Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC8 with Lifecycle Controller Version 2.05.05.05

271

272

273

274

275

276

277

278

279

280

Table Of Contents

Integrated Dell Remote Access Controller 8 (iDRAC8) Version 2.05.05.05 User's Guide
Contents
Overview
- Benefits of Using iDRAC With Lifecycle Controller
- Key Features
- New In This Release
- How To Use This User's Guide
- Supported Web Browsers
- Managing Licenses
- Licensable Features In iDRAC8
- Interfaces and Protocols to Access iDRAC
- iDRAC Port Information
- Other Documents You May Need
- Social Media Reference
- Contacting Dell
- Accessing support content from the Dell EMC support site
Logging into iDRAC
- Logging into iDRAC as Local User, Active Directory User, or LDAP User
- Logging into iDRAC Using Smart Card
  - Logging Into iDRAC as a Local User Using Smart Card
  - Logging Into iDRAC as an Active Directory User Using Smart Card
- Logging into iDRAC Using Single Sign-on
  - Logging into iDRAC SSO Using iDRAC Web Interface
  - Logging into iDRAC SSO Using CMC Web Interface
- Accessing iDRAC Using Remote RACADM
  - Validating CA Certificate To Use Remote RACADM on Linux
- Accessing iDRAC Using Local RACADM
- Accessing iDRAC Using Firmware RACADM
- Accessing iDRAC Using SMCLP
- Logging in to iDRAC Using Public Key Authentication
- Multiple iDRAC Sessions
- Changing Default Login Password
- Enabling or Disabling Default Password Warning Message
  - Enabling or Disabling Default Password Warning Message Using Web Interface
  - Enabling or Disabling Warning Message to Change Default Login Password Using RACADM
Setting Up Managed System and Management Station
- Setting Up iDRAC IP Address
- Setting Up Management Station
  - Accessing iDRAC Remotely
- Setting Up Managed System
- Configuring Supported Web Browsers
- Updating Device Firmware
- Viewing and Managing Staged Updates
  - Viewing and Managing Staged Updates Using iDRAC Web interface
  - Viewing and Managing Staged Updates Using RACADM
- Rolling Back Device Firmware
- Backing Up Server Profile
- Importing Server Profile
- Monitoring iDRAC Using Other Systems Management Tools
Configuring iDRAC
- Viewing iDRAC Information
  - Viewing iDRAC Information Using Web Interface
  - Viewing iDRAC Information Using RACADM
- Modifying Network Settings
- Configuring Services
- Using VNC Client to Manage Remote Server
- Configuring Front Panel Display
  - Configuring LCD Setting
  - Configuring System ID LED Setting
    - Configuring System ID LED Setting Using Web Interface
    - Configuring System ID LED Setting Using RACADM
- Configuring Time Zone and NTP
  - Configuring Time Zone and NTP Using iDRAC Web Interface
  - Configuring Time Zone and NTP Using RACADM
- Setting First Boot Device
- Enabling or Disabling OS to iDRAC Pass-through
- Obtaining Certificates
- Configuring Multiple iDRACs Using RACADM
- Disabling Access to Modify iDRAC Configuration Settings on Host System
Viewing iDRAC and Managed System Information
- Viewing Managed System Health and Properties
- Viewing System Inventory
- Viewing Sensor Information
- Monitoring Performance Index of CPU, Memory, and I/O Modules
  - Monitoring Performance Index for of CPU, Memory, and I/O Modules Using Web Interface
  - Monitoring Performance Index for of CPU, Memory, and I/O Modules Using RACADM
- Checking the System for Fresh Air Compliance
- Viewing Historical Temperature Data
- Viewing Network Interfaces Available On Host OS
  - Viewing Network Interfaces Available on Host OS Using Web Interface
  - Viewing Network Interfaces Available on Host OS Using RACADM
- Viewing FlexAddress Mezzanine Card Fabric Connections
- Viewing or Terminating iDRAC Sessions
  - Terminating iDRAC Sessions Using Web Interface
  - Terminating iDRAC Sessions Using RACADM
Setting Up iDRAC Communication
- Communicating With iDRAC Through Serial Connection Using DB9 Cable
- Switching Between RAC Serial and Serial Console While Using DB9 Cable
  - Switching From Serial Console to RAC Serial
  - Switching From RAC Serial to Serial Console
- Communicating With iDRAC Using IPMI SOL
- Communicating With iDRAC Using IPMI Over LAN
- Enabling or Disabling Remote RACADM
  - Enabling or Disabling Remote RACADM Using Web Interface
  - Enabling or Disabling Remote RACADM Using RACADM
