iDRAC 8/7 v2.50.50.50 User’s Guide September 2017 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Overview.....................................................................................................................14 Benefits of using iDRAC with Lifecycle Controller.................................................................................................... 14 Key features........................................................................................................................................................................ 15 New in this release........
Chapter 3: Setting up managed system and management station................................................ 39 Setting up iDRAC IP address..........................................................................................................................................39 Setting up iDRAC IP using iDRAC settings utility................................................................................................40 Setting up iDRAC IP using CMC web interface...........................................
Chapter 4: Configuring iDRAC..................................................................................................... 78 Viewing iDRAC information............................................................................................................................................. 79 Viewing iDRAC information using web interface................................................................................................. 79 Viewing iDRAC information using RACADM.........................
Chapter 5: Viewing iDRAC and managed system information..................................................... 100 Viewing managed system health and properties..................................................................................................... 100 Viewing system inventory..............................................................................................................................................100 Viewing sensor information.....................................................
Configuring local users................................................................................................................................................... 127 Configuring local users using iDRAC web interface.......................................................................................... 127 Configuring local users using RACADM................................................................................................................127 Configuring Active Directory users.......
Setting event actions using RACADM..................................................................................................................156 Configuring email alert, SNMP trap, or IPMI trap settings....................................................................................157 Configuring IP alert destinations............................................................................................................................ 157 Configuring email alert settings.....................
Inventorying and monitoring FC HBA devices.......................................................................................................... 175 Monitoring FC HBA devices using web interface.............................................................................................. 175 Monitoring FC HBA devices using RACADM......................................................................................................
Inventorying and monitoring PCIe SSDs.............................................................................................................. 213 Preparing to remove PCIe SSD.............................................................................................................................. 214 Erasing PCIe SSD device data................................................................................................................................215 Managing enclosures or backplanes........
Enabling boot once for virtual media......................................................................................................................... 240 Chapter 16: Installing and using VMCLI utility............................................................................ 241 Installing VMCLI............................................................................................................................................................... 241 Running VMCLI utility......................
Accessing iDRAC interface over direct USB connection....................................................................................... 271 Configuring iDRAC using server configuration profile on USB device............................................................... 272 Configuring USB management port settings......................................................................................................272 Importing server configuration profile from USB device .................................
System Event Log...........................................................................................................................................................292 Network security.............................................................................................................................................................293 Active Directory................................................................................................................................................
1 Overview The Integrated Dell Remote Access Controller (iDRAC) is designed to make server administrators more productive and improve the overall availability of Dell servers. iDRAC alerts administrators to server issues, helps them perform remote server management, and reduces the need for physical access to the server. iDRAC with Lifecycle Controller technology is part of a larger data center solution that helps keep business critical applications and workloads available always.
● Enhanced Embedded Management through Lifecycle Controller – Lifecycle Controller provides deployment and simplified serviceability through Lifecycle Controller GUI for local deployment and Remote Services (WS-Management) interfaces for remote deployment integrated with Dell OpenManage Essentials and partner consoles. For more information on Lifecycle Controller GUI, see Lifecycle Controller User’s Guide and for remote services, see Lifecycle Controller Remote Services User’s Guide available at dell.
■ Create or change security keys. ○ PCIe SSD devices: ■ Inventory and remotely monitor the health of PCIe SSD devices in the server. ■ Prepare the PCIe SSD to be removed. ■ Securely erase the data. ○ Set the backplane mode (unified or split mode). ○ Blink or unblink component LEDs. ○ Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update ● Manage iDRAC licenses.
● Single Sign-On and Public Key Authentication. ● Role-based authorization, to configure specific privileges for each user. ● SNMPv3 authentication for user accounts stored locally in the iDRAC. It is recommended to use this, but it is disabled by default. ● User ID and password configuration. ● Default login password modification. ● Set user passwords and BIOS passwords using one-way hash format for improved security. ● FIPS 140-2 Level 1 capability. ● Support for TLS 1.2, 1.1, and 1.0.
For the list of supported versions, see the iDRAC Release Notes available at dell.com/idracmanuals. Supported OS, Hypervisors iDRAC is supported on the following OS, Hypervisors: ● Microsoft ● VMware ● Citrix ● RedHat ● SuSe NOTE: For the list of supported versions, see the iDRAC Release Notes available at dell.com/idracmanuals. Managing licenses iDRAC features are available based on the purchased license (Basic Management, iDRAC Express, or iDRAC Enterprise).
● Delete — Delete the license that is assigned to a component if the component is missing. After the license is deleted, it is not stored in iDRAC and the base product functions are enabled. ● Replace — Replace the license to extend an evaluation license, change a license type such as an evaluation license with a purchased license, or extend an expired license. ○ An evaluation license may be replaced with an upgraded evaluation license or with a purchased license.
Licensed features in iDRAC7 and iDRAC8 The following table lists the iDRAC7 and iDRAC8 features that are enabled based on the license purchased: Table 2. Licensed features in iDRAC7 and iDRAC8 Feature Basic iDRAC8 Manage Basic ment (iDRAC 7) iDRAC7 Express iDRAC8 iDRAC7 iDRAC8 Express Express Express for for Blades Blades iDRAC7 Enterprise iDRAC8 Enterprise IPMI 2.0 Yes Yes Yes Yes Yes Yes Yes Yes DCMI 1.
Table 2.
Table 2.
Table 2.
Table 2.
Table 3. Interfaces and protocols to access iDRAC Interface or Protocol Description To access iDRAC Settings utility, press during boot and then click iDRAC Settings on the System Setup Main Menu page. iDRAC web Interface Use the iDRAC web interface to manage iDRAC and monitor the managed system. The browser connects to the web server through the HTTPS port. Data streams are encrypted using 128-bit SSL to provide privacy and integrity. Any connection to the HTTP port is redirected to HTTPS.
Table 3. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description IPMITool Use the IPMITool to access the remote system’s basic management features through iDRAC. The interface includes local IPMI, IPMI over LAN, IPMI over Serial, and Serial over LAN. For more information on IPMITool, see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at dell.com/idracmanuals. NOTE: IPMI version 1.5 is not supported.
Table 4. Ports iDRAC listens for connections Port Number Function 5901 VNC When VNC feature is enabled, the port 5901 opens. * Configurable port The following table lists the ports that iDRAC uses as a client. Table 5.
● The iDRAC Service Module Installation Guide provides information to install the iDRAC Service Module. ● The Dell OpenManage Server Administrator Installation Guide contains instructions to help you install Dell OpenManage Server Administrator. ● The Dell OpenManage Management Station Software Installation Guide contains instructions to help you install Dell OpenManage management station software that includes Baseboard Management Utility, DRAC Tools, and Active Directory Snap-In.
○ For iDRAC—https://www.dell.com/idracmanuals ○ For Dell EMC OpenManage Connections Enterprise Systems Management—https://www.dell.com/ OMConnectionsEnterpriseSystemsManagement ○ For Dell EMC Serviceability Tools—https://www.dell.com/serviceabilitytools ● Dell EMC support site: 1. Go to https://www.dell.com/support. 2. Click Browse all products. 3. From the All products page, click Software, and then click the required link. 4. Click the required product and then click the required version.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. The default user name is root and the default password is calvin. You can also log in using Single Sign-On or Smart Card. NOTE: ● You must have Login to iDRAC privilege to log in to iDRAC. ● iDRAC GUI does not support browser buttons such as Back, Forward, or Refresh.
NOTE: If the default HTTPS port number (port 443) was changed, enter: https://[iDRAC-IP-address]:[portnumber] where, [iDRAC-IP-address] is the iDRAC IPv4 or IPv6 address and [port-number] is the HTTPS port number. The Login page is displayed. 3. For a local user: ● In the Username and Password fields, enter your iDRAC user name and password. ● From the Domain drop-down menu, select This iDRAC. 4.
NOTE: If the default HTTPS port number (port 443) has been changed, type: https://[IP address]:[port number] where, [IP address] is the IP address for the iDRAC and [port number] is the HTTPS port number. 2. Insert the Smart Card into the reader and click Login. A prompt is displayed for the Smart Card’s PIN. A password in not required. 3. Enter the Smart Card PIN for local Smart Card users. You are logged in to the iDRAC.
Logging in to iDRAC SSO using iDRAC web interface Before logging in to iDRAC using Single Sign-On, make sure that: ● You have logged in to your system using a valid Active Directory user account. ● Single Sign-On option is enabled during Active Directory configuration. To log in to iDRAC using web interface: 1. Log in to your management station using a valid Active Directory account. 2.
3. Append the PEM formatted CA certificate to the management station CA certificate. For example, use the cat command: cat testcacert.pem >> cert.pem 4. Generate and upload the server certificate to iDRAC. Accessing iDRAC using local RACADM For information to access iDRAC using local RACADM, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Table 6. Multiple iDRAC sessions Interface Number of Sessions iDRAC Web Interface 6 Remote RACADM 4 Firmware RACADM / SMCLP SSH - 2 Telnet - 2 Serial - 1 Changing default login password The warning message that allows you to change the default password is displayed if: ● You log in to iDRAC with Configure User privilege. ● Default password warning feature is enabled. ● Credentials for any currently enabled account are root/calvin.
Changing default login password using iDRAC settings utility To change the default login password using iDRAC Settings Utility: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings.User Configuration page is displayed. 2. In the Change Password field, enter the new password. NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user names and passwords on page 126. 3. Click Back, click Finish, and then click Yes.
NOTE: When consecutive login attempts are refused from the client IP address, some SSH clients may display the following message: ssh exchange identification: Connection closed by remote host . Table 7. Login Retry Restriction Properties Property Definition Enables the IP blocking feature. When consecutive failures ( iDRAC.IPBlocking.BlockEnable iDRAC.IPBlocking.FailCount ) from a single IP address are encountered within a specific amount of time ( iDRAC.IPBlocking.
Table 8. iDRAC web interface behavior with incorrect login attempts Login attempts Blocking (seconds) Error logged (USR0003 4) Third incorrect login 600 Yes GUI display message ● RAC0212: Login failed. Verify that username and password is correct. Login delayed for 600 seconds. SNMP alert (if enabled) Yes ● Try again button is disabled for 600 seconds. NOTE: By default, the fail counter resets after 600 seconds. However, this can be customized by changing the PenaltyTime using the RACADM.
3 Setting up managed system and management station To perform out-of-band systems management using iDRAC, you must configure iDRAC for remote accessibility, set up the management station and managed system, and configure the supported web browsers. NOTE: In case of blade servers, install CMC and I/O modules in the chassis and physically install the system in the chassis before performing the configurations. Both iDRAC Express and iDRAC Enterprise ship from the factory with a default static IP address.
● Dell Deployment Toolkit (see Dell Deployment Toolkit User’s Guide) ● Chassis or Server LCD panel (see the system’s Hardware Owner’s Manual) NOTE: In case of blade servers, you can configure the network setting using the Chassis LCD panel only during initial configuration of CMC. After the chassis is deployed, you cannot reconfigure iDRAC using the Chassis LCD panel.
Network settings To configure the Network Settings: NOTE: For information about the options, see the iDRAC Settings Utility Online Help. 1. Under Enable NIC, select the Enabled option. 2. From the NIC Selection drop-down menu, select one of the following ports based on the network requirement: ● Dedicated — Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC).
4. Under Auto Negotiation, select On if iDRAC must automatically set the duplex mode and network speed. This option is available only for dedicated mode. If enabled, iDRAC sets the network speed to 10, 100, or 1000 Mbps based on the network speed. 5. Under Network Speed, select either 10 Mbps or 100 Mbps. NOTE: You cannot manually set the Network Speed to 1000 Mbps. This option is available only if Auto Negotiation option is enabled. 6. Under Duplex Mode, select Half Duplex or Full Duplex option.
● In the Static Alternate DNS Server box, enter the static alternate DNS server. IPMI settings To enable the IPMI Settings: 1. Under Enable IPMI Over LAN, select Enabled. 2. Under Channel Privilege Limit, select Administrator, Operator, or User. 3. In the Encryption Key box, enter the encryption key in the format 0 to 40 hexadecimal characters (without any blanks characters.) The default value is all zeros. VLAN settings You can configure iDRAC into the VLAN infrastructure.
