Integrated Dell™ Remote Access Controller 6 (iDRAC6) Version 1.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ___________________ Information in this document is subject to change without notice. © 2009 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 iDRAC6 Overview . . . . . . . . . . . . . . . . . . . iDRAC6 Express Management Features. . . . . . . . . 29 . . . . . . . . . 31 . . . . . . . . . . . . . . . . . . 34 iDRAC6 Enterprise and VFlash Media . Supported Platforms . Supported Operating Systems . . . . . . . . . . . . . . 35 . . . . . . . . . . . . . . . 35 . . . . . . . . 35 . . . . . . . . . . . . . . . . . . . . . . 35 . . . . . . . . . . . . 36 Supported Web Browsers .
. . . . 45 . . 45 . . . . . . 45 . . . . . . . . . . . . . . . . . 46 Installing the Software on the Managed System Installing the Software on the Management Station Installing and Removing RACADM on a Linux Management Station . . . . . . . Installing RACADM Uninstalling RACADM . . . . . . . . . . . . . . . . 46 . . . . . . . . . . . . . 47 . . . . . . . . . . . . . . . . . . 47 . . . . . . . .
Configuring the iDRAC6 NIC . . . . . . . . . . . . . . . Configuring the Network and IPMI LAN Settings . . . . . . Configuring IP Filtering and IP Blocking . . . . . . . . . Configuring Platform Events . 57 . . . . . . . . . . . 57 . . . . . . . . . . . . 63 . . . . . . . . . . . . . . 65 Configuring Platform Event Filters (PEF) . . . . . . 66 Configuring Platform Event Traps (PET) . . . . . . 67 . . . . . . . . . . . . . 68 . . . . . . . . . . . . . . . . . .
5 Advanced iDRAC6 Configuration . Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring iDRAC6 for Viewing Serial Output Remotely Over SSH/Telnet . . . . . . . . . . . . Configuring the iDRAC6 Settings to Enable SSH/Telnet . . . . . . . . . . . . . . . . . . . 90 . . . . . . . . . . . . . . . 91 . . . . . . . . . . . Configuring Linux for Serial Console Redirection During Boot . . . . . . 94 . . . . . . .
Accessing the iDRAC6 Through a Network . . . . . . . 111 . . . . . . . . . . . . . . . . 113 RACADM Synopsis . . . . . . . . . . . . . . . . . 114 RACADM Options . . . . . . . . . . . . . . . . . . 115 Using RACADM Remotely Enabling and Disabling the RACADM Remote Capability . . . . . . . . . . . RACADM Subcommands . . . . . . . . . . 116 . . . . . . . . . . . . . 116 Frequently Asked Questions About RACADM Error Messages . . . . . . . . . . . . . Configuring Multiple iDRAC6 Controllers .
Before You Begin . . . . . . . . . . . . . . . . . Adding an iDRAC6 User . 7 . . . . . . . . . . . . . 139 Removing an iDRAC6 User . . . . . . . . . . . . 140 Enabling an iDRAC6 User With Permissions . . . . . . . . . . . . . . . . . 140 Using the iDRAC6 Directory Service . . . . . . . . . . . . . . . . . . . . . . . . . Using iDRAC6 With Microsoft Active Directory . Supported Active Directory Authentication Mechanisms . 143 . . . . . . . 144 . . . . . . . . . . . . . 144 . . . .
Standard Schema Active Directory Overview . . . . . . . . . . . . . . . . . . . . . . . . . Single Domain Versus Multiple Domain Scenarios . . . . . . . . . . . . . . . . . Configuring Standard Schema Microsoft Active Directory to Access iDRAC6 . . . . . . . . Configuring Microsoft Active Directory With Standard Schema Using the iDRAC6 Web-Based Interface. . . . . . . . . . . . 165 166 . . . . 166 . . . . . 169 . . . . . . . . . . . . . .
8 Configuring Smart Card Authentication . . . . . . . . . . . . . . . . . . . . 187 . . . . . . . 187 . . . . . . . . . 188 Configuring Smart Card Login in iDRAC6 Configuring Local iDRAC6 Users for Smart Card Logon . . . . . . . . . . Exporting the Smart Card Certificate . . . . . . . 188 . . . . . . . . 189 . . . . . . . . . . . . . . . . 189 Configuring Active Directory Users for Smart Card Logon . . . . . . . . . . . Configuring Smart Card Logging Into the iDRAC6 Using the Smart Card . .
Configuring Active Directory Users for Smart Card Logon . . . . . . . . . . . . . . . . . . 10 Using GUI Console Redirection . Overview . . . . . . . 199 201 . . . . . . . . . . . . . . . . . . . . . . . . 201 . . . . . . . . . . . . . . . 201 Using Console Redirection Configuring Your Management Station . Clear Your Browser’s Cache . . . . . . 202 . . . . . . . . . . . . 203 Supported Screen Resolutions and Refresh Rates . . . . . . . . . . . . . . . . .
SM-CLP Features . . . . . . . . . . . . . . . . . . . . Using SM-CLP . . . . . . . . . . . . . . . . . . . SM-CLP Targets . . . . . . . . . . . . . . . . . . 13 Deploying Your Operating System Using VMCLI . . . . Before You Begin . . . . . . . . . . . . . . . . . . . . 231 . . . . . . . . . . 231 . . . . . . . . . . . . . 231 . . . . . . . . . . . . 232 . . . . 232 . . . . . . . . . . . . 232 . . . . . . . . . . . . . . .
Configuring IPMI Using the RACADM CLI . . . . . . . . . . . . . . . . . . . . Using the IPMI Remote Access Serial Interface . . . . . . . . . Configuring Serial Over LAN Using the Web-Based Interface . . . . . 15 Configuring and Using Virtual Media . . . . . . . Overview . 242 . . . . . . . . . . 246 . . . . . . . . . . . 246 . . . . . . . . . . . . . 247 . . . . . . . . . . . . . . . . . . . . . . . . 247 . . . . . . 248 . . . . . . . . 249 . . . . . . . . . . . . . . . 249 . . . . . . .
Configuring the VFlash Media Card Using RACADM. . . . . . . . . . . . . . . . . . . . . Enabling or Disabling the VFlash Media Card . . . . . . . . . . . . . . . . . . . . Resetting the VFlash Media Card . 265 . . . . . . . . . . . . . 267 . . 268 . . . . . . . . . . . . . . . . . . . 268 Power Inventory, Power Budgeting, and Capping Configuring and Managing Power. Viewing the Health Status of the Power Supply Units . . . . . . . . . . . . . . . . . 268 . . . . . . . . . . . 269 . . . . .
18 Using the iDRAC6 Configuration Utility Overview . . . . . . . . . . . . . . . . 277 . . . . . . . . . . . . . . . . . . . . . . . . Starting the iDRAC6 Configuration Utility . . . . . . . . 278 . . . . . . . . 278 . . . . . . . . . . . . . . . . . . . . 279 . . . . . . . . . . . . . . . . . . . 279 . . . . . . . . . . . . . . . . . . 280 . . . . . . . . . . . . 283 . . . . . . . . . . . . . . . . . 284 Using the iDRAC6 Configuration Utility . iDRAC6 LAN .
Testing E-mail Alerting . . . . . . . . . . . . . . Testing the RAC SNMP Trap Alert Feature . Frequently Asked Question about SNMP Authentication . . . . . . . . . 298 . . . . . . . . . . . 298 20 Recovering and Troubleshooting the Managed System . . . . . . . . . . . . . . . First Steps to Troubleshoot a Remote System . Managing Power on a Remote System Selecting Power Control Actions from the iDRAC6 CLI . . . . . . . 301 . . . . . . . . 301 . . . . . . 301 . . . . . . . . 302 . . . . . .
. . . . . . . . . . . . . . . . . . 314 Using the Trace Log . . . . . . . . . . . . . . . . . . . 315 Using the racdump . . . . . . . . . . . . . . . . . . . . 315 Using the coredump . . . . . . . . . . . . . . . . . . . 315 Using Identify Server 22 Sensors . . . . . . . . . . . . . . . . . . . . . . . . . Battery Probes . Fan Probes . 317 . . . . . . . . . . . . . . . . . . . . . 317 . . . . . . . . . . . . . . . . . . . . . . . 317 . . . . . . . . . . . . . . . . 317 . . . . . . . .
. . . . . . . . . . . . . 329 . . . . . . . . . . . . . . . . . 329 . . . . 333 . . . . . . . . 337 Using the Secure Shell (SSH) Configuring Services . Enabling Additional iDRAC6 Security Options Configuring the Network Security Settings Using the iDRAC6 GUI . . A RACADM Subcommand Overview . . . . . 339 . . . . . . . . . . . . . . . . . . . . . . . . . . 339 . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 help . arp clearasrscreen . config . . . . . . . . . . . . . . . . . . .
getniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 361 getsvctag . . . . . . . . . . . . . . . . . . . . . . . . . 362 racdump . . . . . . . . . . . . . . . . . . . . . . . . . 363 racreset . . . . . . . . . . . . . . . . . . . . . . . . . 364 racresetcfg . . . . . . . . . . . . . . . . . . . . . . . . 365 serveraction . . . . . . . . . . . . . . . . . . . . . . . 366 . . . . . . . . . . . . . . . . . . . . . . . . 367 . . . . . . . . . . . . . . . . . . . . . . . . .
usercertview . . . . . . . . . . . . . . . . . . . . . . 386 . . . . . . . . . . . . . . . . . 387 . . . . . . . . . . . . . . . . . . . 387 . . . . . . . . . . . . . . . . . . . . . . . 388 localConRedirDisable krbkeytabupload . sshpkauth B iDRAC6 Property Database Group and Object Definitions . . . . . . . . . . . 391 . . . . . . . . . . . . . . . . 391 . . . . . . . . . . . . . . . . . . . . . . . 392 . . . . . . . . . . 392 . . . . . . . . 392 Displayable Characters idRacInfo .
cfgNicIpAddress (Read/Write) . . . . . . . . . . . 399 cfgNicNetmask (Read/Write) . . . . . . . . . . . . 400 cfgNicGateway (Read/Write) . . . . . . . . . . . . 400 cfgNicUseDhcp (Read/Write) . . . . . . . . . . . 400 . . . . . . . . . . 401 . . . . . . . . . . . . . . . . . . . . . 401 cfgNicMacAddress (Read Only) cfgRemoteHosts . . . 401 . . . . . 402 . . . . . . 402 . . . . 402 . . . . . . . 403 . . . . . . . .
cfgSsnMgtConsRedirMaxSessions (Read/Write) . . . . . . . . . . . . . . . . . . . cfgSsnMgtWebserverTimeout (Read/Write) . . . 411 . . . . 412 . . . . . 412 . . . . . . . . . . . . . . . . . . . . . . . . 413 . . . . . . . . . 413 . . . . . . 413 cfgSsnMgtSshIdleTimeout (Read/Write) . cfgSsnMgtTelnetTimeout (Read/Write) . cfgSerial cfgSerialBaudRate (Read/Write) cfgSerialConsoleEnable (Read/Write) cfgSerialConsoleQuitKey (Read/Write) . . . . . . cfgSerialConsoleIdleTimeout (Read/Write) .
. . . . 422 . . . . . . . . . 422 . . . . . . . . 422 cfgRacTuneIpBlkPenaltyTime (Read/Write) cfgRacTuneSshPort (Read/Write) cfgRacTuneTelnetPort (Read/Write) cfgRacTuneConRedirEnable (Read/Write) . . . . . 423 cfgRacTuneConRedirEncryptEnable (Read/Write) . . . . . . . . . . . . . . . . . . . . 423 cfgRacTuneAsrEnable (Read/Write) . . . . . . . . 423 cfgRacTuneDaylightOffset (Read/Write) . . . . . . 424 cfgRacTuneTimezoneOffset (Read/Write) . . . . .
cfgServerInfo . . . . . . . . . . . . . . . . . . . . . . 432 . . . . . 432 . . . . . . . . 433 . . . . . . . . . . . . . . . . . . 433 cfgServerFirstBootDevice (Read/Write) cfgServerBootOnce (Read/Write) cfgActiveDirectory . cfgADRacDomain (Read/Write). . . . . . . . . . 433 . . . . . . . . . . 433 . . . . . . . . . . . . 434 cfgADRacName (Read/Write) cfgADEnable (Read/Write) cfgADSSOEnable (Read/Write) . . . . . . . . . . cfgADDomainController1 (Read/Write) . . . . . .
cfgLdapBinddn (Read/Write) . . . . . . . . . . . . 443 . . . . . . . . 443 . . . . . . . . . 443 . . . . 444 . . . . . . . . . . . . . . . . . . . 444 cfgLdapBindpassword (Write only) cfgLdapSearchFilter (Read/Write) cfgLDAPCertValidationEnable (Read/Write) cfgLdapRoleGroup . cfgLdapRoleGroupIndex (Read Only) . . . . . . . . 444 . . . . . . . . 444 . . . . . 445 . . . . . . . . . . . . . . . . . . 445 . . . . . . . 445 . . . . . . 446 . . . . .
cfgIpmiPef . . . . . . . . . . . . . . . . . . . . . . . cfgIpmiPefName (Read Only) . . . . . . . . . . . 452 cfgIpmiPefIndex (Read/Write) . . . . . . . . . . 453 cfgIpmiPefAction (Read/Write) . . . . . . . . . . 453 cfgIpmiPefEnable (Read/Write) . . . . . . . . . . 453 . . . . . . . . . . . . . . . . . . . . . . . 454 . . . . . . . . . . . 454 . . . . 454 . . . . . . . 454 . . . . . . . . . . . . . . . . . . . . 455 cfgUserDomainIndex (Read Only) . . . . . . . .
cfgIPv6Address1 (Read/Write) . cfgIPv6Gateway (Read/Write) . . . . . . . . . . 460 . . . . . . . . . . . 460 . . . . . . . . . 461 . . . . . . . . . . 461 . . . . . . . 461 . . . . . . . . . . . 462 cfgIPv6PrefixLength (Read/Write) cfgIPv6AutoConfig (Read/Write) cfgIPv6LinkLocalAddress (Read Only) cfgIPv6Address2 (Read Only) cfgIPv6DNSServersFromDHCP6 (Read/Write) . . . 462 cfgIPv6DNSServer1 (Read/Write) . . . . . . . . . 462 cfgIPv6DNSServer2 (Read/Write) . . . . . . . . . 463 . . .
cfgIPv6Addr10PrefixLength (Read Only) . . . . . . . . 469 469 . . . . . 469 . . . . . . . . 469 . . . . . . . . . . 470 . . . . . 470 cfgIPv6Addr11PrefixLength (Read Only) cfgIPv6Addr11Length (Read Only) cfgIPv6Address11 (Read Only) cfgIPv6Addr12PrefixLength (Read Only) . . . . . . . . 470 . . . . . . . . . . 470 cfgIPv6Addr12Length (Read Only) cfgIPv6Address12 (Read Only) . . . . . 470 . . . . . . . . 471 . . . . . . . . . . 471 . . . . .
cfgIpmiSerialInputNewLineSequence (Read/Write) . . . . . . . . . . . . . . cfgSmartCard . . . . . . 477 . . . . . . . . . . . . . . . . . . . . . . 477 . . . . . 477 . . . . . . 478 . . . . . . . . . . . . . . . . . . . . . . 478 . . . . . . 478 . . . . . . . 479 . . . . . 479 . . . . . . . . 480 cfgSmartCardLogonEnable (Read/Write) cfgSmartCardCRLEnable (Read/Write) . cfgNetTuning .
Contents
iDRAC6 Overview The Integrated Dell™ Remote Access Controller6 (iDRAC6) is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for Dell PowerEdge™ systems. The iDRAC6 uses an integrated System-on-Chip microprocessor for the remote monitor/control system. The iDRAC6 co-exists on the system board with the managed PowerEdge server.
• Provides support for Microsoft® Active Directory® authentication — Centralizes iDRAC6 user IDs and passwords in Active Directory using an extended schema or a standard schema • Provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not require any schema extension on your directory services.
• Firmware rollback and recovery — Allows you to boot from (or rollback to) the firmware image of your choice. For more information about iDRAC6 Express, see your Hardware Owner’s Manual at support.dell.com\manuals. iDRAC6 Enterprise and VFlash Media Adds support for RACADM, virtual KVM, Virtual Media features, a dedicated NIC, and Virtual Flash (with an optional Dell VFlash Media card). Virtual Flash allows you to store emergency boot images and diagnostic tools on the VFlash Media.
Table 1-1.
Table 1-1.
Table 1-1.
Supported Operating Systems For the latest information, see the iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.dell.com/manuals. Supported Web Browsers For the latest information, see the iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.dell.com/manuals. NOTE: Due to serious security flaws, support for SSL 2.0 has been discontinued. Your browser must be configured to enable SSL 3.0 in order to work properly.
Table 1-3. iDRAC6 Server Listening Ports (continued) Port Number Function 23* Telnet 80* HTTP 443* HTTPS 623 RMCP/RMCP+ 5900* Console Redirection keyboard/mouse, Virtual Media Service, Virtual Media Secure Service, Console Redirection video * Configurable port Table 1-4.
• The Dell Systems Software Support Matrix provides information about the various Dell systems, the operating systems supported by these systems, and the Dell OpenManage components that can be installed on these systems. • The Dell OpenManage Server Administrator Installation Guide contains instructions to help you install Dell OpenManage Server Administrator.
• Systems management software documentation describes the features, requirements, installation, and basic operation of the software. • Operating system documentation describes how to install (if necessary), configure, and use the operating system software. • Documentation for any components you purchased separately provides information to configure and install these options. • Updates are sometimes included with the system to describe changes to the system, software, and/or documentation.
Getting Started With the iDRAC6 The iDRAC6 enables you to remotely monitor, troubleshoot, and repair a Dell system even when the system is down. The iDRAC6 offers a rich set of features like console redirection, virtual media, virtual KVM, Smart Card authentication, and single sign-on. The management station is the system from which an administrator remotely manages a Dell system that has an iDRAC6. The systems that are monitored in this way are called managed systems.
Getting Started With the iDRAC6
Basic Installation of the iDRAC6 This section provides information about how to install and set up your iDRAC6 hardware and software.
Configuring Your System to Use an iDRAC6 To configure your system to use an iDRAC6, use the iDRAC6 Configuration Utility. To run the iDRAC6 Configuration Utility: 1 Turn on or restart your system. 2 Press when prompted during POST. If your operating system begins to load before you press , allow the system to finish booting, and then restart your system and try again. 3 Configure the LOM. 44 a Use the arrow keys to select LAN Parameters and press . NIC Selection is displayed.
• Shared with Failover LOM2 — Select this option to share the network interface with the host operating system. The remote access device network interface is fully functional when the host operating system is configured for NIC teaming. The remote access device receives data through NIC 1 and NIC 2, but transmits data only through NIC 1. If NIC 1 fails, the remote access device fails over to NIC 2 for all data transmission. The remote access device continues to use NIC 2 for data transmission.
Software Installation and Configuration Overview This section provides a high-level overview of the iDRAC6 software installation and configuration process. For more information about the iDRAC6 software components, see "Installing the Software on the Managed System." Installing Your iDRAC6 Software To install your iDRAC6 software: 1 Install the software on the managed system. See "Installing the Software on the Managed System." 2 Install the software on the management station.
Installing the Software on the Managed System Installing software on the managed system is optional. Without the managed system software, you cannot use the RACADM locally, and the iDRAC6 cannot capture the last crash screen. To install the managed system software, install the software on the managed system using the Dell Systems Management Tools and Documentation DVD.
NOTE: When you run Setup on the Dell Systems Management Tools and Documentation DVD, the RACADM utility for all supported operating systems is installed on your management station. Installing RACADM 1 Log on as root to the system where you want to install the management station components.
Updating the iDRAC6 Firmware Use one of the following methods to update your iDRAC6 firmware.
Updating the iDRAC6 Firmware Using the Web-Based Interface For detailed information, see "Updating the iDRAC6 Firmware/System Services Recovery Image." Updating the iDRAC6 Firmware Using RACADM You can update the iDRAC6 firmware using the CLI-based RACADM tool. If you have installed Server Administrator on the managed system, use local RACADM to update the firmware. 1 Download the iDRAC6 firmware image from the Dell Support website at support.dell.com to the managed system. For example: C:\downloads\firmim
These errors are cosmetic in nature and should be ignored. These messages are caused due to reset of the USB devices during the firmware update process and are harmless. Clearing the Browser Cache After the firmware upgrade, clear the Web browser cache. See "Clear Your Browser’s Cache" for more information. Configuring a Supported Web Browser The following sections provide instructions for configuring the supported Web browsers.
