. • The user’s IPMI privileges. Table 6-4 describes the IPMI User Privileges for configuring the user’s LAN privileges. • The iDRAC user privileges. Table 6-5 describes the iDRAC User Privileges. • The iDRAC Group access permissions. Table 6-6 describes the iDRAC Group Permissions. 4 When completed, click Apply Changes.
Table 6-2. Smart Card Configuration Options Option Description View User Certificate Displays the user certificate page that has been uploaded to the iDRAC. Upload Trusted CA Certificate Enables you to upload the trusted CA certificate to iDRAC and import it to the user profile. View Trusted CA Certificate Displays the trusted CA certificate that has been uploaded to the iDRAC. The trusted CA certificate is issued by the CA who is authorized to issue certificates to users. Table 6-3.
Table 6-5. iDRAC User Privileges Property Description Roles Specifies the user’s maximum iDRAC user privilege as one of the following: Administrator, Operator, Read Only, or None. See Table 6-6 for iDRAC Group Permissions. Login to iDRAC Enables the user to log in to the iDRAC. Configure iDRAC Enables the user to configure the iDRAC. Configure Users Enables the user to allow specific users to access the system. Clear Logs Enables the user to clear the iDRAC logs.
Table 6-7. User Configuration Page Buttons Button Action Print Prints the User Configuration values that appear on the screen. Refresh Reloads the User Configuration page. Go Back To Users Page Returns to the Users Page. Apply Changes Saves any new settings made to the user configuration. Using the RACADM Utility to Configure iDRAC6 Users NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system.
Before You Begin You can configure up to 16 users in the iDRAC6 property database. Before you manually enable an iDRAC6 user, verify if any current users exist. If you are configuring a new iDRAC6 or if you ran the racadm racresetcfg command, the only current user is root with the password calvin. The racresetcfg subcommand resets the iDRAC6 to the original default values. CAUTION: Use caution when using the racresetcfg command, as all configuration parameters are reset to their default values.
Adding an iDRAC6 User To add a new user to the RAC configuration, a few basic commands can be used. In general, perform the following procedures: 1 Set the user name. 2 Set the password. 3 Set the following user privileges: • iDRAC privilege • IPMI LAN privilege • IPMI Serial privilege • Serial Over LAN privilege 4 Enable the user. Example The following example describes how to add a new user named "John" with a "123456" password and LOGIN privileges to the RAC.
Removing an iDRAC6 User When using RACADM, users must be disabled manually and on an individual basis. Users cannot be deleted by using a configuration file. The following example illustrates the command syntax that can be used to delete a RAC user: racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i "" A null string of double quote characters ("") instructs the iDRAC6 to remove the user configuration at the specified index and reset the user configuration to the original factory defaults.
Using the iDRAC6 With Microsoft Active Directory A directory service maintains a common database of all information needed for controlling users, computers, printers, etc. on a network. If your company already uses the Microsoft® Active Directory® service software, you can configure the software to provide access to iDRAC6, allowing you to add and control iDRAC6 user privileges to your existing users in your Active Directory software.
Prerequisites for Enabling Active Directory Authentication for the iDRAC6 To use the Active Directory authentication feature of the iDRAC6, you must have already deployed an Active Directory infrastructure. See the Microsoft website for information on how to set up an Active Directory infrastructure, if you don't already have one.
Extended Schema Active Directory Overview Using the extended schema solution requires the Active Directory schema extension, as described in the following section. Extending the Active Directory Schema Important: The schema extension for this product is different from the previous generations of Dell Remote Management products. You must extend the new schema and install the new Active Directory Users and Computers Microsoft Management Console (MMC) Snap-in on your directory.
Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for our attributes and classes that are added into the directory service. Dell extension is: dell Dell base OID is: 1.2.840.113556.1.8000.
Figure 7-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization. Figure 7-1. Typical Setup for Active Directory Objects iDRAC Association Object User(s) Group(s) Privilege Object iDRAC Device Object(s) You can create as many or as few association objects as required.
Accumulating Privileges Using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.
For example, Priv1 has these privileges: Login, Virtual Media, and Clear Logs and Priv2 has these privileges: Login to iDRAC, Configure iDRAC, and Test Alerts. As a result, User1 now has the privilege set: Login to iDRAC, Virtual Media, Clear Logs, Configure iDRAC, and Test Alerts, which is the combined privilege set of Priv1 and Priv2.
You can extend your schema using one of the following methods: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema. The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: • DVD drive:\SYSMGMT\ManagementStation\support\OMActiveDirectory_ Tools\Remote_Management_Advanced\LDIF_Files • :\SYSMGMT\ManagementS
The schema is extended. To verify the schema extension, use the MMC and the Active Directory Schema Snap-in to verify that the following exist: • Classes (see Table 7-2 through Table 7-7) • Attributes (Table 7-8) See your Microsoft documentation for details about using the MMC and the Active Directory Schema Snap-in. Table 7-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.
Table 7-4. delliDRACAssociationObject Class (continued) OID 1.2.840.113556.1.8000.1280.1.7.1.2 Class Type Structural Class SuperClasses Group Attributes dellProductMembers dellPrivilegeMember Table 7-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Used to define the privileges (Authorization Rights) for the iDRAC device.
Table 7-7. dellProduct Class OID 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived. Class Type Structural Class SuperClasses Computer Attributes dellAssociationMembers Table 7-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute.
Table 7-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued delIsLogClearAdmin 1.2.840.113556.1.8000.1280.1.1.2.6 TRUE TRUE if the user has Log Clearing rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsServerResetUser 1.2.840.113556.1.8000.1280.1.1.2.7 TRUE if the user has Server Reset rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.
Table 7-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellAssociationMembers 1.2.840.113556.1.8000.1280.1.1.2.14 FALSE List of Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellAssociationObjectMembers that belong to this Product. This attribute is the backward link to the dellProductMembers linked attribute.
Opening the Active Directory Users and Computers Snap-In To open the Active Directory Users and Computers Snap-in: 1 If you are logged into the domain controller, click Start Admin Tools→ Active Directory Users and Computers. If you are not logged into the domain controller, you must have the appropriate Microsoft Administrator Pack installed on your local system. To install this Administrator Pack, click Start→Run, type MMC, and press Enter. The MMC is displayed.
4 Select iDRAC Device Object. 5 Click OK. Creating a Privilege Object NOTE: A Privilege Object must be created in the same domain as the related Association Object. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→Dell Remote Management Object Advanced. The New Object window is displayed. 3 Type a name for the new object. 4 Select Privilege Object. 5 Click OK. 6 Right-click the privilege object that you created, and select Properties.
Adding Users or User Groups 1 Right-click the Association Object and select Properties. 2 Select the Users tab and click Add. 3 Type the user or User Group name and click OK. Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC device. Only one privilege object can be added to an Association Object. Adding Privileges 1 Select the Privileges Object tab and click Add.
6 Under Certificate Settings, check Enable Certificate Validation if you want to validate the SSL certificate of your Active Directory servers; otherwise, go to step 9. 7 Under Upload Active Directory CA Certificate, type the file path of the certificate or browse to find the certificate file. NOTE: You must type the absolute file path, which includes the full path and the complete file name and file extension. 8 Click Upload.
16 Click Next to go to the Step 3 of 4 Active Directory Configuration and Management. 17 Under Schema Selection, click Extended Schema. 18 Click Next to go to the Step 4 of 4 Active Directory Configuration and Management. 19 Under Extended Schema Settings, type the iDRAC name and domain name to configure the iDRAC device object. The iDRAC domain name is the Domain in which iDRAC Object is created. 20 Click Finish to save Active Directory Extended Schema settings.
racadm config -g cfgActiveDirectory -o cfgDomainController1 racadm config -g cfgActiveDirectory -o cfgDomainController2 racadm config -g cfgActiveDirectory -o cfgDomainController3 NOTE: At least one of the three addresses is required to be configured.
racadm sslcertupload -t 0x2 -f Using the following RACADM command may be optional. See "Importing the iDRAC6 Firmware SSL Certificate" for additional information.
Standard Schema Active Directory Overview As shown in Figure 7-3, using standard schema for Active Directory integration requires configuration on both Active Directory and the iDRAC6. Figure 7-3. Configuration of iDRAC with Microsoft Active Directory and Standard Schema Configuration on Active Directory Side Role Group Configuration on iDRAC Side Role Group Name and Domain Name Role Definition User On the Active Directory side, a standard group object is used as a role group.
Table 7-9.
Configuring Standard Schema Active Directory to Access Your iDRAC You must perform the following steps to configure Active Directory before an Active Directory user can access iDRAC6: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2 Create a group or select an existing group.
9 Under Upload Kerberos Keytab, type the path of the keytab file or browse to locate the file. Click Upload. The Kerberos keytab is uploaded into the iDRAC6. 10 Click Next to go to the Step 2 of 4 Active Directory Configuration and Management. 11 Select Enable Active Directory. 12 Select Enable Single Sign-On if you want to log into iDRAC6 without entering your domain user authentication credentials, such as user name and password. 13 Click Add to enter the user domain name.
NOTE: The Global Catalog server is only required for standard schema in the case that the user accounts and the role groups are in different domains. And, in this multiple domain case, only the Universal Group can be used. 21 Under Role Groups, click a Role Group. The Step 4b of 4 page is displayed. 22 Specify the Role Group Name. The Role Group Name identifies the role group in Active Directory associated with the iDRAC. 23 Specify the Role Group Domain, which is the domain of the Role Group.
Configuring Active Directory With Standard Schema Using RACADM Use the following commands to configure the iDRAC Active Directory Feature with Standard Schema using the RACADM CLI instead of the Web-based interface.
NOTE: At least one of the 3 addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one-by-one until a successful connection is made. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located.
In this case, you must also upload the CA certificate using the following RACADM command: racadm sslcertupload -t 0x2 -f Using the following RACADM command may be optional. See "Importing the iDRAC6 Firmware SSL Certificate" for additional information.
Testing Your Configurations If you want to verify whether your configuration works, or if you need to diagnose the problem with your failed Active Directory login, you can test your settings from the iDRAC6 Web-based interface. After you finish configuring settings in the iDRAC6 Web-based interface, click Test Settings at the bottom of the page. You will be required to enter a test user's name (for example, username@domain.com) and password to run the test.
c In the Automatic Certificate Request Setup Wizard, click Next and select Domain Controller. d Click Next and click Finish. Exporting the Domain Controller Root CA Certificate to the iDRAC NOTE: If your system is running Windows 2000, the following steps may vary. NOTE: If you are using a standalone CA, the following steps may vary. 1 Locate the domain controller that is running the Microsoft Enterprise CA service. 2 Click Start→Run. 3 In the Run field, type mmc and click OK.
To upload the certificate using the Web-based interface, see "Configuring Active Directory With Extended Schema Using the iDRAC6 Web-Based Interface" or "Configuring Active Directory With Standard Schema Using the iDRAC6 Web-Based Interface." Importing the iDRAC6 Firmware SSL Certificate NOTE: If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload the iDRAC Server certificate to the Active Directory Domain controller as well.
5 Click Next and select whether you would like Windows to automatically select the certificate store based on the type of certificate, or browse to a store of your choice. 6 Click Finish and click OK. Using Active Directory to Log In to the iDRAC6 You can use Active Directory to log in to the iDRAC6 using one of the following methods: • Web-based interface • Remote RACADM • Serial or telnet console The login syntax is the same for all three methods: or \ or
Using Active Directory Single Sign-On You can enable the iDRAC6 to use Kerberos—a network authentication protocol—to enable single sign-on. For more information on setting up the iDRAC6 to use the Active Directory single sign-on feature, see "Enabling Kerberos Authentication." Configuring the iDRAC6 to Use Single Sign-On 1 Click Remote Access→Configuration tab→Active Directory subtab→ select Configure Active Directory.
Logging Into the iDRAC6 Using Single Sign-On 1 Log into your workstation using your network account. 2 To access the iDRAC6 Web page, type: https:// If the default HTTPS port number (port 443) has been changed, type: https://: where IP address is the IP address for the iDRAC6 and port number is the HTTPS port number. The iDRAC6 single sign-on page is displayed. 3 Click Login.
I enabled certificate validation but my Active Directory login failed. I ran the diagnostics from the GUI and the test result shows the following error message: ERROR: Can't contact LDAP server, error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: Please check the correct Certificate Authority (CA) certificate has been uploaded to iDRAC.
Check the Subject or Subject Alternative Name field of your domain controller certificate. Usually Active Directory uses the hostname, not the IP address, of the domain controller in the Subject or Subject Alternative Name field of the domain controller certificate. You can fix the problem in several ways: 1 Configure the hostname (FQDN) of the domain controller as the domain controller address(es) on iDRAC6 to match the Subject or Subject Alternative Name of the server certificate.
Why does iDRAC6 enable certificate validation by default? iDRAC6 enforces strong security to ensure the identity of the domain controller that iDRAC6 connects to. Without certificate validation, a hacker could spoof a domain controller and hijack the SSL connection. If you choose to trust all the domain controllers in your security boundary without certificate validation, you can disable it through the GUI or the CLI. Does iDRAC6 support the NetBIOS name? Not in this release.