Provisioning server works with a static IP address. DHCP, DNS server, or the default DNS host name discovers the provisioning server. If DNS is specified, the provisioning server IP is retrieved from DNS and the DHCP settings are not required. If the provisioning server is specified, discovery is skipped so neither DHCP nor DNS is required. You can enable the Provisioning Server feature using iDRAC Settings Utility or using Lifecycle Controller.
The iDRAC server configuration agent uses the rules in the following sequence to determine which SCP file on the file share to apply for each iDRAC: 1. The filename specified in DHCP option 60. 2. -config.xml — If a filename is not specified in DHCP option 60, use the system Service Tag to uniquely identify the SCP file for the system. For example, CDVH7R1-config.xml 3. -config.xml — If the option 60 filename is not specified and the -config.
The DHCP Option 60 identifies and associates a DHCP client with a particular vendor. Any DHCP server configured to take action based on a client’s vendor ID should have Option 60 and Option 43 configured. With Dell PowerEdge servers, the iDRAC identifies itself with vendor ID: iDRAC. Therefore, you must add a new ‘Vendor Class’ and create a ‘scope option’ under it for ‘code 60,’ and then enable the new scope option for the DHCP server.
● Filename (–f) — Indicates the name of the exported Server Configuration Profile XML file. Specifying this filename is optional with iDRAC version 2.20.20.20 or later. NOTE: For more information on file naming rules, see Configuring servers and server components using Auto Config. ● Sharename (-n) — Indicates the name of the network share. ● ShareType (-s) — Indicates the share type. 0 indicates NFS and 2 indicates CIFS. ● IPAddress (-i) — Indicates the IP address of the file share.
● Password (-p) — Indicates the password required to access the network share. This information is required only for CIFS. NOTE: Example for Linux NFS and CIFS share: ○ NFS: -f system_config.xml -i 192.168.0.130 -n /nfs -s 0 -d 0 -t 500 ○ CIFS: -f system_config.xml -i 192.168.0.130 -n sambashare/config_files -s 2 -u user -p password -d 1 -t 400 Ensure that you use NFS2 or NFS3 for NFS network share ● ShutdownType (-d) — Indicates the mode of shutdown.
For more information on the Auto Config feature, see the Zero-Touch Bare Metal Server Provisioning using Dell iDRAC with Lifecycle Controller Auto Config white paper available at the delltechcenter.com/idrac. Using hash passwords for improved security You can set user passwords and BIOS passwords using a one-way hash format. The user authentication mechanism is not affected (except for SNMPv3 and IPMI) and you can provide the password in plain text format.
3. After setting the password, the normal plain text password authentication works except that SNMP v3 and IPMI authentication fails for iDRAC user accounts that had passwords updated with hash. Setting up management station A management station is a computer used for accessing iDRAC interfaces to remotely monitor and manage the PowerEdge server(s). To set up the management station: 1. Install a supported operating system. For more information, see the release notes. 2.
For more information about Server Administrator, see Dell OpenManage Server Administrator User’s Guide available at dell.com/support/manuals. Related tasks Modifying local administrator account settings on page 51 Modifying local administrator account settings After setting the iDRAC IP address, you can modify the local administrator account settings (that is, user 2) using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to User Configuration.
Using the iDRAC Web interface, RACADM, or the iDRAC Settings Utility, you can change the following thermal settings: ● Optimize for performance ● Optimize for minimum power ● Set the maximum air exhaust temperature ● Increase airflow through a fan offset, if required ● Increase airflow through increasing minimum fan speed Modifying thermal settings using iDRAC web interface To modify the thermal settings: 1. In the iDRAC Web interface, go to Overview > Hardware > Fans > Setup.
● Minimum Fan Speed in PWM (% of Max) — Select this option to fine tune the fan speed. Using this option, you can set a higher baseline system fan speed or increase the system fan speed if other custom fan speed options are not resulting in the required higher fan speeds. ○ Default — Sets minimum fan speed to default value as determined by the system cooling algorithm. ○ Custom — Enter the percentage value. The allowable range for minimum fan speed PWM is dynamic based on the system configuration.
Table 9. Thermal Settings (continued) Object Description Usage Example If a system does not support a particular air exhaust temperature limit, then when you run the following command: racadm set system.thermalsetti ngs.AirExhaustTemp 0 The following error message is displayed: ERROR: RAC947: Invalid object value specified. Make sure to specify the value depending on the type of object. For more information, see RACADM help. To set the limit to the default value: racadm set system.thermalsetti ngs.
Table 9. Thermal Settings (continued) Object Description Usage Example command, it applies a fan speed offset of Low (23% PWM) over baseline fan speed racadm set system.thermalsetti ngs FanSpeedOffset 0 FanSpeedMaxOffsetVal ● Getting this variable reads Values from 0-100 the fan speed offset value in %PWM for Max Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset to set this value using index value 3 racadm get system.
Table 9. Thermal Settings (continued) Object Description Usage and the FanSpeedLowOffsetVa l, FanSpeedMaxOffsetVa l, FanSpeedHighOffsetV al, and FanSpeedMediumOffse tVal objects (defined earlier) are the values at which the offsets are applied. MFSMaximumLimit Read Maximum limit for MFS Example To set the fan speed offset to High value (as defined in FanSpeedHighOffsetVal) racadm set system.thermalsetti ngs.
Table 9. Thermal Settings (continued) Object Description Usage ThirdPartyPCIFanRespo nse Values: ● Thermal overrides for third-party PCI cards. ● 1 — Enabled ● Allows you to disable or ● 0 — Disabled enable the default system NOTE: The default value fan response for detected is 1. third-party PCI cards. ● You can confirm the presence of third-party PCI card by viewing the message ID PCI3018 in the Lifecycle Controller log.
Configuring Internet Explorer This section provides details about configuring Internet Explorer (IE) to ensure you can access and use all features of the iDRAC web interface. These settings include: ● Resetting security settings ● Adding iDRAC IP to trusted sites ● Configuring IE to enable Active Directory SSO Resetting Internet Explorer security settings Ensure that Internet Explorer (IE) settings are set to Microsoft-recommended defaults and customize the settings as described in this section. 1.
Disabling whitelist feature in Firefox Firefox has a "whitelist" security feature that requires user permission to install plug-ins for each distinct site that hosts a plug-in. If enabled, the whitelist feature requires you to install a Virtual Console viewer for each iDRAC you visit, even though the viewer versions are identical. To disable the whitelist feature and avoid unnecessary plug-in installations, perform the following steps: 1. Open a Firefox Web browser window. 2.
● Compatibility is based on browser and is not based on the operating system or installed components. ● Compatible with most of the desktops and mobile platforms. ● Quick deployment and the client is downloaded as part of a web page. You must configure Internet Explorer (IE) settings before you launch and run HTML5 based virtual console and virtual media applications. To configure the browser settings: 1. Disable pop-up blocker.
4. Enable the browser to download encrypted content and to enable third-party browser extensions. To do this, go to Tools > Internet Options > Advanced, clear the Do not save encrypted pages to disk option, and select the Enable thirdparty browser extensions option. NOTE: Restart Internet Explorer for the Enable third-party browser extension setting to take effect. 5. Go to Tools > Internet Options > Security and select the zone you want to run the application. 6. Click Custom level.
The Java Cache viewer is displayed. 2. Delete the items titled iDRAC Virtual Console Client. Importing CA certificates to management station When you launch Virtual Console or Virtual Media, prompts are displayed to verify the certificates. If you have custom Web server certificates, you can avoid these prompts by importing the CA certificates to the Java or ActiveX trusted certificate store.
iDRAC Web interface is designed to work with localized keyboards for the supported language variants. Some features of iDRAC Web interface, such as Virtual Console, may require additional steps to access certain functions or letters. Other keyboards are not supported and may cause unexpected problems. NOTE: See the browser documentation on how to configure or setup different languages and view localized versions of iDRAC Web interface.
Table 10. Image file types and dependencies .D7 Image Interface Supported iDRAC DUP Requires LC enabled Supported Requires LC enabled BMCFW64.
When you check for updates, the version marked as Available does not always indicate that it is the latest version available. Before you install the update, ensure that the version you choose to install is newer than the version currently installed. If you want to control the version that iDRAC detects, create a custom repository using Dell Repository Manager (DRM) and configure iDRAC to use that repository to check for updates.
Updating firmware using repository A repository is a storage location where update packages can be stored and accessed. Dell Repository Manager (DRM) allows you to create and manage a repository that iDRAC can check for updates. There are several advantages of creating and using custom firmware update repositories because it provides complete control of which devices or components are updated. Using iDRAC, you can perform repository update in either attended or fully attended mode.
NOTE: Lifecycle Controller must be enabled and you must have Server Control privilege to update firmware for devices other than iDRAC. 1. In the iDRAC web interface, go to Overview > iDRAC Settings > Update and Rollback. The Firmware Update page is displayed. 2. On the Update tab, select the desired option in File Location—FTP, TFTP, or HTTP. 3. Enter the required details in the fields that are displayed. For information about the fields, see the iDRAC Online Help. 4. Click Check for Update. 5.
iDRAC Enterprise license is required to schedule automatic updates. You can schedule automatic firmware updates using the iDRAC web interface or RACADM. NOTE: IPv6 address is not supported for scheduling automatic firmware updates.
○ To automatically update firmware using a CIFS share: racadm AutoUpdateScheduler create -u admin -p pwd -l //1.2.3.4/CIFS-share –f cat.xml -time 14:30 -wom 1 -dow sun -rp 5 -a 1 ○ To automatically update firmware using FTP: racadm AutoUpdateScheduler create -u admin -p pwd -l ftp.mytest.com -pu puser –pp puser –po 8080 –pt http –f cat.
● Using fwupdate command: racadm -r -u -p fwupdate -g -u -a path the location on the TFTP server where firmimg.d7 is stored. ● Using update command: racadm -r -u -p update —f FTP server: ● Using fwupdate command: racadm -r -u -p fwupdate –f –d path the location on the FTP server where firmimg.d7 is stored.
The Chassis Management Controller Firmware Update Settings page is displayed. 2. For Allow CMC Updates Through OS and Lifecycle Controller, select Enabled to enable CMC firmware update from iDRAC. 3. Under Current CMC Setting, make sure that Chassis Management at Server Mode option displays Manage and Monitor. You can set this in CMC. Viewing and managing staged updates You can view and delete the scheduled jobs including configuration and update jobs. This is a licensed feature.
NOTE: You cannot perform firmware rollback for Diagnostics, Driver Packs, and CPLD. Before rolling back the firmware, make sure that: ● You have Configure privilege to roll back iDRAC firmware. ● You have Server Control privilege and have enabled Lifecycle Controller to roll back firmware for any other device other than the iDRAC. ● Change the NIC mode to Dedicated if the mode is set as Shared LOM.
Rollback firmware using RACADM 1. Check the rollback status and the FQDD using the swinventory command: racadm swinventory For the device for which you want to rollback the firmware, the Rollback Version must be Available. Also, note the FQDD. 2. Rollback the device firmware using: racadm rollback For more information, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
You can also enable and schedule periodic backups of the firmware and server configuration based on a certain day, week, or month. Backup feature is licensed and is available with the iDRAC Enterprise license. NOTE: In 13th generation servers, this feature is automatically enabled. Before performing a backup operation, make sure that: ● Collect System Inventory On Reboot (CSIOR) option is enabled.
○ A Dell supported vFlash SD card is inserted, enabled, and initialized. ○ vFlash SD card has enough space to store the backup file. NOTE: IPv6 address is not supported for scheduling automatic backup server profile. Scheduling automatic backup server profile using web interface To schedule automatic backup server profile: 1. In the iDRAC Web interface, go to Overview > iDRAC Settings > Server Profile. The Backup and Export Server Profile page is displayed. 2. Click the Automatic Backup tab. 3.
Importing server profile You can use the backup image file to import or restore the configuration and firmware for the same server without rebooting the server. Import feature is not licensed. NOTE: For the restore operation, the system Service Tag and the Service Tag in the backup file must be identical. The restore operation applies to all system components that are same and present in the same location or slot as captured in the backup file.
