Integrated Dell Remote Access Controller 9 (iDRAC9) Version 3.00.00.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Overview.................................................................................................................................... 15 Benefits of using iDRAC with Lifecycle Controller...........................................................................................................15 Key features..........................................................................................................................................................................
3 Setting up managed system.........................................................................................................41 Setting up iDRAC IP address.............................................................................................................................................. 41 Setting up iDRAC IP using iDRAC settings utility...................................................................................................... 42 Setting up iDRAC IP using the CMC web interface...
Restore operation sequence.........................................................................................................................................74 Monitoring iDRAC using other Systems Management tools......................................................................................... 75 Support Server Configuration Profile (SCP) — Import and Export ............................................................................75 Secure Boot Configuration from BIOS Settings (F2).........
Uploading custom signing certificate.......................................................................................................................... 93 Downloading custom SSL certificate signing certificate .........................................................................................94 Deleting custom SSL certificate signing certificate.................................................................................................. 94 Configuring multiple iDRACs using RACADM..........
Using public key authentication for SSH....................................................................................................................117 7 Configuring user accounts and privileges.................................................................................... 120 Recommended characters in user names and passwords........................................................................................... 120 Configuring local users.....................................................
Setting event alerts using RACADM......................................................................................................................... 148 Setting alert recurrence event......................................................................................................................................... 148 Setting alert recurrence events using RACADM.....................................................................................................
13 Monitoring and managing power............................................................................................... 167 Monitoring power...............................................................................................................................................................167 Monitoring performance index of CPU, memory, and input output modules using web interface................... 167 Monitoring performance index for of CPU, memory, and input output modules using RACADM..
Monitoring backplane using iDRAC settings utility.................................................................................................. 196 Viewing storage device topology..................................................................................................................................... 196 Managing physical disks....................................................................................................................................................
17 Configuring and using virtual console........................................................................................ 227 Supported screen resolutions and refresh rates........................................................................................................... 227 Configuring virtual console...............................................................................................................................................
Adding virtual media images.......................................................................................................................................254 Viewing virtual device details..................................................................................................................................... 254 Resetting USB.............................................................................................................................................................
Configuring remote file share using web interface................................................................................................. 276 Configuring remote file share using RACADM.........................................................................................................277 Deploying operating system using virtual media............................................................................................................277 Installing operating system from multiple disks.....
Single Sign-On................................................................................................................................................................... 293 Smart card login................................................................................................................................................................ 293 Virtual console......................................................................................................................................
1 Overview The Integrated Dell Remote Access Controller (iDRAC) is designed to make you more productive as a system administrator and improve the overall availability of Dell EMC servers. iDRAC alerts you to system issues, helps you to perform remote management, and reduces the need for physical access to the system. iDRAC with Lifecycle Controller technology is part of a larger data center solution that increases availability of business critical applications and workloads.
Key features The key features of iDRAC include: NOTE: Some of the features are available only with iDRAC Enterprise license. For information on the features available for a license, see iDRAC licenses . Inventory and Monitoring • • • • • • • • • • • View managed server health. Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents. View and export system inventory.
• • • Set the backplane mode (unified or split mode). Blink or unblink component LEDs. Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update • • • • • • • Manage iDRAC licenses. Update BIOS and device firmware for devices supported by Lifecycle Controller. Update or rollback iDRAC firmware and Lifecycle Controller firmware using a single firmware image. Manage staged updates.
• • • • Set user passwords and BIOS passwords using one-way hash format for improved security. FIPS 140-2 Level 1 capability. Support for TLS 1.2, 1.1, and 1.0. To enhance security, default setting is TLS 1.1 and higher. SMCLP and web interfaces that support 128 bit and 40-bit encryption (for countries where 128 bit is not acceptable), using the TLS 1.2 standard. NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher. • • Session time-out configuration (in seconds).
• • • • iDRAC web interface — Only the task-related information is provided here. For information about the fields and options, see the iDRAC Online Help that you can access from the web interface. RACADM — The RACADM command or the object that you must use is provided here. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. iDRAC Settings Utility — Only the task-related information is provided here.
Table 1. Default License iDRAC Basic License iDRAC Express License • • • • • • • • • • • • • • • PowerEdge R4XX PowerEdge R5XX PowerEdge T4XX PowerEdge C41XX PowerEdge FC6XX PowerEdge R6XX PowerEdge R64XX PowerEdge R7XX PowerEdge R74XX PowerEdge R74XX PowerEdge R8XX PowerEdge R9XX PowerEdge R9XX PowerEdge T6XX Dell Precision Rack R7920 NOTE: The default license available with PowerEdge C64XX systems is Basic Plus. The Basic Plus license was custom made for C64XX systems.
License component state or condition and available operations The following table provides the list of license operations available based on the license state or condition: Table 2.