Using the iDRAC6 With Microsoft Active Directory
Configuring Smart Card Authentication The iDRAC6 supports the two factor authentication (TFA) feature by enabling Smart Card Logon. The traditional authentication schemes use user name and password to authenticate users. This provides minimal security. TFA, on the other hand, provides a higher-level of security by making the users provide two factors of authentication - what you have and what you know–what you have is the Smart Card, a physical device, and what you know–a secret code like a password or PIN.
NOTE: Dell recommends that the iDRAC6 administrator use the Enable with Remote Racadm setting only to access the iDRAC6 Web-based interface to run scripts using the remote RACADM commands. If the administrator does not need to use the remote RACADM, Dell recommends the Enabled setting for Smart Card logon. Also, ensure that the iDRAC6 local user configuration and/or Active Directory configuration is complete before enabling Smart Card Logon. • Disable Smart Card configuration (default).
trusted CA certificate for the user. Configure the user with the username that forms the user’s User Principal Name (UPN) in the Smart Card certificate. NOTE: To log into the iDRAC6, the user name that you configure in the iDRAC6 should have the same case as the User Principal Name (UPN) in the Smart Card certificate. For example, in case the Smart Card certificate has been issued to the user, "sampleuser@domain.com," the username should be configured as "sampleuser.
Table 8-1. Setting Smart Card Settings Description Configure Smart Card • Disabled — Disables Smart Card logon. Subsequent logins Logon from the graphical user interface (GUI) display the regular login page. All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM are set to their default state. • Enabled — Enables Smart Card logon. After applying the changes, logout, insert your Smart Card and then click Login to enter your Smart Card PIN.
Logging Into the iDRAC6 Using the Smart Card The iDRAC6 Web interface displays the Smart Card logon page for all users who are configured to use the Smart Card. NOTE: Ensure that the iDRAC6 local user and/or Active Directory configuration is complete before enabling the Smart Card Logon for the user. NOTE: Depending on your browser settings, you may be prompted to download and install the Smart Card reader ActiveX plug-in when using this feature for the first time. 1 Access the iDRAC6 Web page using https.
Logging Into the iDRAC6 Using Active Directory Smart Card Authentication 1 Log into the iDRAC6 using https. https:// If the default HTTPS port number (port 443) has been changed, type: https://: where IP address is the IP address for the iDRAC6 and port number is the HTTPS port number. The iDRAC6 Login page is displayed prompting you to insert the Smart Card. 2 Insert the Smart Card and click Login. The PIN pop-up dialog box is displayed. 3 Enter the PIN and click OK.
Incorrect Smart Card PIN Check to see if the Smart Card has been locked out due to too many attempts with an incorrect PIN. In such cases, the issuer of the Smart Card in the organization will be able to help you get a new Smart Card. Unable to Log into Local iDRAC6 If a local iDRAC6 user cannot log in, check if the username and the user certificates uploaded to the iDRAC6 have expired.
Configuring Smart Card Authentication
Enabling Kerberos Authentication Kerberos is a network authentication protocol that allows systems to communicate securely over a non-secure network. It achieves this by allowing the systems to prove their authenticity. To keep with the higher authentication enforcement standards, iDRAC6 now supports Kerberos based Active Directory® authentication to support Active Directory Smart Card and single sign-on logins.
Prerequisites for single sign-on and Active Directory Authentication Using Smart Card • Configure the iDRAC6 for Active Directory login. For more information, see "Using Active Directory to Log In to the iDRAC6." • Register the iDRAC6 as a computer in the Active Directory root domain. a Click Remote Access→Configuration tab→Network subtab. b Provide a valid Preferred/Alternate DNS Server IP address.
Since the iDRAC6 is a device with a non-Windows operating system, run the ktpass utility—part of Microsoft Windows—on the Domain Controller (Active Directory server) where you want to map the iDRAC6 to a user account in Active Directory. For example, use the following ktpass command to create the Kerberos keytab file: C:\>ktpass -princ HOST/dracname.domainname.com@DOMAINNAME.COM mapuser dracname -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out c:\krbkeytab The encryption type that iDRAC6 uses for K
Configuring the iDRAC6 for single sign-on and Active Directory Authentication Using Smart Card Upload the keytab obtained from the Active Directory root domain, to the iDRAC6: 1 Click Remote Access→Configuration tab→Active Directory subtab→ Click Configure Active Directory. 2 Select Upload Kerberos Keytab and click Next. 3 On the Kerberos Keytab Upload page, select the keytab file to upload and click Apply. You can also upload the file to iDRAC6 by using CLI racadm commands.
Logging Into the iDRAC6 Using single sign-on for Active Directory Users NOTE: To log into the iDRAC6, ensure that you have the latest runtime components of Microsoft Visual C++ 2005 Libraries. For more information, see the Microsoft website. 1 Log into your system using a valid Active Directory account. 2 Type the web address of the iDRAC6 in the address bar of your browser.
Enabling Kerberos Authentication
Using GUI Console Redirection This section provides information about using the iDRAC6 console redirection feature. Overview The iDRAC6 console redirection feature enables you to access the local console remotely in either graphic or text mode. Using console redirection, you can control one or more iDRAC6-enabled systems from one location. You do not have to sit in front of each server to perform all the routine maintenance.
The following rules apply to a console redirection session: • A maximum of four simultaneous console redirection sessions are supported. All sessions view the same managed server console simultaneously. • Only one session can be opened to a remote server (iDRAC6) from the same client console (management station). However, multiple sessions to multiple remote servers are possible from the same client. • A console redirection session should not be launched from a Web browser on the managed system.
3 Dell recommends that you configure your monitor display resolution to 1280x1024 pixels or higher. NOTE: If your system is running a Linux operating system, an X11 console may not be viewable on the local monitor. Pressing at the iDRAC KVM will switch Linux to a text console. NOTE: Occasionally, you may encounter the following Java Script Compilation Error: "Expected: ;".
Table 10-2. Console Redirection Configuration Properties Property Description Enabled Click to enable or disable Console Redirection. If this option is checked, it indicates that Console Redirection is enabled. The default option is enabled. NOTE: Checking or clearing the Enabled option once after the virtual KVM is launched may disconnect all your existing virtual KVM sessions. Max Sessions Displays the maximum number of Console Redirection sessions that are possible, 1 to 4.
NOTE: For information about using Virtual Media with Console Redirection, see "Configuring and Using Virtual Media." The buttons in Table 10-3 are available on the Configuration page. Table 10-3.
Table 10-4. Console Redirection (continued) Property Description Local Server Video Enabled Yes = Enabled; No = Disabled. Remote Presence Port The network port number used for connecting to the Console Redirection Keyboard/Mouse option. This traffic is always encrypted. You may need to change this number if another program is using the default port. The default is 5900. NOTE: For information about using Virtual Media with Console Redirection, see "Configuring and Using Virtual Media.
Using the Video Viewer The Video Viewer provides a user interface between the management station and the managed server, allowing you to see the managed server’s desktop and control its mouse and keyboard functions from your management station. When you connect to the remote system, the Video Viewer starts in a separate window. NOTE: If the remote server is powered off, the message, No Signal, will be displayed.
Frequently Asked Questions about Console Redirection Table 10-6 lists frequently asked questions and answers. Table 10-6. Using Console Redirection: Frequently Asked Questions Question Answer Can a new remote console Yes. video session be started when the local video on the server is turned off? Why does it take 15 seconds It gives a local user an opportunity to take any action to turn off the local video on before the video is switched off.
Table 10-6. Using Console Redirection: Frequently Asked Questions (continued) Question Answer I cannot see the bottom of the system screen from the Console Redirection window. Ensure that the management station’s monitor resolution is set to 1280x1024. Try using the scroll bars on the iDRAC KVM client, as well. The console window is garbled. The console viewer on Linux requires a UTF-8 character set. Check your locale and reset the character set if needed.
Table 10-6. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why do multiple Session You are configuring a console redirection session from Viewer windows appear the local system. This is not supported. when I establish a console redirection session from the local host? If I am running a console No. If a local user accesses the system, both have redirection session and a control of the system.
Using the WS-MAN Interface Web Services for Management (WS–MAN) is a Simple Object Access Protocol (SOAP)–based protocol used for systems management. WS–MAN provides an interoperable protocol for devices to share and exchange data across networks. iDRAC6 uses WS–MAN to convey Distributed Management Task Force (DMTF) Common Information Model (CIM)–based management information; the CIM information defines the semantics and information types that can be manipulated in a managed system.
Table 11-1. Standard DMTF (continued) 3 Physical Asset: Defines CIM classes for representing the physical aspect of the managed elements. iDRAC6 uses this profile to represent the host server’s and its component’s FRU information, as well as the physical topology. 4 SM CLP Admin Domain Defines CIM classes for representing CLP’s configuration. iDRAC6 uses this profile for its own implementation of CLP. 5 Power State Management Defines CIM classes for power control operations.
Table 11-1. Standard DMTF (continued) 15 Software Update Defines CIM classes for inventory of available software updates. iDRAC6 uses this profile for inventory of updates of the firmware through the TFTP protocol. 16 SMASH Collection Defines CIM classes for representing CLP’s configuration. iDRAC6 uses this profile for its own implementation of CLP. 17 Profile Registration Defines CIM classes for advertising the profile implementations.
Table 11-1. Standard DMTF (continued) Dell Extensions 1 Dell™ Active Directory Client Version 2.0.0 Defines CIM and Dell extension classes for configuring iDRAC6 Active Directory client and the local privileges for Active Directory groups. 2 Dell Virtual Media Defines CIM and Dell extension classes for configuring iDRAC6 Virtual Media. Extends USB Redirection Profile. 3 Dell Ethernet Port Defines CIM and Dell extension classes for configuring NIC Side-Band interface for the iDRAC6 NIC.
Using the iDRAC6 SM-CLP Command Line Interface This section provides information about the Distributed Management Task Force (DMTF) Server Management-Command Line Protocol (SM-CLP) that is incorporated in the iDRAC6. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SM-CLP specifications. For more information on these specifications, see the DMTF website at www.dmtf.org.
SM-CLP Features The SM-CLP promotes the concept of verbs and targets to provide system management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation. Below is an example of the SM-CLP command line syntax. [] [] [] During a typical SM-CLP session, you can perform operations using the verbs listed in Table 12-1. Table 12-1.
Table 12-2.
Table 12-2.
Table 12-2.
Table 12-2.
Table 12-2.
Table 12-2.
Deploying Your Operating System Using VMCLI The Virtual Media Command Line Interface (VMCLI) utility is a command-line interface that provides virtual media features from the management station to the iDRAC6 in the remote system. Using VMCLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the VMCLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using the iDRAC6 Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Microsoft® Windows® systems.
When you create the image file, do the following: • Follow standard network-based installation procedures • Mark the deployment image as read only to ensure that each target system boots and executes the same deployment procedure 4 Perform one of the following procedures: • Integrate IPMItool and VMCLI into your existing operating system deployment application. Use the sample vm6deploy script as a guide to using the utility. • Use the existing vm6deploy script to deploy your operating system.
• is the path to the device containing the operating system installation CD , DVD, or Floppy • is the path to a valid floppy image The vm6deploy script passes its command line options to the VMCLI utility. See “Command Line Options” for details about these options. The script processes the -r option slightly differently than the vmcli -r option.
For Linux systems, you can access the VMCLI utility without administrator privileges by using the sudo command. This command provides a centralized means of providing non-administrator access and logs all user commands. To add or edit users in the VMCLI group, the administrator uses the visudo command. Users without administrator privileges can add the sudo command as a prefix to the VMCLI command line (or to the VMCLI script) to obtain access to the iDRAC6 in the remote system and run the utility.
If the remote system accepts the commands and the iDRAC6 authorizes the connection, the command continues to run until either of the following occurs: • The VMCLI connection terminates for any reason. • The process is manually terminated using an operating system control. For example, in Windows, you can use the Task Manager to terminate the process.
Floppy/Disk Device or Image File -f { | } where is a valid drive letter (for Windows systems) or a valid device filename (for Linux systems); and is the filename and path of a valid image file. NOTE: Mount points are not supported for the VMCLI utility. This parameter specifies the device or file to supply the virtual floppy/disk media. For example, an image file is specified as: -f c:\temp\myfloppy.img (Windows system) -f /tmp/myfloppy.
5 Run the following command to confirm that support for multiple LUNs has been added for the number of LUNs that you specified in Step 1: cat /sys/modules/scsi_mod/max_luns If the device provides a write-protection capability, use this capability to ensure that Virtual Media will not write to the media. Omit this parameter from the command line if you are not virtualizing floppy media. If an invalid value is detected, an error message displays and the command terminates.
Version Display -v This parameter is used to display the VMCLI utility version. If no other non-switch options are provided, the command terminates without an error message. Help Display -h This parameter displays a summary of the VMCLI utility parameters. If no other non-switch options are provided, the command terminates without error.