3. Enter the backup file name and decryption passphrase (optional). 4. If Network is selected as the file location, enter the network settings. NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters. For information about the fields, see the iDRAC Online Help. 5.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see Managing licenses.
Managing virtual media on page 234 Managing vFlash SD card on page 244 Setting first boot device on page 88 Enabling or disabling OS to iDRAC Pass-through on page 89 Related tasks Configuring iDRAC to send alerts on page 153 Topics: • • • • • • • • • • • • Viewing iDRAC information Modifying network settings FIPS mode Configuring services Using VNC client to manage remote server Configuring front panel display Configuring time zone and NTP Setting first boot device Enabling or disabling OS to iDRAC Pass-t
Modifying network settings using web interface To modify the iDRAC network settings: 1. In the iDRAC Web interface, go to Overview > iDRAC Settings > Network. The Network page is displayed. 2. Specify the network settings, common settings, IPv4, IPv6, IPMI, and/or VLAN settings as per your requirement and click Apply.
Configure IP filtering using iDRAC web interface You must have Configure privilege to perform these steps. To configure IP filtering: 1. In iDRAC Web interface, go to Overview > iDRAC Settings > Network > Network. The Network page is displayed. 2. Click Advanced Settings. The Network Security page is displayed. 3. Specify the IP filtering settings. For more information about the options, see iDRAC Online Help. 4. Click Apply to save the settings.
Difference between FIPS-mode supported and FIPS-validated Software that has been validated by completing the Cryptographic Module Validation Program is referred to as FIPS-validated. Because of the time it takes to complete FIPS-validation, not all versions of iDRAC are validated. For information about the latest status of FIPS-validation for iDRAC, see the Cryptographic Module Validation Program page on the NIST website.
SNMP Agent Enables support for SNMP queries (GET, GETNEXT, and GETBULK operations) in iDRAC. Automated Enable Last System Crash Screen. System Recovery Agent VNC Server Enable VNC server with or without SSL encryption. Configuring services using web interface To configure the services using iDRAC Web interface: 1. In the iDRAC Web interface, go to Overview > iDRAC Settings > Network > Services. The Services page is displayed. 2. Specify the required information and click Apply.
Configuring TLS By ● ● ● default, iDRAC is configured to use TLS 1.1 and higher. You can configure iDRAC to use any of the following: TLS 1.0 and higher TLS 1.1 and higher TLS 1.2 only NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher. Configuring TLS using web interface 1. Go to Overview > iDRAC Settings > Network. 2. Click the Services tab and then click Web Server. 3. In the TLS Protocol drop-down, select the TLS version and click Apply.
● When iDRAC NIC is in shared mode and the host system is power cycled, the network connection is lost for a few seconds. During this time, if you perform any action in the active VNC client, the VNC session may close. You must wait for timeout (value configured for the VNC Server settings in the Services page in iDRAC Web interface) and then re-establish the VNC connection. ● If the VNC client window is minimized for more than 60 seconds, the client window closes. You must open a new VNC session.
● LCD front panel and System ID LED ● LED front panel and System ID LED For blade servers, only the System ID LED is available on the server front panel since the blade chassis has the LCD. Related concepts Configuring LCD setting on page 86 Configuring system ID LED setting on page 87 Configuring LCD setting You can set and display a default string such as iDRAC name, IP, and so on or a user-defined string on the LCD front panel of the managed system.
4. Enable or disable the virtual console indication. For information about the options, see the iDRAC Settings Utility Online Help. 5. Click Back, click Finish, and then click Yes. Configuring system ID LED setting To identify a server, enable or disable System ID LED blinking on the managed system. Configuring system ID LED setting using web interface To configure the System ID LED display: 1. In iDRAC Web interface, go to Overview > Hardware > Front Panel. The Front Panel page is displayed. 2.
Setting first boot device You can set the first boot device for the next boot only or for all subsequent reboots. If you set the device to be used for all subsequent boots, it remains as the first boot device in the BIOS boot order until it is changed again either from the iDRAC web interface or from the BIOS boot sequence.
Enabling last crash screen To troubleshoot the cause of a crash on the managed system, you can capture the system crash image using iDRAC. NOTE: For information about Server Administrator, see the Dell OpenManage Server Administrator Installation Guide at dell.com/support/manuals. For information about iSM, see Using iDRAC Service Module on page 262. 1.
NOTE: Use the default IP address. Ensure that the IP address of the USB NIC interface is not in the same network subnet as the iDRAC or host OS IP addresses. If this IP address conflicts with an IP address of other interfaces of the host system or the local network, you must change it. NOTE: Do not use 169.254.0.3 and 169.254.0.4 IP addresses. These IP addresses are reserved for the USB NIC port on the front panel when an A/A cable is used.
● ● ● ● ● ● ● ● ● ● ● vSphere v5.1 U1 ESXi vSphere v5.5 ESXi vSphere v5.5 U3 vSphere 6.0 vSphere 6.0 U1 CentOS 6.5 CentOS 7.0 Ubuntu 14.04.1 LTS Ubuntu 12.04.04 LTS Debian 7.6 (Wheezy) Debian 8.0 On servers with Windows 2008 SP2 64-bit operating system, the iDRAC Virtual CD USB Device is not discovered automatically (or enabled). You must enable this manually.
To install the VIB file: 1. Using Win-SCP, copy the VIB file to /tmp/ folder of the ESX-i host operating system. 2. Go to the ESXi prompt and run the following command: esxcli software vib install -v /tmp/ iDRAC_USB_NIC-1.0.0-799733X03.vib --no-sig-check The output is: Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective. Reboot Required: true VIBs Installed: Dell_bootbank_iDRAC_USB_NIC_1.0.0-799733X03 VIBs Removed: VIBs Skipped: 3.
1. In the iDRAC Settings utility, go to Communications Permissions. The iDRAC Settings.Communications Permissions page is displayed. 2. Select any of the following options to enable OS to iDRAC pass-through: ● LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or NDC. ● USB NIC — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the internal USB bus.
Related concepts SSL server certificates on page 94 Generating a new certificate signing request on page 94 SSL server certificates iDRAC includes a web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. An SSL encryption option is provided to disable weak ciphers.
After the CA receives a CSR, they review and verify the information the CSR contains. If the applicant meets the CA’s security standards, the CA issues a digitally-signed SSL server certificate that uniquely identifies the applicant’s server when it establishes SSL connections with browsers running on management stations. After the CA approves the CSR and issues the SSL server certificate, it can be uploaded to iDRAC.
Uploading server certificate using RACADM To upload the SSL server certificate, use the sslcertupload command. For more information, see the RACADM Command Line Reference Guide for iDRAC available at dell.com/idracmanuals. If the CSR is generated outside of iDRAC with a private key available, then to upload the certificate to iDRAC: 1. Send the CSR to a well-known root CA. CA signs the CSR and the CSR becomes a valid certificate. 2. Upload the private key using the remote racadm sslkeyupload command. 3.
Uploading custom SSL certificate signing certificate using RACADM To upload the custom SSL certificate signing certificate using RACADM, use the sslcertupload command, and then use the racreset command to reset iDRAC. For more information, see the iDRAC RACADM Command Line Reference Guide available at www.dell.com/idracmanuals. Downloading custom SSL certificate signing certificate You can download the custom signing certificate using iDRAC Web interface or RACADM.
● The configuration file contains information that is applicable for the particular server. The information is organized under various object groups. ● Some configuration files contain unique iDRAC information, such as the static IP address, that you must modify before you import the file into other iDRACs. You can also use the System Configuration Profile to configure multiple iDRACs using RACADM. System configuration XML file contains the component configuration information.
Disabling access to modify iDRAC configuration settings on host system You can disable access to modify the iDRAC configuration settings through Local RACADM or iDRAC Settings utility. However, you can view these configuration settings. To do this: 1. In iDRAC Web interface, go to Overview > iDRAC Settings > Network > Services. 2. Select one or both of the following: ● Disable the iDRAC Local Configuration using iDRAC Settings — Disables access to modify the configuration settings in iDRAC Settings utility.
5 Viewing iDRAC and managed system information You can view iDRAC and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.
The Hardware Inventory section displays the information for the following components available on the managed system: ● iDRAC ● RAID controller ● Batteries ● CPUs ● DIMMs ● HDDs ● Backplanes ● Network Interface Cards (integrated and embedded) ● Video card ● SD card ● Power Supply Units (PSUs) ● Fans ● Fibre Channel HBAs ● USB ● NVMe PCIe SSD devices The Firmware Inventory section displays the firmware version for the following components: ● BIOS ● Lifecycle Controller ● iDRAC ● OS driver pack ● 32-bit diagn
● Fan (available only for rack and tower servers) — Provides information about the system fans — fan redundancy and fans list that display fan speed and threshold values. ● CPU — Indicates the health and state of the CPUs in the managed system. It also reports processor automatic throttling and predictive failure. ● Memory — Indicates the health and state of the Dual In-line Memory Modules (DIMMs) present in the managed system. ● Intrusion — Provides information about the chassis.
Table 15. Sensor information using web interface and RACADM View sensor information For Using web interface Using RACADM Removable Flash Media Overview > Hardware > Removable Flash Media Temperature Overview > Server > Power/Thermal > Temperatures Overview > Server > Power/Thermal > Voltages Monitoring performance index of CPU, memory, and IO modules In Dell’s 13 th generation Dell PowerEdge servers, Intel ME supports Compute Usage Per Second (CUPS) functionality.
● Login privilege is required to monitor performance data. ● Configure privilege is required for setting warning thresholds and reset historical peaks. ● Login privilege and Enterprise license are required to read historical statics data. Monitoring performance index for of CPU, memory, and IO modules using web interface To monitor the performance index of CPU, memory, and I/O modules, in the iDRAC web interface, go to Overview > Hardware.
NOTE: You can track the temperature history even for systems that are not fresh air compliant. However, the threshold limits and fresh air related warnings generated are based on fresh air supported limits. The limits are 42ºC for warning and 47ºC for critical. These values correspond to 40ºC and 45ºC fresh air limits with 2ºC margin for accuracy.
2. In the Temperature Probes section, for the System Board Inlet Temp, enter the minimum and maximum values for the Warning Threshold in Centigrade or Fahrenheit. If you enter the value in centigrade, the system automatically calculates and displays the Fahrenheit value. Similarly, if you enter Fahrenheit, the value for Centigrade is displayed. 3. Click Apply. The values are configured.
Viewing FlexAddress mezzanine card fabric connections In blade servers, FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/ MAC) for each managed server port connection. You can view the following information for each installed embedded Ethernet and optional mezzanine card port: ● Fabrics to which the cards are connected. ● Type of fabric. ● Server-assigned, chassis-assigned, or remotely assigned MAC addresses.
6 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: ● iDRAC Web Interface ● Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only ● IPMI Serial Over LAN ● IPMI Over LAN ● Remote RACADM ● Local RACADM ● Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
Related concepts Communicating with iDRAC through serial connection using DB9 cable on page 109 Switching between RAC serial and serial console while using DB9 cable on page 112 Communicating with iDRAC using IPMI SOL on page 112 Communicating with iDRAC using IPMI over LAN on page 118 Enabling or disabling remote RACADM on page 119 Disabling local RACADM on page 119 Enabling IPMI on managed system on page 119 Configuring Linux for serial console during boot on page 120 Supported SSH cryptography schemes on
NOTE: This is applicable only for iDRAC on rack and tower servers. 1. Turn on or restart the system. 2. Press F2. 3. Go to System BIOS Settings > Serial Communication. 4. Select External Serial Connector to Remote Access device. 5. Click Back, click Finish, and then click Yes. 6. Press Esc to exit System Setup. Enabling RAC serial connection After configuring serial connection in BIOS, enable RAC serial in iDRAC. NOTE: This is applicable only for iDRAC on rack and tower servers.
3. Click Apply. Enabling serial connection IPMI mode using RACADM To configure the IPMI mode, disable the RAC serial interface and then enable the IPMI mode. racadm set iDRAC.Serial.Enable 0 racadm set iDRAC.IPMISerial.ConnectionMode n=0 — Terminal Mode n=1 — Basic Mode Enabling serial connection IPMI serial settings using RACADM 1. Change the IPMI serial-connection mode to the appropriate setting using the command. racadm set iDRAC.Serial.Enable 0 2. Set the IPMI Serial baud rate using the command.