32-bit and 64-bit Web Browsers The iDRAC6 Web-based interface is not supported on 64-bit Web browsers. If you open a 64-bit Browser, access the Console Redirection page, and attempt to install the plug-in, the installation procedure fails. If this error was not acknowledged and you repeat this procedure, the Console Redirect Page loads even though the plug-in installation fails during your first attempt.
Linux If you are running Console Redirection on a Red Hat® Enterprise Linux® (version 4) client with a Simplified Chinese GUI, the viewer menu and title may appear in random characters. This issue is caused by an incorrect encoding in the Red Hat Enterprise Linux (version 4) Simplified Chinese operating system. To fix this issue, access and modify the current encoding settings by performing the following steps: 1 Open a command terminal. 2 Type “locale” and press . The following output is displayed.
6 Log out and then log in to the operating system. 7 Relaunch the iDRAC6. When you switch from any other language to the Simplified Chinese language, ensure that this fix is still valid. If not, repeat this procedure. For advanced configurations of the iDRAC6, see "Advanced iDRAC6 Configuration.
Configuring the iDRAC6 Using the Web Interface The iDRAC6 provides a Web interface that enables you to configure the iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the iDRAC6 Web interface. This chapter provides information about how to perform common systems management tasks with the iDRAC6 Web interface and provides links to related information.
Accessing the Web Interface To access the iDRAC6 Web interface, perform the following steps: 1 Open a supported Web browser window. To access the Web interface using an IPv4 address, go to step 2. To access the Web interface using an IPv6 address, go to step 3. 2 Access the Web interface using an IPv4 address; you must have IPv4 enabled: In the browser Address bar, type: https:// Then, press . 3 Access the Web interface using an IPv6 address; you must have IPv6 enabled.
Logging In You can log in as either an iDRAC6 user or as a Microsoft® Active Directory® user. The default user name and password for an iDRAC6 user are root and calvin, respectively. You must have been granted Login to iDRAC privilege by the administrator to log in to iDRAC6. To log in, perform the following steps: 1 In the Username field, type one of the following: • Your iDRAC6 user name. The user name for local users is case-sensitive. Examples are root, it_user, or john_doe.
Logging Out 1 In the upper-right corner of the main window, click Logout to close the session. 2 Close the browser window. NOTE: The Logout button does not appear until you log in. NOTE: Closing the browser without gracefully logging out may cause the session to remain open until it times out. It is strongly recommended that you click the logout button to end the session; otherwise, the session may remain active until the session timeout is reached.
Table 4-1. User Privilege Behavior in Supported Browsers Browser Tab Behavior Window Behavior Microsoft Internet Explorer 6 Not applicable New session Microsoft IE7 and IE8 From latest session opened New session Firefox 2 and Firefox 3 From latest session opened From latest session opened Configuring the iDRAC6 NIC This section assumes that the iDRAC6 has already been configured and is accessible on the network.
4 Click the appropriate button to continue. See Table 4-8. Table 4-2. Network Settings Setting Description NIC Selection Configures the current mode out of the four possible modes: • Dedicated NOTE: This option is only available on iDRAC6 Enterprise cards. • Shared (LOM1) • Shared with Failover LOM2 • Shared with Failover All LOMs NOTE: This option may not be available on iDRAC6 Enterprise.
Table 4-2. Network Settings (continued) Setting Description Auto Negotiation If set to On, displays the Network Speed and Mode by communicating with the nearest router or hub. If set to Off, allows you to set the Network Speed and Duplex Mode manually. If NIC Selection is not set to Dedicated, Auto Negotiation setting will always be enabled (On). Network Speed Enables you to set the Network Speed to 100 Mb or 10 Mb to match your network environment.
Table 4-4. IPv4 Settings Setting Description Enable IPv4 If NIC is enabled, this selects IPv4 protocol support and sets the other fields in this section to be enabled. DHCP Enable Prompts the iDRAC6 to obtain an IP address for the NIC from the Dynamic Host Configuration Protocol (DHCP) server. The default is off. IP Address Specifies the iDRAC6 NIC IP address. Subnet Mask Allows you to enter or edit a static IP address for the iDRAC6 NIC.
Table 4-5. IPv6 Settings Setting Description Enable IPv6 If the checkbox is selected, IPv6 is enabled. If the checkbox is not selected, IPv6 is disabled. The default is disabled. Autoconfiguration Enable Check this box to allow the iDRAC6 to obtain the IPv6 address for the iDRAC6 NIC from the Dynamic Host Configuration Protocol (DHCPv6) server. Enabling autoconfiguraion also deactivates and flushes out the static values for IP Address 1, Prefix Length, and IP Gateway.
Table 4-5. IPv6 Settings (continued) Setting Description Preferred DNS Server Configures the static IPv6 address for the preferred DNS server. To change this setting, you must first uncheck Use DHCP to obtain DNS Server Addresses. Alternate DNS Server Configures the static IPv6 address for the alternate DNS server. To change this setting, you must first uncheck Use DHCP to obtain DNS Server Addresses. Table 4-6.
Table 4-8. Network Configuration Page Buttons Button Description Print Prints the Network values that appear on the screen. Refresh Reloads the Network page. Advanced Settings Opens the Network Security page, allowing the user to enter IP Range and IP Blocking attributes. Apply Saves any new settings made to the Network page. NOTE: Changes to the NIC IP address settings will close all user sessions and require users to reconnect to the iDRAC6 Web interface using the updated IP address settings.
Table 4-9. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a range of IP addresses that can access the iDRAC. The default is off. IP Range Address Determines the acceptable IP address bit pattern, depending on the 1's in the subnet mask. This value is bitwise AND’d with the IP Range Subnet Mask to determine the upper portion of the allowed IP address.
Table 4-10. Network Security Page Buttons Button Description Print Prints the Network Security values that appear on the screen. Refresh Reloads the Network Security page. Apply Saves any new settings that you made to the Network Security page. Return to the Returns to the Network page. Network Configuration Page Configuring Platform Events Platform event configuration provides a mechanism for configuring the iDRAC6 to perform selected actions on certain event messages.
Table 4-11.
NOTE: Enable Platform Event Filter Alerts must be enabled for an alert to be sent to any valid, configured destination (PET or e-mail). 4 In the next table, Platform Event Filters List, click the filter that you want to configure. 5 In the Set Platform Events page, select the appropriate Shutdown Action or select None. 6 Select or deselect Generate Alert to enable or disable this action. NOTE: Generate Alert must be enabled for an alert to be sent to any valid, configured destination (PET). 7 Click Apply.
On the Platform Event Alert Destinations page, the changes you applied are displayed in either the IPv4 or IPv6 Destination List. 8 In the Community String field, enter the appropriate iDRAC SNMP community name. Click Apply. NOTE: The destination community string must be the same as the iDRAC6 community string. 9 Repeat steps 4 through 7 to configure additional IPv4 or IPv6 destination numbers. NOTE: If you disable a Platform Event Filter, the trap associated with that sensor going "bad" is also disabled.
9 If you want to test the configured e-mail alert, click Send Test Email. If not, click Go Back to the E-mail Alert Destination Page. 10 Click Go Back to the E-mail Alert Destination Page and enter a valid SMTP IP address in the SMTP (e-mail) Server IP Address field. NOTE: To successfully send a test e-mail, the SMTP (email) Server IP Address must be configured on the E-mail Alert Settings page.
b Click the Network/Security tab and then click Serial Over LAN. c In the Serial Over LAN page, select Enable Serial Over LAN. d Update the IPMI SOL baud rate. NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate is identical to your managed system’s baud rate. e Click the Baud Rate drop-down menu, select the appropriate baud rate, and click Apply. f Update the minimum required privilege.
• Save and exit the BIOS Setup program. • Restart your system. If IPMI serial is in terminal mode, you can configure the following additional settings: • Delete control • Echo control • Line edit • New line sequences • Input new line sequences For more information about these properties, see the IPMI 2.0 specification. For additional information about terminal mode commands, see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at support.dell.com/manuals.
Secure Sockets Layer (SSL) The iDRAC6 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. Built upon public-key and private-key encryption technology, SSL is a widely accepted technology for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.
Accessing SSL Through the Web-Based Interface 1 Click Remote Access→Network/Security. 2 Click SSL to open the SSL page. Use the SSL page to perform one of the following options: • Generate a Certificate Signing Request (CSR) to send to a CA. The CSR information is stored on the iDRAC6 firmware. • Upload a server certificate. • View a server certificate. Table 4-12 describes the above SSL page options. Table 4-12.
3 Click Generate to create the CSR and download it onto to your local computer. 4 Click the appropriate button to continue. See Table 4-14. Table 4-13. Generate Certificate Signing Request (CSR) Attributes Field Description Common Name The exact name being certified (usually the iDRAC’s domain name, for example, www.xyzcompany.com). Alphanumeric characters, hyphens, underscores, spaces, and periods are valid. Organization Name The name associated with this organization (for example, XYZ Corporation).
Table 4-14. Generate Certificate Signing Request (CSR) Page Buttons Button Description Print Prints the Generate Certificate Signing Request values that appear on the screen. Refresh Reloads the Generate Certificate Signing Request page. Generate Generates a CSR and then prompts the user to save it to a specified directory. Go Back to SSL Main Menu Returns the user to the SSL page. Uploading a Server Certificate 1 On the SSL page, select Upload Server Certificate and click Next.
Viewing a Server Certificate 1 On the SSL page, select View Server Certificate and click Next. The View Server Certificate page displays the server certificate that you uploaded to the iDRAC. Table 4-16 describes the fields and associated descriptions listed in the Certificate table. 2 Click the appropriate button to continue. See Table 4-17. Table 4-16.
Configuring and Managing Active Directory The page enables you to configure and manage Active Directory settings. NOTE: You must have Configure iDRAC permission to use or configure Active Directory. NOTE: Before configuring or using the Active Directory feature, ensure that your Active Directory server is configured to communicate with iDRAC6.
Table 4-18. Active Directory Configuration and Management Page Options (continued) Attribute Description User Domain Name This value holds up to 40 User Domain entries. If configured, the list of user domain names will appear in the login page as a pull-down menu for the login user to choose from. If not configured, Active Directory users are still able to log in by entering the user name in the format of user_name@domain_name, domain_name/user_name, or domain_name\user_name.
Table 4-18. Active Directory Configuration and Management Page Options (continued) Attribute Description Active Directory CA Certificate Certificate The certificate of the Certificate Authority that signs all the domain controllers’ Security Socket Layer (SSL) server certificate. Extended Schema Settings iDRAC Name: Specifies the name that uniquely identifies the iDRAC in Active Directory. This value is NULL by default.
Table 4-19. Active Directory Configuration and Management Page Buttons Button Definition Print Prints the values that are displayed on the Active Directory Configuration and Management page. Refresh Reloads the Active Directory Configuration and Management page. Configure Active Enables you to configure Active Directory. See "Using the iDRAC6 Directory Directory Service" for detailed configuration information.
3 Click Apply. 4 Click the appropriate button to continue. See Table 4-27. Table 4-20. Local Configuration Setting Description Disable the iDRAC Local Configuration using option ROM Disables local configuration of iDRAC using option ROM. Option ROM resides in the BIOS and provides a user interface engine that allows BMC and iDRAC configuration. The option ROM prompts you to enter the setup module by pressing .
Table 4-21. Web Server Settings (continued) Setting Description HTTPS Port Number The port on which the iDRAC6 listens for a secure browser connection. The default is 443. Table 4-22. SSH Settings Setting Description Enabled Enables or disable SSH. When checked, SSH is enabled. Max Sessions Maximum number of simultaneous SSH sessions allowed for this system. You cannot edit this field. NOTE: iDRAC6 supports up to 2 SSH sessions simultaneously.
Table 4-23. Telnet Settings Setting Description (continued) Port Number The port on which the iDRAC6 listens for a Telnet connection. The default is 23. Table 4-24. Remote RACADM Settings Setting Description Enabled Enables/disables remote RACADM. When checked, remote RACADM is enabled. Active Sessions The number of current remote RACADM sessions on the system. You cannot edit this field. Table 4-25. SNMP Settings Setting Description Enabled Enables/disables SNMP.
Table 4-27. Services Page Buttons Button Description Apply Applies the Services page settings. Updating the iDRAC6 Firmware/System Services Recovery Image NOTE: If the iDRAC6 firmware becomes corrupted, as could occur if the iDRAC6 firmware update progress is interrupted before it completes, you can recover the iDRAC6 using the iDRAC6 Web interface. NOTE: The firmware update, by default, retains the current iDRAC6 settings.
5 On the Status (page 2 of 3) page, you will see the results of the validation performed on the image file you uploaded. • If the image file uploaded successfully and passed all verification checks, the image file name will be displayed. If a firmware image was uploaded, the current and the new firmware versions will be displayed.
Click System→Remote Access, and then click the Update tab. 2 In the Upload/Rollback (Step 1 of 3) page, click Rollback. The current and the rollback firmware versions are displayed on the Status (Step 2 of 3) page. Preserve Configuration provides you with the option to preserve or clear the existing iDRAC6 configuration. This option is selected by default. NOTE: If you deselect the Preserve Configuration checkbox, the iDRAC6 will be reset to its default settings. In the default settings, the LAN is enabled.
1 Open a supported Web browser window. 2 Log in to iDRAC6 Web interface. 3 In the system tree, select System→Setup tab→Remote Syslog Settings. The Remote Syslog Settings screen is displayed. Table 4-28 lists the Remote Syslog settings. Table 4-28. Remote Syslog Settings Attribute Description Remote Syslog Enabled Select this option to enable the transmission and remote capture of the syslog on the specified server. Once syslog is enabled, new log entries are sent to the Syslog server(s).
racadm config –g cfgRemoteHosts –o cfgRhostsSyslogPort ; default is 514 First Boot Device This feature allows you to select the first boot device for your system and enable Boot Once. The system boots from the selected device on the next and subsequent reboots and remains as the first boot device in the BIOS boot order, until it is changed again either from the iDRAC6 GUI or from the BIOS Boot sequence.
Advanced iDRAC6 Configuration This section provides information about advanced iDRAC6 configuration and is recommended for users with advanced knowledge of systems management and who want to customize the iDRAC6 environment to suit their specific needs. Before You Begin You should have completed the basic installation and setup of your iDRAC6 hardware and software. See "Basic Installation of the iDRAC6" for more information.
failsafe baud rate....115200 remote terminal type....vt100/vt220 redirection after boot....Enabled Then, select Save Changes. 5 Press to exit the System Setup program and complete the System Setup program configuration. Configuring the iDRAC6 Settings to Enable SSH/Telnet Next, configure the iDRAC6 settings to enable ssh/Telnet, which you can do either through RACADM or the iDRAC6 Web interface.
console com2 The console -h com2 command displays the contents of the serial history buffer before waiting for input from the keyboard or new characters from the serial port. The default (and maximum) size of the history buffer is 8192 characters. You can set this number to a smaller value using the command: racadm config -g cfgSerial -o cfgSerialHistorySize To configure Linux for console direction during boot, see "Configuring Linux for Serial Console Redirection During Boot.
NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected console to 25 rows x 80 columns to ensure proper text display; otherwise, some text screens may be garbled. 1 Enable Telnet in Windows Component Services. 2 Connect to the iDRAC6 in the management station.
Using the Secure Shell (SSH) It is critical that your system’s devices and device management are secure. Embedded connected devices are the core of many business processes. If these devices are compromised, your business may be at risk, which requires new security demands for command line interface (CLI) device management software. Secure Shell (SSH) is a command line session that includes the same capabilities as a Telnet session, but with improved security.
Table 5-1. Cryptography Schemes Scheme Type Scheme Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024 (random) bits per NIST specification Symmetric Cryptography • AES256-CBC • RIJNDAEL256-CBC • AES192-CBC • RIJNDAEL192-CBC • AES128-CBC • RIJNDAEL128-CBC • BLOWFISH-128-CBC • 3DES-192-CBC • ARCFOUR-128 Message Integrity • HMAC-SHA1-160 • HMAC-SHA1-96 • HMAC-MD5-128 • HMAC-MD5-96 Authentication • Password NOTE: SSHv1 is not supported.
2 Append two options to the kernel line: kernel ............. console=ttyS1,115200n8r console=tty1 3 If the /etc/grub.conf contains a splashimage directive, comment it out. Table 5-2 provides a sample /etc/grub.conf file that shows the changes described in this procedure. Table 5-2. Sample File: /etc/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes # to this file # NOTICE: You do not have a /boot partition.
Table 5-2. Sample File: /etc/grub.conf (continued) serial --unit=1 --speed=57600 terminal --timeout=10 serial title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.3smp ro root= /dev/sda1 hda=ide-scsi console=ttyS0 console= ttyS1,115200n8r initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 s initrd /boot/initrd-2.4.9-e.3.im When you edit the /etc/grub.
Table 5-3 shows a sample file with the new line. Table 5-3. Sample File: /etc/innitab # # inittab This file describes how the INIT process should set up # the system in a certain run-level. # # Author: Miquel van Smoorenburg # Modified for RHS Linux by Marc Ewing and Donnie Barnes # # Default runlevel.
Table 5-3. Sample File: /etc/innitab (continued) # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have power installed and your # UPS is connected and working correctly.
Edit the file /etc/securetty as follows: Add a new line with the name of the serial tty for COM2: ttyS1 Table 5-4 shows a sample file with the new line. Table 5-4.
To set up your system to use any of these interfaces, perform the following steps. Configure the BIOS to enable serial connection: 1 Turn on or restart your system. 2 Press immediately after you see the following message: = System Setup 3 Scroll down and select Serial Communication by pressing . 4 Set the Serial Communication screen as follows: external serial connector....remote access device Then, select Save Changes.
When you are connected serially with the previous settings, you should see a login prompt. Enter the iDRAC6 username and password (default values are root, calvin, respectively). From this interface, you can execute such features as RACADM.
Direct Connect Basic mode will enable you to use such tools as ipmish directly through the serial connection. For example, to print the System Event Log using ipmish via IPMI Basic mode, run the following command: ipmish -com 1 -baud 57600 sel get -flow cts -u root -p calvin Direct Connect Terminal mode will enable you to issue ASCII commands to the iDRAC6.
Switching Between RAC Serial Interface Communication Mode and Serial Console Redirection iDRAC6 supports Escape key sequences that allow switching between RAC Serial Interface communication and Serial console redirection. To set your system to allow this behavior, do the following: 1 Turn on or restart your system. 2 Press immediately after you see the following message: = System Setup 3 Scroll down and select Serial Communication by pressing .
To switch to RAC Serial Interface Communication Mode when in Serial Console Redirection Mode, use the following key sequence: + <9> The key sequence above directs you either to the "iDRAC Login" prompt (if the RAC is set to "RAC Serial" mode) or to the "Serial Connection" mode where terminal commands can be issued (if the RAC is set to "IPMI Serial Direct Connect Terminal Mode").
Configuring the Management Station Terminal Emulation Software iDRAC6 supports a serial or Telnet text console from a management station running one of the following types of terminal emulation software: • Linux Minicom in an Xterm • Hilgraeve’s HyperTerminal Private Edition (version 6.3) • Linux Telnet in an Xterm • Microsoft Telnet Perform the steps in the following subsections to configure your type of terminal software. If you are using Microsoft Telnet, configuration is not required.
7 Press and set the Bps/Par/Bits option to 57600 8N1. 8 Press and set Hardware Flow Control to Yes and set Software Flow Control to No. 9 To exit the Serial Port Setup menu, press . 10 Select Modem and Dialing and press . 11 In the Modem Dialing and Parameter Setup menu, press to clear the init, reset, connect, and hangup settings so that they are blank. 12 Press to save each blank value.
Table 5-6. Minicom Settings for Serial Console Emulation (continued) Setting Description Required Setting Terminal emulation ANSI Modem dialing and parameter settings Clear the init, reset, connect, and hangup settings so that they are blank Window size 80 x 25 (to resize, drag the corner of the window) Configuring HyperTerminal for Serial Console Redirection HyperTerminal is the Microsoft Windows serial port access utility.
Table 5-7. Management Station COM Port Settings Setting Description Required Setting Bits per second 57600 Data bits 8 Parity None Stop bits 1 Flow control Hardware Configuring Serial and Terminal Modes Configuring IPMI and iDRAC6 Serial 1 Expand the System tree and click Remote Access. 2 Click the Network/Security tab and then click Serial. 3 Configure the IPMI serial settings. See Table 5-8 for description of the IPMI serial settings. 4 Configure the iDRAC6 serial settings.