The latter technique is useful in script programs, as it allows the script to proceed after a new process is started for the VMCLI command (otherwise, the script would block until the VMCLI program is terminated). When multiple VMCLI instances are started in this way, and one or more of the command instances must be manually terminated, use the operating system-specific facilities for listing and terminating processes.
Configuring Intelligent Platform Management Interface (IPMI) Configuring IPMI This section provides information about configuring and using the iDRAC6 IPMI interface. The interface includes the following: • IPMI over LAN • IPMI over Serial • Serial over LAN The iDRAC6 is fully IPMI 2.0 compliant.
Configuring IPMI Using the RACADM CLI 1 Login to the remote system using any of the RACADM interfaces. See "Using RACADM Remotely." 2 Configure IPMI over LAN. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications. a Update the IPMI channel privileges.
where is a 20-character encryption key in a valid hexadecimal format. 3 Configure IPMI Serial over LAN (SOL). At the command prompt, type the following command and press : racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1 a Update the IPMI SOL minimum privilege level. NOTE: The IPMI SOL minimum privilege level determines the minimum privilege required to activate IPMI SOL. For more information, see the IPMI 2.0 specification.
For example: racadm config -g cfgIpmiSol -o cfgIpmiSolBaudRate 57600 c Enable SOL for an individual user. NOTE: SOL can be enabled or disabled for each individual user. At the command prompt, type the following command and press : racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable -i 2 where is the user’s unique ID. 4 Configure IPMI Serial. a Change the IPMI serial connection mode to the appropriate setting.
d Set the IPMI serial channel minimum privilege level.
Using the IPMI Remote Access Serial Interface In the IPMI serial interface, the following modes are available: • IPMI terminal mode — Supports ASCII commands that are submitted from a serial terminal. The command set has a limited number of commands (including power control) and supports raw IPMI commands that are entered as hexadecimal ASCII characters.
Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the console redirection viewer, provides the managed server access to media connected to a remote system on the network. Figure 15-1 shows the overall architecture of Virtual Media. Figure 15-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps. Virtual media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
Linux-Based Management Station To run the virtual media feature on a management station running the Linux operating system, install a supported version of Firefox. A Java Runtime Environment (JRE) is required to run the console redirection plugin. You can download a JRE from java.sun.com. JRE version 1.6 or above is recommended. Configuring Virtual Media 1 Log in to the iDRAC6 Web interface. 2 Select System→Console/Media. 3 Click Configuration→Virtual Media to configure the Virtual Media settings.
Table 15-2. Virtual Media Configuration Properties (continued) Attribute Value Floppy Emulation Indicates whether the Virtual Media appears as a floppy drive or as a USB key to the server. If Floppy Emulation is checked, the Virtual Media device appears as a floppy device on the server. If it is unchecked, it appears as a USB Key drive. Enable Boot Once Check this box to enable the Boot Once option. Use this attribute to boot from the Virtual Media.
Running Virtual Media CAUTION: Do not issue a racreset command when running a Virtual Media session. Otherwise, undesirable results may occur, including loss of data. NOTE: The Console Viewer window application must remain active while you access the virtual media.
3 Select System→Console/Media. The Console Redirection and Virtual Media page is displayed. If you want to change the values of any of the displayed attributes, see "Configuring Virtual Media." NOTE: The Floppy Image File under Floppy Drive (if applicable) may appear, as this device can be virtualized as a virtual floppy. You can select one optical drive and one floppy/USB flash drive at the same time to be virtualized.
Disconnecting Virtual Media 1 Click Tools→Launch Virtual Media. 2 Uncheck the box next to the media you want to disconnect. The media is disconnected and the Status window is updated. 3 Click Exit to terminate the Media Redirection wizard. Booting From Virtual Media The system BIOS enables you to boot from virtual optical drives or virtual floppy drives. During POST, enter the BIOS setup window and verify that the virtual drives are enabled and listed in the correct order.
Installing Operating Systems Using Virtual Media This section describes a manual, interactive method to install the operating system on your management station that may take several hours to complete. A scripted operating system installation procedure using Virtual Media may take less than 15 minutes to complete. See "Deploying the Operating System" for more information. 1 Verify the following: • The operating system installation CD is inserted in the management station’s CD drive.
Using the Boot Once Feature: 1 Power up the server and enter the BIOS Boot Manager. 2 Change the boot sequence to boot from the remote Virtual Media device. 3 Log in to the iDRAC6 through the Web interface and click System→ Console/Media→Configuration. 4 Check the Enable Boot Once option under Virtual Media. 5 Power cycle the server. The server boots from the remote Virtual Media device. The next time the server reboots, the remote Virtual Media connection is detached.
Frequently Asked Questions about Virtual Media Table 15-4 lists frequently asked questions and answers. Table 15-4. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my Virtual When a network timeout occurs, the iDRAC6 Media client connection drop. firmware drops the connection, disconnecting the Why? link between the server and the Virtual Drive.
Table 15-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer An installation of the Windows operating system through vMedia seems to take too long. Why? If you are installing the Windows operating system using the Dell Systems Management Tools and Documentation DVD and a slow network connection, the installation procedure may require an extended amount of time to access the iDRAC6 Web interface due to network latency.
Table 15-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE® Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
Table 15-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? (Answer Continued) To mount the Virtual CD drive, locate the device node that Linux assigns to the Virtual CD drive.
Table 15-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer Why are all my USB devices detached after I connect a USB device? Virtual Media devices and Virtual Flash devices are connected as a composite USB device to the Host USB BUS, and they share a common USB port.
Configuring the vFlash Media Card for Use With iDRAC6 The vFlash media card is a Secure Digital (SD) card that plugs into the optional iDRAC6 Enterprise card slot at the back of your system. It provides storage space and behaves like a common USB Flash Key device. For information on how to install and remove the vFlash media card from your system, see your Hardware Owner’s Manual at support.dell.com\manuals.
5 Select the Virtual Flash Enable option to enable the vFlash Media Card. Enabling the Virtual Flash will expose the Image file ManagedStore.IMG created on the SD card as a USB key of the selected size. Virtual Flash can be enabled only if a valid ManagedStore.IMG image is present on the SD card. To disable, clear the option. NOTE: The ManagedStore.IMG and ManagedStore.ID files seen on the Virtual Flash GUI page are not visible on the host server's operating system but on the SD card.
Uploading Disk Image 1 Ensure that the image file size is not larger than 256 MB. NOTE: Though your vFlash card may be larger than 256 MB, only 256 MB is accessible at this time. NOTE: Virtual Flash allows you to store emergency boot image and diagnostic tools directly on the vFlash Media.The image file can be a DOS bootable floppy image as a *.img file for Windows or a diskboot.img file from the Red Hat® Enterprise Linux® media for Linux. The diskboot.
Configuring the vFlash Media Card Using RACADM Enabling or Disabling the vFlash Media Card Open a local console to the server, log in, and enter: racadm cfgRacVirtual cfgVirMediaKeyEnable [ 1 or 0 ] where 1 is enabled and 0 is disabled. NOTE: For more information about cfgRacVirtual, including output details, see "cfgRacVirtual." NOTE: The RACADM command functions only if a vFlash media card is present.
Power Monitoring and Management Dell™ PowerEdge™ systems incorporate many new and enhanced power management features. The entire platform, from hardware to firmware to systems management software, has been designed with a focus on power efficiency, power monitoring, and power management. The base hardware design has been optimized from a power perspective: • High efficiency power supplies and voltage regulators have been incorporated in to the design.
Power Inventory, Power Budgeting, and Capping From a usage perspective, you may have a limited amount of cooling at the rack level. With a user-defined power cap, you can allocate power as needed to meet your performance requirements. The iDRAC6 monitors power consumption and dynamically throttles processors to meet your defined power cap level, which maximizes performance while meeting your power requirements. Power Monitoring The iDRAC6 monitors the power consumption in PowerEdge servers continuously.
Viewing the Health Status of the Power Supply Units The Power Supplies page displays the status and rating of the power supply units installed in the server. Using the Web-Based Interface To view the health status of the power supply units: 1 Log in to the iDRAC6 Web-based interface. 2 Select Power Supplies in the system tree.
– Input Wattage displays the input wattage of the power supply, which is the maximum AC power load that the system could place on the datacenter. – Maximum Wattage displays the maximum wattage of the power supply, which is the DC power available to the system. This value is used to confirm that sufficient power supply capacity is available for the system configuration. – Online Status indicates the power state of the power supplies: present and OK, input lost, absent, or predictive failure.
The first table displays the minimum and maximum limits of user-specified power capping thresholds for the current system configuration. These represent the range of AC power consumptions you may set as the system cap. Once selected, this cap would be the maximum AC power load that the system could place upon the datacenter. Minimum Potential Power Consumption displays the lowest Power Budget Threshold value that you may specify.
Using the Web-Based Interface 1 Log in to the iDRAC6 Web-based interface. 2 Click the Power Management tab. 3 Select the Power Budget option. The Power Budget Information page displays. 4 Enter a value in Watts, BTU/hr, or percent in the Power Budget Threshold table. The value you specify in Watts or BTU/hr will be the power budget threshold limit value. If you specify a percentage value, it will be a percentage of the Maximum-to-Minimum Potential Power Consumption interval.
Viewing Power Monitoring Using the Web Interface To view the power monitoring data: 1 Log in to the iDRAC6 Web interface. 2 Select Power Monitoring in the system tree. The Power Monitoring page displays. The information provided on the Power Monitoring page is described below: Power Monitoring • Status: OK indicates that the power supply units are present and communicating with the server, Warning indicates that a warning alert was issued, and Severe indicates a failure alert was issued.
• Max Peak Watts specifies the peak power value within the interval specified by the Start and current times. You can reset this value with the Reset Max Peaks button. • Start Time displays the date and time recorded when the system energy consumption value was last cleared and the new measurement cycle began. For Cumulative, you can reset this value with the Reset Cumulative button, but it will persist through a system reset or failover operation.
Headroom System Instantaneous Headroom displays the difference between the power available in the power supply units and the system's current power consumption. System Peak Headroom displays the difference between the power available in the power supply units and the system's peak power consumption. Show Graph Clicking this button displays graphs showing the iDRAC6 Power and Current Consumption in Watts and Amperes, respectively, over the last hour.
3 Select one of the following Power Control Operations by clicking its radio button: – Power On System turns ON the server’s power (the equivalent of pressing the power button when the server power is OFF). This option is disabled if the system is already powered ON. – Power Off System turns OFF the server’s power. This option is disabled if the system is already powered OFF. – NMI (Non-Masking Interrupt) generates an NMI to halt system operation. – Graceful Shutdown shuts down the system.
Using the iDRAC6 Configuration Utility Overview The iDRAC6 Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for the iDRAC6 and for the managed server.
Starting the iDRAC6 Configuration Utility 1 Turn on or restart the server by pressing the power button on the front of the server. 2 When you see the Press for Remote Access Setup within 5 sec..... message, immediately press . NOTE: If your operating system begins to load before you press , allow the system to finish booting, then restart your server and try again. The iDRAC6 Configuration Utility window is displayed.
The following sections describe the iDRAC6 Configuration Utility menu items. iDRAC6 LAN Use , , and the spacebar to select between On and Off. The iDRAC6 LAN is enabled in the default configuration. The LAN must be enabled to permit the use of iDRAC6 facilities, such as the Web-based interface, telnet/SSH, console redirection, and virtual media.
Table 18-1. LAN Parameters Item Description Common Settings NIC Selection Press , , and spacebar to switch between the modes. The available modes are Dedicated, Shared, Shared with Failover LOM2, and Shared with Failover All LOMs. These modes will allow the iDRAC6 to use the corresponding interface for communication to the outside world. MAC Address This is the non-editable MAC address of the iDRAC6 network interface.
Table 18-1. LAN Parameters (continued) Item Description LAN Alert Enabled Select On to enable the PET LAN alert. Alert Policy Entry 1 Select Enable or Disable to activate the first alert destination. Alert Destination 1 if LAN Alert Enabled is set to On, enter the IP address where PET LAN alerts will be forwarded. IPv4 Settings Enable or disable support for the IPv4 connection. IPv4 Select Enabled or Disabled IPv4 protocol support.
Table 18-1. LAN Parameters (continued) Item Description DNS Servers from DHCP Select On to retrieve DNS server addresses from a DHCP service on the network. Select Off to specify the DNS server addresses below. DNS Server 1 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the second DNS server. IPv6 Settings Enable or disable support for the IPv6 connection.
Table 18-1. LAN Parameters (continued) Item Description DNS Server 1 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. Advanced LAN Configurations Auto-Negotiate If NIC Selection is set to Dedicated, select between Enabled and Disabled. When Enabled is selected, LAN Speed Setting and LAN Duplex Setting are configured automatically.
Virtual Flash Press to select Disabled or Enabled. Disable/Enable will cause a Detach and an Attach of all Virtual Media devices from the USB bus. Disable will cause the Virtual Flash to be removed and to become unavailable for use. NOTE: This field will be read-only if an SD card of a size larger than 256 MB is not present on the iDRAC6 Express card slot. Smart Card Logon Press to select Enabled or Disabled. This option configures the Smart Card Logon feature.