- Disabling Local RACADM
- Enabling IPMI on Managed System
- Configuring Linux for Serial Console During Boot
  - Enabling Login to the Virtual Console After Boot
- Supported SSH Cryptography Schemes
  - Using Public Key Authentication For SSH
Configuring User Accounts and Privileges
- Configuring Local Users
  - Configuring Local Users Using iDRAC Web Interface
  - Configuring Local Users Using RACADM
    - Adding iDRAC User Using RACADM
    - Enabling iDRAC User With Permissions
- Configuring Active Directory Users
- Configuring Generic LDAP Users
Configuring iDRAC for Single Sign-On or Smart Card Login
- Prerequisites for Active Directory Single Sign-On or Smart Card Login
- Configuring iDRAC SSO Login for Active Directory Users
  - Configuring iDRAC SSO Login for Active Directory Users Using Web Interface
  - Configuring iDRAC SSO Login for Active Directory Users Using RACADM
- Configuring iDRAC Smart Card Login for Local Users
  - Uploading Smart Card User Certificate
    - Uploading Smart Card User Certificate Using Web Interface
    - Uploading Smart Card User Certificate Using RACADM
  - Uploading Trusted CA Certificate For Smart Card
    - Uploading Trusted CA Certificate For Smart Card Using Web Interface
    - Uploading Trusted CA Certificate For Smart Card Using RACADM
- Configuring iDRAC Smart Card Login for Active Directory Users
- Enabling or Disabling Smart Card Login
Configuring iDRAC to Send Alerts
- Enabling or Disabling Alerts
- Filtering Alerts
  - Filtering Alerts Using iDRAC Web Interface
  - Filtering Alerts Using RACADM
- Setting Event Alerts
  - Setting Event Alerts Using Web Interface
  - Setting Event Alerts Using RACADM
- Setting Alert Recurrence Event
  - Setting Alert Recurrence Events Using iDRAC Web Interface
  - Setting Alert Recurrence Events Using RACADM
- Setting Event Actions
  - Setting Event Actions Using Web Interface
  - Setting Event Actions Using RACADM
- Configuring Email Alert, SNMP Trap, or IPMI Trap Settings
  - Configuring IP Alert Destinations
  - Configuring Email Alert Settings
- Configuring WS Eventing
- Alerts Message IDs
Managing Logs
- Viewing System Event Log
- Viewing Lifecycle Log
  - Viewing Lifecycle Log Using Web Interface
    - Filtering Lifecycle Logs
    - Adding Comments to Lifecycle Logs
  - Viewing Lifecycle Log Using RACADM
- Exporting Lifecycle Controller Logs
  - Exporting Lifecycle Controller Logs Using Web Interface
  - Exporting Lifecycle Controller Logs Using RACADM
- Adding Work Notes
- Configuring Remote System Logging
  - Configuring Remote System Logging Using Web Interface
  - Configuring Remote System Logging Using RACADM
Monitoring and Managing Power
- Monitoring Power
  - Monitoring Power Using Web Interface
  - Monitoring Power Using RACADM
- Setting Warning Threshold for Power Consumption
  - Setting Warning Threshold for Power Consumption Using Web Interface
- Executing Power Control Operations
  - Executing Power Control Operations Using Web Interface
  - Executing Power Control Operations Using RACADM
- Power Capping
  - Power Capping in Blade Servers
  - Viewing and Configuring Power Cap Policy
- Configuring Power Supply Options
- Enabling or Disabling Power Button
Inventory, Monitoring, and Configuring Network Devices
- Inventory and Monitoring Network Devices
  - Monitoring Network Devices Using Web Interface
  - Monitoring Network Devices Using RACADM
- Inventory and Monitoring FC HBA Devices
  - Monitoring FC HBA Devices Using Web Interface
  - Monitoring FC HBA Devices Using RACADM
- Dynamic Configuration of Virtual Addresses, Initiator, and Storage Target Settings
Managing Storage Devices
- Understanding RAID Concepts
- Supported Controllers
- Supported Enclosures
- Summary of Supported Features for Storage Devices
- Inventory and Monitoring Storage Devices
- Viewing Storage Device Topology
- Managing Physical Disks
- Managing Virtual Disks
- Managing Controllers
- Managing PCIe SSDs
- Managing Enclosures or Backplanes
- Choosing Operation Mode to Apply Settings
  - Choosing Operation Mode Using Web Interface
  - Choosing Operation Mode Using RACADM
- Viewing and Applying Pending Operations
  - Viewing, Applying, or Deleting Pending Operations Using Web Interface
  - Viewing and Applying Pending Operations Using RACADM
- Storage Devices — Apply Operation Scenarios