Table 5-8. IPMI Serial Settings (continued) Setting Description Flow Control • None — Hardware Flow Control Off • RTS/CTS — Hardware Flow Control On Channel Privilege Level Limit • Administrator • Operator • User Table 5-9. iDRAC6 Serial Settings Setting Description Enabled Enables or disables the iDRAC6 serial console. Checked= Enabled; Unchecked=Disabled Timeout The maximum number of seconds of line idle time before the line is disconnected. The range is 60 to 1920 seconds.
Configuring Terminal Mode 1 Expand the System tree and click Remote Access. 2 Click the Network/Security tab and then click Serial. 3 In the Serial page, click Terminal Mode Settings. 4 Configure the terminal mode settings. See Table 5-11 for description of the terminal mode settings. 5 Click Apply Changes. 6 Click the appropriate Terminal Mode Settings page button to continue. See Table 5-12 for description of the terminal mode settings page buttons. Table 5-11.
Table 5-12. Terminal Mode Settings Page Buttons (continued) Button Description Return to Serial Port Configuration Return to the Serial Port Configuration page. Apply Changes Apply the terminal mode settings changes. Configuring the iDRAC6 Network Settings CAUTION: Changing your iDRAC6 Network settings may disconnect your current network connection.
Table 5-13 describes each iDRAC6 interface. Table 5-13. iDRAC6 Interfaces Interface Description Web-based interface Provides remote access to the iDRAC6 using a graphical user interface. The Web-based interface is built into the iDRAC6 firmware and is accessed through the NIC interface from a supported Web browser on the management station. RACADM Provides remote access to the iDRAC6 using a command line interface. RACADM uses the iDRAC6 IP address to execute RACADM commands.
Table 5-13. iDRAC6 Interfaces (continued) Interface Description SSH Interface Provides the same capabilities as the Telnet console using an encrypted transport layer for higher security. IPMI Interface Provides access through the iDRAC6 to the remote system’s basic management features. The interface includes IPMI over LAN, IPMI over Serial, and Serial over LAN. For more information, see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at support.dell.com\manuals.
Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name Continuing execution. Use -S option for racadm to stop the execution on certificate-related errors. RACADM continues to execute the command. However, if you use the –S option, RACADM stops executing the command and displays the following message: Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name Racadm not continuing execution of the command.
RACADM Options Table 5-14 lists the options for the RACADM command. Table 5-14. racadm Command Options Option Description -r Specifies the controller’s remote IP address. -r : Use: if the iDRAC6 port number is not the default port (443) -i Instructs RACADM to interactively query the user for user name and password. -u Specifies the user name that is used to authenticate the command transaction.
Enabling and Disabling the RACADM Remote Capability NOTE: It is recommended that you run these commands on your local system. The RACADM remote capability is enabled by default. If disabled, type the following RACADM command to enable: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 1 To disable the remote capability, type: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 0 RACADM Subcommands Table 5-15 provides a description of each RACADM subcommand that you can run in RACADM.
Table 5-15. RACADM Subcommands (continued) Command Description coredumpdelete Deletes the coredump stored in the iDRAC6. fwupdate Executes or displays status on iDRAC6 firmware updates. getssninfo Displays information about active sessions. getsysinfo Displays general iDRAC6 and system information. getractime Displays the iDRAC6 time. ifconfig Displays the current iDRAC6 IP configuration. netstat Displays the routing table and the current connections.
Table 5-15. RACADM Subcommands (continued) Command Description vmkey Resets the virtual flash size to its default size (256 MB). Frequently Asked Questions About RACADM Error Messages After performing an iDRAC6 reset (using the racadm racreset command), I issue a command and the following message is displayed: ERROR: Unable to connect to RAC at specified IP address What does this message mean? You must wait until the iDRAC6 completes the reset before issuing another command.
NOTE: Some configuration files contain unique iDRAC6 information (such as the static IP address) that must be modified before you export the file to other iDRAC6. To configure multiple iDRAC6 controllers, perform the following procedures: 1 Use RACADM to query the target iDRAC6 that contains the appropriate configuration. NOTE: The generated .cfg file does not contain user passwords. Open a command prompt and type: racadm getconfig -f myfile.
racadm getconfig -f myfile.cfg CAUTION: It is recommended that you edit this file with a simple text editor. The RACADM utility uses an ASCII text parser. Any formatting confuses the parser, which may corrupt the RACADM database. Creating an iDRAC6 Configuration File The iDRAC6 configuration file .cfg is used with the racadm config -f .cfg command. You can use the configuration file to build a configuration file (similar to an .ini file) and configure the iDRAC6 from this file.
Use the following guidelines when you create a .cfg file: • If the parser encounters an indexed group, it is the value of the anchored object that differentiates the various indexes. The parser reads in all of the indexes from the iDRAC6 for that group. Any objects within that group are simple modifications when the iDRAC6 is configured. If a modified object represents a new index, the index is created on the iDRAC6 during configuration. • You cannot specify an index of your choice in a .cfg file.
Parsing Rules • All lines that start with '#' are treated as comments. A comment line must start in column one. A '#' character in any other column is treated as a '#' character. Some modem parameters may include # characters in its string. An escape character is not required. You may want to generate a .cfg from a racadm getconfig -f .cfg command, and then perform a racadm config -f .cfg command to a different iDRAC6, without adding escape characters.
• All parameters are specified as "object=value" pairs with no white space between the object, =, or value. White spaces that are included after the value are ignored. A white space inside a value string remains unmodified. Any character to the right of the '=' is taken as is (for example, a second '=', or a '#', '[', ']', and so forth). These characters are valid modem chat script characters. See the example in the previous bullet. • The .cfg parser ignores an index object entry.
Modifying the iDRAC6 IP Address When you modify the iDRAC6 IP address in the configuration file, remove all unnecessary =value entries. Only the actual variable group’s label with "[" and "]" remains, including the two =value entries pertaining to the IP address change. For example: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.
Configuring iDRAC6 Network Properties To generate a list of available network properties, type the following: racadm getconfig -g cfgLanNetworking To use DHCP to obtain an IP address, use the following command to write the object cfgNicUseDhcp and enable this feature: racadm config -g cfgLanNetworking -o cfgNicUseDHCP 1 The commands provide the same configuration functionality as the iDRAC6 Configuration Utility at boot-up when you are prompted to type .
racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1 racadm config -g cfgLanNetworking -o cfgDNSRacName RAC-EK00002 racadm config -g cfgLanNetworking -o cfgDNSDomainNameFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSDomainName MYDOMAIN NOTE: If cfgNicEnable is set to 0, the iDRAC6 LAN is disabled even if DHCP is enabled.
Frequently Asked Questions about Network Security When accessing the iDRAC6 Web-based interface, I get a security warning stating the hostname of the SSL certificate does not match the hostname of the iDRAC6. The iDRAC6 includes a default iDRAC6 server certificate to ensure network security for the Web-based interface and remote RACADM features.
The iDRAC6 Web server is reset after the following occurrences: • When the network configuration or network security properties are changed using the iDRAC6 Web user interface • When the cfgRacTuneHttpsPort property is changed (including when a config -f changes it) • When racresetcfg is used • When the iDRAC6 is reset • When a new SSL server certificate is uploaded Why doesn’t my DNS server register my iDRAC6? Some DNS servers only register names of 31 characters or fewer.
Adding and Configuring iDRAC6 Users To manage your system with the iDRAC6 and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs.
3 On the User Configuration page, configure the following: • The username, password, and access permissions for a new or existing iDRAC user. Table 6-3 describes General User Settings. • The user’s IPMI privileges. Table 6-4 describes the IPMI User Privileges for configuring the user’s LAN privileges. • The iDRAC user privileges. Table 6-5 describes the iDRAC User Privileges. • The iDRAC Group access permissions. Table 6-6 describes the iDRAC Group Permissions. 4 When completed, click Apply Changes.
Table 6-1. User States and Permissions (continued) Setting Description Serial Port User Privilege Displays the IPMI Serial Port privilege level to which the user is assigned (Administrator, Operator, Read Only, or None). Serial Over LAN Privilege Allows/Disallows the user to use IPMI Serial Over LAN. Table 6-2. Smart Card Configuration Options Option Description Upload User Certificate Enables the user to upload the user certificate to iDRAC6 and import it to the user profile.
Table 6-4. IPMI User Privileges Property Description Maximum LAN User Privilege Granted Specifies the user’s maximum privilege on the IPMI LAN channel to one of the following user groups: Administrator, Operator, User, or None. Maximum Serial Port User Privilege Granted Specifies the user’s maximum privilege on the IPMI Serial channel to one of the following user groups: Administrator, Operator, User, or None. Enable Serial Over LAN Allows the user to use IPMI Serial Over LAN.
Table 6-6.
you do not have to enter the username or password when logging into the iDRAC6. This can be very useful for setting up automated scripts to perform various functions. When getting ready to set up this functionality, be aware of the following: • You can manage this feature with RACADM and also from the GUI. • When adding new public keys, ensure that the existing keys are not already at the index where the new key is added.
Generating Public Keys for Linux The ssh-keygen application for Linux clients is a command line tool with no graphical user interface. Open a terminal window and at the shell prompt, enter: ssh-keygen –t rsa –b 1024 –C testing NOTE: The options are case-sensitive. where, -t option could be either dsa or rsa. –b option specifies the bit encryption size between 768 and 4096. –C option allows modifying the public key comment and is optional. Follow the instructions.
ssh username@ racadm getsel Uploading, Viewing, and Deleting SSH Keys Using the iDRAC6 Web-Based Interface 1 Click Remote Access→Network/Security→Users. The Users page is displayed. 2 In the User ID column, click a user ID number. The User Main Menu page is displayed. 3 Use the SSH Key Configurations options to upload, view, or remove SSH Key(s). Table 6-8. SSH Key Configurations Option Description Upload SSH Key(s) Allows the local user to upload a Secure Shell (SSH) public key file.
Table 6-10. View/Remove SSH Key(s) Option Description Remove The uploaded key is displayed in the box. Select the Remove option and click Apply to delete the existing key. Uploading, Viewing, and Deleting SSH Keys Using RACADM Upload The upload mode allows you to upload a keyfile or to copy the key text on the command line. You cannot upload and copy a key at the same time.
See "sshpkauth" for information on the subcommand options. Using the RACADM Utility to Configure iDRAC6 Users NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system. Single or multiple iDRAC6 users can be configured using the RACADM command line that is installed with the iDRAC6 agents on the managed system.
NOTE: You can also type racadm getconfig -f and view or edit the myfile.cfg file, which includes all iDRAC6 configuration parameters. Several parameters and object IDs are displayed with their current values. Two objects of interest are: # cfgUserAdminIndex=XX cfgUserAdminUserName= If the cfgUserAdminUserName object has no value, that index number, which is indicated by the cfgUserAdminIndex object, is available for use.
racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 123456 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminPrivilege 0x00000001 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminIpmiLanPrivilege 4 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminIpmiSerialPrivilege 4 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminSolEnable 1 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminEnable 1 To verify, use one of the following commands: racadm getconfig -u john racadm getconfig –g cfgUserAdmin –i 2 Rem
racadm config -g cfgUserAdmin -o cfgUserAdminPrivilege -i Adding and Configuring iDRAC6 Users 143
Adding and Configuring iDRAC6 Users
Using the iDRAC6 Directory Service A directory service maintains a common database for storing information about users, computers, printers, etc. on a network. If your company uses either the Microsoft® Active Directory® or the LDAP Directory Service software, you can configure the software to provide access to iDRAC6, allowing you to add and control iDRAC6 user privileges to your existing users in your directory service.
Prerequisites for Enabling Active Directory Authentication for the iDRAC6 To use the Active Directory authentication feature of the iDRAC6, you must have already deployed an Active Directory infrastructure. See the Microsoft website for information on how to set up an Active Directory infrastructure, if you don't already have one.
Extended Schema Active Directory Overview Using the extended schema solution requires the Active Directory schema extension, as described in the following section. Extending the Active Directory Schema Important: The schema extension for this product is different from the previous generations of Dell Remote Management products. You must extend the new schema and install the new Active Directory Users and Computers Microsoft Management Console (MMC) Snap-in on your directory.
Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for our attributes and classes that are added into the directory service. Dell extension is: dell Dell base OID is: 1.2.840.113556.1.8000.
Figure 7-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization. Figure 7-1. Typical Setup for Active Directory Objects iDRAC Association Object User(s) Group(s) Privilege Object iDRAC Device Object(s) You can create as many or as few association objects as required.
Accumulating Privileges Using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.
For example, Priv1 has these privileges: Login, Virtual Media, and Clear Logs and Priv2 has these privileges: Login to iDRAC, Configure iDRAC, and Test Alerts. As a result, User1 now has the privilege set: Login to iDRAC, Virtual Media, Clear Logs, Configure iDRAC, and Test Alerts, which is the combined privilege set of Priv1 and Priv2.
You can extend your schema using one of the following methods: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema. The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: • DVD drive:\SYSMGMT\ManagementStation\support\OMActiveDirectory_ Tools\Remote_Management_Advanced\LDIF_Files • :\SYSMGMT\ManagementS
The schema is extended. To verify the schema extension, use the MMC and the Active Directory Schema Snap-in to verify that the following exist: • Classes (see Table 7-2 through Table 7-7) • Attributes (Table 7-8) See your Microsoft documentation for details about using the MMC and the Active Directory Schema Snap-in. Table 7-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.
Table 7-4. delliDRACAssociationObject Class (continued) OID 1.2.840.113556.1.8000.1280.1.7.1.2 Class Type Structural Class SuperClasses Group Attributes dellProductMembers dellPrivilegeMember Table 7-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Used to define the privileges (Authorization Rights) for the iDRAC device.
Table 7-7. dellProduct Class OID 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived. Class Type Structural Class SuperClasses Computer Attributes dellAssociationMembers Table 7-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute.
Table 7-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued delIsLogClearAdmin 1.2.840.113556.1.8000.1280.1.1.2.6 TRUE TRUE if the user has Log Clearing rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsServerResetUser 1.2.840.113556.1.8000.1280.1.1.2.7 TRUE if the user has Server Reset rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.
Table 7-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellAssociationMembers 1.2.840.113556.1.8000.1280.1.1.2.14 FALSE List of Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellAssociationObjectMembers that belong to this Product. This attribute is the backward link to the dellProductMembers linked attribute.
Opening the Microsoft Active Directory Users and Computers Snap-In To open the Active Directory Users and Computers Snap-in: 1 If you are logged into the domain controller, click Start Admin Tools→ Active Directory Users and Computers. If you are not logged into the domain controller, you must have the appropriate Microsoft Administrator Pack installed on your local system. To install this Administrator Pack, click Start→Run, type MMC, and press Enter. The MMC is displayed.
4 Select iDRAC Device Object. 5 Click OK. Creating a Privilege Object NOTE: A Privilege Object must be created in the same domain as the related Association Object. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→Dell Remote Management Object Advanced. The New Object window is displayed. 3 Type a name for the new object. 4 Select Privilege Object. 5 Click OK. 6 Right-click the privilege object that you created, and select Properties.
Adding Users or User Groups 1 Right-click the Association Object and select Properties. 2 Select the Users tab and click Add. 3 Type the user or User Group name and click OK. Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC device. Only one privilege object can be added to an Association Object. Adding Privileges 1 Select the Privileges Object tab and click Add.
6 Under Certificate Settings, check Enable Certificate Validation if you want to validate the SSL certificate of your Active Directory servers; otherwise, go to step 9. 7 Under Upload Active Directory CA Certificate, type the file path of the certificate or browse to find the certificate file. NOTE: You must type the absolute file path, which includes the full path and the complete file name and file extension. 8 Click Upload.
successful connection. If Extended Schema is selected, the domain controllers are where the iDRAC6 device object and the Association objects are located. 16 Select the Specify Domain Controller Addresses option to allow iDRAC6 to use the Active Directory domain controller server addresses that are specified. DNS lookup is not performed. Specify the IP address or the Fully Qualified Domain Name (FQDN) of the domain controllers.
You have completed the Active Directory configuration with Extended Schema. Configuring Microsoft Active Directory With Extended Schema Using RACADM Use the following commands to configure the iDRAC6 Microsoft Active Directory feature with Extended Schema using the RACADM CLI tool instead of the Web-based interface.
CAUTION: In this release, the Smart Card based Two Factor Authentication (TFA) and the single sign-on (SSO) features are not supported if the Active Directory is configured for Extended Schema. If you want to disable the certificate validation during SSL handshake, type the following RACADM command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0 In this case, you do not have to upload a CA certificate.
racadm config -g cfgLanNetworking -o cfgDNSServer2 4 If you want to configure a list of user domains so that you only need to enter the user name during login to the iDRAC6 Web-based interface, type the following command: racadm config -g cfgUserDomain -o cfgUserDomainName -i You can configure up to 40 user domains with index numbers between 1 and 40. See "Using Microsoft Active Directory to Log In to the iDRAC6" for details about user domains.
Standard Schema Active Directory Overview As shown in Figure 7-3, using standard schema for Active Directory integration requires configuration on both Active Directory and the iDRAC6. Figure 7-3. Configuration of iDRAC with Microsoft Active Directory and Standard Schema Configuration on iDRAC Side Configuration on Active Directory Side Role Group Role Group Name and Domain Name Role Definition User On the Active Directory side, a standard group object is used as a role group.
Table 7-9.
Configuring Standard Schema Microsoft Active Directory to Access iDRAC6 You must perform the following steps to configure Active Directory before an Active Directory user can access iDRAC6: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2 Create a group or select an existing group.
8 Click Upload. The certificate information for the valid Active Directory CA certificate is displayed. 9 Under Upload Kerberos Keytab, type the path of the keytab file or browse to locate the file. Click Upload. The Kerberos keytab is uploaded into the iDRAC6. 10 Click Next to go to the Step 2 of 4 Active Directory Configuration and Management page. 11 Select Enable Active Directory.
NOTE: The FQDN or IP address that you specify in this field should match the Subject or Subject Alternative Name field of your domain controller certificate if you have certificate validation enabled. 18 Click Next to go to the Step 3 of 4 Active Directory Configuration and Management page. 19 Under Schema Selection, select Standard Schema. 20 Click Next to go to the Step 4a of 4 Active Directory Configuration and Management page.
25 Specify the Role Group Domain, which is the domain of the Role Group. 26 Specify the Role Group Privileges by selecting the Role Group Privilege Level. For example, if you select Administrator, all of the privileges are selected for that level of permission. 27 Click Apply to save Role Group settings. The iDRAC6 Web server automatically returns you to the Step 4a of 4 Active Directory Configuration and Management page where your settings are displayed. 28 Configure additional Role Groups, if required.
racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupPrivilege NOTE: For Bit Mask Number values, see Table B-2.
NOTE: The Global Catalog server is only required for standard schema in the case that the user accounts and the role groups are in different domains. And, in this multiple domain case, only the Universal Group can be used. NOTE: The FQDN or IP address that you specify in this field should match the Subject or Subject Alternative Name field of your domain controller certificate if you have certificate validation enabled.
racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 4 If you want to configure a list of user domains so that you only need to enter the user name during login to the Web-based interface, type the following command: racadm config -g cfgUserDomain -o cfgUserDomainName -i Up to 40 user domains can be configured with index numbers between 1 and 40.
Authority (CA)—the root certificate of which is also uploaded into the iDRAC. In other words, for iDRAC to be able to authenticate to any domain controller—whether it is the root or the child domain controller—that domain controller should have an SSL-enabled certificate signed by the domain’s CA.
10 In the Console 1 window, expand the Certificates folder, expand the Personal folder, and click the Certificates folder. 11 Locate and right-click the root CA certificate, select All Tasks, and click Export... . 12 In the Certificate Export Wizard, click Next, and select No do not export the private key. 13 Click Next and select Base-64 encoded X.509 (.cer) as the format. 14 Click Next and save the certificate to a directory on your system. 15 Upload the certificate you saved in step 14 to the iDRAC.
To download the iDRAC6 SSL certificate, run the following RACADM command: racadm sslcertdownload -t 0x1 -f 1 On the domain controller, open an MMC Console window and select Certificates→Trusted Root Certification Authorities. 2 Right-click Certificates, select All Tasks and click Import. 3 Click Next and browse to the SSL certificate file. 4 Install the iDRAC6 SSL Certificate in each domain controller’s Trusted Root Certification Authority.