Table 18-2. LCD User Configuration LCD Line 1 Press , , and spacebar to switch between the options. This feature sets the Home display on the LCD to one of the following options: Ambient Temp, Asset Tag, Host Name, iDRAC6 IPv4 Address, iDRAC6 IPv6 Address, iDRAC6 MAC Address, Model Number, None, Service Tag, System Power, User-Defined String. LCD User-Defined String If LCD Line 1 is set to User-Defined String, view or enter the string to be displayed on the LCD.
Table 18-3. LAN User Configuration Item Description Auto–Discovery The auto–discovery feature enables automated discovery of unprovisioned systems on the network; further, it securely establishes initial credentials so that these discovered systems can be managed. This feature enables iDRAC6 to locate the provisioning server. iDRAC6 and provisioning service server mutually authenticate each other.
Table 18-3. LAN User Configuration Item Description Auto–Discovery (continued...) Before adding your Dell system to the network and using the auto–discovery feature, ensure that: • Dynamic Host Configuration Protocol (DHCP) server/Domain Name System (DNS) are configured. • Provisioning Web services is installed, configured, and registered. Account Access Select Enabled to enable the administrator account. Select Disabled to disable the administrator account.
System Event Log Menu The System Event Log Menu allows you to view System Event Log (SEL) messages and to clear the log messages. Press to display the System Event Log Menu. The system counts the log entries and then displays the total number of records and the most recent message. The SEL retains a maximum of 512 messages. To view SEL messages, select View System Event Log and press .
Monitoring and Alert Management This section explains how to monitor the iDRAC6 and provides procedures to configure your system and the iDRAC6 to receive alerts. Configuring the Managed System to Capture the Last Crash Screen Before the iDRAC6 can capture the last crash screen, you must configure the managed system with the following prerequisites. 1 Install the managed system software. For more information about installing the managed system software, see the Server Administrator User's Guide.
Disabling the Windows Automatic Reboot Option To ensure that the iDRAC6 Web-based interface last crash screen feature works properly, disable the Automatic Reboot option on managed systems running the Microsoft Windows Server® 2008 and Windows Server 2003 operating systems. Disabling the Automatic Reboot Option in Windows 2008 Server 1 Open the Windows Control Panel and double-click the System icon. 2 Click Advanced System Settings under Tasks on the left. 3 Click the Advanced tab.
• Temperature Warning Assert Filter • Temperature Critical Assert Filter • Intrusion Critical Assert Filter • Redundancy Degraded Filter • Redundancy Lost Filter • Processor Warning Assert Filter • Processor Critical Assert Filter • Processor Absent Filter • Event Log Critical Assert Filter • Watchdog Critical Assert Filter • System Power Warning Assert Filter • System Power Critical Assert Filter When a platform event occurs (for example, a fan probe failure), a system event is gene
racadm config -g cfgIpmiPef -o cfgIpmiPefEnable -i 1 1 where 1 and 1 are the PEF index and the enable/disable selection, respectively. The PEF index can be a value from 1 through 19. The enable/disable selection can be set to 1 (Enabled) or 0 (Disabled). For example, to enable PEF with index 5, type the following command: racadm config -g cfgIpmiPef -o cfgIpmiPefEnable -i 5 1 2 Configure your PEF actions.
Configuring PET Using the RACADM CLI 1 Enable your global alerts. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 2 Enable PET.
3 Configure your PET policy. At the command prompt, type the following command and press : iPv4:racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIPAddr -i 1 iPv6:racadm config -g cfgIpmiPetIpv6 -o cfgIpmiPetIPv6AlertDestIPAddr -i 1 where 1 is the PET destination index and and are the destination IP addresses of the system that receives the platform event alerts. 4 Configure the Community Name string.
where 1 and 1 are the e-mail destination index and the enable/disable selection, respectively. The e-mail destination index can be a value from 1 through 4. The enable/disable selection can be set to 1 (Enabled) or 0 (Disabled). For example, to enable e-mail with index 4, type the following command: racadm config -g cfgEmailAlert -o cfgEmailAlertEnable -i 4 1 3 Configure your e-mail settings.
Testing the RAC SNMP Trap Alert Feature The RAC SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed system. The following example shows how a user can test the SNMP trap alert feature of the RAC. racadm testtrap -i 2 Before you test the RAC SNMP trap alerting feature, ensure that the SNMP and trap settings are configured correctly. See "testtrap" and "sslkeyupload" subcommand descriptions to configure these settings.
To access/configure the iDRAC6 SNMP agent community name using the Web-based interface, go to Remote Access→Configuration→Services and click SNMP Agent. To prevent SNMP authentication errors from being generated, you must enter community names that will be accepted by the agent. Since the iDRAC6 only allows one community name, you must use the same get and set community name for IT Assistant discovery setup.
Monitoring and Alert Management
Recovering and Troubleshooting the Managed System This section explains how to perform tasks related to recovering and troubleshooting a crashed remote system using the iDRAC6 Web-based interface.
Selecting Power Control Actions from the iDRAC6 CLI Use the racadm serveraction command to perform power management operations on the host system. racadm serveraction The options for the string are: • powerdown — Powers down the managed system. • powerup — Powers up the managed system. • powercycle — Issues a power-cycle operation on the managed system. This action is similar to pressing the power button on the system’s front panel to power down and then power up the system.
Table 20-1. System Information Fields Field Description Description System description. BIOS Version System BIOS version. Service Tag System Service Tag number. Host Name Host system’s name. OS Name Operating system running on the system. Table 20-2. Auto Recovery Fields Field Description Recovery Action When a "system hang" is detected, the iDRAC6 can be configured to do one of the following actions: No Action, Hard Reset, Power Down, or Power Cycle.
Table 20-3. iDRAC6 Enterprise Information Fields (continued) Field Description Hardware Version Remote Access Controller version MAC Address The Media Access Control (MAC) address that uniquely identifies each node in a network IPv4 Information Table 20-4 describes the IPv4 properties. Table 20-4. IPv4 Information Fields Field Description Enabled Yes or No IP Address The 32-bit address that identifies the Network Interface Card (NIC) to a host. The value is in the dot separated format, such as 143.
Table 20-5. IPv6 Information Fields (continued) Field Description Link Local Address Specifies the iDRAC6 NIC IPv6 address. IP Address 2 Specifies the iDRAC6 NIC additional IPv6 address if one is available. Auto Config AutoConfig lets the Server Administrator obtain the IPv6 address for the iDRAC NIC from the Dynamic Host Configuration Protocol (DHCPv6) server. Also, deactivates and flushes out the Static IP Address, Prefix Length, and Static Gateway values.
Table 20-6. Status Indicator Icons (continued) Icon/Category Description Description A brief description of the event Table 20-7. SEL Page Buttons Button Action Print Prints the SEL in the sort order that it is displayed in the window. Refresh Reloads the SEL page. Clear Log Clears the SEL. NOTE: The Clear Log button is displayed only if you have Clear Logs permission. Save As Opens a pop-up window that enables you to save the SEL to a directory of your choice.
Using the POST Boot Logs NOTE: All logs are cleared after the iDRAC6 is rebooted. This feature of the iDRAC6 allows you to play back a stop motion video of the last three instances of the BIOS POST boot. To view the POST boot capture logs: 1 In the System tree, click System. 2 Click the Logs tab and then click BOOT Capture tab. 3 Select the log number of the POST boot capture log, and click Play. The video of the logs is opened on a new screen.
Viewing the Last System Crash Screen NOTE: The last crash screen feature requires the managed system with the Auto Recovery feature configured in Server Administrator. In addition, ensure that the Automated System Recovery feature is enabled using the iDRAC6. Navigate to the Services page under the Configuration tab in the Remote Access section to enable this feature. The Last Crash Screen page displays the most recent crash screen.
Recovering and Troubleshooting the iDRAC6 This section explains how to perform tasks related to recovering and troubleshooting a crashed iDRAC6. You can use one of the following tools to troubleshoot your iDRAC6: • RAC Log • Diagnostic Console • Trace Log • racdump • coredump Using the RAC Log The RAC Log is a persistent log maintained in the iDRAC6 firmware. The log contains a list of user actions (such as log in, log out, and security policy changes) and alerts issued by the iDRAC6.
Table 21-1. RAC Log Page Information Field Description Date/ Time The date and time (for example, Dec 19 16:55:47). When the iDRAC6 initially starts and is unable to communicate with the managed system, the time will be displayed as System Boot. Source The interface that caused the event. Description A brief description of the event and the user name that logged into the iDRAC6. Using the RAC Log Page Buttons The RAC Log page provides the buttons listed in Table 21-2. Table 21-2.
Using the Command Line Use the getraclog command to view the RAC log entries. racadm getraclog -i The getraclog -i command displays the number of entries in the iDRAC6 log. racadm getraclog [options] NOTE: For more information, see "getraclog." You can use the clrraclog command to clear all entries from the RAC log.
Table 21-3. Diagnostic Commands Command Description arp Displays the contents of the Address Resolution Protocol (ARP) table. ARP entries may not be added or deleted. ifconfig Displays the contents of the network interface table. netstat Prints the content of the routing table.
The Trace Log tracks the following information: • DHCP — Traces packets sent to and received from a DHCP server. • IP — Traces IP packets sent and received. The trace log may also contain iDRAC6 firmware-specific error codes that are related to the internal iDRAC6 firmware, not the managed system’s operating system. NOTE: The iDRAC6 will not echo an ICMP (ping) with a packet size larger than 1500 bytes.
Recovering and Troubleshooting the iDRAC6
Sensors Hardware sensors or probes help you to monitor the systems on your network in a more efficient way by enabling you to take appropriate actions to prevent disasters, such as system instability or damage. You can use the iDRAC6 to monitor hardware sensors for batteries, fan probes, chassis intrusion, power supplies, power consumed, temperature, and voltages. Battery Probes The Battery probes provide information about the system board CMOS and storage RAM on motherboard (ROMB) batteries.
Power Supplies Probes The power supplies probes provides information on: • Status of the power supplies • Power supply redundancy, that is, the ability of the redundant power supply to replace the primary power supply if the primary power supply fails. NOTE: If there is only one power supply in the system, the Power Supply Redundancy will be set to Disabled. Power Monitoring Probes Power monitoring provides information about the real time consumption of power, in watts and amperes.
• System Board 3.3V PG • System Board 5V PG • System Board Backplane PG • System Board CPU VTT • System Board Linear PG The voltage probes indicate whether the status of the probes is within the pre-set warning and critical threshold values.
Sensors
Configuring Security Features The iDRAC6 provides the following security features: • Advanced Security options for the iDRAC6 administrator: • The Console Redirection disable option allows the local system user to disable console redirection using the iDRAC6 Console Redirection feature.
Security Options for the iDRAC6 Administrator Disabling the iDRAC6 Local Configuration Administrators can disable local configuration through the iDRAC6 graphical user interface (GUI) by selecting Remote Access→Configuration→Services. When the Disable the iDRAC Local Configuration using option ROM check box is selected, the iDRAC6 Configuration Utility—accessed by pressing during system boot—operates in read-only mode, preventing local users from configuring the device.
NOTE: See the white paper on Disabling Local Configuration and Remote Virtual KVM in the DRAC on the Dell Support site at support.dell.com for more information. Although administrators can set the local configuration options using local RACADM commands, for security reasons they can reset them only from an out-of-band iDRAC6 Web-based interface or command line interface.
Disabling iDRAC6 Remote Virtual KVM Administrators can selectively disable the iDRAC6 remote KVM, providing a flexible, secure mechanism for a local user to work on the system without someone else viewing the user’s actions through console redirection. Using this feature requires installing the iDRAC managed node software on the server.
Securing iDRAC6 Communications Using SSL and Digital Certificates This subsection provides information about the following data security features that are incorporated in your iDRAC6: • "Secure Sockets Layer (SSL)" • "Certificate Signing Request (CSR)" • "Accessing the SSL Main Menu" • "Generating a Certificate Signing Request" Secure Sockets Layer (SSL) The iDRAC6 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over the Internet
viewed or changed by others. To ensure security for your DRAC, it is strongly recommended that you generate a CSR, submit the CSR to a CA, and upload the certificate returned from the CA. A CA is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains.
Table 23-2. SSL Main Menu Buttons Button Description Print Prints the SSL Main Menu page. Refresh Reloads the SSL Main Menu page. Next Navigates to the next page. Generating a Certificate Signing Request NOTE: Each CSR overwrites any previous CSR on the firmware. Before iDRAC can accept your signed CSR, the CSR in the firmware must match the certificate returned from the CA. 1 On the SSL Main Menu, select Generate Certificate Signing Request (CSR) and click Next.
Table 23-3. Generate Certificate Signing Request (CSR) Page Options (continued) Field Description Locality The city or other location of the entity being certified (for example, Round Rock). Only alphanumeric characters and spaces are valid. Do not separate words using an underscore or some other character. State Name The state or province where the entity who is applying for a certification is located (for example, Texas). Only alphanumeric characters and spaces are valid. Do not use abbreviations.