The Terminal Mode Settings page is displayed. 4. Specify the following values: ● ● ● ● ● ● Line editing Delete control Echo Control Handshaking control New line sequence Input new line sequences For information about the options, see the iDRAC Online Help. 5. Click Apply. The terminal mode settings are configured. 6. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection.
Related concepts Configuring BIOS for serial connection on page 113 Configuring iDRAC to use SOL on page 113 Enabling supported protocol on page 114 Configuring BIOS for serial connection NOTE: This is applicable only for iDRAC on rack and tower servers. 1. Turn on or restart the system. 2. Press F2. 3. Go to System BIOS Settings > Serial Communication. 4. Specify the following values: ● Serial Communication — On With Console Redirection ● Serial Port Address — COM2.
1. Enable IPMI Serial over LAN using the command. racadm set iDRAC.IPMISol.Enable 1 2. Update the IPMI SOL minimum privilege level using the command. racadm set iDRAC.IPMISol.MinPrivilege Parameter Privilege level = 2 User = 3 Operator = 4 Administrator NOTE: The IPMI SOL minimum privilege level determines the minimum privilege to activate IPMI SOL. For more information, see the IPMI 2.0 specification. 3. Update the IPMI SOL baud rate using the command.
● Telnet racadm set iDRAC.Telnet.Enable 1 ● SSH racadm set iDRAC.SSH.Enable 1 To change the SSH port racadm set iDRAC.SSH.Port You can use tools such as: ● IPMItool for using IPMI protocol ● Putty/OpenSSH for using SSH or Telnet protocol Related tasks SOL using IPMI protocol on page 115 SOL using SSH or Telnet protocol on page 115 SOL using IPMI protocol The IPMI-based SOL utility and IPMItool uses RMCP+ delivered using UDP datagrams to port 623.
Before using SSH or Telnet to communicate with iDRAC, make sure to: 1. Configure BIOS to enable Serial Console. 2. Configure SOL in iDRAC. 3. Enable SSH or Telnet using iDRAC Web interface or RACADM. Telnet (port 23)/ SSH (port 22) client <−−> WAN connection <−−> iDRAC The IPMI-based SOL that uses SSH or Telnet protocol eliminates the need for an additional utility because the serial to network translation happens within iDRAC.
● console com2 This connects iDRAC to the managed system’s SOL port. Once a SOL session is established, iDRAC command line console is not available. Follow the escape sequence correctly to open the iDRAC command line console. The escape sequence is also printed on the screen as soon as a SOL session is connected. When the managed system is off, it takes sometime to establish the SOL session. NOTE: You can use console com1 or console com2 to start SOL. Reboot the server to establish the connection.
Disconnecting SOL session in iDRAC command line console The commands to disconnect a SOL session are based on the utility. You can exit the utility only when a SOL session is completely terminated. To disconnect a SOL session, terminate the SOL session from the iDRAC command line console. ● To quit SOL redirection, press Enter, Esc, T. The SOL session closes. ● To quit a SOL session from Telnet on Linux, press and hold Ctrl+]. A Telnet prompt is displayed. Type quit to exit Telnet.
Parameter Privilege level = 2 User = 3 Operator = 4 Administrator 3. Set the IPMI LAN channel encryption key ,if required. racadm set iDRAC.IPMILan.EncryptionKey Parameter Description 20-character encryption key in a valid hexadecimal format. NOTE: The iDRAC IPMI supports the RMCP+ protocol. For more information, see the IPMI 2.0 specifications at intel.com.
Configuring Linux for serial console during boot The following steps are specific to the Linux GRand Unified Bootloader (GRUB). Similar changes are required if a different boot loader is used. NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected Virtual Console to 25 rows x 80 columns to make sure the correct text displays. Else, some text screens may be garbled. Edit the /etc/grub.conf file as follows: 1.
The following example shows a sample file with the new line. #inittab This file describes how the INIT process should set up #the system in a certain run-level. #Author:Miquel van Smoorenburg #Modified for RHS Linux by Marc Ewing and Donnie Barnes #Default runlevel.
tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1 Supported SSH cryptography schemes To communicate with iDRAC using SSH protocol, it supports multiple cryptography schemes listed in the following table. Table 17. SSH cryptography schemes Scheme Type Algorithms Asymmetric Cryptography Public key ssh-rsa ecdsa-sha2-nistp256 Symmetric Cryptography Key Exchange curve25519-sha256@libssh.
perform various functions. The uploaded keys must be in RFC 4716 or OpenSSH format. Else, you must convert the keys into that format. NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell recommends not enabling DSA public key support. In any scenario, a pair of private and public key must be generated on the management station.
When adding new public keys, make sure that the existing keys are not at the index where the new key is added. iDRAC does not perform checks to make sure previous key(s) are deleted before a new key(s) are added. When a new key is added, it is usable if the SSH interface is enabled. Uploading SSH keys using web interface To upload the SSH keys: 1. In the iDRAC Web interface, go to Overview > iDRAC Settings > Network > User Authentication > Local Users. The Users page is displayed. 2.
Deleting SSH keys Before deleting the public keys, make sure that you view the keys if they are set up, so that a key is not accidentally deleted. Deleting SSH keys using web interface To delete the SSH key(s): 1. In Web interface, go to Overview > iDRAC Settings > Network > User Authentication > Local Users. The Users page is displayed. 2. In the User ID column, click a user ID number. The Users Main Menu page is displayed. 3. Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next.
7 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. This default user name is root and the password is calvin. As an administrator, you can setup user accounts to allow other users to access iDRAC.
NOTE: The characters allowed in user names and passwords for network shares are determined by the network-share type. iDRAC supports valid characters for network share credentials as defined by the share type, except <, >, and , (comma). NOTE: To improve security, it is recommended to use complex passwords that have eight or more characters and include lowercase alphabets, uppercase alphabets, numbers, and special characters. It is also recommended to regularly change the passwords, if possible.
To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the RACADM Command Line Interface Guide available at dell.com/idracmanuals. If you use the configuration XML file, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol attributes to enable SNMPv3 authentication. Adding iDRAC user using RACADM 1. Set the index and user name. racadm set idrac.users..
You can configure user authentication through Active Directory to log in to the iDRAC. You can also provide role-based authority, which enables an administrator to configure specific privileges for each user. The iDRAC role and privilege names have changed from earlier generation of servers. The role names are: Table 20.
Related tasks Enabling SSL on domain controller on page 130 Enabling SSL on domain controller When iDRAC authenticates users with an Active Directory domain controller, it starts an SSL session with the domain controller. At this time, the domain controller must publish a certificate signed by the Certificate Authority (CA)—the root certificate of which is also uploaded into iDRAC.
Importing iDRAC firmware SSL certificate iDRAC SSL certificate is the identical certificate used for iDRAC Web server. All iDRAC controllers are shipped with a default self-signed certificate. If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC Server certificate to the Active Directory Domain controller.
Figure 1. Configuration of iDRAC with active directory standard schema In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to five role groups in each iDRAC.
Configuring Standard schema Active Directory To configure iDRAC for an Active Directory login access: 1. On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2. Create a group or select an existing group. Add the Active Directory user as a member of the Active Directory group to access iDRAC. 3. Configure the group name, domain name, and the role privileges on iDRAC using the iDRAC web interface or RACADM.
racadm set address of racadm set address of racadm set address of racadm set address of racadm set address of iDRAC.ActiveDirectory.DomainController2 iDRAC.ActiveDirectory.DomainController3 iDRAC.ActiveDirectory.GlobalCatalog1 iDRAC.ActiveDirectory.GlobalCatalog2 iDRAC.ActiveDirectory.
Best practices for extended schema The extended schema uses Dell association objects to join iDRAC and permission. This allows you to use iDRAC based on the overall permissions granted. The default Access Control List (ACL) of Dell Association objects allows Self and Domain Administrators to manage the permissions and scope of iDRAC objects. By default, the Dell Association objects do not inherit all permissions from the parent Active Directory objects.
Figure 2. Typical setup for active directory objects You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one iDRAC Device Object for each iDRAC device on the network that you want to integrate with Active Directory for Authentication and Authorization with iDRAC. The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects.
The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both iDRAC1 and iDRAC2.
1. In the Welcome screen, click Next. 2. Read and understand the warning and click Next. 3. Select Use Current Log In Credentials or enter a user name and password with schema administrator rights. 4. Click Next to run the Dell Schema Extender. 5. Click Finish. The schema is extended. To verify the schema extension, use the MMC and the Active Directory Schema Snap-in to verify that the classes and attributes classes and attributes exist.
Table 26. dellRAC4Privileges class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines the privileges (Authorization Rights) for iDRAC Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 27. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 29. List of attributes added to the active directory schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued attribute is the forward link to the dellAssociationMembers backward link. Link ID: 12070 dellIsLoginUser 1.2.840.113556.1.8000.1280.1.1.2.3 TRUE if the user has Login rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsCardConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.
Table 29. List of attributes added to the active directory schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellAssociationMembers 1.2.840.113556.1.8000.1280.1.1.2.14 List of dellAssociationObjectMembers that belong to this Product. This attribute is the backward link to the dellProductMembers linked attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.
1. In the Console Root (MMC) window, right-click a container. 2. Select New > Dell Remote Management Object Advanced. The New Object window is displayed. 3. Enter a name for the new object. 4. Select Privilege Object and click OK. 5. Right-click the privilege object that you created, and select Properties. 6. Click the Remote Management Privileges tab and assign the privileges for the user or group.
Adding privileges To add privileges: Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC device. Only one privilege object can be added to an Association Object. 1. Select the Privileges Object tab and click Add. 2. Enter the privilege object name and click OK. 3.
1. Use the following commands: racadm set racadm set racadm set racadm set racadm set address of racadm set address of racadm set address of iDRAC.ActiveDirectory.Enable 1 iDRAC.ActiveDirectory.Schema 2 iDRAC.ActiveDirectory.RacName iDRAC.ActiveDirectory.RacDomain iDRAC.ActiveDirectory.DomainController1 iDRAC.ActiveDirectory.
Testing Active Directory settings using iDRAC web interface To test the Active Directory settings: 1. In iDRAC Web Interface, go to Overview > iDRAC Settings > User Authentication > Directory Services > Microsoft Active Directory. The Active Directory summary page is displayed. 2. Click Test Settings. 3. Enter a test user's name (for example, username@domain.com) and password and click Start Test. A detailed test results and the test log displays.
NOTE: If certificate validation is enabled, specify the LDAP Server’s FQDN and make sure that DNS is configured correctly under Overview > iDRAC Settings > Network. NOTE: In this release, nested group is not supported. The firmware searches for the direct member of the group to match the user DN. Also, only single domain is supported. Cross domain is not supported. 6. Click Next. The Generic LDAP Configuration and Management Step 3a of 3 page is displayed. 7. Click Role Group.
8 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Registering iDRAC as a computer in Active Directory root domain To register iDRAC in Active Directory root domain: 1. Click Overview > iDRAC Settings > Network > Network. The Network page is displayed. 2. Provide a valid Preferred/Alternate DNS Server IP address. This value is a valid DNS server IP address that is part of the root domain. 3. Select Register iDRAC on DNS. 4. Provide a valid DNS Domain Name. 5. Verify that network DNS configuration matches with the Active Directory DNS information.
3. Associate the device object and privilege object using the association object. 4. Add the preceding SSO user (login user) to the device object. 5. Provide access privilege to Authenticated Users for accessing the created association object. Related concepts Adding iDRAC users and privileges to Active Directory on page 141 Configuring iDRAC SSO login for Active Directory users Before configuring iDRAC for Active Directory SSO login, make sure that you have completed all the prerequisites.
Related concepts Obtaining certificates on page 93 Uploading smart card user certificate on page 150 Enabling or disabling smart card login on page 151 Uploading smart card user certificate Before you upload the user certificate, make sure that the user certificate from the smart card vendor is exported in Base64 format. SHA-2 certificates are also supported.