White space and special characters (such as \, /, or @) cannot be used in the user name or the domain name. NOTE: You cannot specify NetBIOS domain names, such as Americas, because these names cannot be resolved. If you log in from the Web-based interface and you have configured user domains, the Web-based interface login page will list all the user domains in the pull-down menu for your to choose. If you select a user domain from the pull-down menu, you should only enter the user name.
Active Directory credentials. The iDRAC6 uses the cached Active Directory credentials to log you in. To enable single sign–on using the CLI, run the racadm command: racadm -g cfgActiveDirectory -o cfgADSSOEnable 1 Logging Into the iDRAC6 Using Single Sign-On 1 Log into your workstation using your network account.
Login Syntax (Directory User versus Local User) Unlike Active Directory, special characters ("@", "\", and "/") are not used to differentiate an LDAP user from a local user. The login user should only enter the user name, excluding the domain name. iDRAC6 takes the user name as is and does not break it down to the user name and user domain. When generic LDAP is enabled, iDRAC6 first tries to login the user as a directory user. If it fails, local user lookup is enabled.
NOTE: In this release, non-SSL port based LDAP bind is not supported. Only LDAP over SSL is supported. 6 Under Certificate Settings, check Enable Certificate Validation to enable certificate validation. If enabled, iDRAC6 uses the CA certificate to validate the LDAP server certificate during Secure Socket Layer (SSL) handshake; if disabled, iDRAC6 skips the certificate validation step of the SSL handshake.
12 In the LDAP Server Address field, enter the fully qualified domain name (FQDN) or the IP address of the LDAP server. To specify multiple redundant LDAP servers that serve the same domain, provide the list of all servers separated by commas. iDRAC6 tries to connect to each server in turn, until it makes a successful connection. 13 Enter the port used for LDAP over SSL in the LDAP Server Port field. The default is 636.
21 Under Role Groups, click a Role Group. The Step 3b of 3 Generic LDAP Configuration and Management page is displayed. Use this page to configure each Role Group used to control authorization policy for users. 22 Enter the Group Distinguished Name (DN) that identifies the role group in the generic LDAP Directory Service associated with iDRAC6. 23 In the Role Group Privileges section, specify the privileges associated with the group by selecting the Role Group Privilege Level.
racadm config -g cfgldap -o cfgLdapCertValidationenable 0 racadm config -g cfgldaprolegroup -i 1 -o cfgLdapRoleGroupDN 'cn=everyone,ou=groups,dc= common,dc=com' racadm config -g cfgldaprolegroup -i 1 -o cfgLdapRoleGroupPrivilege 0x0001 View the settings using the below commands racadm getconfig -g cfgldap racadm getconfig -g cfgldaprolegroup -i 1 Use RACADM to confirm whether login is possible racadm -r -u user.
The Configure encryption types allowed for Kerberos policy setting is located at Computer Configuration\Security Settings\Local Policies\Security Options. 2 The domain clients must have the updated GPO. At the command line, type gpupdate /force and delete the old key tab with klist purge cmd. 3 Once the GPO has been updated, create the new keytab. 4 Upload the keytab to the iDRAC6. SSO will work now with iDRAC6. My Active Directory login failed.
1 The iDRAC6 date is not within the valid period of the server certificate or CA certificate. Please check your iDRAC6 time and the valid period of your certificate. 2 The domain controller addresses configured in iDRAC6 do not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP address, please read the following question and answer.
How does standard schema query work? iDRAC6 connects to the configured domain controller address(es) first, if the user and role groups are in that domain, the privileges will be saved. If Global Controller Address(es) is configured, iDRAC6 continues to query the Global Catalog. If additional privileges are retrieved from the Global Catalog, these privileges will be accumulated. Does iDRAC6 always use LDAP over SSL? Yes. All the transportation is over secure port 636 and/or 3269.
b Ensure that the DNS setting is correct on the iDRAC6 Networking configuration page. c Ensure that you have uploaded the right Active Directory root CA certificate to the iDRAC6 if you enabled certificate validation. Ensure that the iDRAC6 time is within the valid period of the CA certificate. d If you are using the Extended Schema, ensure that the iDRAC6 Name and iDRAC6 Domain Name match your Active Directory environment configuration.
Configuring Smart Card Authentication The iDRAC6 supports the two factor authentication (TFA) feature by enabling Smart Card Logon. The traditional authentication schemes use user name and password to authenticate users. This provides minimal security. TFA, on the other hand, provides a higher-level of security by making the users provide two factors of authentication - what you have and what you know–what you have is the Smart Card, a physical device, and what you know–a secret code like a password or PIN.
NOTE: It is recommended that the iDRAC6 administrator use the Enable with Remote Racadm setting only to access the iDRAC6 Web-based interface to run scripts using the remote RACADM commands. If the administrator does not need to use the remote RACADM, it is recommended to use the Enabled setting for Smart Card logon. Ensure that the iDRAC6 local user configuration and/or Active Directory configuration is complete before enabling Smart Card Logon. • Disable Smart Card configuration (default).
trusted CA certificate for the user. Configure the user with the username that forms the user’s User Principal Name (UPN) in the Smart Card certificate. NOTE: To log into the iDRAC6, the user name that you configure in the iDRAC6 should have the same case as the User Principal Name (UPN) in the Smart Card certificate. For example, in case the Smart Card certificate has been issued to the user, "sampleuser@domain.com," the username should be configured as "sampleuser.
Table 8-1. Setting Smart Card Settings Description Configure Smart Card • Disabled — Disables Smart Card logon. Subsequent logins Logon from the graphical user interface (GUI) display the regular login page. All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM are set to their default state. • Enabled — Enables Smart Card logon. After applying the changes, logout, insert your Smart Card and then click Login to enter your Smart Card PIN.
Logging Into the iDRAC6 Using the Smart Card The iDRAC6 Web interface displays the Smart Card logon page for all users who are configured to use the Smart Card. NOTE: Ensure that the iDRAC6 local user and/or Active Directory configuration is complete before enabling the Smart Card Logon for the user. NOTE: Depending on your browser settings, you may be prompted to download and install the Smart Card reader ActiveX plug-in when using this feature for the first time. 1 Access the iDRAC6 Web page using https.
Logging Into the iDRAC6 Using Active Directory Smart Card Authentication 1 Log into the iDRAC6 using https. https:// If the default HTTPS port number (port 443) has been changed, type: https://: where IP address is the IP address for the iDRAC6 and port number is the HTTPS port number. The iDRAC6 Login page is displayed prompting you to insert the Smart Card. 2 Insert the Smart Card and click Login. The PIN pop-up dialog box is displayed. 3 Enter the PIN and click OK.
Incorrect Smart Card PIN Check to see if the Smart Card has been locked out due to too many attempts with an incorrect PIN. In such cases, the issuer of the Smart Card in the organization will be able to help you get a new Smart Card. Unable to Log into Local iDRAC6 If a local iDRAC6 user cannot log in, check if the username and the user certificates uploaded to the iDRAC6 have expired.
Table 8-2. Distributed Versions of the C++ Redistributable Package Redistributable Version Package File Name Release Date vcredist_x86.exe 6.0.2900.2180 March 21, 2006 vcredist_x86.exe 9.0.21022.8 • 196 Size Description 2.56 MB MS Redistributable 2005 November 7, 2007 1.73 MB MS Redistributable 2008 Ensure that iDRAC6 time and the domain controller time at the domain controller server are set within 5 minutes of each other for Kerberos authentication to work.
Enabling Kerberos Authentication Kerberos is a network authentication protocol that allows systems to communicate securely over a non-secure network. It achieves this by allowing the systems to prove their authenticity. To keep with the higher authentication enforcement standards, iDRAC6 now supports Kerberos based Active Directory® authentication to support Active Directory Smart Card and single sign-on logins.
Prerequisites for single sign-on and Active Directory Authentication Using Smart Card • Configure the iDRAC6 for Active Directory login. For more information, see "Using Microsoft Active Directory to Log In to the iDRAC6." • Register the iDRAC6 as a computer in the Active Directory root domain. a Click Remote Access→Network/Security tab→Network subtab. b Provide a valid Preferred/Alternate DNS Server IP address.
Since the iDRAC6 is a device with a non-Windows operating system, run the ktpass utility—part of Microsoft Windows—on the domain controller (Active Directory server) where you want to map the iDRAC6 to a user account in Active Directory. For example, use the following ktpass command to create the Kerberos keytab file: C:\>ktpass -princ HOST/dracname.domainname.com@DOMAINNAME.COM mapuser dracname -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out c:\krbkeytab The encryption type that iDRAC6 uses for K
Configuring the iDRAC6 for single sign-on and Active Directory Authentication Using Smart Card Upload the keytab obtained from the Active Directory root domain, to the iDRAC6: 1 Click Remote Access→Network/Security tab→Directory Service subtab→ Click Microsoft Active Directory. 2 Select Upload Kerberos Keytab and click Next. 3 On the Kerberos Keytab Upload page, select the keytab file to upload and click Apply. You can also upload the file to iDRAC6 by using CLI racadm commands.
Logging Into the iDRAC6 Using single sign-on for Active Directory Users NOTE: To log into the iDRAC6, ensure that you have the latest runtime components of Microsoft Visual C++ 2005 Libraries. For more information, see the Microsoft website. 1 Log into your system using a valid Active Directory account. 2 Type the web address of the iDRAC6 in the address bar of your browser.
Enabling Kerberos Authentication
Using GUI Console Redirection This section provides information about using the iDRAC6 console redirection feature. Overview The iDRAC6 console redirection feature enables you to access the local console remotely in either graphic or text mode. Using console redirection, you can control one or more iDRAC6-enabled systems from one location. You do not have to sit in front of each server to perform all the routine maintenance.
The following rules apply to a console redirection session: • A maximum of four simultaneous console redirection sessions are supported. All sessions view the same managed server console simultaneously. • Two sessions can be opened to a remote server (one per plug-in type) from the same client console (management station). Multiple sessions to multiple remote servers are possible from the same client. • A console redirection session should not be launched from a Web browser on the managed system.
4 If you are using IE to launch a vKVM session with Active-X plug-in, ensure that you have added the iDRAC6 IP or hostname to the Trusted Sites list. You should also reset the custom settings to Medium-low or change the settings to allow installation of signed Active-X plug-ins. 5 It is recommended that you configure your monitor display resolution to 1280x1024 pixels or higher. NOTE: If your system is running a Linux operating system, an X11 console may not be viewable on the local monitor.
3 Select Add-ons that have been used by Internet Explorer from the Show drop-down menu. 4 Delete the Video Viewer add-on. To clear older versions of Active-X viewer for IE8, do the following: 1 Close the Video Viewer and Internet Explorer browser. 2 Open the Internet Explorer browser again and go to Internet Explorer→ Tools→Manage Add-ons and click Enable or Disable Add-ons. The Manage Add-ons window is displayed. 3 Select All Add-ons from the Show drop-down menu.
Configuring Console Redirection in the iDRAC6 Web Interface To configure console redirection in the iDRAC6 Web interface, perform the following steps: 1 Click System→Console/Media→Configuration to configure iDRAC6 console redirection settings. 2 Configure the console redirection properties. Table 10-2 describes the settings for console redirection. 3 When completed, click Apply. 4 Click the appropriate button to continue. See Table 10-3. Table 10-2.
Table 10-2. Console Redirection Configuration Properties (continued) Property Description Video Encryption Enabled Checked indicates that video encryption is enabled. All traffic going to the video port is encrypted. Unchecked indicates that video encryption is disabled. Traffic going to the video port is not encrypted. The default is Encrypted. Disabling encryption can improve performance on slower networks.
Opening a Console Redirection Session When you open a console redirection session, the Dell™ Virtual KVM Viewer Application starts and the remote system’s desktop is displayed in the viewer. Using the Virtual KVM Viewer Application, you can control the remote system’s mouse and keyboard functions from your local management station. NOTE: vKVM launch from a Windows Vista® management station may lead to vKVM restart messages.
Table 10-4. Console Redirection (continued) Property Description Plug-in Type Displays the type of plug-in you selected in the Configuration page. NOTE: For 64–bit Windows platforms, the iDRAC6 authentication Active–X plug–in will not get installed properly if a 64–bit version of "Microsoft Visual C++ 2005 Redistributable Package" is deployed. To install and run the Active–X plug–in properly, deploy the 32–bit version of "Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)".
4 Two mouse pointers appear in the viewer window: one for the remote system and one for your local system. You can change to a single cursor by selecting the Single Cursor option under Tools in the iDRAC6 KVM menu. Using iDRAC6 KVM (Video Viewer) The iDRAC6 KVM (Video Viewer) provides a user interface between the management station and the managed server, allowing you to see the managed server’s desktop and control its mouse and keyboard functions from your management station.
Table 10-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Virtual Media Launch Virtual The Virtual Media Session is displayed which lists Media the devices available for mapping in the main window. To virtualize a device, check the option in the Mapped column of the table. The device will be mapped to the server at this point. To unmap, clear the checkbox. The Details button displays a panel that lists the Virtual Devices and also displays read/write activity for each device.
Table 10-6. Menu Item Viewer Menu Bar Selections (continued) Item Description Macros When you select a macro, or enter the hotkey specified for the macro, the action is executed on the remote system.
Table 10-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Tools Session Options The Sessions Options window provides additional session viewer control adjustments. This window has the General and Mouse tabs. You can control the Keyboard pass through mode from the General tab. Select Pass all keystrokes to target to pass your management station's keystrokes to the remote system. The mouse tab contains two sections: Single Cursor and Mouse Acceleration.
Table 10-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Power Power ON System Powers on the system. Power OFF System Powers off the system. Graceful Shutdown Shuts down the system. Reset System (warm boot) Reboots the system without powering it off. Power Cycle System (cold boot) Powers off, and then reboots the system. Contents and Index Provides instructions on how to view the online help. Help About iDRAC6 Displays the iDRAC6 KVM version.
NOTE: If the local server video is turned ON, it will take 15 seconds to turn OFF. 4 To enable (turn on) local video on the server, check the Local Server Video Enabled checkbox on the Configuration page, and then click Apply. Launching vKVM and Virtual Media Remotely You can launch vKVM/virtual media by entering a single URL on a supported browser instead of launching it from the iDRAC6 Web GUI.
Table 10-7. Error Scenarios (continued) Error Scenarios Reason Behavior Insufficient Privileges You do not have console redirection and virtual media privileges. The iDRAC6 KVM viewer is not launched and you are redirected to the Console/Media configuration GUI page. Console Redirection disabled Console redirection is The iDRAC6 KVM viewer is not disabled on your system. launched and you are redirected to the Console/Media configuration GUI page.
Table 10-8. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Can the local user also turn When the local console is disabled, the local user off the video? cannot turn off the video. Can the local user also turn When the local console is disabled, the local user on the video? cannot turn on the video. Does switching off the local No.
Table 10-8. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why doesn’t the mouse sync Virtual KVM requires the USB mouse driver, but under the Linux text the USB mouse driver is available only under the console (either in Dell X-Window operating system.
Table 10-8. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why do multiple Session You are configuring a console redirection session from Viewer windows appear the local system. This is not supported. when I establish a console redirection session from the local host? If I am running a console No. If a local user accesses the system, both have redirection session and a control of the system.
Using the WS-MAN Interface Web Services for Management (WS–MAN) is a Simple Object Access Protocol (SOAP)–based protocol used for systems management. WS–MAN provides an interoperable protocol for devices to share and exchange data across networks. iDRAC6 uses WS–MAN to convey Distributed Management Task Force (DMTF) Common Information Model (CIM)–based management information; the CIM information defines the semantics and information types that can be manipulated in a managed system.
Table 11-1. Standard DMTF (continued) 3 Physical Asset: Defines CIM classes for representing the physical aspect of the managed elements. iDRAC6 uses this profile to represent the host server’s and its component’s FRU information, as well as the physical topology. 4 SM CLP Admin Domain Defines CIM classes for representing CLP’s configuration. iDRAC6 uses this profile for its own implementation of CLP. 5 Power State Management Defines CIM classes for power control operations.
Table 11-1. Standard DMTF (continued) 15 Software Update Defines CIM classes for inventory of available software updates. iDRAC6 uses this profile for inventory of updates of the firmware through the TFTP protocol. 16 SMASH Collection Defines CIM classes for representing CLP’s configuration. iDRAC6 uses this profile for its own implementation of CLP. 17 Profile Registration Defines CIM classes for advertising the profile implementations.
Table 11-1. Standard DMTF (continued) Dell Extensions 1 Dell™ Active Directory Client Version 2.0.0 Defines CIM and Dell extension classes for configuring iDRAC6 Active Directory client and the local privileges for Active Directory groups. 2 Dell Virtual Media Defines CIM and Dell extension classes for configuring iDRAC6 Virtual Media. Extends USB Redirection Profile. 3 Dell Ethernet Port Defines CIM and Dell extension classes for configuring NIC Side-Band interface for the iDRAC6 NIC.
Using the iDRAC6 SM-CLP Command Line Interface This section provides information about the Distributed Management Task Force (DMTF) Server Management-Command Line Protocol (SM-CLP) that is incorporated in the iDRAC6. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SM-CLP specifications. For more information on these specifications, see the DMTF website at www.dmtf.org.
SM-CLP Features The SM-CLP promotes the concept of verbs and targets to provide system management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation. Below is an example of the SM-CLP command line syntax. [] [] [] During a typical SM-CLP session, you can perform operations using the verbs listed in Table 12-1. Table 12-1.
Table 12-2.
Table 12-2.
Table 12-2.
Table 12-2.
Table 12-2.
Table 12-2.
Deploying Your Operating System Using VMCLI The Virtual Media Command Line Interface (VMCLI) utility is a command-line interface that provides virtual media features from the management station to the iDRAC6 in the remote system. Using VMCLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the VMCLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using the iDRAC6 Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Microsoft® Windows® systems.
When you create the image file, do the following: • Follow standard network-based installation procedures • Mark the deployment image as read only to ensure that each target system boots and executes the same deployment procedure 4 Perform one of the following procedures: • Integrate IPMItool and VMCLI into your existing operating system deployment application. Use the sample vm6deploy script as a guide to using the utility. • Use the existing vm6deploy script to deploy your operating system.
• is the path to an ISO9660 image of the operating system installation CD or DVD • -f {} is the path to the device containing the operating system installation CD , DVD, or Floppy • is the path to a valid floppy image The vm6deploy script passes its command line options to the VMCLI utility. See “Command Line Options” for details about these options. The script processes the -r option slightly differently than the vmcli -r option.
If your operating system supports administrator privileges or an operating system-specific privilege or group membership, administrator privileges are also required to run the VMCLI command. The client system’s administrator controls user groups and privileges, thereby controlling the users who can run the utility. For Windows systems, you must have Power User privileges to run the VMCLI utility. For Linux systems, you can access the VMCLI utility without administrator privileges by using the sudo command.
The VMCLI command format is as follows: VMCLI [parameter] [operating_system_shell_options] Command-line syntax is case-sensitive. See "VMCLI Parameters" for more information. If the remote system accepts the commands and the iDRAC6 authorizes the connection, the command continues to run until either of the following occurs: • The VMCLI connection terminates for any reason. • The process is manually terminated using an operating system control.
iDRAC6 User Password -p This parameter provides the password for the specified iDRAC6 user. If iDRAC6 authentication fails, an error message displays and the command terminates.
2 Get the name for the kernel image by typing the following command at the command line: uname -r 3 Go to the /boot directory and delete the kernel image file, whose name you determined in Step 2: mkinitrd /boot/initrd-’uname -r’.img ‘uname -r’ 4 Reboot the server.
Specify at least one media type (floppy or CD/DVD drive) with the command, unless only switch options are provided. Otherwise, an error message is displayed and the command terminates and generates an error. Version Display -v This parameter is used to display the VMCLI utility version. If no other non-switch options are provided, the command terminates without an error message. Help Display -h This parameter displays a summary of the VMCLI utility parameters.
• Background execution — By default, the VMCLI utility runs in the foreground. Use the operating system's command shell features to cause the utility to run in the background. For example, under a Linux operating system, the ampersand character (&) following the command causes the program to be spawned as a new background process.
Configuring Intelligent Platform Management Interface (IPMI) Configuring IPMI This section provides information about configuring and using the iDRAC6 IPMI interface. The interface includes the following: • IPMI over LAN • IPMI over Serial • Serial over LAN The iDRAC6 is fully IPMI 2.0 compliant.