Table 23-5. Certificate Information (continued) Field Description Subject Information Certificate attributes entered by the subject Issuer Information Certificate attributes returned by the issuer Valid From Issue date of the certificate Valid To Expiration date of the certificate Using the Secure Shell (SSH) For information about using SSH, see " Using the Secure Shell (SSH)." Configuring Services NOTE: To modify these settings, you must have Configure iDRAC permission.
5 Click the appropriate Services page button to continue. See Table 23-13. Table 23-6. Local Configuration Settings Setting Description Disable the iDRAC local configuration using option ROM Disables local configuration of the iDRAC using option ROM. The option ROM prompts you to enter the setup module by pressing during system reboot. Disable the iDRAC local Disables local configuration of the iDRAC using configuration using RACADM local RACADM. Table 23-7.
Table 23-8. Setting SSH Settings Description Enabled Enables or disable SSH. When checked, the checkbox indicates that SSH is enabled. Timeout The secure shell idle timeout, in seconds. The Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 300. Port Number The port on which the iDRAC6 listens for an SSH connection. The default is 22. Table 23-9. Telnet Settings Setting Description Enabled Enables or disables telnet.
Table 23-11. SNMP Agent Settings Setting Description Community Name The name of the community that contains the IP address for the SNMP Alert destination. The Community Name can be up to 31 non-blank characters in length. The default setting is public. Table 23-12. Automated System Recovery Agent Setting Setting Description Enabled Enables the Automated System Recovery Agent. Table 23-13. Services Page Buttons Button Description Print Prints the Services page.
Enabling Additional iDRAC6 Security Options To prevent unauthorized access to your remote system, the iDRAC6 provides the following features: • IP address filtering (IPRange) — Defines a specific range of IP addresses that can access the iDRAC6. • IP address blocking — Limits the number of failed login attempts from a specific IP address These features are disabled in the iDRAC6 default configuration.
See "iDRAC6 Property Database Group and Object Definitions" for a complete list of cfgRacTuning properties. Table 23-14. IP Address Filtering (IpRange) Properties Property Description cfgRacTuneIpRangeEnable Enables the IP range checking feature. cfgRacTuneIpRangeAddr Determines the acceptable IP address bit pattern, depending on the 1’s in the subnet mask. This property is bitwise AND’d with cfgRacTuneIpRangeMask to determine the upper portion of the allowed IP address.
To restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask, as shown below: racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.212 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.
As login failures accumulate from a specific IP address, they are "aged" by an internal counter. When the user logs in successfully, the failure history is cleared and the internal counter is reset. NOTE: When login attempts are refused from the client IP address, some SSH clients may display the following message: ssh exchange identification: Connection closed by remote host. See "iDRAC6 Property Database Group and Object Definitions" for a complete list of cfgRacTuning properties.
racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailCount 5 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailWindows 60 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkPenaltyTime 300 The following example prevents more than three failed attempts within one minute, and prevents additional login attempts for an hour.
Table 23-16. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a specific range of IP addresses that can access the iDRAC6. IP Range Address Determines the acceptable IP address bit pattern, depending on the 1's in the subnet mask. This value is bitwise AND’d with the IP Range Subnet Mask to determine the upper portion of the allowed IP address.
RACADM Subcommand Overview This section provides descriptions of the subcommands that are available in the RACADM command line interface. CAUTION: Racadm sets the value of objects without performing any functional validation on them. For example, RACADM allows you to set the Certificate Validation object to 1 with the Active Directory object set to 0, even though Certificate Validation will happen only if Active Directory® is enabled.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM arp NOTE: To use this command, you must have Execute Diagnostic Commands permission. Table A-2 describes the arp command. Table A-2. arp Command Command Definition arp Displays the contents of the ARP table. ARP table entries cannot be added or deleted. Synopsis racadm arp Supported Interfaces • Remote RACADM • telnet/ssh/serial RACADM clearasrscreen NOTE: To use this command, you must have Clear Logs permission.
Synopsis racadm clearasrscreen Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM config NOTE: To use the getconfig command, you must have Log In iDRAC permission. Table A-4 describes the config and getconfig subcommands. Table A-4. config/getconfig Subcommand Definition config Configures the iDRAC6. getconfig Gets the iDRAC6 configuration data.
Input Table A-5 describes the config subcommand options. NOTE: The -f and -p options are not supported for the serial/telnet/ssh console. Table A-5. config Subcommand Options and Descriptions Option Description -f The -f option causes config to read the contents of the file specified by and configure the iDRAC6. The file must contain data in the format specified in "Parsing Rules.
Examples • racadm config -g cfgLanNetworking -o cfgNicIpAddress 10.35.10.100 Sets the cfgNicIpAddress configuration parameter (object) to the value 10.35.10.110. This IP address object is contained in the group cfgLanNetworking. • racadm config -f myrac.cfg Configures or reconfigures the iDRAC6. The myrac.cfg file may be created from the getconfig command. The myrac.cfg file may also be edited manually as long as the parsing rules are followed. NOTE: The myrac.
Table A-6. getconfig Subcommand Options Option Description The -f option directs getconfig to write the entire iDRAC6 configuration to a configuration file. This file can be used for batch configuration operations using the config subcommand. -f NOTE: The -f option does not create entries for the cfgIpmiPet and cfgIpmiPef groups. You must set at least one trap destination to capture the cfgIpmiPet group to the file.
Examples • racadm getconfig -g cfgLanNetworking Displays all of the configuration properties (objects) that are contained in the group cfgLanNetworking. • racadm getconfig -f myrac.cfg Saves all group configuration objects from the iDRAC6 to myrac.cfg. • racadm getconfig -h Displays a list of the available configuration groups on the iDRAC6. • racadm getconfig -u root Displays the configuration properties for the user named root.
coredump NOTE: To use this command, you must have Execute Debug Commands permission. Table A-7 describes the coredump subcommand. Table A-7. coredump Subcommand Definition coredump Displays the last iDRAC6 core dump. Synopsis racadm coredump Description The coredump subcommand displays detailed information related to any recent critical issues that have occurred with the RAC. The coredump information can be used to diagnose these critical issues.
coredumpdelete NOTE: To use this command, you must have Clear Logs or Execute Debug Commands permission. Table A-8 describes the coredumpdelete subcommand. Table A-8. coredumpdelete Subcommand Definition coredumpdelete Deletes the core dump stored in the iDRAC6. Synopsis racadm coredumpdelete Description The coredumpdelete subcommand can be used to clear any currently resident coredump data stored in the RAC.
fwupdate NOTE: To use this command, you must have Configure iDRAC6 permission. NOTE: Before you begin your firmware update, see "Advanced iDRAC6 Configuration" for additional information. Table A-9 describes the fwupdate subcommand. Table A-9.
Input Table A-10 describes the fwupdate subcommand options. NOTE: The -p option is only supported in local RACADM and is not supported with the remote or the serial/telnet/ssh console. The -p option is also not supported on Linux Operating Systems. Table A-10. fwupdate Subcommand Options Option Description -u The update option performs a checksum of the firmware update file and starts the actual update process. This option may be used along with the -g or -p options.
Examples • racadm fwupdate -g -u - a 143.166.154.143 -d In this example, the -g option tells the firmware to download the firmware update file from a location (specified by the -d option) on the TFTP server at a specific IP address (specified by the -a option). After the image file is downloaded from the TFTP server, the update process begins. When completed, the iDRAC6 is reset. • racadm fwupdate -s This option reads the current status of the firmware update.
Description The getssninfo command returns a list of users that are connected to the iDRAC6. The summary information provides the following information: • Username • IP address (if applicable) • Session type (for example, serial or telnet) • Consoles in use (for example, Virtual Media or Virtual KVM) Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM Input Table A-12 describes the getssninfo subcommand options. Table A-12.
Examples • racadm getssninfo Table A-13 provides an example of output from the racadm getssninfo command. Table A-13. getssninfo Subcommand Output Example User IP Address Type Consoles root 192.168.0.10 Telnet Virtual KVM • racadm getssninfo -A "root" "143.166.174.19" "Telnet" "NONE" • racadm getssninfo -A -u * "root" "143.166.174.19" "Telnet" "NONE" "bob" "143.166.174.19" "GUI" "NONE" getsysinfo NOTE: To use this command, you must have Login to iDRAC permission.
Description The getsysinfo subcommand displays information related to the RAC, managed system, and watchdog configuration. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM Input Table A-15 describes the getsysinfo subcommand options. Table A-15.
Sample Output RAC Information: RAC Date/Time Firmware Version Firmware Build Last Firmware Update Hardware Version MAC Address = = = = = = Common settings: Register DNS RAC Name DNS RAC Name Current DNS Domain Domain Name from DHCP = 0 = iDRAC6 = = 0 IPv4 settings: Enabled Current IP Address Current IP Gateway Current IP Netmask DHCP Enabled Current DNS Server 1 Current DNS Server 2 DNS Servers from DHCP = = = = = = = = 1 192.168.0.120 192.168.0.1 255.255.255.0 0 0.0.0.0 0.0.0.
System Information: System Model System BIOS Version BMC Firmware Version Service Tag Host Name OS Name Power Status = = = = = = = PowerEdge R610 0.2.4 0.32 AC056 ON Watchdog Information: Recovery Action = None Present countdown value = 15 seconds Initial countdown value = 15 seconds Examples • racadm getsysinfo -A -s "System Information:" "PowerEdge 2900" "A08" "1.0" "EF23VQ-0023" "Hostname" "Microsoft Windows 2000 version 5.
Restrictions The Hostname and OS Name fields in the getsysinfo output display accurate information only if Dell™ OpenManage™ systems software is installed on the managed system. If OpenManage is not installed on the managed system, these fields may be blank or inaccurate. getractime NOTE: To use this command, you must have Login to iDRAC permission. Table A-16 describes the getractime subcommand. Table A-16.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM ifconfig NOTE: To use this command, you must have Execute Diagnostic Commands or Configure iDRAC permission. Table A-17 describes the ifconfig subcommand. Table A-17. ifconfig Subcommand Definition ifconfig Displays the contents of the network interface table. Synopsis racadm ifconfig netstat NOTE: To use this command, you must have Execute Diagnostic Commands permission. Table A-18 describes the netstat subcommand.
Supported Interfaces • Remote RACADM • telnet/ssh/serial RACADM ping NOTE: To use this command, you must have Execute Diagnostic Commands or Configure iDRAC permission. Table A-19 describes the ping subcommand. Table A-19. ping Subcommand Definition ping Verifies that the destination IP address is reachable from the iDRAC6 with the current routing-table contents. A destination IP address is required. An ICMP echo packet is sent to the destination IP address based on the current routing-table contents.
Synopsis racadm setniccfg -d racadm setniccfg -d6 racadm setniccfg -s racadm setniccfg -s6 racadm setniccfg -o Description The setniccfg subcommand sets the controller IP address. • The -d option enables DHCP for the Ethernet management port (default is DHCP disabled). • The -d6 option enables AutoConfig for the Ethernet management port. It is enabled by default. • The -s option enables static IP settings.
getniccfg NOTE: To use the getniccfg command, you must have Login to iDRAC permission. Table A-21 describes the setniccfg and getniccfg subcommands. Table A-21. setniccfg/getniccfg Subcommand Definition getniccfg Displays the current IP configuration for the controller. Synopsis racadm getniccfg Description The getniccfg subcommand displays the current Ethernet management port settings. Sample Output The getniccfg subcommand will display an appropriate error message if the operation is not successful.
getsvctag NOTE: To use this command, you must have Login to iDRAC permission. Table A-22 describes the getsvctag subcommand. Table A-22. getsvctag Subcommand Definition getsvctag Displays a service tag. Synopsis racadm getsvctag Description The getsvctag subcommand displays the service tag of the host system. Example Type getsvctag at the command prompt. The output is displayed as follows: Y76TP0G The command returns 0 on success and nonzero on errors.
racdump NOTE: To use this command, you must have Debug permission. Table A-23 describes the racdump subcommand. Table A-23. racdump Subcommand Definition racdump Displays status and general iDRAC6 information. Synopsis racadm racdump Description The racdump subcommand provides a single command to get dump, status, and general iDRAC6 board information.
racreset NOTE: To use this command, you must have Configure iDRAC permission. Table A-24 describes the racreset subcommand. Table A-24. racreset Subcommand Definition racreset Resets the iDRAC6. NOTE: When you issue a racreset subcommand, the iDRAC6 may require up to one minute to return to a usable state. Synopsis racadm racreset [hard | soft] Description The racreset subcommand issues a reset to the iDRAC6. The reset event is written into the iDRAC6 log.
Examples • racadm racreset Start the iDRAC6 soft reset sequence. • racadm racreset hard Start the iDRAC6 hard reset sequence. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM racresetcfg NOTE: To use this command, you must have Configure iDRAC permission. Table A-26 describes the racresetcfg subcommand. Table A-26. racresetcfg Subcommand Definition racresetcfg Resets the entire iDRAC6 configuration to factory default values.