Configuring iDRAC smart card login for Active Directory users Before configuring iDRAC Smart Card login for Active Directory users, make sure that you have completed the required prerequisites. To configure iDRAC for smart card login: 1. In iDRAC Web interface, while configuring Active Directory to set up an user account based on standard schema or extended schema, on the Active Directory Configuration and Management Step 1 of 4 page: ● Enable certificate validation.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Enabling or disabling smart card login using iDRAC settings utility To enable or disable the Smart Card logon feature: 1. In the iDRAC Settings utility, go to Smart Card. The iDRAC Settings Smart Card page is displayed. 2. Select Enabled to enable smart card logon. Else, select Disabled. For more information about the options, see iDRAC Settings Utility Online Help. 3.
9 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
Enabling or disabling alerts using web interface To enable or disable generating alerts: 1. In iDRAC Web interface, go to Overview > Server > Alerts. The Alerts page is displayed. 2. Under Alerts section: ● Select Enable to enable alert generation or perform an event action. ● Select Disable to disable alert generation or disable an event action. 3. Click Apply to save the setting. Enabling or disabling alerts using RACADM Use the following command: racadm set iDRAC.IPMILan.
● Warning ● Critical 4. Click Apply. The Alert Results section displays the results based on the selected category and severity. Filtering alerts using RACADM To filter the alerts, use the eventfilters command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Setting alert recurrence event You can configure iDRAC to generate additional events at specific intervals if the system continues to operate at a temperature which is greater than the inlet temperature threshold limit. The default interval is 30 days. The valid range is 0 to 366 days. A value of ‘0’ indicates no event recurrence. NOTE: You must have Configure iDRAC privilege to set the alert recurrence value. Setting alert recurrence events using iDRAC web interface To set the alert recurrence value: 1.
Configuring email alert, SNMP trap, or IPMI trap settings The management station uses Simple Network Management Protocol (SNMP) and Intelligent Platform Management Interface (IPMI) traps to receive data from iDRAC. For systems with large number of nodes, it may not be efficient for a management station to poll each iDRAC for every condition that may occur. For example, event traps can help a management station with load balancing between nodes or by issuing an alert if an authentication failure occurs.
1. To enable traps: racadm set idrac.SNMP.Alert..Enable Parameter Description Destination index. Allowed values are 1 through 8. =0 Disable the trap =1 Enable the trap 2. To configure the trap destination address: racadm set idrac.SNMP.Alert..DestAddr Parameter Description Destination index. Allowed values are 1 through 8. A valid IPv4, IPv6, or FQDN address 3. Configure the SNMP community name string: racadm set idrac.ipmilan.
Configuring email alert settings You can configure the email address to receive the email alerts. Also, configure the SMTP server address settings. NOTE: If your mail server is Microsoft Exchange Server 2007, make sure that iDRAC domain name is configured for the mail server to receive the email alerts from iDRAC. NOTE: Email alerts support both IPv4 and IPv6 addresses. The DRAC DNS Domain Name must be specified when using IPv6.
4. To test the configured email alert, if required: racadm testemail -i [index] Parameter Description index Email destination index to be tested. Allowed values are 1 through 4. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/ idracmanuals. Configuring SMTP email server address settings You must configure the SMTP server address for email alerts to be sent to specified destinations.
Monitoring chassis events On the PowerEdge FX2/FX2s chassis, you can enable the Chassis Management and Monitoring setting in iDRAC to perform chassis management and monitoring tasks such as monitoring chassis components, configuring alerts, using iDRAC RACADM to pass CMC RACADM commands, and updating the chassis management firmware. This setting allows you to manage the servers in the chassis even if the CMC is not on the network. You can set the value to Disabled to forward the chassis events.
Table 30.
Table 30.
Table 30.
10 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WS-MAN interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
If no arguments are specified, the entire log is displayed. To display the number of SEL entries: racadm getsel -i To clear the SEL entries: racadm clrsel For more information, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1.
Filtering Lifecycle logs You can filter logs based on category, severity, keyword, or date range. To filter the lifecycle logs: 1. In the Lifecycle Log page, under the Log Filter section, do any or all of the following: ● ● ● ● Select the Log Type from the drop-down list. Select the severity level from the Severity drop-down list. Enter a keyword. Specify the date range. 2. Click Apply. The filtered log entries are displayed in Log Results.
Exporting Lifecycle Controller logs using RACADM To export the Lifecycle Controller logs, use the lclog export command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/support/ manuals. Adding work notes Each user who logs in to iDRAC can add work notes and this is stored in the lifecycle log as an event. You must have iDRAC logs privilege to add work notes. A maximum of 255 characters are supported for each new work note.
11 Monitoring and managing power You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: ● Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
Monitoring power using RACADM To view the power-monitoring information, use the get command with the objects in the System.Power group. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Setting warning threshold for power consumption You can set the warning threshold value for the power consumption sensor in the rack and tower systems.
● Power Cycle System (cold boot) 3. Click Apply. For more information, see the iDRAC Online Help. Executing power control operations using RACADM To perform power actions, use the serveraction command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Power capping You can view the power threshold limits that covers the range of AC and DC power consumption that a system under heavy workload presents to the datacenter.
The Power Configuration page is displayed. The current power policy limit is displayed under the Currently Active Power Cap Policy section. 2. Select Enable under iDRAC Power Cap Policy. 3. Under User-Defined Limits section, enter the maximum power limit in Watts and BTU/hr or the maximum % of recommended system limit. 4. Click Apply to apply the values.
2. Under Power Supply Options, select the required options. For more information, see iDRAC Online Help. 3. Click Apply. The power supply options are configured. Configuring power supply options using RACADM To ● ● ● ● configure the power supply options, use the following objects with the set command: System.Power.RedundancyPolicy System.Power.Hotspare.Enable System.Power.Hotspare.PrimaryPSU System.Power.PFC.
12 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: ● Network Interface Cards (NICs) ● Converged Network Adapters (CNAs) ● LAN On Motherboards (LOMs) ● Network Daughter Cards (NDCs) ● Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and partition-l
Monitoring network devices using RACADM To view information about network devices, use the hwinventory and nicstatistics commands. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Additional properties may be displayed when using RACADM or WS-MAN in addition to the properties displayed in the iDRAC web interface.
● Configure the initiator (for iSCSI and FCoE) and storage target settings (for iSCSI, FCoE, and FC). ● Specify persistence or clearance of the configured values over a system AC power loss, cold, and warm system resets. The values configured for virtual addresses, initiator and storage targets may change based on the way the main power is handled during system reset and whether the NIC, CNA, or FC HBA device has auxiliary power.
Table 31.
Table 32. Virtual/Flex Address and Persistence Policy behavior Flex Address Feature State in CMC Mode set in iDRAC IO Identity Feature State in iDRAC XML Configuration Persistence Policy Clear Persistence Policy — Virtual Address Flex Address disabled Flex Address Mode Enabled VAM not configured Set to hardware MAC address No persistence supported.
Table 33.
To view the I/O Identity Optimization setting, use the command: racadm get iDRAC.IOIDOpt Configuring persistence policy settings Using IO identity, you can configure policies specifying the system reset and power cycle behaviors that determine the persistence or clearance of the virtual address, initiator, and storage target settings. Each individual persistence policy attribute applies to all ports and partitions of all applicable devices in the system.
Configuring persistence policy settings using iDRAC web interface To configure the persistence policy: 1. In the iDRAC Web interface, go to Overview > Hardware > Network Devices. The Network Devices page is displayed. 2. Click I/O Identity Optimization tab. 3. In the Persistence Policy section, select one or more of the following for each persistence policy: ● A/C Power Loss - The virtual address or target settings persist when AC power loss conditions occur.
Table 35. iSCSI initiator —default values iSCSI Initiator Default Values in IPv4 mode Default Values in IPv6 mode IscsiInitiatorName Value Cleared Value Cleared IscsiInitiatorChapId Value Cleared Value Cleared IscsiInitiatorChapPwd Value Cleared Value Cleared IPVer Ipv4 Table 36. Iscsi storage target attributes — default values iSCSI Storage Target Attributes Default Values in IPv4 mode Default Values in IPv6 mode ConnectFirstTgt Disabled Disabled FirstTgtIpAddress 0.0.0.
13 Managing storage devices Beginning with iDRAC 2.00.00.00 release, iDRAC expands its agent-free management to include direct configuration of the new PERC9 controllers. It enables you to remotely configure the storage components attached to your system at run-time. These components include RAID and non-RAID controllers and the channels, ports, enclosures, and disks attached to them.
Table 37. PERC Capability (continued) PERC Capability CEM configuration Capable Controller (PERC 9.1 or later) CEM configuration Non-capable Controller (PERC 9.0 and lower) jobs to be completed before applying the configuration at run-time. Run-time or real-time means, a reboot is not required. Staged If all the set operations are staged, the configuration is staged and applied after reboot or it is applied at real-time.
RAID RAID is a technology for managing the storage of data on the physical disks that reside or are attached to the system. A key aspect of RAID is the ability to span physical disks so that the combined storage capacity of multiple physical disks can be treated as a single, extended disk space. Another key aspect of RAID is the ability to maintain redundant data which can be used to restore data in the event of a disk failure.
Organizing data storage for availability and performance RAID provides different methods or RAID levels for organizing the disk storage. Some RAID levels maintain redundant data so that you can restore data after a disk failure. Different RAID levels also entail an increase or decrease in the I/O (read and write) performance of a system. Maintaining redundant data requires the use of additional physical disks. The possibility of a disk failure increases with an increase in the number of disks.
RAID 0 characteristics: ● ● ● ● Groups n disks as one large virtual disk with a capacity of (smallest disk size) *n disks. Data is stored to the disks alternately. No redundant data is stored. When a disk fails, the large virtual disk fails with no means of rebuilding the data. Better read and write performance. RAID level 1 - mirroring RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks.
● Redundancy for protection of data. ● RAID 1 is more expensive in terms of disk space since twice the number of disks are used than required to store the data without redundancy. RAID level 5 -striping with distributed parity RAID 5 provides data redundancy by using data striping in combination with parity information. Rather than dedicating a physical disk to parity, the parity information is striped across all physical disks in the disk group.
RAID 6 characteristics: ● ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n-2) disks. Redundant information (parity) is alternately stored on all disks. The virtual disk remains functional with up to two disk failures. The data is reconstructed from the surviving disks. Better read performance, but slower write performance. Increased redundancy for protection of data. Two disks per span are required for parity. RAID 6 is more expensive in terms of disk space.
RAID 50 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-1) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 5 span. ● Better read performance, but slower write performance. ● Requires as much parity information as standard RAID 5. ● Data is striped across all spans. RAID 50 is more expensive in terms of disk space.
RAID 60 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 6 span. ● Better read performance, but slower write performance. ● Increased redundancy provides greater data protection than a RAID 50. ● Requires proportionally as much parity information as RAID 6. ● Two disks per span are required for parity.
RAID 10 characteristics: ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. Improved read performance and write performance. Redundancy for protection of data.
Table 38. RAID level performance comparison RAID Level Data Availability Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential reads: good. Transactional reads: Very good Fair, unless using writeback cache Poor N + 2 (N = at least two disks) Critical information. Databases and other read intensive transactional uses.
Supported enclosures iDRAC supports MD1200, MD1220, MD1400, and MD1420 enclosures. NOTE: Redundant Array of Inexpensive Disks (RBODS) that are connected to HBA controllers are not supported. Summary of supported features for storage devices The following table provides the features supported by the storage devices through iDRAC. NOTE: Features such as prepare to remove and blink or unblink component LED are not applicable for HHHL PCIe SSD cards. Table 39.
Table 39.
Table 39.
For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Monitoring backplane using iDRAC settings utility In the iDRAC Settings utility, go to System Summary. The iDRAC Settings.System Summary page is displayed. The Backplane Inventory section displays the backplane information. For information about the fields, see the iDRAC Settings Utility Online Help.
● If no virtual disks are present, create at least one virtual disk. ● If physical disks are in non-RAID mode convert them to RAID mode using iDRAC interfaces such as iDRAC web interface, RACADM, or WS-MAN, or . If you have assigned a physical disk as a global hot spare in Add to Pending Operation mode, the pending operation is created but a job is not created. Then, if you try to unassign the same disk as global hot spare, the assign global hot spare pending operation is cleared.