Configuring IPMI Using the RACADM CLI 1 Login to the remote system using any of the RACADM interfaces. See "Using RACADM Remotely." 2 Configure IPMI over LAN. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications. a Update the IPMI channel privileges.
where is a 20-character encryption key in a valid hexadecimal format. 3 Configure IPMI Serial over LAN (SOL). At the command prompt, type the following command and press : racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1 a Update the IPMI SOL minimum privilege level. NOTE: The IPMI SOL minimum privilege level determines the minimum privilege required to activate IPMI SOL. For more information, see the IPMI 2.0 specification.
For example: racadm config -g cfgIpmiSol -o cfgIpmiSolBaudRate 57600 c Enable SOL for an individual user. NOTE: SOL can be enabled or disabled for each individual user. At the command prompt, type the following command and press : racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable -i 2 where is the user’s unique ID. 4 Configure IPMI Serial. a Change the IPMI serial connection mode to the appropriate setting.
d Set the IPMI serial channel minimum privilege level.
Using the IPMI Remote Access Serial Interface In the IPMI serial interface, the following modes are available: • IPMI terminal mode — Supports ASCII commands that are submitted from a serial terminal. The command set has a limited number of commands (including power control) and supports raw IPMI commands that are entered as hexadecimal ASCII characters.
Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the console redirection viewer, provides the managed server access to media connected to a remote system on the network. Figure 15-1 shows the overall architecture of Virtual Media. Figure 15-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps. Virtual media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
Linux-Based Management Station To run the virtual media feature on a management station running the Linux operating system, install a supported version of Firefox. A 32-bit Java Runtime Environment (JRE) is required to run the console redirection plugin. You can download a JRE from java.sun.com. CAUTION: To successfully launch Virtual Media, ensure that you have installed a 32-bit version of the JRE on a 64-bit or a 32-bit operating system.
Table 15-2. Virtual Media Configuration Properties (continued) Attribute Value Virtual Media Encryption Enabled Select or deselect the checkbox to enable or disable encryption on Virtual Media connections. Selected enables encryption; deselected disables encryption. Floppy Emulation Indicates whether the Virtual Media appears as a floppy drive or as a USB key to the server. If Floppy Emulation is checked, the Virtual Media device appears as a floppy device on the server.
Running Virtual Media CAUTION: Do not issue a racreset command when running a Virtual Media session. Otherwise, undesirable results may occur, including loss of data. NOTE: The Console Viewer window application must remain active while you access the virtual media.
3 Select System→Console/Media→Console Redirection and Virtual Media. 4 The Console Redirection and Virtual Media page is displayed. If you want to change the values of any of the displayed attributes, see "Configuring Virtual Media." NOTE: The Floppy Image File under Floppy Drive (if applicable) may appear, as this device can be virtualized as a virtual floppy. You can select one optical drive and one floppy/USB flash drive at the same time to be virtualized.
Disconnecting Virtual Media 1 Click Tools→Launch Virtual Media. 2 Uncheck the box next to the media you want to disconnect. The media is disconnected and the Status window is updated. 3 Click Exit to terminate the Virtual Media Session wizard. NOTE: Whenever a Virtual Media session is initiated or a VFlash is connected, an extra drive named "LCDRIVE" is displayed on the host operating system and the BIOS. The extra drive disappears when the VFlash or the Virtual Media session is disconnected.
Installing Operating Systems Using Virtual Media This section describes a manual, interactive method to install the operating system on your management station that may take several hours to complete. A scripted operating system installation procedure using Virtual Media may take less than 15 minutes to complete. See "Deploying the Operating System" for more information. 1 Verify the following: • The operating system installation CD is inserted in the management station’s CD drive.
To use the Boot Once Feature, do the following: 1 Power up the server and enter the BIOS Boot Manager. 2 Change the boot sequence to boot from the remote Virtual Media device. 3 Log in to the iDRAC6 through the Web interface and click System→ Console/Media→Configuration. 4 Check the Enable Boot Once option under Virtual Media. 5 Power cycle the server. The server boots from the remote Virtual Media device. The next time the server reboots, the remote Virtual Media connection is detached.
Frequently Asked Questions about Virtual Media Table 15-4 lists frequently asked questions and answers. Table 15-4. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my Virtual When a network timeout occurs, the iDRAC6 Media client connection drop. firmware drops the connection, disconnecting the Why? link between the server and the Virtual Drive.
Table 15-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer An installation of the Windows operating system through virtual media seems to take too long. Why? If you are installing the Windows operating system using the Dell Systems Management Tools and Documentation DVD and a slow network connection, the installation procedure may require an extended amount of time to access the iDRAC6 Web interface due to network latency.
Table 15-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE® Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
Table 15-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? (Answer Continued) To mount the Virtual CD drive, locate the device node that Linux assigns to the Virtual CD drive.
Table 15-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer Why are all my USB devices detached after I connect a USB device? Virtual Media devices and Virtual Flash devices are connected as a composite USB device to the Host USB BUS, and they share a common USB port.
Configuring the VFlash Media Card for Use With iDRAC6 The VFlash media card is a Secure Digital (SD) card that plugs into the optional iDRAC6 Enterprise card slot at the back of your system. It provides storage space and behaves like a common USB Flash Key device. For information on how to install and remove the VFlash media card from your system, see your Hardware Owner’s Manual at support.dell.com\manuals.
The VFlash screen is displayed. Table 16-1 lists the SD Card Properties options. Table 16-1. SD Card Properties Attribute Description Virtual Key Size This field allows you to select the size to be occupied by the VFlash key on the SD card. Select a virtual key size and click Apply. The virtual key re-initializes to the specified size, erases all existing data, and formats a part of the SD card.
Table 16-1. SD Card Properties (continued) Attribute Description Initialize Click Initialize to create the VFlash image, ManagedStore.IMG, on the SD card. NOTE: The Initialize option is enabled only if a VFlash media card is present. Also, the SD card can be formatted only if the VFlash Attach option is unchecked. NOTE: The ManagedStore.IMG and ManagedStore.ID files displayed on the VFlash GUI page are not visible on the host server's operating system but on the SD card.
VFlash Drive NOTE: The image file upload functionality is available only if a valid ManagedStore.IMG image is present on the SD card and the VFlash Attach option is unchecked. Table 16-2 lists the VFlash Drive settings. Table 16-2. VFlash Drive Attribute Description Image File Select a local file on the client machine to be exposed as a VFlash USB key on the remote server. You can store emergency boot images and diagnostic tools directly on the VFlash Media.
Configuring the VFlash Media Card Using RACADM Enabling or Disabling the VFlash Media Card Open a local console to the server, log in, and enter: racadm cfgRacVirtual cfgVirMediaKeyEnable [ 1 or 0 ] where 1 is enabled and 0 is disabled. NOTE: For more information about cfgRacVirtual, including output details, see "cfgRacVirtual." NOTE: The RACADM command functions only if a VFlash media card is present.
Configuring the VFlash Media Card for Use With iDRAC6
Power Monitoring and Management Dell™ PowerEdge™ systems incorporate many new and enhanced power management features. The entire platform, from hardware to firmware to systems management software, has been designed with a focus on power efficiency, power monitoring, and power management. The base hardware design has been optimized from a power perspective: • High efficiency power supplies and voltage regulators have been incorporated in to the design.
Power Inventory, Power Budgeting, and Capping From a usage perspective, you may have a limited amount of cooling at the rack level. With a user-defined power cap, you can allocate power as needed to meet your performance requirements. The iDRAC6 monitors power consumption and dynamically throttles processors to meet your defined power cap level, which maximizes performance while meeting your power requirements. Power Monitoring The iDRAC6 monitors the power consumption in PowerEdge servers continuously.
Viewing the Health Status of the Power Supply Units The Power Supplies page displays the status and rating of the power supply units installed in the server. Using the Web-Based Interface To view the health status of the power supply units: 1 Log in to the iDRAC6 Web-based interface. 2 Select Power Supplies in the system tree.
– Input Wattage displays the input wattage of the power supply, which is the maximum AC power load that the system could place on the datacenter. – Maximum Wattage displays the maximum wattage of the power supply, which is the DC power available to the system. This value is used to confirm that sufficient power supply capacity is available for the system configuration. – Online Status indicates the power state of the power supplies: present and OK, input lost, absent, or predictive failure.
The first table displays the minimum and maximum limits of user-specified power capping thresholds for the current system configuration. These represent the range of AC power consumptions you may set as the system cap. Once selected, this cap would be the maximum AC power load that the system could place upon the datacenter. Minimum Potential Power Consumption displays the lowest Power Budget Threshold value that you may specify.
Using the Web-Based Interface 1 Log in to the iDRAC6 Web-based interface. 2 Click the Power Management tab. 3 Select the Power Budget option. The Power Budget Information page displays. 4 Enter a value in Watts, BTU/hr, or percent in the Power Budget Threshold table. The value you specify in Watts or BTU/hr will be the power budget threshold limit value. If you specify a percentage value, it will be a percentage of the Maximum-to-Minimum Potential Power Consumption interval.
Viewing Power Monitoring Using the Web Interface To view the power monitoring data: 1 Log in to the iDRAC6 Web interface. 2 Select Power Monitoring in the system tree. The Power Monitoring page displays. The information provided on the Power Monitoring page is described below: Power Monitoring • Status: OK indicates that the power supply units are present and communicating with the server, Warning indicates that a warning alert was issued, and Severe indicates a failure alert was issued.
• Measurement Start Time displays the date and time recorded when the statistic was last cleared and the new measurement cycle began. For Energy Consumption, you can reset this value with the Reset button, but it will persist through a system reset or failover operation. For System Peak Power and System Peak Amperage, you can reset this value with the Reset button, but it will also persist through a system reset or failover operation.
Show Graph Clicking this button displays graphs showing the iDRAC6 Power and Current Consumption in Watts and Amperes, respectively, over the last hour. The user has the option to view these statistics up to a week before, using the drop-down menu provided above the graphs. NOTE: Each data point plotted on the graphs represents the average of readings over a 5 minute period. As a result, the graphs may not reflect brief fluctuations in power or current consumption.
4 Click Apply. A dialog box is displayed requesting confirmation. 5 Click OK to perform the power management action you selected (for example, cause the system to reset). Using RACADM Open a Telnet/SSH text console to the server, log in, and type: racadm serveraction where is powerup, powerdown, powercycle, hardreset, or powerstatus.
Using the iDRAC6 Configuration Utility Overview The iDRAC6 Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for the iDRAC6 and for the managed server.
Starting the iDRAC6 Configuration Utility 1 Turn on or restart the server by pressing the power button on the front of the server. 2 When you see the Press for Remote Access Setup within 5 sec..... message, immediately press . NOTE: If your operating system begins to load before you press , allow the system to finish booting, then restart your server and try again. The iDRAC6 Configuration Utility window is displayed.
The following sections describe the iDRAC6 Configuration Utility menu items. iDRAC6 LAN Use , , and the spacebar to select between On and Off. The iDRAC6 LAN is enabled in the default configuration. The LAN must be enabled to permit the use of iDRAC6 facilities, such as the Web-based interface, Telnet/SSH, console redirection, and virtual media.
LAN Parameters Press to display the LAN Parameters submenu. When you have finished configuring the LAN parameters, press to return to the previous menu. Table 18-1. LAN Parameters Item Description Common Settings NIC Selection Press , , and spacebar to switch between the modes. The available modes are Dedicated, Shared, Shared with Failover LOM2, and Shared with Failover All LOMs.
Table 18-1. LAN Parameters (continued) Item Description Domain Name If Domain Name from DHCP is set to Off, press to edit the Current Domain Name text field. Press when you have finished editing. Press to return to the previous menu. The domain name must be a valid DNS domain, for example mycompany.com. Host Name String Press to edit. Enter the name of the host for Platform Event Trap (PET) alerts. LAN Alert Enabled Select On to enable the PET LAN alert.
Table 18-1. LAN Parameters (continued) Item Description Default Gateway If the IP Address Source is set to DHCP, this field displays the IP address of the default gateway obtained from DHCP. If the IP Address Source is set to Static, enter the IP address of the default gateway. The default is 192.168.0.1. DNS Servers from DHCP Select On to retrieve DNS server addresses from a DHCP service on the network. Select Off to specify the DNS server addresses below.
Table 18-1. LAN Parameters (continued) Item Description DNS Servers from DHCP Select On to retrieve DNS server addresses from a DHCP service on the network. Select Off to specify the DNS server addresses below. DNS Server 1 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server.
VFlash Press to select Disabled or Enabled. Disable/Enable will cause a Detach and an Attach of all Virtual Media devices from the USB bus. Disable will cause the Virtual Flash to be removed and to become unavailable for use. NOTE: This field will be read-only if an SD card of a size larger than 256 MB is not present on the iDRAC6 Express card slot. Format VFlash Choose this option to format the VFlash. Formatting will erase existing data on the SD card.
Collect System Inventory on Restart Select Enabled to allow the collection of inventory during boot. See the Dell Lifecycle Controller User Guide available on the Dell Support Website at support.dell.com/manuals for more information. NOTE: Modifying this option restarts the server after you have saved your settings and exited from the iDRAC6 Configuration Utility. LCD Configuration Press to display the LCD Configuration submenu.
LCD Remote KVM Indication Select Enabled to display the text KVM whenever a virtual KVM is active on the unit. LCD Front Panel Access Press , , and spacebar to switch between the options: Disabled, View And Modify, and View Only. This setting defines the user access level for the LCD. LAN User Configuration The LAN user is the iDRAC6 administrator account, which is root by default. Press to display the LAN User Configuration submenu.
Table 18-3. LAN User Configuration Item Description Auto-Discovery The auto-discovery feature enables automated discovery of unprovisioned systems on the network; further, it securely establishes initial credentials so that these discovered systems can be managed. This feature enables iDRAC6 to locate the provisioning server. iDRAC6 and provisioning service server mutually authenticate each other.
Table 18-3. LAN User Configuration Item Description Auto–Discovery (continued...) Before adding your Dell system to the network and using the auto–discovery feature, ensure that: • Dynamic Host Configuration Protocol (DHCP) server/Domain Name System (DNS) are configured. • Provisioning Web services is installed, configured, and registered. Provisioning Server This field is used to configure the provisioning server.
To view SEL messages, select View System Event Log and press . Use to move to the previous (older) message and to move to the next (newer) message. Enter a record number to jump to that record. Press when you are through viewing SEL messages. To clear the SEL, select Clear the System Event Log and press . When you have finished with the SEL menu, press to return to the previous menu.
Using the iDRAC6 Configuration Utility
Monitoring and Alert Management This section explains how to monitor the iDRAC6 and provides procedures to configure your system and the iDRAC6 to receive alerts. Configuring the Managed System to Capture the Last Crash Screen Before the iDRAC6 can capture the last crash screen, you must configure the managed system with the following prerequisites. 1 Install the managed system software. For more information about installing the managed system software, see the Server Administrator User's Guide.
Disabling the Windows Automatic Reboot Option To ensure that the iDRAC6 Web-based interface last crash screen feature works properly, disable the Automatic Reboot option on managed systems running the Microsoft Windows Server® 2008 and Windows Server 2003 operating systems. Disabling the Automatic Reboot Option in Windows 2008 Server 1 Open the Windows Control Panel and double-click the System icon. 2 Click Advanced System Settings under Tasks on the left. 3 Click the Advanced tab.
• Temperature Warning Assert Filter • Temperature Critical Assert Filter • Intrusion Critical Assert Filter • Redundancy Degraded Filter • Redundancy Lost Filter • Processor Warning Assert Filter • Processor Critical Assert Filter • Processor Absent Filter • Power Supply Warning Assert Filter • Power Supply Critical Assert Filter • Power Supply Absent Filter • Event Log Critical Assert Filter • Watchdog Critical Assert Filter • System Power Warning Assert Filter • System Power C
Configuring PEF Using the Web-Based Interface For detailed information, see "Configuring Platform Event Filters (PEF)." Configuring PEF Using the RACADM CLI 1 Enable PEF. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiPef -o cfgIpmiPefEnable -i 1 1 where 1 and 1 are the PEF index and the enable/disable selection, respectively. The PEF index can be a value from 1 through 22. The enable/disable selection can be set to 1 (Enabled) or 0 (Disabled).
Configuring PET Configuring PET Using the Web User Interface For detailed information, see "Configuring Platform Event Traps (PET)." Configuring PET Using the RACADM CLI 1 Enable your global alerts. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 2 Enable PET.
3 Configure your PET policy. At the command prompt, type the following command and press : iPv4:racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIPAddr -i 1 iPv6:racadm config -g cfgIpmiPetIpv6 -o cfgIpmiPetIPv6AlertDestIPAddr -i 1 where 1 is the PET destination index and and are the destination IP addresses of the system that receives the platform event alerts. 4 Configure the Community Name string.
where 1 and 1 are the e-mail destination index and the enable/disable selection, respectively. The e-mail destination index can be a value from 1 through 4. The enable/disable selection can be set to 1 (Enabled) or 0 (Disabled). For example, to enable e-mail with index 4, type the following command: racadm config -g cfgEmailAlert -o cfgEmailAlertEnable -i 4 1 3 Configure your e-mail settings.
Testing the RAC SNMP Trap Alert Feature The RAC SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed system. The following example shows how a user can test the SNMP trap alert feature of the RAC. racadm testtrap -i 2 Before you test the RAC SNMP trap alerting feature, ensure that the SNMP and trap settings are configured correctly. See "testtrap" and "testemail" subcommand descriptions to configure these settings.
To access/configure the iDRAC6 SNMP agent community name using the Web-based interface, go to Remote Access→Network/Security→Services and click SNMP Agent. To prevent SNMP authentication errors from being generated, you must enter community names that will be accepted by the agent. Since the iDRAC6 only allows one community name, you must use the same get and set community name for IT Assistant discovery setup.
Monitoring and Alert Management
Recovering and Troubleshooting the Managed System This section explains how to perform tasks related to recovering and troubleshooting a crashed remote system using the iDRAC6 Web-based interface.
Selecting Power Control Actions from the iDRAC6 CLI Use the racadm serveraction command to perform power management operations on the host system. racadm serveraction The options for the string are: • powerdown — Powers down the managed system. • powerup — Powers up the managed system. • powercycle — Issues a power-cycle operation on the managed system. This action is similar to pressing the power button on the system’s front panel to power down and then power up the system.
Table 20-1. System Information Field Description Description System description. BIOS Version System BIOS version. Service Tag System Service Tag number. Host Name Host system’s name. OS Name Operating system running on the system. Table 20-2. Auto Recovery Field Description Recovery Action When a "system hang" is detected, the iDRAC6 can be configured to do one of the following actions: No Action, Hard Reset, Power Down, or Power Cycle.
Table 20-3. Embedded NIC MAC Addresses (continued) Field Description NIC 4 Displays the MAC address(es) of the embedded NIC 4 that uniquely identifies it in the network. Remote Access Controller Table 20-4.
Table 20-5. IPv4 Information (continued) Field Description DHCP Enabled Yes or No. Indicates if the Dynamic Host Configuration Protocol (DHCP) is enabled. Use DHCP to obtain Yes or No. Indicates if you want to use DHCP to obtain DNS DNS server addresses server addresses. Preferred DNS Server Indicates the static IPv4 address for the preferred DNS server. Alternate DNS Server Indicates the static IPv4 address for the alternate DNS server. Table 20-6.
Using the System Event Log (SEL) The SEL page displays system-critical events that occur on the managed system. To view the System Event Log: 1 In the System tree, click System. 2 Click the Logs tab and then click System Event Log. The System Event Log page displays the event severity and provides other information as shown in Table 20-7. 3 Click the appropriate System Event Log page button to continue (see Table 20-7). Table 20-7.
Table 20-8. SEL Page Buttons (continued) Button Action Save As Opens a pop-up window that enables you to save the SEL to a directory of your choice. NOTE: If you are using Internet Explorer and encounter a problem when saving, be sure to download the Cumulative Security Update for Internet Explorer, located on the Microsoft Support website at support.microsoft.com. Using the Command Line to View System Log racadm getsel -i The getsel -i command displays the number of entries in the SEL.
Using the POST Boot Logs NOTE: All logs are cleared after you reboot the iDRAC6. The Boot Capture page provides access to recordings of up to the last three available boot cycles. They are arranged in the order of latest to oldest. If the server has experienced no boot cycles then "No Recording Available" is displayed. Click Play after selecting an available boot cycle to display it in a new window. NOTE: Boot Capture is supported only on Java and not Active-X.
Viewing the Last System Crash Screen NOTE: The last crash screen feature requires the managed system with the Auto Recovery feature configured in Server Administrator. In addition, ensure that the Automated System Recovery feature is enabled using the iDRAC6. Navigate to the Services page under the Network/Security tab in the Remote Access section to enable this feature. The Last Crash Screen page displays the most recent crash screen.