Feature iDRAC9 Basic iDRAC9 Express iDRAC9 Express for Blades iDRAC9 Enterprise Dedicated NIC2 Yes Yes Yes Yes2 VLAN tagging Yes Yes Yes Yes IPv4 Yes Yes Yes Yes IPv6 Yes Yes Yes Yes DHCP Yes Yes Yes Yes DHCP with zero touch No No No Yes Dynamic DNS Yes Yes Yes Yes OS pass-through Yes Yes Yes Yes iDRAC Direct -Front panel USB Yes Yes Yes Yes Connection View Yes Yes Yes Yes NFS v4 Yes Yes Yes Yes SMB2 with NTLMv1 and NTLMv2 Yes Yes Yes Yes Role
Feature iDRAC9 Basic iDRAC9 Express iDRAC9 Express for Blades iDRAC9 Enterprise Virtual Console No No Yes Yes VNC connection to OS No No No Yes Quality/bandwidth control No No No Yes Virtual Console collaboration (up to six simultaneous users) No No No Yes Virtual Console chat No No No Yes 2,3 Virtual Flash partitions No No No Yes Group Manager No No No Yes HTTP / HTTPS support along with Yes NFS/CIFS Yes Yes Yes Power and Thermal Real-time power meter Yes Yes
Feature iDRAC9 Basic iDRAC9 Express iDRAC9 Express for Blades iDRAC9 Enterprise Out of Band Performance Monitoring No No No Yes Alerts for excessive SSD wear Yes Yes Yes Yes Customizable settings for Exhaust Yes Temperature Yes Yes Yes Update Remote agent-free update Yes Yes Yes Yes Embedded update tools Yes Yes Yes Yes Sync with repository (scheduled updates) No No No Yes Auto-update No No No Yes Improved PSU firmware updates Yes Yes Yes Yes Local configuration v
Feature iDRAC9 Basic iDRAC9 Express iDRAC9 Express for Blades iDRAC9 Enterprise Server Configuration Restore Yes Yes Yes Yes Easy Restore Auto Timeout Yes Yes Yes Yes LED Health status indicators Yes 5 Yes 5 N/A Yes 5 LCD screen (iDRAC9 requires optional) Yes 5 Yes 5 N/A Yes 5 Quick Sync (require NFC bezel, 13G only) N/A N/A N/A N/A iDRAC Quick Sync 2 (BLE/Wi-Fi hardware) Yes Yes Yes Yes iDRAC Direct (front USB management port) Yes Yes Yes Yes iDRAC Service Module (iS
[5] Requires OMSA agent on target server. Interfaces and protocols to access iDRAC The following table lists the interfaces to access iDRAC. NOTE: Using more than one interface at the same time may generate unexpected results. Table 4. Interfaces and protocols to access iDRAC Interface or Protocol Description iDRAC Settings Utility (F2) Use the iDRAC Settings utility to perform pre-OS operations. It has a subset of the features that are available in iDRAC web interface along with other features.
Interface or Protocol Description RACADM Use this command-line utility to perform iDRAC and server management. You can use RACADM locally and remotely. • • • • iDRAC RESTful API and Redfish Local RACADM command-line interface runs on the managed systems that have Server Administrator installed. Local RACADM communicates with iDRAC through its in-band IPMI host interface. Since it is installed on the local managed system, users are required to log in to the operating system to run this utility.
Interface or Protocol Description IPMITool Use the IPMITool to access the remote system’s basic management features through iDRAC. The interface includes local IPMI, IPMI over LAN, IPMI over Serial, and Serial over LAN. For more information on IPMITool, see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at dell.com/ idracmanuals. NOTE: IPMI version 1.5 is not supported.
Port number Type Function Configurable port Maximum Encryption Level 636 TCP LDAP Over SSL (LDAPS) No 256-bit SSL 2049 TCP Network File System (NFS) No None 3269 TCP LDAPS for global catalog (GC) No 256-bit SSL 5353 UDP mDNS No None NOTE: When Group Manager is enabled, iDRAC uses mDNS to communicate through port 5353. However, when it is disabled, port 5353 is blocked by iDRAC's internal firewall and appears as open|filtered port in the port scans.
• Using the following links: • • • • • For all Enterprise Systems Management and OpenManage Connections documents — www.dell.com/esmmanuals For OpenManage documents — www.dell.com/openmanagemanuals For iDRAC and Lifecycle Controller documents — www.dell.com/idracmanuals For Serviceability Tools documents — www.dell.com/serviceabilitytoolsDell.com/ServiceabilityTools For Client Command Suite Systems Management documents — www.dell.com/omconnectionsclient Accessing documents using the product search 1.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. You can also log in using Single Sign-On or Smart Card. To improve security, each system is shipped with a unique password for iDRAC, which is available on the system information tag. This unique password improves security of iDRAC and your server. The default user name is root.
NOTE: LDAP authentication with OpenDS is supported. The DH key must be larger than 768 bits. To log in to iDRAC as local user, Active Directory user, or LDAP user: 1. Open a supported web browser. 2. In the Address field, type https://[iDRAC-IP-address] and press Enter. NOTE: If the default HTTPS port number (port 443) changes, enter: https://[iDRAC-IP-address]:[portnumber] where [iDRAC-IP-address] is the iDRAC IPv4 or IPv6 address and [port-number] is the HTTPS port number. The Login page is displayed. 3.