Converting physical disks to RAID capable or non-RAID mode using the iDRAC web interface To convert the physical disks to RAID mode or non-RAID mode, perform the following steps: 1. In the iDRAC web interface, click Overview > Storage > Physical Disks > Setup. The Setup page is displayed. 2. From the Controller drop-down menu, select a controller. The physical disks associated with the selected controller are displayed. 3.
Creating virtual disks To implement RAID functions, you must create a virtual disk. A virtual disk refers to storage created by a RAID controller from one or more physical disks. Although a virtual disk may be created from several physical disks, it is seen by the operating system as a single disk. Before creating a virtual disk, you should be familiar with the information in Considerations Before Creating Virtual Disks. You can create a Virtual Disk using the Physical Disks attached to the PERC controller.
The maximum size is displayed and then updated as disks are selected. f. The Span Count field is displayed based on the selected physical disks (step 3). You cannot set this value. It is automatically calculated after selecting disks for multi-raid level. If you have selected RAID 10 and if the controller supports uneven RAID 10, then the span count value is not displayed. The controller automatically sets the appropriate value. 3. In the Select Physical Disks section, select the number of physical disks.
Similarly, if the PERC has cache but not battery and the policy is set that requires accessing cache, then data loss may occur if base of power off. So few PERCs may not allow that policy. Therefore, depending upon the PERC, the policy value is set. Deleting virtual disks Deleting a virtual disk destroys all information including file systems and volumes residing on the virtual disk and removes the virtual disk from the controller’s configuration.
A background initialization starts five minutes after the Fast Initialization is completed. Full or slow initialization The full initialization (also called slow initialize) operation initializes all physical disks included in the virtual disk. It updates the metadata on the physical disks and erases all existing data and file systems. You can perform a full initialization after creating the virtual disk.
additional Action drop-down menus. Also, the Remove link is displayed next to the selected action. Click this link to remove the selected action. ● Delete ● Edit Policy: Read Cache — Change the read cache policy to one of the following options: ○ No Read Ahead ○ Read Ahead ○ Adaptive Read Ahead NOTE: Previous generations of PERC controllers support read policy settings of No Read Ahead, Read Ahead, and Adaptive Read Ahead.
To cancel the consistency check: racadm storage cancelcheck: ● To encrypt virtual disks: racadm storage encryptvd: ● To assign or unassign dedicated hot spares: racadm storage hotspare: -assign
You must have Login and Server Control privilege to configure the controller properties. Patrol read mode considerations Patrol read identifies disk errors to avoid disk failures, data loss, or corruption. The Patrol Read does not run on a physical disk in the following circumstances: ● The physical disk is not included in a virtual disk or assigned as a hot spare.
Create or change security keys When configuring the controller properties, you can create or change the security keys. The controller uses the encryption key to lock or unlock access to SED. You can create only one encryption key for each encryption-capable controller. The security key is managed using the Local Key Management (LKM) feature. LKM is used to generate the key ID and the password or key required to secure the virtual disk.
● To create, modify, or delete security key to encrypt virtual drives: racadm storage createsecuritykey: -key -passwd racadm storage modifysecuritykey: -key -oldpasswd -newpasswd racadm storage deletesecuritykey: Importing or auto importing foreign configuration A foreign configuration is data residing on physical disks that have been moved from one controller to another.
Importing foreign configuration using web interface To import foreign configuration: 1. In the iDRAC Web interface, go to Overview > Storage > Controllers > Setup. The Setup Controllers page is displayed. 2. In the Foreign Configuration section, from the Controller drop-down menu, select the controller that you want to configure. 3. From the Apply Operation Mode drop-down menu, select when you want to import. 4. Click Import Foreign Configuration.
Resetting controller configuration You can reset the configuration for a controller. This operation deletes virtual disk drives and unassigns all hot spares on the controller. It does not erase any data other than removing the disks from the configuration. Reset configuration also does not remove any foreign configurations. The real-time support of this feature is available only in PERC 9.1 firmware. Reset configuration does not erase any data.
● If the PERC controller is in RAID mode, you must clear any virtual disks, hot spares, foreign configurations, controller keys, or preserved cache before changing it to HBA mode. ● You cannot configure other RAID operations while setting the controller mode. For example, if the PERC is in RAID mode and you set the pending value of the PERC to HBA mode, and you try to set the BGI attribute, the pending value is not initiated.
● Blink or unblink LEDs NOTE: ● You must perform Collect System Inventory On Reboot (CSIOR) operation before inventorying or monitoring the non-RAID controllers. ● Reboot the system after performing a firmware update. ● Real-time monitoring for SMART enabled drives and SES enclosure sensors is only done for the 12 Gbps SAS HBA controllers and HBA330 internal controllers.
● Run the jobs on each controller individually. Wait for each job to complete before starting the configuration and job creation on the next controller. ● Schedule multiple jobs to run at a later time using the scheduling options.
Inventorying and monitoring PCIe SSDs using RACADM Use the racadm storage get controllers: command to inventory and monitor PCIe SSDs. To view all PCIe SSD drives: racadm storage get pdisks To view PCIe extender cards: racadm storage get controllers To view PCIe SSD backplane information: racadm storage get enclosures NOTE: For all the mentioned commands, PERC devices are also displayed. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.
If there are jobs to be completed, then this option is grayed-out. NOTE: For PCIe SSD devices, only the Apply Now option is available. This operation is not supported in staged mode. 5. Click Apply. If the job is not created, a message indicating that the job creation was not successful is displayed. Also, the message ID and the recommended response action is displayed. If the job is created successfully, a message indicating that the job ID is created for the selected controller is displayed.
4. From the Apply Operation Mode drop-down menu, select one of the following options: ● At Next Reboot — Select this option to apply the actions during the next system reboot. This is the default option for PERC 8 controllers. ● At Scheduled Time — Select this option to apply the actions at a scheduled day and time: ○ Start Time and End Time — Click the calendar icons and select the days. From the drop-down menus, select the time. The action is applied between the start time and end time.
Configuring backplane mode The Dell 13 th generation PowerEdge servers supports a new internal storage topology, where two storage controllers (PERCs) can be connected to a set of internal drives through a single expander. This configuration is used for high performance mode with no failover or High Availability (HA) functionality. The expander splits the internal drive array between the two storage controllers.
● ● ● ● Split Mode 8:16 Split Mode 16:8 Split Mode 20:4 Information Not Available 4. From the Apply Operation Mode drop-down menu, select Apply Now to apply the actions immediately, and then click Apply. A job ID is created. 5. Go to the Job Queue page and verify that it displays the status as Completed for the job. 6. Power cycle the system for the setting to take effect. Configuring enclosure using RACADM To configure the enclosure or backplane, use the set command with the objects in BackplaneMode.
8. Run the following command to view the backplanerequestedmode attribute value: racadm get storage.enclosure.1.backplanerequestedmode The output is: BackplaneRequestedMode=SplitMode 9. Run the following command to cold reboot the server: racadm serveraction powercycle 10. After the system completes POST and CSIOR, type the following command to verify the backplanerequestedmode: racadm get storage.enclosure.1.backplanerequestedmode The output is: BackplaneRequestedMode=None 11.
Setting SGPIO mode The storage controller can connect to the backplane in I2C mode (default setting for Dell backplanes) or Serial General Purpose Input/Output (SGPIO) mode. This connection is required for blinking LEDs on the drives. Dell PERC controllers and backplane support both these modes. To support certain channel adapters, the backplane mode must be changed SGPIO mode. The SGPIO mode is only supported for passive backplanes.
Power Cycle System (cold boot) NOTE: For PERC 8 or earlier controllers, Graceful Shutdown is the default option. For PERC 9 controllers, No Reboot (Manually Reboot System) is the default option. ● Add to Pending Operations — Select this option to create a pending operation to apply the settings. You can view all pending operations for a controller in the Overview > Storage > Pending Operations page.
■ Graceful Shutdown ■ Force Shutdown ■ Power Cycle System (cold boot) NOTE: For PERC 8 or earlier controllers, Graceful Shutdown is the default option. For PERC 9 controllers, No Reboot (Manually Reboot System) is the default option. 5. If the commit job is not created, a message indicating that the job creation was not successful is displayed. Also, the message ID and the recommended response action are displayed. 6.
If you have selected Add to Pending Operations and then clicked Apply, first the pending operation is created for the selected storage configuration operation. ● If the pending operation is created successfully and if there are no existing pending operations, then an information message is displayed: ○ Click OK to remain on the page to perform more storage configuration operations. ○ Click Pending Operations to view the pending operations for the device.
● Select or deselect all physical disk drives or PCIe SSDs — Select the Select/Deselect All option and click Blink to start blinking all the physical disk drives and the PCIe SSDs. Similarly, click Unblink to stop blinking the LEDs. ● Select or deselect individual physical disk drives or PCIe SSDs — Select one or more physical disk drives and click Blink to start blinking the LEDs for the physical disk drives or the PCIe SSDs. Similarly, click Unblink to stop blinking the LEDs. 4.
14 Configuring and using virtual console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: ● A maximum of six simultaneous Virtual Console sessions are supported. All the sessions view the same managed server console simultaneously.
Table 40. Supported screen resolutions and refresh rates Screen Resolution Refresh Rate (Hz) 1280x1024 60 It is recommended that you configure your monitor display resolution to 1280x1024 pixels or higher. NOTE: If you have an active Virtual Console session and a lower resolution monitor is connected to the Virtual Console, the server console resolution may reset if the server is selected on the local console.
● Web browser is configured to use HTML5, Java, or ActiveX plug-ins. ● Minimum network bandwidth of one MB/sec is available. NOTE: If the embedded video controller is disabled in BIOS and if you launch the Virtual Console, the Virtual Console Viewer is blank. While launching Virtual Console using 32-bit or 64-bit IE browsers, use HTML5, or use the required plug-in (Java or ActiveX) that is available in the respective browser. The Internet Options settings are common for all browsers.
NOTE: If you do not have Access Virtual Console privilege but have Access Virtual Media privilege, then using this URL launches the Virtual Media instead of the Virtual Console. Disabling warning messages while launching virtual console or virtual media using Java or ActiveX plug-in You can disable the warning messages while launching the Virtual Console or Virtual Media using Java plug-in. 1.
To launch the HTML5 virtual console, you must enable the virtual console feature from the iDRAC Virtual Console page and set the Virtual Console Type option to HTML5. You can launch virtual console as a pop-up window by using one of the following methods: ● From iDRAC Home page, click the Launch link available in the Console Preview session ● From iDRAC Virtual Console page, click Launch Virtual Console. ● From iDRAC login page, type https///console. This method is called as Direct Launch.
● Mouse Acceleration — Select the mouse acceleration based on the operating system. The following configuration options are displayed as a drop-down list: ○ Absolute (Windows, latest versions of Linux, Mac OS-X) ○ Relative, no acceleration ○ Relative (RHEL, earlier versions of Linux) ○ Linux RHEL 6.x and SUSE Linux Enterprise Server 11 or later Click Apply to apply the selected settings on the server. ● Virtual Media — Click Connect Virtual Media option to start the virtual media session.
Passing all keystrokes through virtual console for Java or ActiveX plug-in You can enable the Pass all keystrokes to server option and send all keystrokes and key combinations from the management station to the managed system through the Virtual Console Viewer. If it is disabled, it directs all the key combinations to the management station where the Virtual Console session is running.
● All the individual keys (not a combination of different keys, but a single key stroke) are always sent to the managed system. This includes all the Function keys, Shift, Alt, Ctrl key and Menu keys. Some of these keys affect both management station and managed system.
Using SSH or Telnet or external serial connector -directly connecting through serial cable 1. For telnet/SSH sessions, after logging in using the iDRAC username and password, at the /admin> prompt, run the command console com2. The localhost.localdomain prompt appears. 2. For console redirection using external serial connector directly connected to the system through a serial cable, the localhost.localdomain login prompt appears after the server boots to the operating system. 3.
15 Managing virtual media Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: ● Remotely access media connected to a remote system over the network ● Install applications ● Update drivers ● Install an operating system on the managed system This is a licensed feature for rack and tower servers. It is available by default for blade servers.