Description The racresetcfg command removes all database property entries that have been configured by the user. The database has default properties for all entries that are used to restore the controller back to its original default settings. After resetting the database properties, the iDRAC6 resets automatically. NOTE: This command deletes your current iDRAC6 configuration and resets the iDRAC6 and serial configuration to the original default settings.
Table A-28. serveraction Subcommand Options String Definition Specifies the action. The options for the string are: • powerdown — Powers down the managed system. • powerup — Powers up the managed system. • powercycle — Issues a power-cycle operation on the managed system. This action is similar to pressing the power button on the system’s front panel to power down and then power up the system.
Synopsis racadm getraclog -i racadm getraclog [-A] [-o] [-c count] [-s startrecord] [-m] Description The getraclog -i command displays the number of entries in the iDRAC6 log. The following options allow the getraclog command to read entries: • -A — Displays the output with no headers or labels. • -c — Provides the maximum count of entries to be returned. • -m — Displays one screen of information at a time and prompts the user to continue (similar to the UNIX more command).
clrraclog NOTE: To use this command, you must have Clear Logs permission. Synopsis racadm clrraclog Description The clrraclog subcommand removes all existing records from the iDRAC6 log. A new single record is created to record the date and time when the log was cleared. getsel NOTE: To use this command, you must have Login to iDRAC permission. Table A-30 describes the getsel command. Table A-30. getsel Command Definition getsel -i Displays the number of entries in the System Event Log.
-s — Specifies the starting record used for the display -E — Places the 16 bytes of raw SEL at the end of each line of output as a sequence of hex values. -R — Only the raw data is printed. -m — Displays one screen at a time and prompts the user to continue (similar to the UNIX more command). NOTE: If no arguments are specified, the entire log is displayed. Output The default output display shows the record number, timestamp, severity, and description.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM gettracelog NOTE: To use this command, you must have Login to iDRAC permission. Table A-31 describes the gettracelog subcommand. Table A-31. gettracelog Command Definition gettracelog -i Displays the number of entries in the iDRAC6 trace log. gettracelog Displays the iDRAC6 trace log.
Output The default output display shows the record number, timestamp, source, and description. The timestamp begins at midnight, January 1 and increases until the system boots. After the system boots, the system’s timestamp is used. For example: Record: 1 Date/Time: Dec Source: ssnmgrd[175] 8 08:21:30 Description: root from 143.166.157.
Description The sslcsrgen subcommand can be used to generate a CSR and download the file to the client’s local file system. The CSR can be used for creating a custom SSL certificate that can be used for SSL transactions on the RAC. Options NOTE: The -f option is not supported for the serial/telnet/ssh console. Table A-33 describes the sslcsrgen subcommand options. Table A-33. sslcsrgen Subcommand Options Option Description -g Generates a new CSR.
Examples racadm sslcsrgen -s or racadm sslcsrgen -g -f c:\csr\csrtest.txt Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM (The -f option is not supported for the serial/telnet/ssh console) sslcertupload NOTE: To use this command, you must have Configure iDRAC permission. Table A-34 describes the sslcertupload subcommand. Table A-34. sslcertupload Subcommand Description sslcertupload Uploads a custom SSL server or CA certificate from the client to the RAC.
Table A-35. sslcertupload Subcommand Options Option Description -f Specifies the file name of the certificate to be uploaded. If the file is not specified, the sslcert file in the current directory is selected. The sslcertupload command returns 0 when successful and returns a nonzero number when unsuccessful. Restrictions The sslcertupload subcommand can only be executed from a local or remote RACADM client. The sslcsrgen subcommand cannot be used in the serial, telnet, or SSH interface.
Options Table A-37 describes the sslcertdownload subcommand options. Table A-37. sslcertdownload Subcommand Options Option Description -t Specifies the type of certificate to download, either the Microsoft® Active Directory® certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -f Specifies the file name of the certificate to be uploaded. If the -f option or the filename is not specified, the sslcert file in the current directory is selected.
sslcertview NOTE: To use this command, you must have Configure iDRAC permission. Table A-38 describes the sslcertview subcommand. Table A-38. sslcertview Subcommand Description sslcertview Displays the SSL server or CA certificate that exists on the RAC. Synopsis racadm sslcertview -t [-A] Options Table A-39 describes the sslcertview subcommand options. Table A-39.
Organizational Unit (OU) Common Name (CN) : Remote Access Group : iDRAC6 default certificate Issuer Information: Country Code (CC) State (S) Locality (L) Organization (O) Organizational Unit (OU) Common Name (CN) : : : : : : Valid From Valid To : Jul : Jul US Texas Round Rock Dell Inc. Remote Access Group iDRAC6 default certificate 8 16:21:56 2005 GMT 7 16:21:56 2010 GMT racadm sslcertview -t 1 -A 00 US Texas Round Rock Dell Inc.
sslkeyupload NOTE: To use this command, you must have Configure iDRAC permission. Table A-40 describes the sslkeyupload subcommand. Table A-40. sslkeyupload Subcommand Description sslkeyupload Uploads SSL key from the client to the iDRAC6. Synopsis racadm sslkeyupload -t -f Options Table A-41 describes the sslkeyupload subcommand options. Table A-41. sslkeyupload Subcommand Options Option Description -t Specifies the key to upload.
testemail Table A-42 describes the testemail subcommand. Table A-42. testemail configuration Subcommand Description testemail Tests the RAC’s e-mail alerting feature. Synopsis racadm testemail -i Description Sends a test e-mail from the iDRAC6 to a specified destination. Prior to executing the test e-mail command, ensure that the specified index in the RACADM cfgEmailAlert group is enabled and configured properly. Table A-43 provides a list and associated commands for the cfgEmailAlert group.
Options Table A-44 describes the testemail subcommand options. Table A-44. testemail Subcommands Option Description -i Specifies the index of the e-mail alert to test. Output None. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM testtrap NOTE: To use this command, you must have Test Alerts permission. Table A-45 describes the testtrap subcommand. Table A-45. testtrap Subcommand Description testtrap Tests the RAC’s SNMP trap alerting feature.
Table A-46 provides a list and associated commands for the cfgIpmiPet group. Table A-46. cfgEmailAlert Commands Action Command Enable the alert racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i 1 1 Set the destination e-mail IP address racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIpAddr -i 1 192.168.0.110 View the current test trap settings racadm getconfig -g cfgIpmiPet -i where is a number from 1 to 4 Input Table A-47 describes the testtrap subcommand options.
vmdisconnect NOTE: To use this command, you must have Access Virtual Media permission. Table A-48 describes the vmdisconnect subcommand. Table A-48. vmdisconnect Subcommand Description vmdisconnect Closes all open iDRAC6 virtual media connections from remote clients. Synopsis racadm vmdisconnect Description The vmdisconnect subcommand allows a user to disconnect another user's virtual media session. Once disconnected, the Web-based interface will reflect the correct connection status.
vmkey NOTE: To use this command, you must have Access Virtual Media permission. Table A-49 describes the vmkey subcommand. Table A-49. vmkey Subcommand Description vmkey Performs virtual media key-related operations. Synopsis racadm vmkey If is configured as reset, the Virtual Flash memory is reset to the default size of 256 MB. Description When a custom virtual media key image is uploaded to the RAC, the key size becomes the image size.
Synopsis racadm usercertupload -t [-f ] -i Options Table A-51 describes the usercertupload subcommand options. Table A-51. usercertupload Subcommand Options Option Description -t Specifies the type of certificate to upload, either the CA certificate or server certificate. 1 = user certificate 2 = user CA certificate -f Specifies the file name of the certificate to be uploaded. If the file is not specified, the sslcert file in the current directory is selected.
usercertview NOTE: To use this command, you must have Configure iDRAC permission. Table A-52 describes the usercertview subcommand. Table A-52. usercertview Subcommand Description usercertview Displays the user certificate or user CA certificate that exists on the iDRAC6. Synopsis racadm sslcertview -t [-A] -i Options Table A-53 describes the sslcertview subcommand options. Table A-53.
localConRedirDisable NOTE: Only a local RACADM user can execute this command. Table A-54 describes the localConRedirDisable subcommand. Table A-54. localConRedirDisable Subcommand Description localConRedirDisable Disables console redirection to the management station. Synopsis racadm localConRedirDisable
Table A-56. kerbkeytabupload Subcommand Options Option Description -f Specifies the file name of the keytab to be uploaded. If the file is not specified, the keytab file in the current directory is selected. The krbkeytabupload command returns 0 when successful and returns a non–zero number when unsuccessful. Restrictions The krbkeytabupload subcommand can only be executed from a local or remote RACADM client. Example racadm krbkeytabupload -f c:\keytab\krbkeytab.
RACADM Subcommand Overview
iDRAC6 Property Database Group and Object Definitions The iDRAC6 property database contains the configuration information for the iDRAC6. Data is organized by associated object, and objects are organized by object group. The IDs for the groups and objects that the property database supports are listed in this section. Use the group and object IDs with the RACADM utility to configure the iDRAC6. The following sections describe each object and indicate whether the object is readable, writable, or both.
idRacInfo This group contains display parameters to provide information about the specifics of the iDRAC6 being queried. One instance of the group is allowed. The following subsections describe the objects in this group.
Default Description String containing the current product firmware version idRacBuildInfo (Read Only) Legal Values A string of up to 16 ASCII characters Default The current iDRAC6 firmware build version Description String containing the current product build version idRacName (Read Only) Legal Values A string of up to 15 ASCII characters Default iDRAC Description A user-assigned name to identify this controller idRacType (Read Only) Legal Values Product ID Default 10 i
Description Identifies the remote access controller type as the iDRAC6 cfgLanNetworking This group contains parameters to configure the iDRAC6 NIC. One instance of the group is allowed. Some objects in this group may require the iDRAC6 NIC to be reset, which may cause a brief loss in connectivity. Objects that change the iDRAC6 NIC IP address settings will close all active user sessions and require users to reconnect using the updated IP address settings.
Description Specifies the current mode of operation for the RAC network interface controller (NIC). Table B-1 describes the supported modes. Table B-1. cfgNicSelection Supported Modes Mode Description Shared Used if the host server integrated NIC is shared with the RAC on the host server. This mode enables configurations to use the same IP address on the host server and the RAC for common accessibility on the network.
Description Enables or disables the VLAN capabilities of the RAC/BMC. cfgNicVLanId (Read/Write) Legal Values 1-4094 Default 1 Description Specifies the VLAN ID for the network VLAN configuration. This property is only valid if cfgNicVLanEnable is set to 1 (enabled). cfgNicVLanPriority (Read/Write) Legal Values 0–7 Default 0 Description Specifies the VLAN Priority for the network VLAN configuration. This property is only valid if cfgNicVLanEnable is set to 1 (enabled).
Description Specifies that the iDRAC6 DNS domain name should be assigned from the network DHCP server cfgDNSDomainName (Read/Write) Legal Values A string of up to 254 ASCII characters. At least one of the characters must be alphabetic. Characters are restricted to alphanumeric, '-', and '.'. NOTE: Microsoft® Active Directory® only supports Fully Qualified Domain Names (FQDN) of 64 bytes or fewer. Default Description This is the DNS domain name.
cfgDNSRegisterRac (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Registers the iDRAC6 name on the DNS server cfgDNSServersFromDHCP (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies if the DNS server IPv4 addresses should be assigned from the DHCP server on the network cfgDNSServer1 (Read/Write) Legal Values String representing a valid IPv4 address. For example: 192.168.0.20. Default 0.0.0.
cfgDNSServer2 (Read/Write) Legal Values String representing a valid IPv4 address. For example: 192.168.0.20. Default 0.0.0.0 Description Retrieves the IPv4 address for DNS server 2 cfgNicEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the iDRAC6 network interface controller. If the NIC is disabled, the remote network interfaces to the iDRAC6 will no longer be accessible.
Description Specifies the IPv4 address assigned to the iDRAC6 cfgNicNetmask (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values String representing a valid subnet mask. For example: 255.255.255.0. Default 255.255.255.0 Description The subnet mask used for the iDRAC6 IP address cfgNicGateway (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE).
Default 0 Description Specifies whether DHCP is used to assign the iDRAC6 IPv4 address. If this property is set to 1 (TRUE), then the iDRAC6 IPv4 address, subnet mask, and gateway are assigned from the DHCP server on the network. If this property is set to 0 (FALSE), the user can configure the cfgNicIpAddress, cfgNicNetmask, and cfgNicGateway properties. cfgNicMacAddress (Read Only) Legal Values String representing the iDRAC6 NIC MAC address Default The current MAC address of the iDRAC6 NIC.
Description Enables or disables the iDRAC6 firmware update from a network TFTP server cfgRhostsFwUpdateIpAddr (Read/Write) Legal Values A string representing a valid IPv4 address. For example, 192.168.0.61 Default 0.0.0.
