Users Guide
Table Of Contents
- iDRAC 8/7 v2.50.50.50 User’s Guide
- Overview
- Benefits of using iDRAC with Lifecycle Controller
- Key features
- New in this release
- How to use this user guide
- Supported web browsers
- Supported OS, Hypervisors
- Managing licenses
- Licensed features in iDRAC7 and iDRAC8
- Interfaces and protocols to access iDRAC
- iDRAC port information
- Other documents you may need
- Social media reference
- Contacting Dell
- Accessing support content from the Dell EMC support site
- Logging in to iDRAC
- Logging in to iDRAC as local user, Active Directory user, or LDAP user
- Logging in to iDRAC using a smart card
- Logging in to iDRAC using Single Sign-On
- Accessing iDRAC using remote RACADM
- Accessing iDRAC using local RACADM
- Accessing iDRAC using firmware RACADM
- Accessing iDRAC using SMCLP
- Logging in to iDRAC using public key authentication
- Multiple iDRAC sessions
- Changing default login password
- Enabling or disabling default password warning message
- IP Blocking
- Invalid password credentials
- Setting up managed system and management station
- Setting up iDRAC IP address
- Setting up management station
- Setting up managed system
- Configuring supported web browsers
- Configuring Internet Explorer
- Configuring Mozilla Firefox
- Configuring web browsers to use virtual console
- Viewing localized versions of web interface
- Updating device firmware
- Updating firmware using iDRAC web interface
- Updating device firmware using RACADM
- Scheduling automatic firmware updates
- Updating firmware using CMC web interface
- Updating firmware using DUP
- Updating firmware using remote RACADM
- Updating firmware using Lifecycle Controller Remote Services
- Updating CMC firmware from iDRAC
- Viewing and managing staged updates
- Rolling back device firmware
- Backing up server profile
- Importing server profile
- Monitoring iDRAC using other Systems Management tools
- Configuring iDRAC
- Viewing iDRAC information
- Modifying network settings
- FIPS mode
- Configuring services
- Using VNC client to manage remote server
- Configuring front panel display
- Configuring time zone and NTP
- Setting first boot device
- Enabling or disabling OS to iDRAC Pass-through
- Obtaining certificates
- Configuring multiple iDRACs using RACADM
- Disabling access to modify iDRAC configuration settings on host system
- Viewing iDRAC and managed system information
- Viewing managed system health and properties
- Viewing system inventory
- Viewing sensor information
- Monitoring performance index of CPU, memory, and IO modules
- Checking the system for fresh air compliance
- Viewing historical temperature data
- Viewing network interfaces available on host OS
- Viewing FlexAddress mezzanine card fabric connections
- Viewing or terminating iDRAC sessions
- Setting up iDRAC communication
- Communicating with iDRAC through serial connection using DB9 cable
- Configuring BIOS for serial connection
- Enabling RAC serial connection
- Enabling IPMI serial connection basic and terminal modes
- Switching between RAC serial and serial console while using DB9 cable
- Communicating with iDRAC using IPMI SOL
- Communicating with iDRAC using IPMI over LAN
- Enabling or disabling remote RACADM
- Disabling local RACADM
- Enabling IPMI on managed system
- Configuring Linux for serial console during boot
- Supported SSH cryptography schemes
- Communicating with iDRAC through serial connection using DB9 cable
- Configuring user accounts and privileges
- Recommended characters in user names and passwords
- Configuring local users
- Configuring Active Directory users
- Prerequisites for using Active Directory authentication for iDRAC
- Supported Active Directory authentication mechanisms
- Standard schema Active Directory overview
- Configuring Standard schema Active Directory
- Extended schema Active Directory overview
- Configuring Extended schema Active Directory
- Extending Active Directory schema
- Installing Dell extension to the Active Directory users and computers snap-in
- Adding iDRAC users and privileges to Active Directory
- Configuring Active Directory with Extended schema using iDRAC web interface
- Configuring Active Directory with Extended schema using RACADM
- Testing Active Directory settings
- Configuring generic LDAP users
- Configuring iDRAC for Single Sign-On or smart card login
- Prerequisites for Active Directory Single Sign-On or smart card login
- Configuring iDRAC SSO login for Active Directory users
- Configuring iDRAC smart card login for local users
- Configuring iDRAC smart card login for Active Directory users
- Enabling or disabling smart card login
- Configuring iDRAC to send alerts
- Enabling or disabling alerts
- Filtering alerts
- Setting event alerts
- Setting alert recurrence event
- Setting event actions
- Configuring email alert, SNMP trap, or IPMI trap settings
- Configuring WS Eventing
- Configuring Redfish Eventing
- Monitoring chassis events
- Alerts message IDs
- Managing logs
- Monitoring and managing power
- Inventorying, monitoring, and configuring network devices
- Inventorying and monitoring network devices
- Inventorying and monitoring FC HBA devices
- Dynamic configuration of virtual addresses, initiator, and storage target settings
- Supported cards for IO Identity Optimization
- Supported NIC firmware versions for IO Identity Optimization
- Virtual or Flex Address and Persistence Policy behavior when iDRAC is set to Flex Address mode or Console mode
- System behavior for FlexAddress and IO Identity
- Enabling or disabling IO Identity Optimization
- Configuring persistence policy settings
- Managing storage devices
- Understanding RAID concepts
- Supported controllers
- Supported enclosures
- Summary of supported features for storage devices
- Inventorying and monitoring storage devices
- Viewing storage device topology