Table 41. Supported drives and devices Drive Supported Storage Media Virtual Optical Drives ● ● ● ● ● Virtual floppy drives ● CD-ROM/DVD image file in the ISO9660 format ● Floppy image file in the ISO9660 format USB flash drives ● USB CD-ROM drive with CD-ROM media ● USB Key image in the ISO9660 format Legacy 1.44 floppy drive with a 1.
Table 42. Attached media state and system response Attached Media State System Response Detach Cannot map an image to the system. Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed. Server settings for viewing virtual devices in virtual media You must configure the following settings in the management station to allow visibility of empty drives.
Launching virtual media without using virtual console Before you launch Virtual Media when the Virtual Console is disabled, make sure that ● Virtual Media is in Attach state. ● System is configured to unhide empty drives. To do this, in Windows Explorer, navigate to Folder Options, clear the Hide empty drives in the Computer folder option, and click OK. To launch Virtual Media when Virtual Console is disabled: 1. In the iDRAC web Interface, go to Overview > Server > Virtual Console.
Viewing virtual device details To view the virtual device details, in the Virtual Console Viewer, click Tools > Stats. In the Stats window, the Virtual Media section displays the mapped virtual devices and the read/write activity for each device. If Virtual Media is connected, this information is displayed. If Virtual Media is not connected, the “Virtual Media is not connected” message is displayed.
For CD/DVD devices, this option is enabled by default and you cannot disable it. NOTE: The ISO and IMG files map as read-only files if you map these files by using the HTML5 virtual console. 5. Click Map Device to map the device to the host server. After the device/file is mapped, the name of its Virtual Media menu item changes to indicate the device name. For example, if the CD/DVD device is mapped to an image file named foo.iso, then the CD/DVD menu item on the Virtual Media menu is named foo.
6. Click Yes to save the changes and exit. The managed system reboots. The managed system attempts to boot from a bootable device based on the boot order. If the virtual device is connected and a bootable media is present, the system boots to the virtual device. Otherwise, the system overlooks the device—similar to a physical device without bootable media. Enabling boot once for virtual media You can change the boot order only once when you boot after attaching remote Virtual Media device.
16 Installing and using VMCLI utility The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network. NOTE: VMCLI supports only the TLS 1.0 security protocol.
NOTE: VMCLI syntax is case-sensitive. To ensure security, it is recommended to use the following VMCLI parameters: ● vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users. ● vmcli -r -S -u -p -c {< device-name > | < image-file >} — Indicates whether the iDRAC CA certificate is valid.
For example, using the greater-than character (>) followed by a filename overwrites the specified file with the printed output of the VMCLI utility. NOTE: The VMCLI utility does not read from standard input (stdin). Hence, stdin redirection is not required. ● Background execution — By default, the VMCLI utility runs in the foreground. Use the operating system's command shell features for the utility to run in the background.
17 Managing vFlash SD card The vFlash SD card is a Secure Digital (SD) card that plugs into the vFlash SD card slot in the system. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. If the card is not available in the system's vFlash SD card slot, the following error message is displayed in the iDRAC Web interface at Overview > Server > vFlash: SD card not detected.
Viewing vFlash SD card properties using RACADM To ● ● ● ● ● view the vFlash SD card properties using RACADM, use the get command with the following objects: iDRAC.vflashsd.AvailableSize iDRAC.vflashsd.Health iDRAC.vflashsd.Licensed iDRAC.vflashsd.Size iDRAC.vflashsd.WriteProtect For more information about these objects, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
3. Click Back, click Finish, and then click Yes. The vFlash functionality is enabled or disabled based on the selection. Initializing vFlash SD card The initialize operation reformats the SD card and configures the initial vFlash system information on the card. NOTE: If the SD card is write-protected, then the Initialize option is disabled. Initializing vFlash SD card using web interface To initialize the vFlash SD card: 1. In the iDRAC Web interface, go to Overview > Server > vFlash.
Managing vFlash partitions You can perform the following using the iDRAC Web interface or RACADM: NOTE: An administrator can perform all operations on the vFlash partitions. Else, you must have Access Virtual Media privilege to create, delete, format, attach, detach, or copy the contents for the partition.
2. Enter the command: racadm vflashpartition create -i 1 -o drive1 -t empty -e HDD -f fat16 -s [n] where [n] is the partition size. By default, an empty partition is created as read-write. Creating a partition using an image file You can create a new partition on the vFlash SD card using an image file (available in the .img or .iso format.) The partitions are of emulation types: Floppy (.img), Hard Disk (.img), or CD (.iso). The created partition size is equal to the image file size.
NOTE: Creating vFlash partition from an image file located on the CFS or NFS IPv6 enabled network share is not supported. Formatting a partition You can format an existing partition on the vFlash SD card based on the type of file system. The supported file system types are EXT2, EXT3, FAT16, and FAT32. You can only format partitions of type Hard Disk or Floppy, and not CD. You cannot format read-only partitions.
Modifying a partition You can change a read-only partition to read-write or vice-versa. Before modifying the partition, make sure that: ● The vFlash functionality is enabled. ● You have Access Virtual Media privileges. NOTE: By default, a read-only partition is created. Modifying a partition using web interface To modify a partition: 1. In the iDRAC Web interface, go to Overview > Server > vFlash > Manage. The Manage Partitions page is displayed. 2.
Attaching or detaching partitions using web interface To attach or detach partitions: 1. In the iDRAC Web interface, go to Overview > Server > vFlash > Manage. The Manage Partitions page is displayed. 2. In the Attached column: ● Select the checkbox for the partition(s) and click Apply to attach the partition(s). ● Clear the checkbox for the partition(s) and click Apply to detach the partition(s). The partitions are attached or detached, based on the selections.
Deleting existing partitions using RACADM To delete partitions: 1. Open a telnet, SSH, or Serial console to the system and log in. 2. Enter the following commands: ● To delete a partition: racadm vflashpartition delete -i 1 ● To delete all partitions, re-initialize the vFlash SD card. Downloading partition contents You can download the contents of a vFlash partition in the .img or .iso format to the: ● Managed system (where iDRAC is operated from) ● Network location mapped to a management station.
NOTE: When you run this command, the vFlash partition label is automatically set to boot once (iDRAC.ServerBoot.BootOnce is set to 1.) Boot once boots the device to the partition only once and does not keep it persistently first in the boot order.
18 Using SMCLP The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation.
Table 45.
Table 45.
Table 45.
Using the -level option The show -level option executes show over additional levels beneath the specified target. To see all targets and properties in the address space, use the -l all option. Using the -output option The -output option specifies one of four formats for the output of SM-CLP verbs: text, clpcsv, keyword, and clpxml. The default format is text, and is the most readable output. The clpcsv format is a comma-separated values format suitable for loading into a spreadsheet program.
Targets: Record1 Record2 Record3 Record4 Record5 Properties: InstanceID = IPMI:BMC1 SEL Log MaxNumberOfRecords = 512 CurrentNumberOfRecords = 5 Name = IPMI SEL EnabledState = 2 OperationalState = 2 HealthState = 2 Caption = IPMI SEL Description = IPMI SEL ElementName = IPMI SEL Commands: cd show help exit version ● To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord Log
The following output is displayed: All records deleted successfully Map target navigation The following examples show how to use the cd verb to navigate the MAP. In all examples, the initial default target is assumed to be /. Type the following commands at the SMCLP command prompt: ● To navigate to the system target and reboot: cd system1 reset The current default target is /. ● To navigate to the SEL target and display the log records: cd system1 cd logs1/log1 show ● To display current target: type cd .
19 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, RACADM, and WSMAN. You can configure the features monitored by the iDRAC Service Module to control the CPU and memory consumed on the server’s operating system.
● ● ● ● ● View operating system (OS) information Replicate Lifecycle Controller logs to operating system logs Perform automatic system recovery options Populate Windows Management Instrumentation (WMI) Management Providers Integrate with SupportAssist Collection. This is applicable only if iDRAC Service Module version 2.0 or later is installed. For more information, see Generating SupportAssist Collection. ● Prepare to Remove NVMe PCIe SSD.
You can perform automatic system recovery operations such as reboot, power cycle, or power off the server after a specified time interval. This feature is enabled only if the operating system watchdog timer is disabled. If OpenManage Server Administrator is installed, this monitoring feature is disabled to avoid duplicate watchdog timers.
Table 46. Examples CIM Interface WinRM WMIC PowerShell RAC.Embedded.1#User s.1+SystemCreationC lassName=DCIM_SPCom puterSystem+SystemN ame=systemmc} puterSystem',System Name='systemmc'}" namespace root/ cimv2/dcim Remote iDRAC Hard Reset By using iDRAC, you can monitor the supported servers for critical system hardware, firmware, or software issues. Sometimes, iDRAC may become unresponsive due to various reasons. During such scenarios, you must turn off the server and reset iDRAC.
iSM provides an executable command on all iSM supported Linux operating system. You can run this command by logging into the operating system by using SSH or equivalent. Invoke-iDRACHardReset Invoke-iDRACHardReset –f ● ESXi On all iSM supported ESXi operating systems, the iSM v2.3 supports a Common Management Programming Interface (CMPI) method provider to perform the iDRAC reset remotely by using the WinRM remote commands. winrm i iDRACHardReset http://schemas.dell.
○ Using the remote WMI interface: winrm i EnableInBandSNMPTraps wmi/root/cimv2/dcim/DCIM_iSMService? InstanceID="iSMExportedFunctions" @{state="[0/1]"} -u: -p: -r:http:///wsman a:Basic -encoding:utf-8 -skipCACheck –skipCNCheck - ● Linux operating system On all iSM supported Linux operating system, iSM provides an executable command. You can run this command by logging into the operating system by using SSH or equivalent. Beginning with iSM 2.4.
● Configure using iSM PowerShell script Installation by using MSI You can install this feature by using the web-pack. This feature is disabled on a typical iSM installation. If enabled, the default listening port number is 1266. You can modify this port number within the range 1024 through 65535. iSM redirects the connection to the iDRAC. iSM then creates an inbound firewall rule, OS2iDRAC.
Enable is required and is optional. IP range in format. Example: 10.95.146.98/24 Coexistence of OpenManage Server Administrator and iDRAC Service Module In a system, both OpenManage Server Administrator and the iDRAC Service Module can co-exist and continue to function correctly and independently.
You can view the replicated Lifecycle logs using the WMI or Windows PowerShell query: GetCimInstance –Namespace root/cimv2 – className win32_NTLogEvent By default, the logs are available at Event viewer > Applications and Services Logs > System.
20 Using USB port for server management In Dell PowerEdge 12 th generation servers, all USB ports are dedicated to the server. With the 13 th generation of servers, one of the front panel USB port is used by iDRAC for management purposes such as pre-provisioning and troubleshooting. The port has an icon to indicate that it is a management port. All 13 th generation servers with LCD panel support this feature. This port is not available in a few of the 200-500 model variations without the LCD panel.
4. Wait for the laptop and iDRAC to acquire IP address 169.254.0.4 and 169.254.0.3. It may take several seconds for the IP addresses to be acquired. 5. Start using iDRAC network interfaces such as the web interface, RACADM, or WSMan. 6. When iDRAC is using the USB port, the LED blinks indicating activity. The blink frequency is four per second. 7. After completing the desired actions, disconnect the USB cable from the system. The LED turns off.
● Actions: None. An ● ● ● error message is displayed and logged to Lifecycle Controller log when: You try to configure the USB management port without the Server Control user privilege. A USB device is in use by iDRAC and you attempt to modify the USB Management Port Mode. A USB device is in use by iDRAC and you remove the device. Configuring USB management port using web interface To configure the USB port: 1. In the iDRAC Web interface, go to Overview > Hardware > USB Management Port.
● Automatic — USB Port is used by iDRAC or the server’s operating system. ● Standard OS Use — USB port is used by the server OS. ● iDRAC Direct only — USB pot is used by iDRAC. 3. From the iDRAC Direct: USB Configuration XML drop-down menu, select options to configure a server by importing server configuration profile stored on a USB drive: ● Disabled ● Enabled while server has default credential settings only ● Enabled For information about the fields, see the iDRAC Settings Utility Online Help. 4.