Recovering and Troubleshooting the Managed System
Recovering and Troubleshooting the iDRAC6 This section explains how to perform tasks related to recovering and troubleshooting a crashed iDRAC6. You can use one of the following tools to troubleshoot your iDRAC6: • RAC Log • Diagnostics Console • Identify Server • Trace Log • racdump • coredump Using the RAC Log The RAC Log is a persistent log maintained in the iDRAC6 firmware.
Table 21-1. iDRAC Log Page Information Field Description Date/ Time The date and time (for example, Dec 19 16:55:47). When the iDRAC6 initially starts and is unable to communicate with the managed system, the time will be displayed as System Boot. Source The interface that caused the event. Description A brief description of the event and the user name that logged into the iDRAC6. Using the iDRAC Log Page Buttons The iDRAC Log page provides the buttons listed in Table 21-2. Table 21-2.
Using the Command Line Use the getraclog command to view the iDRAC6 log entries. racadm getraclog -i The getraclog -i command displays the number of entries in the iDRAC6 log. racadm getraclog [options] NOTE: For more information, see "getraclog." You can use the clrraclog command to clear all entries from the iDRAC log.
Table 21-3. Diagnostic Commands Command Description arp Displays the contents of the Address Resolution Protocol (ARP) table. ARP entries may not be added or deleted. ifconfig Displays the contents of the network interface table. netstat Prints the content of the routing table.
Click Apply. Using the Trace Log The internal iDRAC6 Trace Log is used by administrators to debug iDRAC6 alerting and networking issues. To access the Trace Log from the iDRAC6 Web-based interface: 1 In the System tree, click Remote Access. 2 Click the Diagnostics tab. 3 Type the gettracelog command, or the racadm gettracelog command in the Command field. NOTE: You can use this command from the command line interface also. See "gettracelog" for more information.
If available, the coredump information is persistent across RAC power cycles and will remain available until either of the following conditions occur: • The coredump information is cleared using the coredumpdelete subcommand. • Another critical condition occurs on the RAC. In this case, the coredump information will be relative to the last critical error that occurred. The racadm coredumpdelete command can be used to clear any currently resident coredump data stored in the RAC.
Sensors Hardware sensors or probes help you to monitor the systems on your network in a more efficient way by enabling you to take appropriate actions to prevent disasters, such as system instability or damage. You can use the iDRAC6 to monitor hardware sensors for batteries, fan probes, chassis intrusion, power supplies, power consumed, temperature, and voltages. Battery Probes The Battery probes provide information about the system board CMOS and storage RAM on motherboard (ROMB) batteries.
Power Supplies Probes The power supplies probes provides information on: • Status of the power supplies • Power supply redundancy, that is, the ability of the redundant power supply to replace the primary power supply if the primary power supply fails. NOTE: If there is only one power supply in the system, the Power Supply Redundancy will be set to Disabled. Power Monitoring Probes Power monitoring provides information about the real time consumption of power, in watts and amperes.
• System Board 3.3V PG • System Board 5V PG • System Board Backplane PG • System Board CPU VTT • System Board Linear PG The voltage probes indicate whether the status of the probes is within the pre-set warning and critical threshold values.
Sensors
Configuring Security Features The iDRAC6 provides the following security features: • Advanced Security options for the iDRAC6 administrator: • The Console Redirection disable option allows the local system user to disable console redirection using the iDRAC6 Console Redirection feature.
Security Options for the iDRAC6 Administrator Disabling the iDRAC6 Local Configuration Administrators can disable local configuration through the iDRAC6 graphical user interface (GUI) by selecting Remote Access→Network/Security→Services. When the Disable the iDRAC Local Configuration using option ROM check box is selected, the iDRAC6 Configuration Utility—accessed by pressing during system boot—operates in read-only mode, preventing local users from configuring the device.
NOTE: See the white paper on Disabling Local Configuration and Remote Virtual KVM in the DRAC on the Dell Support site at support.dell.com for more information. Although administrators can set the local configuration options using local RACADM commands, for security reasons they can reset them only from an out-of-band iDRAC6 Web-based interface or command line interface.
Disabling iDRAC6 Remote Virtual KVM Administrators can selectively disable the iDRAC6 remote KVM, providing a flexible, secure mechanism for a local user to work on the system without someone else viewing the user’s actions through console redirection. Using this feature requires installing the iDRAC managed node software on the server.
Securing iDRAC6 Communications Using SSL and Digital Certificates This subsection provides information about the following data security features that are incorporated in your iDRAC6: • "Secure Sockets Layer (SSL)" • "Certificate Signing Request (CSR)" • "Accessing the SSL Main Menu" • "Generating a Certificate Signing Request" Secure Sockets Layer (SSL) The iDRAC6 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over the Internet
viewed or changed by others. To ensure security for your DRAC, it is strongly recommended that you generate a CSR, submit the CSR to a CA, and upload the certificate returned from the CA. A CA is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains.
Table 23-2. SSL Main Menu Buttons Button Description Print Prints the SSL Main Menu page. Refresh Reloads the SSL Main Menu page. Next Navigates to the next page. Generating a Certificate Signing Request NOTE: Each CSR overwrites any previous CSR on the firmware. Before iDRAC can accept your signed CSR, the CSR in the firmware must match the certificate returned from the CA. 1 On the SSL Main Menu, select Generate Certificate Signing Request (CSR) and click Next.
Table 23-3. Generate Certificate Signing Request (CSR) Page Options (continued) Field Description Locality The city or other location of the entity being certified (for example, Round Rock). Only alphanumeric characters and spaces are valid. Do not separate words using an underscore or some other character. State Name The state or province where the entity who is applying for a certification is located (for example, Texas). Only alphanumeric characters and spaces are valid. Do not use abbreviations.
Table 23-5. Certificate Information (continued) Field Description Subject Information Certificate attributes entered by the subject Issuer Information Certificate attributes returned by the issuer Valid From Issue date of the certificate Valid To Expiration date of the certificate Using the Secure Shell (SSH) For information about using SSH, see " Using the Secure Shell (SSH)." Configuring Services NOTE: To modify these settings, you must have Configure iDRAC permission.
5 Click the appropriate Services page button to continue. See Table 23-13. Table 23-6. Local Configuration Settings Setting Description Disable the iDRAC local configuration using option ROM Disables local configuration of the iDRAC using option ROM. The option ROM prompts you to enter the setup module by pressing during system reboot. Disable the iDRAC local Disables local configuration of the iDRAC using configuration using RACADM local RACADM. Table 23-7.
Table 23-8. Setting SSH Settings Description Enabled Enables or disable SSH. When checked, the checkbox indicates that SSH is enabled. Timeout The secure shell idle timeout, in seconds. The Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 300. Port Number The port on which the iDRAC6 listens for an SSH connection. The default is 22. Table 23-9. Telnet Settings Setting Description Enabled Enables or disables Telnet.
Table 23-11. SNMP Agent Settings Setting Description Community Name The name of the community that contains the IP address for the SNMP Alert destination. The Community Name can be up to 31 non-blank characters in length. The default setting is public. Table 23-12. Automated System Recovery Agent Setting Setting Description Enabled Enables the Automated System Recovery Agent. Table 23-13. Services Page Buttons Button Description Print Prints the Services page.
Enabling Additional iDRAC6 Security Options To prevent unauthorized access to your remote system, the iDRAC6 provides the following features: • IP address filtering (IPRange) — Defines a specific range of IP addresses that can access the iDRAC6. • IP address blocking — Limits the number of failed login attempts from a specific IP address These features are disabled in the iDRAC6 default configuration.
See "iDRAC6 Property Database Group and Object Definitions" for a complete list of cfgRacTuning properties. Table 23-14. IP Address Filtering (IpRange) Properties Property Description cfgRacTuneIpRangeEnable Enables the IP range checking feature. cfgRacTuneIpRangeAddr Determines the acceptable IP address bit pattern, depending on the 1’s in the subnet mask. This property is bitwise AND’d with cfgRacTuneIpRangeMask to determine the upper portion of the allowed IP address.
To restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask, as shown below: racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.212 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.
As login failures accumulate from a specific IP address, they are "aged" by an internal counter. When the user logs in successfully, the failure history is cleared and the internal counter is reset. NOTE: When login attempts are refused from the client IP address, some SSH clients may display the following message: ssh exchange identification: Connection closed by remote host. See "iDRAC6 Property Database Group and Object Definitions" for a complete list of cfgRacTuning properties.
racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailCount 5 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailWindows 60 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkPenaltyTime 300 The following example prevents more than three failed attempts within one minute, and prevents additional login attempts for an hour.
Table 23-16. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a specific range of IP addresses that can access the iDRAC6. IP Range Address Determines the acceptable IP address bit pattern, depending on the 1's in the subnet mask. This value is bitwise AND’d with the IP Range Subnet Mask to determine the upper portion of the allowed IP address.
RACADM Subcommand Overview This section provides descriptions of the subcommands that are available in the RACADM command line interface. CAUTION: Racadm sets the value of objects without performing any functional validation on them. For example, RACADM allows you to set the Certificate Validation object to 1 with the Active Directory object set to 0, even though Certificate Validation will happen only if Active Directory® is enabled.
Supported Interfaces • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM arp NOTE: To use this command, you must have Execute Diagnostic Commands permission. Table A-2 describes the arp command. Table A-2. arp Command Command Definition arp Displays the contents of the ARP table. ARP table entries cannot be added or deleted. Synopsis racadm arp Supported Interfaces • Remote RACADM • Telnet/ssh/serial RACADM clearasrscreen NOTE: To use this command, you must have Clear Logs permission.
Synopsis racadm clearasrscreen Supported Interfaces • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM config NOTE: To use the getconfig command, you must have Log In iDRAC permission. Table A-4 describes the config and getconfig subcommands. Table A-4. config/getconfig Subcommand Definition config Configures the iDRAC6. getconfig Gets the iDRAC6 configuration data.
NOTE: The configuration file retrieved using remote racadm and local racadm are not interoperable. The configuration file retrieved using remote racadm shows the index property for some of the indexed groups as read-write, for example cfgSSADRoleGroupIndex. For the "config -f " command, use the configuration file retrieved from the same interface. For example, for local racadm "config -f ", use the file generated from the local racadm command "getconfig -f " .
Output This subcommand generates error output upon encountering either of the following: • Invalid syntax, group name, object name, index, or other invalid database members • RACADM CLI failures This subcommand returns an indication of how many configuration objects that were written out of how many total objects were in the .cfg file. Examples • racadm config -g cfgLanNetworking -o cfgNicIpAddress 10.35.10.100 Sets the cfgNicIpAddress configuration parameter (object) to the value 10.35.10.110.
Input Table A-6 describes the getconfig subcommand options. NOTE: The -f option without a file specification will output the contents of the file to the terminal screen. Table A-6. getconfig Subcommand Options Option Description -f The -f option directs getconfig to write the entire iDRAC6 configuration to a configuration file. This file can be used for batch configuration operations using the config subcommand.
• Invalid syntax, group name, object name, index, or other invalid database members • RACADM CLI transport failures If errors are not encountered, this subcommand displays the contents of the specified configuration. Examples • racadm getconfig -g cfgLanNetworking Displays all of the configuration properties (objects) that are contained in the group cfgLanNetworking. • racadm getconfig -f myrac.cfg Saves all group configuration objects from the iDRAC6 to myrac.cfg.
coredump NOTE: To use this command, you must have Execute Debug Commands permission. Table A-7 describes the coredump subcommand. Table A-7. coredump Subcommand Definition coredump Displays the last iDRAC6 core dump. Synopsis racadm coredump Description The coredump subcommand displays detailed information related to any recent critical issues that have occurred with the RAC. The coredump information can be used to diagnose these critical issues.
coredumpdelete NOTE: To use this command, you must have Clear Logs or Execute Debug Commands permission. Table A-8 describes the coredumpdelete subcommand. Table A-8. coredumpdelete Subcommand Definition coredumpdelete Deletes the core dump stored in the iDRAC6. Synopsis racadm coredumpdelete Description The coredumpdelete subcommand can be used to clear any currently resident coredump data stored in the RAC.
fwupdate NOTE: To use this command, you must have Configure iDRAC6 permission. NOTE: Before you begin your firmware update, see "Advanced iDRAC6 Configuration" for additional information. Table A-9 describes the fwupdate subcommand. Table A-9.
Input Table A-10 describes the fwupdate subcommand options. NOTE: The -p option is supported on local and remote RACADM and is not supported with the serial/Telnet/ssh console. The -p option is also not supported on Linux Operating Systems. Table A-10. fwupdate Subcommand Options Option Description -u The update option performs a checksum of the firmware update file and starts the actual update process. This option may be used along with the -g or -p options.
Examples • racadm fwupdate -g -u - a 143.166.154.143 -d In this example, the -g option tells the firmware to download the firmware update file from a location (specified by the -d option) on the TFTP server at a specific IP address (specified by the -a option). After the image file is downloaded from the TFTP server, the update process begins. When completed, the iDRAC6 is reset. • racadm fwupdate -s This option reads the current status of the firmware update.
Description The getssninfo command returns a list of users that are connected to the iDRAC6. The summary information provides the following information: • Username • IP address (if applicable) • Session type (for example, serial or Telnet) • Consoles in use (for example, Virtual Media or Virtual KVM) Supported Interfaces • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM Input Table A-12 describes the getssninfo subcommand options. Table A-12.
Examples • racadm getssninfo Table A-13 provides an example of output from the racadm getssninfo command. Table A-13. getssninfo Subcommand Output Example User IP Address Type Consoles root 192.168.0.10 Telnet Virtual KVM • racadm getssninfo -A "root" "143.166.174.19" "Telnet" "NONE" • racadm getssninfo -A -u * "root" "143.166.174.19" "Telnet" "NONE" "bob" "143.166.174.19" "GUI" "NONE" getsysinfo NOTE: To use this command, you must have Login to iDRAC permission.
Description The getsysinfo subcommand displays information related to the RAC, managed system, and watchdog configuration. NOTE: The local racadm getsysinfo subcommand on Linux displays the PrefixLength on separate lines for IPv6 Address 2 – IPv6 Address 15 and the Link Local Address. Supported Interfaces • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM Input Table A-15 describes the getsysinfo subcommand options. Table A-15.
Sample Output RAC Information: RAC Date/Time = 10/27/2009 14:38:00 Firmware Version = 1.30 Firmware Build = 20 Last Firmware Update = 10/26/2009 16:55:08 Hardware Version = 0.01 MAC Address = 00:24:e8:2e:c5:d3 Common settings: Register DNS RAC Name = 1 DNS RAC Name = eval710-08-r Current DNS Domain = blr.amer.dell.com Domain Name from DHCP = 1 IPv4 settings: Enabled = 1 Current IP Address = 10.94.20.134 Current IP Gateway = 10.94.20.1 Current IP Netmask = 255.255.254.
Autoconfig Link Local IP Address = 1 = fe80::224:e8ff:fe2e:c5d3/255 Current IP Address 2 = :: Current IP Address 3 = :: Current IP Address 4 = :: Current IP Address 5 = :: Current IP Address 6 = :: Current IP Address 7 = :: Current IP Address 8 = :: Current IP Address 9 = :: Current IP Address 10 = :: Current IP Address 11 = :: Current IP Address 12 = :: Current IP Address 13 = :: Current IP Address 14 = :: Current IP Address 15 = :: DNS Servers from DHCPv6 = 0 Current DNS Serv
Embedded NIC MAC Addresses: NIC1 Ethernet iSCSI NIC2 Ethernet iSCSI NIC3 Ethernet iSCSI NIC4 Ethernet iSCSI = 00:24:e8:2e:c5:cb = 00:24:e8:2e:c5:cc = 00:24:e8:2e:c5:cd = 00:24:e8:2e:c5:ce = 00:24:e8:2e:c5:cf = 00:24:e8:2e:c5:d0 = 00:24:e8:2e:c5:d1 = 00:24:e8:2e:c5:d2 Watchdog Information: Recovery Action = None Present countdown value = 15 seconds Initial countdown value = 15 seconds Examples • racadm getsysinfo -A -s "System Information:" "PowerEdge 2900" "A08" "1.
Watchdog Information: Recovery Action = None Present countdown value = 0 seconds Initial countdown value = 0 seconds Restrictions The Hostname and OS Name fields in the getsysinfo output display accurate information only if Dell™ OpenManage™ Server Administrator is installed on the managed system. If not installed, these fields may be blank or inaccurate. getractime NOTE: To use this command, you must have Login to iDRAC permission. Table A-16 describes the getractime subcommand. Table A-16.
Sample Output racadm getractime Thu Dec 8 20:15:26 2005 racadm getractime -d 20051208201542.000000 Supported Interfaces • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM ifconfig NOTE: To use this command, you must have Execute Diagnostic Commands or Configure iDRAC permission. Table A-17 describes the ifconfig subcommand. Table A-17. ifconfig Subcommand Definition ifconfig Displays the contents of the network interface table.
Table A-18. netstat Subcommand Definition netstat Displays the routing table and the current connections. Synopsis racadm netstat Supported Interfaces • Remote RACADM • Telnet/ssh/serial RACADM ping NOTE: To use this command, you must have Execute Diagnostic Commands or Configure iDRAC permission. Table A-19 describes the ping subcommand. Table A-19. ping Subcommand Definition ping Verifies that the destination IP address is reachable from the iDRAC6 with the current routing-table contents.
Table A-20 describes the setniccfg subcommand. Table A-20. setniccfg Subcommand Definition setniccfg Sets the IP configuration for the controller. NOTE: The terms NIC and Ethernet management port may be used interchangeably. Synopsis racadm setniccfg -d racadm setniccfg -d6 racadm setniccfg -s racadm setniccfg -s6 racadm setniccfg -o Description The setniccfg subcommand sets the controller IP address.
Output The setniccfg subcommand displays an appropriate error message if the operation is not successful. If successful, a message is displayed. Supported Interfaces • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM getniccfg NOTE: To use the getniccfg command, you must have Login to iDRAC permission. Table A-21 describes the setniccfg and getniccfg subcommands. Table A-21. setniccfg/getniccfg Subcommand Definition getniccfg Displays the current IP configuration for the controller.
Gateway = 192.168.0.1 Supported Interfaces • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM getsvctag NOTE: To use this command, you must have Login to iDRAC permission. Table A-22 describes the getsvctag subcommand. Table A-22. getsvctag Subcommand Definition getsvctag Displays a service tag. Synopsis racadm getsvctag Description The getsvctag subcommand displays the service tag of the host system. Example Type getsvctag at the command prompt.
racdump NOTE: To use this command, you must have Debug permission. Table A-23 describes the racdump subcommand. Table A-23. racdump Subcommand Definition racdump Displays status and general iDRAC6 information. Synopsis racadm racdump Description The racdump subcommand provides a single command to get dump, status, and general iDRAC6 board information.
racreset NOTE: To use this command, you must have Configure iDRAC permission. Table A-24 describes the racreset subcommand. Table A-24. racreset Subcommand Definition racreset Resets the iDRAC6. NOTE: When you issue a racreset subcommand, the iDRAC6 may require up to one minute to return to a usable state. Synopsis racadm racreset [hard | soft] Description The racreset subcommand issues a reset to the iDRAC6. The reset event is written into the iDRAC6 log.
Examples • racadm racreset Start the iDRAC6 soft reset sequence. • racadm racreset hard Start the iDRAC6 hard reset sequence. Supported Interfaces • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM racresetcfg NOTE: To use this command, you must have Configure iDRAC permission. Table A-26 describes the racresetcfg subcommand. Table A-26. racresetcfg Subcommand Definition racresetcfg Resets the entire iDRAC6 configuration to factory default values.
Description The racresetcfg command removes all database property entries that have been configured by the user. The database has default properties for all entries that are used to restore the controller back to its original default settings. After resetting the database properties, the iDRAC6 resets automatically. NOTE: This command deletes your current iDRAC6 configuration and resets the iDRAC6 and serial configuration to the original default settings.
Table A-28. serveraction Subcommand Options String Definition Specifies the action. The options for the string are: • powerdown — Powers down the managed system. • powerup — Powers up the managed system. • powercycle — Issues a power-cycle operation on the managed system. This action is similar to pressing the power button on the system’s front panel to power down and then power up the system.