- Managing physical disks
- Managing virtual disks
- Managing controllers
- Configuring controller properties
- Importing or auto importing foreign configuration
- Clearing foreign configuration
- Resetting controller configuration
- Switching the controller mode
- 12 Gbps SAS HBA adapter operations
- Monitoring predictive failure analysis on drives
- Controller operations in non-RAID - HBA mode
- Running RAID configuration jobs on multiple storage controllers
- Managing PCIe SSDs
- Managing enclosures or backplanes
- Choosing operation mode to apply settings
- Viewing and applying pending operations
- Storage devices — apply operation scenarios
- Blinking or unblinking component LEDs
- Configuring and using virtual console
- Supported screen resolutions and refresh rates
- Configuring virtual console
- Previewing virtual console
- Launching virtual console
- Using virtual console viewer
- HTML5 based virtual console
- Synchronizing mouse pointers
- Passing all keystrokes through virtual console for Java or ActiveX plug-in
- Managing virtual media
- Installing and using VMCLI utility
- Managing vFlash SD card
- Configuring vFlash SD card
- Managing vFlash partitions
- Using SMCLP
- Using iDRAC Service Module
- Using USB port for server management
- Using iDRAC Quick Sync
- Deploying operating systems
- Troubleshooting managed system using iDRAC
- Using diagnostic console
- Viewing post codes
- Viewing boot and crash capture videos
- Viewing logs
- Viewing last system crash screen
- Viewing front panel status
- Hardware trouble indicators
- Viewing system health
- Generating SupportAssist Collection
- Checking server status screen for error messages
- Restarting iDRAC
- Erasing system and user data
- Resetting iDRAC to factory default settings
- Frequently asked questions
- Use case scenarios
- Troubleshooting an inaccessible managed system
- Obtaining system information and assess system health
- Setting up alerts and configuring email alerts
- Viewing and exporting Lifecycle log and System Event Log
- Interfaces to update iDRAC firmware
- Performing graceful shutdown
- Creating new administrator user account
- Launching server remote console and mounting a USB drive
- Installing bare metal OS using attached virtual media and remote file share
- Managing rack density
- Installing new electronic license
- Applying IO Identity configuration settings for multiple network cards in single host system reboot
For more information on the Auto Config feature, see the Zero-Touch Bare Metal Server Provisioning using Dell iDRAC with
Lifecycle Controller Auto Config white paper available at the delltechcenter.com/idrac.
Using hash passwords for improved security
You can set user passwords and BIOS passwords using a one-way hash format. The user authentication mechanism is not
affected (except for SNMPv3 and IPMI) and you can provide the password in plain text format.
With the new password hash feature:
● You can generate your own SHA256 hashes to set iDRAC user passwords and BIOS passwords. This allows you to have the
SHA256 values in the server configuration profile, RACADM, and WSMAN. When you provide the SHA256 password values,
you cannot authenticate through SNMPv3 and IPMI.
● You can set up a template server including all the iDRAC user accounts and BIOS passwords using the current plain text
mechanism. After the server is set up, you can export the server configuration profile with the password hash values.
The export includes the hash values required for SNMPv3 authentication. Importing this profile results in losing the IPMI
authentication for users who have the hashed password values set and the F2 IDRAC interface shows that the user account
is disabled.
● The other interfaces such as IDRAC GUI will show the user accounts enabled.
NOTE: When downgrading a Dell 12th generation PowerEdge server from version 2.xx.xx.xx to 1.xx.xx, if the server is set
with hash authentication, then you will not be able to log in to any interface unless the password is set to default.
You can generate the hash password with and without Salt using SHA256.
You must have Server Control privileges to include and export hash passwords.
If access to all accounts is lost, use iDRAC Settings Utility or local RACADM and perform reset iDRAC to default task.
If the password of the iDRAC user account is set with the SHA256 password hash only and not the other hashes (SHA1v3Key or
MD5v3Key), then authentication through SNMP v3 is not available.
Hash password using RACADM
To set hash passwords, use the following objects with the set command:
● iDRAC.Users.SHA256Password
● iDRAC.Users.SHA256PasswordSalt
Use the following command to include the hash password in the exported server configuration profile:
racadm get -f <file name> -l <NFS / CIFS share> -u <username> -p <password> -t
<filetype> --includePH
You must set the Salt attribute when the associated hash is set.
NOTE: The attributes are not applicable to the INI configuration file.
Hash password in server configuration profile
The new hash passwords can be optionally exported in the server configuration profile.
When importing server configuration profile, you can uncomment the existing password attribute or the new password hash
attribute(s). If both are uncommented an error is generated and the password is not set. A commented attribute is not applied
during an import.
Generating hash password without SNMPv3 and IPMI authentication
To generate hash password without SNMPv3 and IPMI authentication:
1. For iDRAC user accounts, you must salt the password using SHA256.
When you salt the password, a 16 byte binary string is appended. The Salt is required to be 16 bytes long, if provided.
2. Provide hash value and salt in the imported server configuration profile, RACADM commands, or WSMAN.
Setting up managed system and management station
49