If iDRAC Managed: USB XML Configuration was set to Enabled with default credentials and the BIOS setup password is not null or if one of the iDRAC user accounts have been modified, an error message is displayed and the operation stops. 5. LCD panel and LED (if present) display the status that an import job has started. 6.
21 Using iDRAC Quick Sync A few Dell 13 th generation PowerEdge servers have the Quick Sync bezel that supports the Quick Sync feature. This feature enables at-the-server management with a mobile device. This allows you to view inventory and monitoring information and configure basic iDRAC settings (such as root credential setup and configuration of the first boot device) using the mobile device. You can configure iDRAC Quick Sync access for your mobile device (example, OpenManage Mobile) in iDRAC.
You must have Server Control privilege to configure the settings. A server reboot is not required for the settings to take effect. An entry is logged to the Lifecycle Controller log when the configuration is modified. Configuring iDRAC Quick Sync settings using web interface To configure iDRAC Quick Sync: 1. In the iDRAC web interface, go to Overview > Hardware > Front Panel. 2.
22 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: ● Remote File Share ● Virtual Media Console Related tasks Deploying operating system using remote file share on page 278 Deploying operating system using virtual media on page 280 Topics: • • • Deploying operating system using remote file share Deploying operating system using virtual media Deploying embedded operating system on SD card Deploying operating system using remote file sha
NOTE: If ESXi is running on the managed system and if you mount a floppy image (.img) using RFS, the connected floppy image is not available to the ESXi operating system. RFS and Virtual Media features are mutually exclusive. ● If the Virtual Media client is not active, and you attempt to establish an RFS connection, the connection is established and the remote image is available to the host operating system.
For SLES, the CD device is /dev/sr0 and the floppy device is /dev/sdc. To make sure that the correct device is used (for either SLES or RHEL), when you connect the virtual device, on the Linux OS you must immediately run the command: tail /var/log/messages | grep SCSI This displays the text that identifies the device (example, SCSI device sdc). This procedure also applies to Virtual Media when you are using Linux distributions in runlevel init 3. By default, the virtual media is not auto-mounted in init 3.
Installing operating system from multiple disks 1. Unmap the existing CD/DVD. 2. Insert the next CD/DVD into the remote optical drive. 3. Remap the CD/DVD drive. Deploying embedded operating system on SD card To install an embedded hypervisor on an SD card: 1. Insert the two SD cards in the Internal Dual SD Module (IDSDM) slots on the system. 2. Enable SD module and redundancy (if required) in BIOS. 3. Verify if the SD card is available on one of the drives when you during boot. 4.
23 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: ● Diagnostic console ● Post code ● Boot and crash capture videos ● Last system crash screen ● System event logs ● Lifecycle logs ● Front panel status ● Trouble indicators ● System health Related tasks Using diagnostic console on page 282 Scheduling remote automated diagnostics on page 283 Viewing post codes on page 284 Viewing boot and crash capture videos on page 284 Viewing logs on page 284 Viewi
2. In the Command text box, enter a command and click Submit. For information about the commands, see the iDRAC Online Help. The results are displayed on the same page. Scheduling remote automated diagnostics You can remotely invoke automated offline diagnostics on a server as a one-time event and return the results. If the diagnostics require a reboot, you can reboot immediately or stage it for a subsequent reboot or maintenance cycle (similar to updates).
Viewing post codes Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from power-on-reset, and allows you to diagnose any faults related to system boot-up. The Post Codes page displays the last system post code prior to booting the operating system. To view the Post Codes, go to Overview > Server > Troubleshooting > Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code.
2. In iDRAC Web interface, go to Overview > Server > Troubleshooting > Last Crash Screen. The Last Crash Screen page displays the last saved crash screen from the managed system. Click Clear to delete the last crash screen.
Hardware trouble indicators The hardware related problems are: ● Failure to power up ● Noisy fans ● Loss of network connectivity ● Hard drive failure ● USB media failure ● Physical damage Based on the problem, use the following methods to correct the problem: ● Reseat the module or component and restart the system ● In case of a blade server, insert the module into a different bay in the chassis ● Replace hard drives or USB flash drives ● Reconnect or replace the power and network cables If problem persists
You can generate a health report of the server and then export the report to a location on the management station (local) or to a shared network location such as Common Internet File System (CIFS) or Network File Share (NFS). You can then share this report directly with the Tech Support. To export to a network share such as CIFS or NFS, direct network connectivity to the iDRAC shared or dedicated network port is required. The report is generated in the standard ZIP format.
NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters. ● Click Advanced Export Options to select the following additional options: ○ RAID Controller Log ○ Enable Report Filtering under OS and Application Data Based on the options selected, the time taken to collect the data is displayed next to these options. 3. Select the I agree to allow SupportAssist to use this data option and click Export. 4.
Generating SupportAssist Collection manually using iDRAC web interface To generate the SupportAssist collection manually: 1. In the iDRAC Web interface, go to Overview > Server > Troubleshooting > SupportAssist. The SupportAssist page is displayed. 2. Select options for which you want to collect the data: ● Hardware to export the report to a location on the local system ● OS and Application Data to export the report to a network share and specify the network settings.
Resetting iDRAC using iDRAC web interface To restart iDRAC, do one of the following in the iDRAC Web interface: ● Go to Overview > Server > Summary. Under Quick Launch Tasks, click Reset iDRAC. ● Go to Overview > Server > Troubleshooting > Diagnostics. Click Reset iDRAC. Resetting iDRAC using RACADM To restart iDRAC, use the racreset command. For more information, see the RACADM Reference Guide for iDRAC and CMC available at dell.com/support/manuals.
Resetting iDRAC to factory default settings using iDRAC web interface To reset iDRAC to factory default settings using the iDRAC Web interface: 1. Go to Overview > Server > Troubleshooting > Diagnostics. The Diagnostics Console page is displayed. 2. Click Reset iDRAC to Default Settings. The completion status is displayed in percentage. iDRAC reboots and is restored to factory defaults. The iDRAC IP is reset and is not accessible. You can configure the IP using the front panel or BIOS.
24 Frequently asked questions This section lists the frequently asked questions for the following: ● System Event Log ● Network security ● Active Directory ● Single Sign On ● Smart card login ● Virtual console ● Virtual media ● vFlash SD card ● SNMP authentication ● Storage devices ● iDRAC Service Module ● RACADM ● Miscellaneous Topics: • • • • • • • • • • • • • System Event Log Network security Active Directory Single Sign-On Smart card login Virtual console Virtual media vFlash SD card SNMP authenticati
Network security While accessing the iDRAC Web interface, a security warning appears stating that the SSL certificate issued by the Certificate Authority (CA) is not trusted. iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. This certificate is not issued by a trusted CA. To resolve this, upload a iDRAC server certificate issued by a trusted CA (for example, Microsoft Certificate Authority, Thawte or Verisign).
● iDRAC date is not within the validity period of the server certificate or CA certificate. Check the iDRAC time and the validity period of your certificate. ● The domain controller addresses configured in iDRAC does not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP address, read the next question. If you are using FQDN, make sure you are using the FQDN of the domain controller and not the domain. For example, servername.example.
Always make sure that the group type is Security. You cannot use distribution groups to assign permission on any object, however use them to filter group policy settings. Single Sign-On SSO login fails on Windows Server 2008 R2 x64. What are the settings required to resolve this? 1. Run the technet.microsoft.com/en-us/library/dd560670(WS.10).aspx for the domain controller and domain policy. 2. Configure the computers to use the DES-CBC-MD5 cipher suite.
In general, check if the smart card CSPs are present on a particular client, insert the smart card in the reader at the Windows logon (Ctrl-Alt-Del) screen and check if Windows detects the smart card and displays the PIN dialog-box. Incorrect Smart Card PIN. Check if the smart card is locked due to too many attempts with an incorrect PIN. In such cases, contact the smart card issuer in the organization to get a new smart card.
Make sure that the Single Cursor option under Tools in the iDRAC Virtual Console menu is selected on iDRAC Virtual Console client. The default is two cursor mode. Can a keyboard or mouse be used while installing a Microsoft operating system remotely through the Virtual Console? No. When you remotely install a supported Microsoft operating system on a system with Virtual Console enabled in the BIOS, an EMS Connection Message is sent that requires that you select OK remotely.
After launching the Virtual Console, the mouse cursor is active on the Virtual Console, but not on the local system. Why does this occur and how to resolve this? This occurs if the Mouse Mode is set to USC/Diags. Press Alt + M hot key to use the mouse on the local system. Press Alt + M again to use the mouse on the Virtual Console.
How to configure the virtual device as a bootable device? On the managed system, access BIOS Setup and go to the boot menu. Locate the virtual CD, virtual floppy, or vFlash and change the device boot order as required. Also, press the "spacebar" key in the boot sequence in the CMOS setup to make the virtual device bootable. For example, to boot from a CD drive, configure the CD drive as the first device in the boot order.
Firmware updates cause the iDRAC to reset, drop the remote connection, and unmount the virtual drives. The drives reappear when iDRAC reset is complete. Why are all the USB devices detached after connecting a USB device? Virtual media devices and vFlash devices are connected as a composite USB device to the Host USB BUS, and they share a common USB port.
Storage devices Information for all the storage devices connected to the system are not displayed and OpenManage Storage Management displays more storage devices that iDRAC. Why? iDRAC displays information for only the Comprehensive Embedded Management (CEM) supported devices. iDRAC Service Module Before installing or running the iDRAC Service Module, should the OpenManage Server Administrator be uninstalled? No you do not have to uninstall Server Administrator.
In the example enp0s20u12u3 is the USB NIC interface. The link-local destination mask is repeated and the USB NIC is not the first one in the order. This results in the connectivity issue between iDRAC Service Module and iDRAC over the OS to iDRAC Pass-through. To troubleshoot the connectivity issue, make sure that the iDRAC USBNIC IPv4 address (by default it is 169.254.0.1) is reachable from the host operating system. If not: ● Change the iDRAC USBNIC address on a unique destination mask.
When using RACADM commands and subcommands, some errors are not clear. You may see one or more of the following errors when using the RACADM commands: ● Local RACADM error messages — Problems such as syntax, typographical errors, and incorrect names. ● Remote RACADM error messages — Problems such as incorrect IP Address, incorrect user name, or incorrect password. During a ping test to iDRAC, if the network mode is switched between Dedicated and Shared modes, there is no ping response.
Subnet Mask Gateway = 255.255.255.0 = 192.168.0.1 ● Using LCD: On the main menu, highlight the server, press the check button, select the required server, and press the check button. How to find the CMC IP address related to the blade server? ● From iDRAC web interface: Go to Overview > iDRAC Settings > CMC. The CMC Summary page displays the CMC IP address. ● From the Virtual Console: Select the "Dell CMC" console in the OSCAR to log in to CMC through a local serial connection.
● In shared mode, ensure that the LAN cable is connected to the NIC port where the wrench symbol is present. ● In Dedicated mode, ensure that the LAN cable is connected to the iDRAC LAN port. ● Ensure that NIC settings, IPv4 and IPv6 settings and either Static or DHCP is enabled for your network. Inserted the blade server into the chassis and pressed the power switch, but it did not power on. ● iDRAC requires up to two minutes to initialize before the server can power on. ● Check CMC power budget.
25 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
Generating SupportAssist Collection on page 286 Inventorying and monitoring storage devices on page 196 Using iDRAC Service Module on page 262 Obtaining system information and assess system health To obtain system information and assess system health: ● In iDRAC Web interface, go to Overview > Server > System Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan.
● Dell Remote Access Configuration Tool (DRACT) Performing graceful shutdown To perform graceful shutdown, in iDRAC Web interface, go to one of the following locations: ● Overview > Server > Power/Thermal > Power Configuration > Power Control. The Power Control page is displayed. Select Graceful Shutdown and click Apply. ● Overview > Server > Power/Thermal > Power Monitoring. From the Power Control drop-down menu, select Graceful Shutdown and click Apply.
2. Based on the data, power infrastructure and cooling system limitations, enable the power cap policy and set the power cap values. NOTE: It is recommended that you set a cap close to the peak, and then use that capped level to determine how much capacity is remaining in the rack for adding more servers. Installing new electronic license See License operations for more information.