Default 0.0.0.0 Description The IPv4 address of the network SMTP server or TFTP server. The SMTP server transmits e-mail alerts from the iDRAC6 if the alerts are configured and enabled. The TFTP server transfers files to and from the iDRAC6. cfgUserAdmin This group provides configuration information about the users who are allowed to access the iDRAC6 through the available remote interfaces. Up to 16 instances of the user group are allowed.
Default 4 (User 2) 15 (All others) Description The maximum privilege on the IPMI LAN channel cfgUserAdminPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff, and 0x0 Default 0x00000000 Description This property specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values. Table B-2 describes the user privilege bit values that can be combined to create bit masks. Table B-2.
Examples Table B-3 provides sample privilege bit masks for users with one or more privileges. Table B-3. Sample Bit Masks for User Privileges User Privilege(s) Privilege Bit Mask The user is not allowed to access the iDRAC. 0x00000000 The user may only login to the 0x00000001 iDRAC and view iDRAC and server configuration information. The user may login to the iDRAC 0x00000001 + 0x00000002 = 0x00000003 and change configuration.
cfgUserAdminPassword (Write Only) Legal Values A string of up to 20 ASCII characters Default ******** Description The password for this user. User passwords are encrypted and cannot be seen or displayed after the property is written.
Description Enables or disables Serial Over LAN (SOL) user access for the user cfgUserAdminIpmiSerialPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) 15 (No access) Default 4 (User 2) 15 (All others) Description The maximum privilege on the IPMI LAN channel cfgEmailAlert This group contains parameters to configure the iDRAC6 e-mail alerting capabilities. The following subsections describe the objects in this group. Up to four instances of this group are allowed.
Description The unique index of an alert instance cfgEmailAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the alert instance cfgEmailAlertAddress (Read/Write) Legal Values E-mail address format, with a maximum length of 64 ASCII characters Default Description Specifies the destination email address for email alerts, for example, user1@company.
Description Specifies a custom message that forms the subject of the alert cfgSessionManagement This group contains parameters to configure the number of sessions that can connect to the iDRAC6. One instance of the group is allowed. The following subsections describe the objects in this group. cfgSsnMgtRacadmTimeout (Read/Write) Legal Values 10 –1920 Default 60 Description Defines the idle timeout in seconds for the Remote RACADM interface.
cfgSsnMgtWebserverTimeout (Read/Write) Legal Values 60 – 10800 Default 1800 Description Defines the web server timeout. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session; you must log out and log in again to make the new settings effective.
cfgSsnMgtTelnetTimeout (Read/Write) Legal Values 0 (No timeout) 60 – 1920 Default 300 Description Defines the telnet idle timeout. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session (you must log out and log in again to make the new settings effective).
Description Sets the baud rate on the iDRAC6 serial port. cfgSerialConsoleEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the RAC serial console interface. cfgSerialConsoleQuitKey (Read/Write) Legal Values A string of up to 4 characters Default ^\ (<\>) NOTE: The "^" is the key.
Description This key or key combination terminates text console redirection when using the console com2 command.
Description Enables or disables the RAC serial console login authentication. cfgSerialConsoleCommand (Read/Write) Legal Values A string of up to 128 characters Default Description Specifies a serial command that is executed after a user logs into the serial console interface. cfgSerialHistorySize (Read/Write) Legal Values 0 – 8192 Default 8192 Description Specifies the maximum size of the serial history buffer.
Description Enables or disables the console for COM 2 port redirection.
cfgOobSnmp This group contains parameters to configure the SNMP agent and trap capabilities of the iDRAC6. One instance of the group is allowed. The following subsections describe the objects in this group.
cfgRacTuneConRedirPort (Read/Write) Legal Values 1 – 65535 Default 5900 Description Specifies the port to be used for keyboard, mouse, video, and virtual media traffic to the RAC.
Description Enables or disables the ability to disable the ability of the local user to configure the iDRAC from the BIOS POST option-ROM cfgRacTuneHttpPort (Read/Write) Legal Values 1 – 65535 Default 80 Description Specifies the port number to use for HTTP network communication with the iDRAC6 cfgRacTuneHttpsPort (Read/Write) Legal Values 1 – 65535 Default 443 Description Specifies the port number to use for HTTPS network communication with the iDRAC6 cfgRacTuneIpRangeEnable (Read/Write) Legal Va
Default 0 Description Enables or disables the IPv4 Address Range validation feature of the iDRAC6 cfgRacTuneIpRangeAddr (Read/Write) Legal Values An IPv4 address formatted string, for example, 192.168.0.44 Default 192.168.1.1 Description Specifies the acceptable IPv4 address bit pattern in positions determined by the "1"s in the range mask property (cfgRacTuneIpRangeMask) cfgRacTuneIpRangeMask (Read/Write) Legal Values An IPv4 address formatted string, for example, 255.255.255.0 Default 255.255.
Default 0 Description Enables or disables the IPv4 address blocking feature of the iDRAC6 cfgRacTuneIpBlkFailCount (Read/Write) Legal Values 2 – 16 Default 5 Description The maximum number of login failures to occur within the window (cfgRacTuneIpBlkFailWindow) before login attempts from the IP address are rejected cfgRacTuneIpBlkFailWindow (Read/Write) Legal Values 10 – 65535 Default 60 Description Defines the time span in seconds that the failed attempts are counted.
Default 300 Description Defines the time span in seconds that session requests from an IP address with excessive failures are rejected cfgRacTuneSshPort (Read/Write) Legal Values 1 – 65535 Default 22 Description Specifies the port number used for the iDRAC6 SSH interface cfgRacTuneTelnetPort (Read/Write) Legal Values 1 – 65535 Default 23 Description Specifies the port number used for the iDRAC6 telnet interface cfgRacTuneConRedirEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) iDRAC6 Propert
Default 1 Description Enables console redirection cfgRacTuneConRedirEncryptEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Encrypts the video in a console redirection session cfgRacTuneAsrEnable (Read/Write) NOTE: This object requires an iDRAC6 reset before it becomes active. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the iDRAC6 last crash screen capture feature.
Default 0 Description Specifies the daylight savings offset (in minutes) to use for the RAC Time. cfgRacTuneTimezoneOffset (Read/Write) Legal Values –720 – 780 Default 0 Description Specifies the timezone offset (in minutes) from GMT/UTC to use for the RAC Time. Some common timezone offsets for timezones in the United States are shown below: –480 (PST — Pacific Standard Time) –420 (MST — Mountain Standard Time) –360 (CST — Central Standard Time) –300 (EST — Eastern Standard Time).
cfgRacTuneLocalConfigDisable (Read/Write) Legal Values 0 (TRUE) 1 (FALSE) Default 0 Description Disables write access to iDRAC6 configuration data by setting to 1 cfgRacTuneWebserverEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the iDRAC6 web server. If this property is disabled, the iDRAC6 will not be accessible using client web browsers. This property has no effect on the telnet/SSH or RACADM interfaces.
ifcRacMnOsHostname (Read Only) Legal Values A string of up to 255 characters Default Description The host name of the managed server ifcRacMnOsOsName (Read Only) Legal Values A string of up to 255 characters Default Description The operating system name of the managed server cfgRacSecurity This group is used to configure settings related to the iDRAC6 SSL certificate signing request (CSR) feature.
Default Description Specifies the CSR Common Name (CN) that must be an IP or the iDRAC name as given in the certificate cfgRacSecCsrOrganizationName (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR Organization Name (O) cfgRacSecCsrOrganizationUnit (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR Organization Unit (OU) cfgRacSecCsrLocalityName (Read/Write) Legal Values A string
Default Description Specifies the CSR Locality (L) cfgRacSecCsrStateName (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR State Name (S) cfgRacSecCsrCountryCode (Read/Write) Legal Values A string of up to 2 characters Default Description Specifies the CSR Country Code (CC) cfgRacSecCsrEmailAddr (Read/Write) Legal Values A string of up to 254 characters Default iDRAC6 Property Database Group and Object Definitions
Description Specifies the CSR Email Address cfgRacSecCsrKeySize (Read/Write) Legal Values 1024 2048 4096 Default 1024 Description Specifies the SSL asymmetric key size for the CSR cfgRacVirtual This group contains parameters to configure the iDRAC6 virtual media feature. One instance of the group is allowed. The following subsections describe the objects in this group.
Description This object is used to attach virtual devices to the system via the USB bus. When the devices are attached the server will recognize valid USB mass storage devices attached to the system. This is equivalent to attaching a local USB CDROM/floppy drive to a USB port on the system. When the devices are attached you then can connect to the virtual devices remotely using the iDRAC6 Web interface or the CLI. Setting this object to 0 will cause the devices to detach from the USB bus.
Description When set to 0, the virtual floppy drive is recognized as a removable disk by Windows operating systems. Windows operating systems will assign a drive letter that is C: or higher during enumeration. When set to 1, the Virtual Floppy drive will be seen as a floppy drive by Windows operating systems. Windows operating systems will assign a drive letter of A: or B:.
cfgADRacName (Read/Write) Legal Values Any printable text string of up to 254 characters, with no white space Default Description Name of iDRAC6 as recorded in the Active Directory forest cfgADEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Active Directory user authentication on the iDRAC6. If this property is disabled, only local iDRAC6 authentication is used for user logins.
Description Enables or disables Active Directory single sign-on authentication on iDRAC6. cfgADSmartCardLogonEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the Smart Card logon on iDRAC6. cfgADCRLEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the Certificate Revocation List (CRL) check for Active Directory-based Smart Card users.
Default Description The iDRAC6 uses the value you specify to search the LDAP server for user names. cfgADDomainController2 (Read/Write) Legal Values A string of up to 254 ASCII characters representing a valid IP address or a fully qualified domain name (FQDN) Default Description The iDRAC6 uses the value you specify to search the LDAP server for user names.
cfgADAuthTimeout (Read/Write) Legal Values 15 – 300 seconds Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out cfgADType (Read/Write) Legal Values 1 (Extended schema) 2 (Standard schema) Default 1 Description Determines the schema type to use with Active Directory cfgADGlobalCatalog1 (Read/Write) Legal Values A string of up to 254 ASCII characters representing a valid IP address or a fully qualified domain name
Description iDRAC6 uses the value you specify to search the Global Catalog server for user names. cfgADGlobalCatalog2 (Read/Write) Legal Values A string of up to 254 ASCII characters representing a valid IP address or a fully qualified domain name (FQDN) Default Description iDRAC6 uses the value you specify to search the Global Catalog server for user names.
Default 1 Description Enables or disables Active Directory certificate validation as a part of the Active Directory configuration process. cfgStandardSchema This group contains parameters to configure the Active Directory standard schema settings.
cfgSSADRoleGroupDomain (Read/Write) Legal Values Any printable text string of up to 254 characters, with no white space Default Description Active Directory Domain in which the Role Group resides cfgSSADRoleGroupPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff Default Description Use the bit mask numbers in Table B-4 to set role-based authority privileges for a Role Group. Table B-4.
Table B-4. Bit Masks for Role Group Privileges (continued) Role Group Privilege Bit Mask Access Console Redirection 0x00000020 Access Virtual Media 0x00000040 Test Alerts 0x00000080 Execute Debug Commands 0x00000100 cfgIpmiSol This group is used to configure the Serial Over LAN (SOL) capabilities of the system.
cfgIpmiSolMinPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the minimum privilege level required for SOL access cfgIpmiSolAccumulateInterval (Read/Write) Legal Values 1 – 255 Default 10 Description Specifies the typical amount of time that the iDRAC6 waits before transmitting a partial SOL character data packet. This value is 1-based 5ms increments.
Description The SOL threshold limit value. Specifies the maximum number of bytes to buffer before sending an SOL data packet. cfgIpmiLan This group is used to configure the IPMI over LAN capabilities of the system.
cfgIpmiLanAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables global e-mail alerting. This property overrides all individual e-mail alerting enable/disable properties. cfgIpmiEncryptionKey (Read/Write) Legal Values A string of hexadecimal digits from 0 to 40 characters with no spaces. Only an even amount of digits is allowed. Default 00000000000000000000 Description The IPMI encryption key.
cfgIpmiPetIpv6 This group is used to configure IPv6 platform event traps on the managed server.
Description Enables or disables the IPv6 alert destination for the trap cfgIpmiPef This group is used to configure the platform event filters available on the managed server. The event filters can be used to control policy related to actions that are triggered when critical events occur on the managed server.
cfgIpmiPefAction (Read/Write) Legal Values 0 (None) 1 (Power Down) 2 (Reset) 3 (Power Cycle) Default 0 Description Specifies the action that is performed on the managed server when the alert is triggered cfgIpmiPefEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables a specific platform event filter 412 iDRAC6 Property Database Group and Object Definitions
cfgIpmiPet This group is used to configure platform event traps on the managed server. cfgIpmiPetIndex (Read Only) Legal Values 1–4 Default The index value of a specific platform event trap Description Unique identifier for the index corresponding to the trap cfgIpmiPetAlertDestIpAddr (Read/Write) Legal Values A string representing a valid IPv4 address. For example, 192.168.0.67. Default 0.0.0.0 Description Specifies the destination IPv4 address for the trap receiver on the network.