Synopsis racadm getraclog -i racadm getraclog [-A] [-o] [-c count] [-s startrecord] [-m] Description The getraclog -i command displays the number of entries in the iDRAC6 log. The following options allow the getraclog command to read entries: • -A — Displays the output with no headers or labels. • -c — Provides the maximum count of entries to be returned. • -m — Displays one screen of information at a time and prompts the user to continue (similar to the UNIX more command).
clrraclog NOTE: To use this command, you must have Clear Logs permission. Synopsis racadm clrraclog Description The clrraclog subcommand removes all existing records from the iDRAC6 log. A new single record is created to record the date and time when the log was cleared. getsel NOTE: To use this command, you must have Login to iDRAC permission. Table A-30 describes the getsel command. Table A-30. getsel Command Definition getsel -i Displays the number of entries in the System Event Log.
-s — Specifies the starting record used for the display -E — Places the 16 bytes of raw SEL at the end of each line of output as a sequence of hex values. -R — Only the raw data is printed. -m — Displays one screen at a time and prompts the user to continue (similar to the UNIX more command). NOTE: If no arguments are specified, the entire log is displayed. Output The default output display shows the record number, timestamp, severity, and description.
Supported Interfaces • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM gettracelog NOTE: To use this command, you must have Login to iDRAC permission. Table A-31 describes the gettracelog subcommand. Table A-31. gettracelog Command Definition gettracelog -i Displays the number of entries in the iDRAC6 trace log. gettracelog Displays the iDRAC6 trace log.
Output The default output display shows the record number, timestamp, source, and description. The timestamp begins at midnight, January 1 and increases until the system boots. After the system boots, the system’s timestamp is used. For example: Record: 1 Date/Time: Dec Source: ssnmgrd[175] 8 08:21:30 Description: root from 143.166.157.
Description The sslcsrgen subcommand can be used to generate a CSR and download the file to the client’s local file system. The CSR can be used for creating a custom SSL certificate that can be used for SSL transactions on the RAC. Options NOTE: The -f option is not supported for the serial/Telnet/ssh console. Table A-33 describes the sslcsrgen subcommand options. Table A-33. sslcsrgen Subcommand Options Option Description -g Generates a new CSR.
Examples racadm sslcsrgen -s or racadm sslcsrgen -g -f c:\csr\csrtest.txt Supported Interfaces • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM (The -f option is not supported for the serial/Telnet/ssh console) sslcertupload NOTE: To use this command, you must have Configure iDRAC permission. Table A-34 describes the sslcertupload subcommand. Table A-34.
Table A-35. sslcertupload Subcommand Options Option Description -f Specifies the file name of the certificate to be uploaded. If the file is not specified, the sslcert file in the current directory is selected. The sslcertupload command returns 0 when successful and returns a nonzero number when unsuccessful. Restrictions The sslcertupload subcommand can only be executed from a local or remote RACADM client. The sslcsrgen subcommand cannot be used in the serial, Telnet, or SSH interface.
Options Table A-37 describes the sslcertdownload subcommand options. Table A-37. sslcertdownload Subcommand Options Option Description -t Specifies the type of certificate to download, either the CA certificate for Directory Service or the server certificate. 1 = server certificate 2 = CA certificate for Directory Service -f Specifies the file name of the certificate to be uploaded. If the -f option or the filename is not specified, the sslcert file in the current directory is selected.
sslcertview NOTE: To use this command, you must have Configure iDRAC permission. Table A-38 describes the sslcertview subcommand. Table A-38. sslcertview Subcommand Description sslcertview Displays the SSL server or CA certificate that exists on the RAC. Synopsis racadm sslcertview -t [-A] Options Table A-39 describes the sslcertview subcommand options. Table A-39.
Organizational Unit (OU) Common Name (CN) : Remote Access Group : iDRAC6 default certificate Issuer Information: Country Code (CC) State (S) Locality (L) Organization (O) Organizational Unit (OU) Common Name (CN) : : : : : : Valid From Valid To : Jul : Jul racadm sslcertview -t 1 -A 00 US Texas Round Rock Dell Inc. Remote Access Group iDRAC6 default certificate US Texas Round Rock Dell Inc.
sslkeyupload NOTE: To use this command, you must have Configure iDRAC permission. Table A-40 describes the sslkeyupload subcommand. Table A-40. sslkeyupload Subcommand Description sslkeyupload Uploads SSL key from the client to the iDRAC6. Synopsis racadm sslkeyupload -t -f Options Table A-41 describes the sslkeyupload subcommand options. Table A-41. sslkeyupload Subcommand Options Option Description -t Specifies the key to upload.
testemail Table A-42 describes the testemail subcommand. Table A-42. testemail configuration Subcommand Description testemail Tests the RAC’s e-mail alerting feature. Synopsis racadm testemail -i Description Sends a test e-mail from the iDRAC6 to a specified destination. Prior to executing the test e-mail command, ensure that the specified index in the RACADM cfgEmailAlert group is enabled and configured properly. Table A-43 provides a list and associated commands for the cfgEmailAlert group.
Options Table A-44 describes the testemail subcommand options. Table A-44. testemail Subcommands Option Description -i Specifies the index of the e-mail alert to test. Output None. Supported Interfaces • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM testtrap NOTE: To use this command, you must have Test Alerts permission. Table A-45 describes the testtrap subcommand. Table A-45. testtrap Subcommand Description testtrap Tests the RAC’s SNMP trap alerting feature.
Table A-46 provides a list and associated commands for the cfgIpmiPet group. Table A-46. cfgEmailAlert Commands Action Command Enable the alert racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i 1 1 Set the destination e-mail IP address racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIpAddr -i 1 192.168.0.110 View the current test trap settings racadm getconfig -g cfgIpmiPet -i where is a number from 1 to 4 Input Table A-47 describes the testtrap subcommand options.
vmdisconnect NOTE: To use this command, you must have Access Virtual Media permission. Table A-48 describes the vmdisconnect subcommand. Table A-48. vmdisconnect Subcommand Description vmdisconnect Closes all open iDRAC6 virtual media connections from remote clients. Synopsis racadm vmdisconnect Description The vmdisconnect subcommand allows a user to disconnect another user's virtual media session. Once disconnected, the Web-based interface will reflect the correct connection status.
vmkey NOTE: To use this command, you must have Access Virtual Media permission. Table A-49 describes the vmkey subcommand. Table A-49. vmkey Subcommand Description vmkey Performs virtual media key-related operations. Synopsis racadm vmkey If is configured as reset, the Virtual Flash memory is reset to the default size of 256 MB. Description When a custom virtual media key image is uploaded to the RAC, the key size becomes the image size.
Synopsis racadm usercertupload -t [-f ] -i Options Table A-51 describes the usercertupload subcommand options. Table A-51. usercertupload Subcommand Options Option Description -t Specifies the type of certificate to upload, either the CA certificate or server certificate. 1 = user certificate 2 = user CA certificate -f Specifies the file name of the certificate to be uploaded. If the file is not specified, the sslcert file in the current directory is selected.
usercertview NOTE: To use this command, you must have Configure iDRAC permission. Table A-52 describes the usercertview subcommand. Table A-52. usercertview Subcommand Description usercertview Displays the user certificate or user CA certificate that exists on the iDRAC6. Synopsis racadm sslcertview -t [-A] -i Options Table A-53 describes the sslcertview subcommand options. Table A-53.
localConRedirDisable NOTE: Only a local RACADM user can execute this command. Table A-54 describes the localConRedirDisable subcommand. Table A-54. localConRedirDisable Subcommand Description localConRedirDisable Disables console redirection to the management station. Synopsis racadm localConRedirDisable
Table A-56. kerbkeytabupload Subcommand Options Option Description -f Specifies the file name of the keytab to be uploaded. If the file is not specified, the keytab file in the current directory is selected. The krbkeytabupload command returns 0 when successful and returns a non–zero number when unsuccessful. Restrictions The krbkeytabupload subcommand can only be executed from a local or remote RACADM client. Example racadm krbkeytabupload -f c:\keytab\krbkeytab.
View The view mode allows the user to view a key specified by the user or all keys. racadm sshpkauth -i <2 to 16> -v -k <1 to 4> racadm sshpkauth -i <2 to 16> -v -k all Delete The delete mode allows the user to delete a key specified by the user or all keys. racadm sshpkauth -i <2 to 16> -d -k <1 to 4> racadm sshpkauth -i <2 to 16> -d -k all Description Enables you to upload and manage up to 4 different SSH public keys.
Supported Interfaces 392 • Local RACADM • Remote RACADM • Telnet/ssh/serial RACADM RACADM Subcommand Overview
iDRAC6 Property Database Group and Object Definitions The iDRAC6 property database contains the configuration information for the iDRAC6. Data is organized by associated object, and objects are organized by object group. The IDs for the groups and objects that the property database supports are listed in this section. Use the group and object IDs with the RACADM utility to configure the iDRAC6. The following sections describe each object and indicate whether the object is readable, writable, or both.
idRacInfo This group contains display parameters to provide information about the specifics of the iDRAC6 being queried. One instance of the group is allowed. The following subsections describe the objects in this group.
Default Description String containing the current product firmware version idRacBuildInfo (Read Only) Legal Values A string of up to 16 ASCII characters Default The current iDRAC6 firmware build version Description String containing the current product build version idRacName (Read Only) Legal Values A string of up to 15 ASCII characters Default iDRAC Description A user-assigned name to identify this controller idRacType (Read Only) Legal Values Product ID Default 10 i
Description Identifies the remote access controller type as the iDRAC6 cfgLanNetworking This group contains parameters to configure the iDRAC6 NIC. One instance of the group is allowed. Some objects in this group may require the iDRAC6 NIC to be reset, which may cause a brief loss in connectivity. Objects that change the iDRAC6 NIC IP address settings will close all active user sessions and require users to reconnect using the updated IP address settings.
Description Specifies the current mode of operation for the RAC network interface controller (NIC). Table B-1 describes the supported modes. Table B-1. cfgNicSelection Supported Modes Mode Description Shared Used if the host server integrated NIC is shared with the RAC on the host server. This mode enables configurations to use the same IP address on the host server and the RAC for common accessibility on the network.
Description Enables or disables the VLAN capabilities of the RAC/BMC. cfgNicVLanId (Read/Write) Legal Values 1-4094 Default 1 Description Specifies the VLAN ID for the network VLAN configuration. This property is only valid if cfgNicVLanEnable is set to 1 (enabled). cfgNicVLanPriority (Read/Write) Legal Values 0–7 Default 0 Description Specifies the VLAN Priority for the network VLAN configuration. This property is only valid if cfgNicVLanEnable is set to 1 (enabled).
Description Specifies that the iDRAC6 DNS domain name should be assigned from the network DHCP server cfgDNSDomainName (Read/Write) Legal Values A string of up to 254 ASCII characters. At least one of the characters must be alphabetic. Characters are restricted to alphanumeric, '-', and '.'. NOTE: Microsoft® Active Directory® only supports Fully Qualified Domain Names (FQDN) of 64 bytes or fewer. Default Description This is the DNS domain name.
cfgDNSRegisterRac (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Registers the iDRAC6 name on the DNS server cfgDNSServersFromDHCP (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies if the DNS server IPv4 addresses should be assigned from the DHCP server on the network cfgDNSServer1 (Read/Write) Legal Values String representing a valid IPv4 address. For example: 192.168.0.20. Default 0.0.0.
cfgDNSServer2 (Read/Write) Legal Values String representing a valid IPv4 address. For example: 192.168.0.20. Default 0.0.0.0 Description Retrieves the IPv4 address for DNS server 2 cfgNicEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the iDRAC6 network interface controller. If the NIC is disabled, the remote network interfaces to the iDRAC6 will no longer be accessible.
Description Specifies the IPv4 address assigned to the iDRAC6 cfgNicNetmask (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values String representing a valid subnet mask. For example: 255.255.255.0. Default 255.255.255.0 Description The subnet mask used for the iDRAC6 IP address cfgNicGateway (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE).
Default 0 Description Specifies whether DHCP is used to assign the iDRAC6 IPv4 address. If this property is set to 1 (TRUE), then the iDRAC6 IPv4 address, subnet mask, and gateway are assigned from the DHCP server on the network. If this property is set to 0 (FALSE), the user can configure the cfgNicIpAddress, cfgNicNetmask, and cfgNicGateway properties. cfgNicMacAddress (Read Only) Legal Values String representing the iDRAC6 NIC MAC address Default The current MAC address of the iDRAC6 NIC.
Description Enables or disables the iDRAC6 firmware update from a network TFTP server cfgRhostsFwUpdateIpAddr (Read/Write) Legal Values A string representing a valid IPv4 address. For example, 192.168.0.61 Default 0.0.0.
Default 0.0.0.0 Description The IPv4 address of the network SMTP server or TFTP server. The SMTP server transmits e-mail alerts from the iDRAC6 if the alerts are configured and enabled. The TFTP server transfers files to and from the iDRAC6. cfgRhostsSyslogEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables remote syslog. cfgRhostsSyslogPort (Read/Write) Legal Values 0 — 65535 Default 514 Description Remote syslog port number.
Default Description Name of remote syslog server. cfgRhostsSyslogServer2 (Read/Write) Legal Values String from 0 to 254 characters. Default Description Name of remote syslog server. cfgRhostsSyslogServer3 (Read/Write) Legal Values String from 0 to 254 characters. Default Description Name of remote syslog server. cfgUserAdmin This group provides configuration information about the users who are allowed to access the iDRAC6 through the available remote interfaces.
cfgUserAdminIndex (Read Only) Legal Values 1 – 16 Default Description This number represents the user instance.
Description This property specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values. Table B-2 describes the user privilege bit values that can be combined to create bit masks. Table B-2.
Table B-3. Sample Bit Masks for User Privileges User Privilege(s) Privilege Bit Mask The user may login to iDRAC, access virtual media, and access console redirection. 0x00000001 + 0x00000040 + 0x00000080 = 0x000000C1 cfgUserAdminUserName (Read/Write) NOTE: This property value must be unique among user names. Legal Values A string of up to 16 ASCII characters Default root (User 2) (All others) Description The name of the user for this index.
cfgUserAdminEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 (User 2) 0 (All others) Description Enables or disables an individual user cfgUserAdminSolEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Serial Over LAN (SOL) user access for the user cfgUserAdminIpmiSerialPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) 15 (No access) 410 iDRAC6 Property Database Group and Object Definitions
Default 4 (User 2) 15 (All others) Description The maximum privilege on the IPMI LAN channel cfgEmailAlert This group contains parameters to configure the iDRAC6 e-mail alerting capabilities. The following subsections describe the objects in this group. Up to four instances of this group are allowed.
Description Enables or disables the alert instance cfgEmailAlertAddress (Read/Write) Legal Values E-mail address format, with a maximum length of 64 ASCII characters Default Description Specifies the destination email address for email alerts, for example, user1@company.
cfgSsnMgtRacadmTimeout (Read/Write) Legal Values 10 –1920 Default 60 Description Defines the idle timeout in seconds for the Remote RACADM interface. If a remote RACADM session remains inactive for more than the specified sessions, the session will be closed.
Description Defines the web server timeout. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session; you must log out and log in again to make the new settings effective. cfgSsnMgtSshIdleTimeout (Read/Write) Legal Values 0 (No timeout) 60 – 1920 Default 300 Description Defines the secure shell idle timeout.
Description Defines the Telnet idle timeout. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session (you must log out and log in again to make the new settings effective).
Default 0 Description Enables or disables the RAC serial console interface. cfgSerialConsoleQuitKey (Read/Write) Legal Values A string of up to 4 characters Default ^\ (<\>) NOTE: The "^" is the key. Description This key or key combination terminates text console redirection when using the console com2 command.
Default 300 Description The maximum number of seconds to wait before an idle serial session is disconnected. cfgSerialConsoleNoAuth (Read/Write) Legal Values 0 (enables serial login authentication) 1 (disables serial login authentication) Default 0 Description Enables or disables the RAC serial console login authentication.
Default 8192 Description Specifies the maximum size of the serial history buffer. cfgSerialCom2RedirEnable (Read/Write) Default 1 Legal Values 1 (TRUE) 0 (FALSE) Description Enables or disables the console for COM 2 port redirection.
Default 0 Description Enables or disables the Telnet console interface on the iDRAC6 cfgOobSnmp This group contains parameters to configure the SNMP agent and trap capabilities of the iDRAC6. One instance of the group is allowed. The following subsections describe the objects in this group.
cfgRacTuning This group is used to configure various iDRAC6 configuration properties, such as valid ports and security port restrictions. cfgRacTuneConRedirPort (Read/Write) Legal Values 1 – 65535 Default 5900 Description Specifies the port to be used for keyboard, mouse, video, and virtual media traffic to the RAC.
Default 0 Description Enables or disables the ability to disable the ability of the local user to configure the iDRAC from the BIOS POST option-ROM cfgRacTuneHttpPort (Read/Write) Legal Values 1 – 65535 Default 80 Description Specifies the port number to use for HTTP network communication with the iDRAC6 cfgRacTuneHttpsPort (Read/Write) Legal Values 1 – 65535 Default 443 Description Specifies the port number to use for HTTPS network communication with the iDRAC6 cfgRacTuneIpRangeEnable (Read/Writ
0 (FALSE) Default 0 Description Enables or disables the IPv4 Address Range validation feature of the iDRAC6 cfgRacTuneIpRangeAddr (Read/Write) Legal Values An IPv4 address formatted string, for example, 192.168.0.44 Default 192.168.1.1 Description Specifies the acceptable IPv4 address bit pattern in positions determined by the "1"s in the range mask property (cfgRacTuneIpRangeMask) cfgRacTuneIpRangeMask (Read/Write) Legal Values An IPv4 address formatted string, for example, 255.255.255.
0 (FALSE) Default 0 Description Enables or disables the IPv4 address blocking feature of the iDRAC6 cfgRacTuneIpBlkFailCount (Read/Write) Legal Values 2 – 16 Default 5 Description The maximum number of login failures to occur within the window (cfgRacTuneIpBlkFailWindow) before login attempts from the IP address are rejected cfgRacTuneIpBlkFailWindow (Read/Write) Legal Values 10 – 65535 Default 60 Description Defines the time span in seconds that the failed attempts are counted.
cfgRacTuneIpBlkPenaltyTime (Read/Write) Legal Values 10 – 65535 Default 300 Description Defines the time span in seconds that session requests from an IP address with excessive failures are rejected cfgRacTuneSshPort (Read/Write) Legal Values 1 – 65535 Default 22 Description Specifies the port number used for the iDRAC6 SSH interface cfgRacTuneTelnetPort (Read/Write) Legal Values 1 – 65535 Default 23 Description Specifies the port number used for the iDRAC6 Telnet interface 424 iDRAC6 Property
cfgRacTuneConRedirEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables console redirection cfgRacTuneConRedirEncryptEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Encrypts the video in a console redirection session cfgRacTuneAsrEnable (Read/Write) NOTE: This object requires an iDRAC6 reset before it becomes active.
Description Enables or disables the iDRAC6 last crash screen capture feature. cfgRacTuneDaylightOffset (Read/Write) Legal Values 0 – 60 Default 0 Description Specifies the daylight savings offset (in minutes) to use for the RAC Time. cfgRacTuneTimezoneOffset (Read/Write) Legal Values –720 – 780 Default 0 Description Specifies the timezone offset (in minutes) from GMT/UTC to use for the RAC Time.
cfgRacTuneLocalServerVideo (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables (switches on) or disables (switches off) the local server video.
Description Enables or disables the iDRAC6 web server. If this property is disabled, the iDRAC6 will not be accessible using client web browsers. This property has no effect on the Telnet/SSH or RACADM interfaces. ifcRacManagedNodeOs This group contains properties that describe the Managed Server operating system. One instance of the group is allowed. The following subsections describe the objects in this group.
cfgRacSecurity This group is used to configure settings related to the iDRAC6 SSL certificate signing request (CSR) feature. The properties in this group must be configured before generating a CSR from the iDRAC6. See the RACADM sslcsrgen subcommand details for more information on generating certificate signing requests.