- Blinking or Unblinking Component LEDs
  - Blinking or Unblinking Component LEDs Using Web Interface
  - Blinking or Unblinking Component LEDs Using RACADM
Configuring and Using Virtual Console
- Supported Screen Resolutions and Refresh Rates
- Configuring Web Browsers to Use Virtual Console
- Configuring Virtual Console
  - Configuring Virtual Console Using Web Interface
  - Configuring Virtual Console Using RACADM
- Previewing Virtual Console
- Launching Virtual Console
- Using Virtual Console Viewer
  - Synchronizing Mouse Pointers
  - Passing All Keystrokes Through Virtual Console
Managing Virtual Media
- Supported Drives and Devices
- Configuring Virtual Media
- Accessing Virtual Media
- Setting Boot Order Through BIOS
- Enabling Boot Once for Virtual Media
Installing and Using VMCLI Utility
- Installing VMCLI
- Running VMCLI Utility
- VMCLI Syntax
  - VMCLI Commands to Access Virtual Media
  - VMCLI Operating System Shell Options
Managing vFlash SD Card
- Configuring vFlash SD Card
- Managing vFlash Partitions
Using SMCLP
- System Management Capabilities Using SMCLP
- Running SMCLP Commands
- iDRAC SMCLP Syntax
- Navigating the MAP Address Space
- Using Show Verb
- Usage Examples
Using iDRAC Service Module
- Installing iDRAC Service Module
- Supported Operating Systems for iDRAC Service Module
- iDRAC Service Module Monitoring Features
- Using iDRAC Service Module From iDRAC Web Interface
- Using iDRAC Service Module From RACADM
Using USB Port for Server Management
- Accessing iDRAC Interface over Direct USB Connection
- Configuring iDRAC Using Server Configuration Profile on USB Device
  - Configuring USB Management Port Settings
  - Importing Server Configuration Profile From USB Device
Using iDRAC Quick Sync
- Configuring iDRAC Quick Sync
- Using Mobile Device to View iDRAC Information
Deploying Operating Systems
- Deploying Operating System Using VMCLI
- Deploying Operating System Using Remote File Share
- Deploying Operating System Using Virtual Media
  - Installing Operating System From Multiple Disks
- Deploying Embedded Operating System On SD Card
  - Enabling SD Module and Redundancy in BIOS
    - About IDSDM
Troubleshooting Managed System Using iDRAC
- Using Diagnostic Console
  - Scheduling Remote Automated Diagnostics
  - Scheduling Remote Automated Diagnostics Using RACADM
- Viewing Post Codes
- Viewing Boot and Crash Capture Videos
  - Configuring Video Capture Settings
- Viewing Logs
- Viewing Last System Crash Screen
- Viewing Front Panel Status
  - Viewing System Front Panel LCD Status
  - Viewing System Front Panel LED Status
- Hardware Trouble Indicators
- Viewing System Health
- Generating Technical Support Report
  - Generating Technical Support Report Automatically
    - Generating Tech Support Report Automatically Using iDRAC Web Interface
  - Generating Technical Support Report Manually
    - Generating Technical Support Report Manually Using iDRAC Web Interface
    - Generating Technical Support Report Manually Using RACADM
- Checking Server Status Screen for Error Messages
- Restarting iDRAC
  - Resetting iDRAC Using iDRAC Web Interface
  - Resetting iDRAC Using RACADM
- Erasing System and User Data
- Resetting iDRAC to Factory Default Settings
  - Resetting iDRAC to Factory Default Settings Using iDRAC Web Interface
  - Resetting iDRAC to Factory Default Settings Using iDRAC Settings Utility
Frequently Asked Questions
- System Event Log
- Network Security
- Active Directory
- Single Sign-On
- Smart Card Login
- Virtual Console
- Virtual Media
- vFlash SD Card
- SNMP Authentication
- Storage Devices
- iDRAC Service Module
- RACADM
- Miscellaneous
Use Case Scenarios
- Troubleshooting An Inaccessible Managed System
- Obtaining System Information and Assess System Health
- Setting Up Alerts and Configuring Email Alerts
- Viewing and Exporting Lifecycle Log and System Event Log
- Interfaces to Update iDRAC Firmware
- Performing Graceful Shutdown
- Creating New Administrator User Account
- Launching Server's Remote Console and Mounting a USB Drive
- Installing Bare Metal OS Using Attached Virtual Media and Remote File Share
- Managing Rack Density
- Installing New Electronic License
- Applying I/O Identity Configuration Settings for Multiple Network Cards in Single Host System Reboot