Default 0 Description Enables or disables a specific trap cfgUserDomain This group is used to configure the Active Directory user domain names. A maximum of 40 domain names can be configured at any given time.
cfgServerPower This group provides several power management features. cfgServerPowerStatus (Read Only) Legal Values 1 (ON) 0 (OFF) Default Description Represents the server power state, either ON or OFF cfgServerPowerAllocation (Read Only) NOTE: In case of more than one power supply, this property represents the minimum capacity power supply.
Description Represents the power consumed by the server at the current time cfgServerMinPowerCapacity (Read Only) Legal Values A string of up to 32 characters Default Description Represents the minimum server power capacity cfgServerMaxPowerCapacity (Read Only) Legal Values A string of up to 32 characters Default Description Represents the maximum server power capacity cfgServerPeakPowerConsumption (Read Only) Legal Values A string of up to 32 characters Default
Description Represents the maximum power consumed by the server until the current time cfgServerPeakPowerConsumptionTimestamp (Read Only) Legal Values A string of up to 32 characters Default Maximum power consumption timestamp Description Time when the maximum power consumption was recorded cfgServerPowerConsumptionClear (Write Only) Legal Values 1 (TRUE) 0 (FALSE) Default ******* Description Resets the cfgServerPeakPowerConsumption (Read/Write) property to 0 and the cfgServerPeakPowerConsumptionTi
Default Server power threshold in Watts Description Represents the server power threshold in Watts cfgServerPowerCapBtuhr (Read/Write) Legal Values A string of up to 32 characters Default Server power threshold in BTU/hr Description Represents the Server power threshold in BTU/hr cfgServerPowerCapPercent (Read/Write) Legal Values A string of up to 32 characters Default Server power threshold in percentage Description Represents the server power threshold in percentage 418 iDRAC6 Property Databas
cfgIPv6LanNetworking This group is used to configure the IPv6 over LAN networking capabilities.
Description The iDRAC6 gateway IPv6 address cfgIPv6PrefixLength (Read/Write) Legal Values 1-128 Default 64 Description The prefix length for iDRAC6 IPv6 address 1 cfgIPv6AutoConfig (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the IPv6 Auto Config option cfgIPv6LinkLocalAddress (Read Only) Legal Values A string representing a valid IPv6 entry Default :: 420 iDRAC6 Property Database Group and Object Definitions
Description The iDRAC6 IPv6 link local address cfgIPv6Address2 (Read Only) Legal Values A string representing a valid IPv6 entry Default :: Description An iDRAC6 IPv6 address cfgIPv6DNSServersFromDHCP6 (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies whether cfgIPv6DNSServer1 and cfgIPv6DNSServer2 are static or DHCP IPv6 addresses cfgIPv6DNSServer1 (Read/Write) Legal Values A string representing a valid IPv6 entry Default :: iDRAC6 Property Database Group and Object D
Description An IPv6 DNS server address cfgIPv6DNSServer2 (Read/Write) Legal Values A string representing a valid IPv6 entry Default :: Description An IPv6 DNS server address cfgIPv6URL This group specifies properties used to configure the iDRAC6 IPv6 URL. cfgIPv6URLstring (Read Only) Legal Values A string of up to 80 characters Default Description The iDRAC6 IPv6 URL cfgIpmiSerial This group specifies properties used to configure the IPMI serial interface of the BMC.
cfgIpmiSerialConnectionMode (Read/Write) Legal Values 0 (Terminal) 1 (Basic) Default 1 Description When the iDRAC6 cfgSerialConsoleEnable property is set to 0 (disabled), the iDRAC6 serial port becomes the IPMI serial port. This property determines the IPMI defined mode of the serial port. In Basic mode, the port uses binary data with the intent of communicating with an application program on the serial client.
Default 4 Description Specifies the maximum privilege level allowed on the IPMI serial channel cfgIpmiSerialFlowControl (Read/Write) Legal Values 0 (None) 1 (CTS/RTS) 2 (XON/XOFF) Default 1 Description Specifies the flow control setting for the IPMI serial port cfgIpmiSerialHandshakeControl (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables the IPMI terminal mode handshake control 424 iDRAC6 Property Database Group and Object Definitions
cfgIpmiSerialLineEdit (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables line editing on the IPMI serial interface cfgIpmiSerialEchoControl (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables echo control on the IPMI serial interface cfgIpmiSerialDeleteControl (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 0 Description Enables or disables delete control on the IPMI serial interface iDRAC6 Property Database Group and Obj
cfgIpmiSerialNewLineSequence (Read/Write) Legal Values 0 (None) 1 (CR-LF) 2 (NULL) 3 () 4 () 5 () Default 1 Description Specifies the newline sequence specification for the IPMI serial interface cfgIpmiSerialInputNewLineSequence (Read/Write) Legal Values 0 () 1 (NULL) Default 1 Description Specifies the input newline sequence specification for the IPMI serial interface 426 iDRAC6 Property Database Group and Object Definitions
cfgSmartCard This group specifies properties used to support access to iDRAC6 using a smart card.
cfgNetTuning This group enables users to configure the advanced network interface parameters for the RAC NIC. When configured, the updated settings may take up to a minute to become active. CAUTION: Use extra precaution when modifying properties in this group. Inappropriate modification of the properties in this group can result in your RAC NIC become inoperable.
cfgNetTuningNicFullDuplex (Read/Write) Legal Values 0 (Half Duplex) 1 (Full Duplex) Default 1 Description Specifies the duplex setting for the RAC NIC. This property is not used if the cfgNetTuningNicAutoNeg is set to 1 (enabled). cfgNetTuningNicMtu (Read/Write) Legal Values 576 – 1500 Default 1500 Description The size in bytes of the maximum transmission unit used by the iDRAC6 NIC.
iDRAC6 Property Database Group and Object Definitions
Supported RACADM Interfaces The following table provides an overview of RACADM subcommands and their corresponding interface support. Table C-1.
Table C-1.
Glossary Active Directory Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. ARP Acronym for Address Resolution Protocol, which is a method for finding a host’s Ethernet address from its Internet address.
CHAP Acronym for Challenge-Handshake Authentication Protocol, which is an authentication method used by PPP servers to validate the identity of the originator of the connection. CIM Acronym for Common Information Model, which is a protocol designed for managing systems on a network. CLI Abbreviation for command-line interface. CLP Abbreviation for command-line protocol.
DNS Abbreviation for Domain Name System. DSU Abbreviation for disk storage unit. extended schema A solution used with Active Directory to determine user access to iDRAC6; uses Dell-defined Active Directory objects. FQDN Acronym for Fully Qualified Domain Names. Microsoft® Active Directory® only supports FQDN of 64 bytes or fewer. FSMO Flexible Single Master Operation. It is Microsoft’s way of guaranteeing atomicity of the extension operation.
iAMT Intel® Active Management Technology — Delivers more secure systems management capabilities whether or not the computer is powered up or turned off, or the operating system is not responding. ICMB Abbreviation for Intelligent enclosure Management Bus. ICMP Abbreviation for Internet control message protocol. ID Abbreviation for identifier, commonly used when referring to a user identifier (user ID) or object identifier (object ID).
LED Abbreviation for light-emitting diode. LOM Abbreviation for Local area network On Motherboard. LUN Acronym for logical unit. MAC Acronym for media access control, which is a network sublayer between a network node and the network physical layer. MAC address Acronym for media access control address, which is a unique address embedded in the physical components of a NIC. managed server The managed server is the system in which the iDRAC6 is embedded.
NAS Abbreviation for network attached storage. NIC Abbreviation for network interface card. An adapter circuit board installed in a computer to provide a physical connection to a network. OID Abbreviation for Object Identifiers. PCI Abbreviation for Peripheral Component Interconnect, which is a standard interface and bus technology for connecting peripherals to a system and for communicating with those peripherals.
RPM Abbreviation for RPM Package Manager, which is a package-management system for the Red Hat Enterprise Linux® operating system that helps installation of software packages. It is similar to an installation program. SAC Acronym for Microsoft’s Special Administration Console. SAP Abbreviation for Service Access Point. SEL Acronym for system event log. SMI Abbreviation for systems management interrupt. SM-CLP Abbreviation for Server Management-Command Line Protocol.
standard schema A solution used with Active Directory to determine user access to iDRAC6; uses Active Directory group objects only. TAP Abbreviation for Telelocator Alphanumeric Protocol, which is a protocol used for submitting requests to a pager service. TCP/IP Abbreviation for Transmission Control Protocol/Internet Protocol, which represents the set of standard Ethernet protocols that includes the network layer and transport layer protocols.
VNC Abbreviation for virtual network computing. VT-100 Abbreviation for Video Terminal 100, which is used by the most common terminal emulation programs. WAN Abbreviation for wide area network. WS-MAN Abbreviation for Web Services for Management (WS-MAN) protocol. WS-MAN is a transport mechanism for information exchange. WS-MAN provides a universal language for devices to share data so they can be managed more easily.
Glossary
Index A C accessing SSL with web interface, 68 Certificate Signing Request CSR, 68 Active Directory adding iDRAC6 users, 146 configure, 37 configuring access to iDRAC6, 139 logging in to the iDRAC6, 164 managing certificates, 74 objects, 136 schema extensions, 135 using with extended schema, 135 using with iDRAC6, 133 using with standard schema, 153 Certificate Signing Request (CSR) about, 295 generating a new certificate, 297 ASR configuring with web interface, 77 configure alerts, 37 authenticatin
configuring and managing power, 242 Configuring iDRAC Direct Connect Basic Mode and Direct Connect Terminal Mode, 97 configuring idrac6 serial connection, 95 using, 185 creating a configuration file, 116 CSR about, 69 Certificate Signing Request, 68 generating, 70 Configuring iDRAC6 NIC, 54 D configuring iDRAC6 services, 77 ASR, 77 local configuration, 77 remote RACADM, 77 SNMP agent, 77 SSH, 77 telnet, 77 web server, 77 Data Duplicator (dd) utility, 208 Dell OpenManage software integration, 28 deployi
exporting Smart Card certificate, 172 extended schema Active Directory overview, 135 F fan probe, 287 firmware downloading, 45 recovering via web interface, 80 firmware/system services recovery image updating with web interface, 80 frequently asked questions, 123 using console redirection, 192 using iDRAC6 with Active Directory, 166 using Virtual Media, 232 configuring, 42 configuring Active Directory with extended schema, 148 configuring advanced, 85 configuring network settings, 107 configuring standard
capturing on managed system, 263 Active Directory Users and Computers snap-in, 145 integrated System-on-Chip microprocessor, 27 IP blocking about, 305 configuring with web interface, 60 enabling, 306 Linux configuring for serial console redirection, 90 M IP Filtering about, 303 enabling, 304 managed system installing software, 43 IP filtering and blocking, 60 management station, 37, 437 configuring for console redirection, 186 configuring terminal emulation, 101 installing software, 43 IPMI configur
shared with failover LOM2, 40 O operating system installing (manual method), 230 P password-level security management, 28 PEF configuring, 265 configuring using RACACM CLI, 265 configuring using web interface, 265 PET configuring, 266 configuring using RACADM CLI, 267 configuring using web interface, 266 Platform Event Trap PET, 62 platform events configuring, 264 platform events filters table, 62 platforms supported, 32 POST log using, 279 power capping, 241 power inventory and budgeting, 241 power moni
clrsel, 339 config, 311 coredump, 316 coredumpdelete, 317 fwupdate, 318 getconfig, 192, 313 getniccfg, 330 getraclog, 336 getractime, 326 getsel, 338 getssninfo, 320 getsvctag, 331 getsysinfo, 322 gettracelog, 340 help, 309 ifconfig, 327 localConRedirDisable, 356 netstat, 327 ping, 328 racdump, 332 racreset, 333 racresetcfg, 334 serveraction, 335 setniccfg, 328 sslcertupload, 343, 348 sslcertview, 346 sslcsrgen, 341 testemail, 349 testtrap, 350 usercertupload, 353 userertview, 355 vmdisconnect, 352 vmkey, 3
configuring to use iDRAC6, 40 configuring, 222 server certificate uploading, 72 viewing, 73, 298 Server Management Command Line Protocol (SM-CLP) about, 199-200 support, 199 services configuring, 299 configuring with web interface, 77 setting up iDRAC6, 37 Single Sign-On, 165 Smart Card Authentication, 176 Smart Card authentication, 37 Smart Card Logon, 171 configuring local iDRAC6 users, 172 SNMP community string, 409 SSL encryption, 28 sslcertdownload, 344 Standard Schema Active Directory Overview, 153 s
USB flash drive emulation type, 257 vm6deploy script, 209 user configuration, 125 general user settings, 126 iDRAC group permissions, 126 IPMI user privileges, 126 VMCLI Utility installation, 211 usercertupload, 353 users adding and configuring with web interface, 68, 125 using RACADM to configure iDRAC6 Users, 129 utilities dd, 208 vm6eploy script, 209 VMCLI utility, 207 about, 207 deploying the operating system, 209 includes vm6deploy script, 209 operating system shell options, 215 parameters, 212 r