Default Description Specifies the CSR Organization Unit (OU) cfgRacSecCsrLocalityName (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR Locality (L) cfgRacSecCsrStateName (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR State Name (S) cfgRacSecCsrCountryCode (Read/Write) Legal Values A string of up to 2 characters Default 430 iDRAC6 Property Database Group and Object
Description Specifies the CSR Country Code (CC) cfgRacSecCsrEmailAddr (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR Email Address cfgRacSecCsrKeySize (Read/Write) Legal Values 1024 2048 4096 Default 1024 Description Specifies the SSL asymmetric key size for the CSR cfgRacVirtual This group contains parameters to configure the iDRAC6 virtual media feature. One instance of the group is allowed.
cfgRacVirMediaAttached (Read/Write) Legal Values 0 = Detach 1 = Attach 2 = Auto-Attach Default 0 Description This object is used to attach virtual devices to the system via the USB bus. When the devices are attached the server will recognize valid USB mass storage devices attached to the system. This is equivalent to attaching a local USB CDROM/floppy drive to a USB port on the system.
cfgVirtualFloppyEmulation (Read/Write) NOTE: Virtual Media has to be reattached (using cfgRacVirMediaAttached) for this change to take effect. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description When set to 0, the virtual floppy drive is recognized as a removable disk by Windows operating systems. Windows operating systems will assign a drive letter that is C: or higher during enumeration. When set to 1, the Virtual Floppy drive will be seen as a floppy drive by Windows operating systems.
Default 0 cfgServerInfo This group allows you to select the BIOS first boot device and to boot the selected device only once. cfgServerFirstBootDevice (Read/Write) Legal Values No-Override PXE HDD DIAG CD-DVD BIOS vFDD VCD-DVD iSCSI VFLASH FDD SD Default No-Override Description Sets or displays the first boot device.
cfgServerBootOnce (Read/Write) Legal Values 1 = TRUE 0 = FALSE Default 0 Description Enables or disables the server boot once feature. cfgActiveDirectory This group contains parameters to configure the iDRAC6 Active Directory feature.
Description Name of iDRAC6 as recorded in the Active Directory forest cfgADEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Active Directory user authentication on the iDRAC6. If this property is disabled, only local iDRAC6 authentication is used for user logins. cfgADSSOEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Active Directory single sign-on authentication on iDRAC6.
Default Description The iDRAC6 uses the value you specify to search the LDAP server for user names. cfgADDomainController2 (Read/Write) Legal Values A string of up to 254 ASCII characters representing a valid IP address or a fully qualified domain name (FQDN) Default Description The iDRAC6 uses the value you specify to search the LDAP server for user names.
cfgADAuthTimeout (Read/Write) Legal Values 15 – 300 seconds Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out cfgADType (Read/Write) Legal Values 1 (Extended schema) 2 (Standard schema) Default 1 Description Determines the schema type to use with Active Directory cfgADGlobalCatalog1 (Read/Write) Legal Values A string of up to 254 ASCII characters representing a valid IP address or a fully qualified domain name
Description iDRAC6 uses the value you specify to search the Global Catalog server for user names. cfgADGlobalCatalog2 (Read/Write) Legal Values A string of up to 254 ASCII characters representing a valid IP address or a fully qualified domain name (FQDN) Default Description iDRAC6 uses the value you specify to search the Global Catalog server for user names.
Default 1 Description Enables or disables Active Directory certificate validation as a part of the Active Directory configuration process. cfgADDcSRVLookupEnable (Read/Write) Legal Values 1 (TRUE)—use DNS to look up domain controllers 0 (FALSE)—use pre-configured domain controllers Default 0 Definition Configures iDRAC6 to use pre-configured domain controllers or to use DNS to find the domain controller.
Definition Chooses the way the user domain is looked up for Active Directory. cfgADDcSRVLookupDomainName (Read/Write) Legal Values String. Maximum length = 254 Default Null Definition This is the Active Directory Domain to use when cfgAddcSrvLookupbyUserDomain is set to 0. cfgADGcSRVLookupEnable (Read/Write) Legal Values 0(FALSE)—use pre-configured Global Catalog Servers (GCS) 1(TRUE)—use DNS to look up GCS Default 0 Definition Determines how the global catalog server is looked up.
Default Null Description The name of the Active Directory root domain used for DNS look up, to locate Global Catalog servers. cfgLDAP This group allows you to configure settings related to the Lightweight Directory Access Protocol (LDAP). cfgLdapEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Turns LDAP service on or off. cfgLdapServer (Read/Write) Legal Values String. Maximum length = 1024 Default Null Description Configures the address of the LDAP Server.
cfgLdapPort (Read/Write) Legal Values 1 - 65535 Default 636 Description Port of LDAP over SSL. Non-SSL port is not supported. cfgLdapBasedn (Read/Write) Legal Values String. Maximum length = 254 Default Null Description The Domain Name of the branch of the directory where all searches should start from. cfgLdapUserAttribute (Read/Write) Legal Values String. Maximum length = 254 Default Null. uid if not configured.
Description Specifies the user attribute to search for. If not configured, the default is to use uid. It is recommended to be unique within the chosen baseDN, otherwise a search filter must be configured to ensure the uniqueness of the login user. If the user DN cannot be uniquely identified, login will fail with an error. cfgLdapGroupAttribute (Read/Write). Legal Values String. Maximum length = 254 Default Null Description Specify which LDAP attribute is used to check for group membership.
cfgLdapBinddn (Read/Write) Legal Values String. Maximum length = 254 Default Null Description The distinguished name of a user used to bind to the server when searching for the login user's DN. If not provided, an anonymous bind is used. This is optional but is required if anonymous bind is not supported. cfgLdapBindpassword (Write only) Legal Values String. Maximum length = 254 Default Null Description A bind password to use in conjunction with the bind DN.
Description A valid LDAP search filter. This is used if the user attribute cannot uniquely identify the login user within the chosen baseDN. The "search filter" only applies to userDN search and not the group membership search. cfgLDAPCertValidationEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Controls certificate validation during SSL handshake. cfgLdapRoleGroup This group allows the user to configure role groups for LDAP.
Default Description This is the Domain Name of the group in this index. cfgLdapRoleGroupPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff Default 0x000 Description A bit–mask defining the privileges associated with this particular group. cfgStandardSchema This group contains parameters to configure the Active Directory standard schema settings.
cfgSSADRoleGroupName (Read/Write) Legal Values Any printable text string of up to 254 characters.
Table B-4. Bit Masks for Role Group Privileges Role Group Privilege Bit Mask Login to iDRAC 0x00000001 Configure iDRAC 0x00000002 Configure Users 0x00000004 Clear Logs 0x00000008 Execute Server Control Commands 0x00000010 Access Console Redirection 0x00000020 Access Virtual Media 0x00000040 Test Alerts 0x00000080 Execute Debug Commands 0x00000100 cfgIpmiSol This group is used to configure the Serial Over LAN (SOL) capabilities of the system.
Default 115200 Description The baud rate for serial communication over LAN cfgIpmiSolMinPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the minimum privilege level required for SOL access cfgIpmiSolAccumulateInterval (Read/Write) Legal Values 1 – 255 Default 10 Description Specifies the typical amount of time that the iDRAC6 waits before transmitting a partial SOL character data packet. This value is 1-based 5ms increments.
cfgIpmiSolSendThreshold (Read/Write) Legal Values 1 – 255 Default 255 Description The SOL threshold limit value. Specifies the maximum number of bytes to buffer before sending an SOL data packet. cfgIpmiLan This group is used to configure the IPMI over LAN capabilities of the system.
Default 4 Description Specifies the maximum privilege level allowed for IPMI over LAN access cfgIpmiLanAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables global e-mail alerting. This property overrides all individual e-mail alerting enable/disable properties. cfgIpmiEncryptionKey (Read/Write) Legal Values A string of hexadecimal digits from 0 to 40 characters with no spaces. Only an even amount of digits is allowed.
Default public Description The SNMP community name for traps cfgIpmiPetIpv6 This group is used to configure IPv6 platform event traps on the managed server.
cfgIpmiPetIPv6AlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IPv6 alert destination for the trap cfgIpmiPef This group is used to configure the platform event filters available on the managed server. The event filters can be used to control policy related to actions that are triggered when critical events occur on the managed server. To configure PEF action for the SD Card Informational Assert Filter, you cannot use the local racadm command.
cfgIpmiPefIndex (Read/Write) Legal Values 1 – 22 Default The index value of a platform event filter object Description Specifies the index of a specific platform event filter cfgIpmiPefAction (Read/Write) Legal Values 0 (None) 1 (Power Down) 2 (Reset) 3 (Power Cycle) Default 0 Description Specifies the action that is performed on the managed server when the alert is triggered cfgIpmiPefEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 iDRAC6 Property Database Group and Object Definiti
Description Enables or disables a specific platform event filter cfgIpmiPet This group is used to configure platform event traps on the managed server. cfgIpmiPetIndex (Read Only) Legal Values 1–4 Default The index value of a specific platform event trap Description Unique identifier for the index corresponding to the trap cfgIpmiPetAlertDestIpAddr (Read/Write) Legal Values A string representing a valid IPv4 address. For example, 192.168.0.67. Default 0.0.0.
Default 0 Description Enables or disables a specific trap cfgUserDomain This group is used to configure the Active Directory user domain names. A maximum of 40 domain names can be configured at any given time.
cfgServerPower This group provides several power management features. cfgServerPowerStatus (Read Only) Legal Values 1 (ON) 0 (OFF) Default Description Represents the server power state, either ON or OFF cfgServerPowerServerAllocation (Read Only) NOTE: In case of more than one power supply, this property represents the minimum capacity power supply.
Description Represents the power consumed by the server at the current time cfgServerPowerCapEnable (Read Only) Legal Values 0 1 Default 1 Description Enables or disables the user specified power budget threshold cfgServerMinPowerCapacity (Read Only) Legal Values A string of up to 32 characters Default Description Represents the minimum server power capacity cfgServerMaxPowerCapacity (Read Only) Legal Values A string of up to 32 characters Default iDRAC6 Property Database Group
Description Represents the maximum server power capacity cfgServerPeakPowerConsumption (Read Only) Legal Values A string of up to 32 characters Default Description Represents the maximum power consumed by the server until the current time cfgServerPeakPowerConsumptionTimestamp (Read Only) Legal Values A string of up to 32 characters Default Maximum power consumption timestamp Description Time when the maximum power consumption was recorded cfgServerPowerCons
Description Resets the cfgServerPeakPowerConsumption (Read/Write) property to 0 and the cfgServerPeakPowerConsumptionTimestamp property to the current iDRAC time.
Description Represents the server power threshold in percentage cfgIPv6LanNetworking This group is used to configure the IPv6 over LAN networking capabilities.
Default :: Description The iDRAC6 gateway IPv6 address cfgIPv6PrefixLength (Read/Write) Legal Values 1-128 Default 64 Description The prefix length for iDRAC6 IPv6 address 1 cfgIPv6AutoConfig (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the IPv6 Auto Config option cfgIPv6LinkLocalAddress (Read Only) Legal Values A string representing a valid IPv6 entry iDRAC6 Property Database Group and Object Definitions 463
Default :: Description The iDRAC6 IPv6 link local address cfgIPv6Address2 (Read Only) Legal Values A string representing a valid IPv6 entry Default :: Description An iDRAC6 IPv6 address cfgIPv6DNSServersFromDHCP6 (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies whether cfgIPv6DNSServer1 and cfgIPv6DNSServer2 are static or DHCP IPv6 addresses cfgIPv6DNSServer1 (Read/Write) Legal Values A string representing a valid IPv6 entry 464 iDRAC6 Property Database Group and Ob
Default :: Description An IPv6 DNS server address cfgIPv6DNSServer2 (Read/Write) Legal Values A string representing a valid IPv6 entry Default :: Description An IPv6 DNS server address cfgIPv6Addr2PrefixLength (Read Only) Legal Values 1-128 Default 0 Description The prefix length for iDRAC6 IPv6 address 2.
cfgTotalnumberofextended IP (Read/Write) Legal Values 1-256 Default cfgIPv6Addr3PrefixLength (Read Only) Legal Values 1-128 Default cfgIPv6Addr3Length (Read Only) Legal Values 1-40 Default cfgIPv6Address3 (Read Only) Legal Values String representing a valid IPv6 entry.
Default 0 cfgIPv6Addr4Length (Read Only) Legal Values 1-40 Default cfgIPv6Address4 (Read Only) Legal Values String representing a valid IPv6 entry.
cfgIPv6Address5 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Addr6PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr6Length (Read Only) Legal Values 1-40 Default cfgIPv6Address6 (Read Only) Legal Values String representing a valid IPv6 entry.
Default 0 cfgIPv6Addr7Length (Read Only) Legal Values 1-40 Default cfgIPv6Address7 (Read Only) Legal Values String representing a valid IPv6 entry.
cfgIPv6Address8 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Addr9PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr9Length (Read Only) Legal Values 1-40 Default cfgIPv6Address9 (Read Only) Legal Values String representing a valid IPv6 entry.
Default 0 cfgIPv6Addr10Length (Read Only) Legal Values 1-40 Default cfgIPv6Address10 (Read Only) Legal Values String representing a valid IPv6 entry.
cfgIPv6Address11 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Addr12PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr12Length (Read Only) Legal Values 1-40 Default cfgIPv6Address12 (Read Only) Legal Values String representing a valid IPv6 entry.
Default 0 cfgIPv6Addr13Length (Read Only) Legal Values 1-40 Default cfgIPv6Address13 (Read Only) Legal Values String representing a valid IPv6 entry.
cfgIPv6Address14 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6Addr15PrefixLength (Read Only) Legal Values 1-128 Default 0 cfgIPv6Addr15Length (Read Only) Legal Values 1-40 Default cfgIPv6Address15 (Read Only) Legal Values String representing a valid IPv6 entry. Default cfgIPv6URL This group specifies properties used to configure the iDRAC6 IPv6 URL.
cfgIPv6URLstring (Read Only) Legal Values A string of up to 80 characters Default Description The iDRAC6 IPv6 URL cfgIpmiSerial This group specifies properties used to configure the IPMI serial interface of the BMC. cfgIpmiSerialConnectionMode (Read/Write) Legal Values 0 (Terminal) 1 (Basic) Default 1 Description When the iDRAC6 cfgSerialConsoleEnable property is set to 0 (disabled), the iDRAC6 serial port becomes the IPMI serial port.
cfgIpmiSerialBaudRate (Read/Write) Legal Values 9600, 19200, 57600, 115200 Default 57600 Description Specifies the baud rate for a serial connection over IPMI cfgIpmiSerialChanPrivLimit (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the maximum privilege level allowed on the IPMI serial channel cfgIpmiSerialFlowControl (Read/Write) Legal Values 0 (None) 1 (CTS/RTS) 2 (XON/XOFF) Default 1 476 iDRAC6 Property Database Group and Object Definitions
Description Specifies the flow control setting for the IPMI serial port cfgIpmiSerialHandshakeControl (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables the IPMI terminal mode handshake control cfgIpmiSerialLineEdit (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables line editing on the IPMI serial interface cfgIpmiSerialEchoControl (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 iDRAC6 Property Database Group and Obje
Description Enables or disables echo control on the IPMI serial interface cfgIpmiSerialDeleteControl (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 0 Description Enables or disables delete control on the IPMI serial interface cfgIpmiSerialNewLineSequence (Read/Write) Legal Values 0 (None) 1 (CR-LF) 2 (NULL) 3 () 4 () 5 () Default 1 Description Specifies the newline sequence specification for the IPMI serial interface 478 iDRAC6 Property Database Group and Object Definitions
cfgIpmiSerialInputNewLineSequence (Read/Write) Legal Values 0 () 1 (NULL) Default 1 Description Specifies the input newline sequence specification for the IPMI serial interface cfgSmartCard This group specifies properties used to support access to iDRAC6 using a smart card.
cfgSmartCardCRLEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the Certificate Revocation List (CRL) cfgNetTuning This group enables users to configure the advanced network interface parameters for the RAC NIC. When configured, the updated settings may take up to a minute to become active. CAUTION: Use extra precaution when modifying properties in this group.
cfgNetTuningNic100MB (Read/Write) Legal Values 0 (10 MBit) 1 (100 MBit) Default 1 Description Specifies the speed to use for the RAC NIC. This property is not used if the cfgNetTuningNicAutoNeg is set to 1 (enabled). cfgNetTuningNicFullDuplex (Read/Write) Legal Values 0 (Half Duplex) 1 (Full Duplex) Default 1 Description Specifies the duplex setting for the RAC NIC. This property is not used if the cfgNetTuningNicAutoNeg is set to 1 (enabled).
cfgNetTuningNicMtu (Read/Write) Legal Values 576 – 1500 Default 1500 Description The size in bytes of the maximum transmission unit used by the iDRAC6 NIC.
Supported RACADM Interfaces Table C-1 provides an overview of RACADM subcommands and their corresponding interface support. Table C-1.
Table C-1.
Table C-1.
Supported RACADM Interfaces
Index A C accessing SSL with web interface, 71 Certificate Signing Request CSR, 71 Active Directory adding iDRAC6 users, 156 configure, 39 configuring access to iDRAC6, 149 logging in to the iDRAC6, 175 managing certificates, 77 objects, 146 schema extensions, 145 using with extended schema, 145 using with iDRAC6, 143 using with standard schema, 164 Certificate Signing Request (CSR) about, 325 generating a new certificate, 327 ASR configuring with web interface, 80 configure alerts, 39 authenticatin
configuring and managing power, 268 configuring Smart Card Login, 187 Configuring Generic LDAP Directory Service Using RACADM, 181 configuring SOL using web interface, 246 Configuring Generic LDAP Directory Service Using the iDRAC6 Web-Based Interface, 178 Configuring iDRAC Direct Connect Basic Mode and Direct Connect Terminal Mode, 101 configuring idrac6 serial connection, 99 Configuring iDRAC6 NIC, 57 configuring iDRAC6 services, 80 ASR, 80 local configuration, 80 remote RACADM, 80 SNMP agent, 80 SSH,
configuring using RACADM CLI, 296 configuring using web interface, 296 configuring with web interface, 68 enable CRL check for Smart Card Logon, 188 exporting Smart Card certificate, 188 extended schema Active Directory overview, 145 F fan probe, 317 Firefox tab behavior, 56 firmware downloading, 47 recovering via web interface, 84 firmware/system services recovery image updating with web interface, 84 frequently asked questions, 127 using console redirection, 215 using iDRAC6 with Active Directory, 182 us
configuring, 108 iDRAC6 services configuring, 80 iDRAC6 user enabling permissions, 140 installing and configuring iDRAC6 software, 44 IpRange checking about, 333 IPv6 Settings, 61 L LAN Parameters, 280 installing Dell extensions Active Directory Users and Computers snap-in, 155 last crash screen capturing on managed system, 291 integrated System-on-Chip microprocessor, 29 Linux configuring for serial console redirection, 94 IP blocking about, 335 configuring with web interface, 63 enabling, 336 M I
configuring, 125 configuring manually, 125 Network Security Page Settings, 64 NIC mode dedicated, 42 shared, 42 shared with Failover All LOMs, 43 NIC modes shared with failover LOM2, 42 PET, 65 platform events configuring, 292 platform events filters table, 65 platforms supported, 34 POST log using, 308 power capping, 267 power inventory and budgeting, 267 O power monitoring, 267, 318 operating system installing (manual method), 254 power supplies probe, 318 P password-level security management, 30 PE
R sslcertview, 377 sslcsrgen, 372 testemail, 380 testtrap, 381 usercertupload, 384 userertview, 386 vmdisconnect, 383 vmkey, 384 RACADM adding an iDRAC6 user, 139 installing and removing, 45 removing an iDRAC6 user, 140 supported interfaces, 481 RACADM subcommands arp, 340 clearasrscreen, 340 clrraclog, 369 clrsel, 370 config, 341 coredump, 346 coredumpdelete, 347 fwupdate, 348 getconfig, 216, 343 getniccfg, 361 getraclog, 367 getractime, 357 getsel, 369 getssninfo, 350 getsvctag, 362 getsysinfo, 352 gett
enabling, 333 SEL managing with iDRAC6 configuration utility, 286 serial console connecting the DB-9 cable, 104 sslcertdownload, 375 Standard Schema Active Directory Overview, 164 supported CIM profiles, 219 serial mode configuring, 108 Switching Between Direct Connect Terminal Mode and Serial Console Redirection, 103 Serial Over LAN (SOL) configuring, 246 system configuring to use iDRAC6, 42 server certificate uploading, 75 viewing, 76, 328 System Services Configuration Unified Server Configurator,
system services, 36 updating the firmware iDRAC6, 47 updating the iDRAC6 firmware/system services recovery image, 84 preserve configuration, 85 upload/rollback, 84 configuring with web interface, 249 installing the operating system, 254 running, 251 Virtual Media Command Line Interface Utility, 231 VLAN Settings, 62 USB flash drive emulation type, 283 vm6deploy script, 233 user configuration, 129 general user settings, 130 iDRAC group permissions, 130 IPMI user privileges, 130 VMCLI Utility installatio
logging in, 55 logging out, 56 WS-MAN protocol, 30 Index 495
Index