Certificate validation fails even if IP address is used as the domain controller address. How to resolve this?

Check the Subject or Subject Alternative Name field of your domain controller certificate. Normally, Active Directory uses the

host name and not the IP address of the domain controller in the Subject or Subject Alternative Name field of the domain

controller certificate. To resolve this, do any of the following:

● Configure the host name (FQDN) of the domain controller as the domain controller address(es) on iDRAC to match the

Subject or Subject Alternative Name of the server certificate.

● Reissue the server certificate to use an IP address in the Subject or Subject Alternative Name field, so that it matches the IP

address configured in iDRAC.

● Disable certificate validation if you choose to trust this domain controller without certificate validation during the SSL

handshake.

How to configure the domain controller address(es) when using extended schema in a multiple domain

environment?

This must be the host name (FQDN) or the IP address of the domain controller(s) that serves the domain in which the iDRAC

object resides.

When to configure Global Catalog Address(es)?

If you are using standard schema and the users and role groups are from different domains, Global Catalog Address(es) are

required. In this case, you can use only Universal Group.

If you are using standard schema and all the users and role groups are in the same domain, Global Catalog Address(es) are not

required.

If you are using extended schema, the Global Catalog Address is not used.

How does standard schema query work?

iDRAC connects to the configured domain controller address(es) first. If the user and role groups are in that domain, the

privileges are saved.

If Global Controller Address(es) is configured, iDRAC continues to query the Global Catalog. If additional privileges are retrieved

from the Global Catalog, these privileges are accumulated.

Does iDRAC always use LDAP over SSL?

Yes. All the transportation is over secure port 636 and/or 3269. During test setting, iDRAC does a LDAP CONNECT only to

isolate the problem, but it does not do an LDAP BIND on an insecure connection.

Why does iDRAC enable certificate validation by default?

iDRAC enforces strong security to ensure the identity of the domain controller that iDRAC connects to. Without certificate

validation, a hacker can spoof a domain controller and hijack the SSL connection. If you choose to trust all the domain

controllers in your security boundary without certificate validation, you can disable it through the Web interface or RACADM.

Does iDRAC support the NetBIOS name?

Not in this release.

Why does it take up to four minutes to log in to iDRAC using Active Directory Single Sign–On or Smart Card Login?

The Active Directory Single Sign–On or Smart Card log in normally takes less than 10 seconds, but it may take up to four

minutes to log in if you have specified the preferred DNS server and the alternate DNS server, and the preferred DNS server

has failed. DNS time-outs are expected when a DNS server is down. iDRAC logs you in using the alternate DNS server.

The Active Directory is configured for a domain present in Windows Server 2008 Active Directory. A child or sub

domain is present for the domain, the user and group is present in the same child domain, and the user is a member

of that group. When trying to log in to iDRAC using the user present in the child domain, Active Directory Single

Sign-On login fails.

This may be because of the an incorrect group type. There are two kinds of Group types in the Active Directory server:

● Security — Security groups allow you to manage user and computer access to shared resources and to filter group policy

settings.

● Distribution — Distribution groups are intended to be used only as email distribution lists.

Always make sure that the group type is Security. You cannot use distribution groups to assign permission on any object,

however use them to filter group policy settings.

Single Sign-On

SSO login fails on Windows Server 2008 R2 x64. What are the settings required to resolve this?

276

Frequently Asked Questions