Logging in to iDRAC as an Active Directory user using a smart card Before you log in as an Active Directory user using smart card, ensure that you: • • • • Upload a Trusted Certificate Authority (CA) certificate (CA-signed Active Directory certificate) to iDRAC. Configure the DNS server. Enable Active Directory login. Enable smart card login. To log in to iDRAC as an Active Directory user using smart card: 1. Log in to iDRAC using the link https://[IP address].
Accessing iDRAC using remote RACADM You can use remote RACADM to access iDRAC using RACADM utility. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. If the management station has not stored the iDRAC’s SSL certificate in its default certificate storage, a warning message is displayed when you run the RACADM command. However, the command is executed successfully.
Table 7. Possible values for system status Host System • • • • • • • • • • 1. 2. 3. 4.
Table 8. Multiple iDRAC sessions Interface Number of Sessions iDRAC Web Interface 6 Remote RACADM 4 Firmware RACADM / SMCLP SSH - 2 Telnet - 2 Serial - 1 Accessing iDRAC using SMCLP SMCLP is the default command line prompt when you log in to iDRAC using Telnet or SSH. For more information, see Using SMCLP. Secure default password All supported systems are shipped with a unique default password for iDRAC, unless you choose to set calvin as the password while ordering the system.
Resetting default password using local RACADM 1. Log in to the host OS installed on the system. 2. Access the local RACADM interface. 3. Follow the instructions in Changing the default login password using RACADM. Resetting default password using OpenManage Mobile You can use the OpenManage Mobile (OMM) to log in and change the default password. To log in to iDRAC using OMM, scan the QR code on the system information tag.
A warning message is also displayed when you log in to iDRAC using SSH, Telnet, remote RACADM, or the Web interface. For Web interface, SSH, and Telnet, a single warning message is displayed for each session. For remote RACADM, the warning message is displayed for each command. NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user names and passwords.
IP Blocking You can use IP blocking to dynamically determine when excessive login failures occur from an IP address and block or prevent the IP address from logging into the iDRAC9 for a preselected time span. IP blocking includes: • • • The number of allowable login failures. The timeframe in seconds when these failures must occur. The amount of time, in seconds, when the IP address is prevented from establishing a session after the total allowable number of failures is exceeded.
4. If you select LOM as the pass-through configuration, and if the server is connected using dedicated mode, enter the IPv4 address of the operating system. NOTE: If the server is connected in shared LOM mode, then the OS IP Address field is disabled. NOTE: If the VLAN is enabled on the iDRAC, the LOM-Passthrough will only function in shared LOM mode with VLAN tagging configured on the host. 5. If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC.
3 Setting up managed system If you need to run local RACADM or enable Last Crash Screen capture, install the following from the Dell Systems Management Tools and Documentation DVD: • • Local RACADM Server Administrator For more information about Server Administrator, see OpenManage Server Administrator User's Guide available at www.dell.com/ openmanagemanuals.
Setting up iDRAC IP using iDRAC settings utility To set up the iDRAC IP address: 1. Turn on the managed system. 2. Press during Power-on Self-test (POST). 3. In the System Setup Main Menu page, click iDRAC Settings. The iDRAC Settings page is displayed. 4. Click Network. The Network page is displayed. 5. Specify the following settings: • • • • • • Network Settings Common Settings IPv4 Settings IPv6 Settings IPMI Settings VLAN Settings 6. Click Back, click Finish, and then click Yes.
NOTE: You cannot manually set the Network Speed to 1000 Mbps. This option is available only if Auto Negotiation option is enabled. 6. Under Duplex Mode, select Half Duplex or Full Duplex option. NOTE: If you enable Auto Negotiation, this option is grayed-out. NOTE: If network teaming is configured for the host OS using the same network adapter as NIC Selection, then the Failover Network should also be configured.
Configuring the IPMI settings To enable the IPMI Settings: 1. Under Enable IPMI Over LAN, select Enabled. 2. Under Channel Privilege Limit, select Administrator, Operator, or User. 3. In the Encryption Key box, enter the encryption key in the format 0 to 40 hexadecimal characters (without any blanks characters.) The default value is all zeros. VLAN settings You can configure iDRAC into the VLAN infrastructure.
You can enable the Provisioning Server feature using iDRAC Settings Utility or using Lifecycle Controller. For information on using Lifecycle Controller, see Lifecycle Controller User's Guide available at www.dell.com/idracmanuals. If the Provisioning Server feature is not enabled on the factory-shipped system, the default administrator account (the default iDRAC user name and password are provided on the system badge) is enabled.
-s (ShareType): pass in either 0 for NFS, 2 for CIFS, 5 for HTTP and 6 for HTTPS. This is a mandatory field for iDRAC firmware versions 3.00.00.00. -i (IPAddress): IP address of the network share. This is a mandatory field. -u (Username): username that has access to network share. This is a mandatory field for CIFS. -p (Password): user password that has access to network share. This is a mandatory field for CIFS. -d (ShutdownType): either 0 for graceful or 1 for forced (default setting: 0).
3. Specify the SCP file location in vendor-option 43 field of DHCP server. 4. The iDRAC while acquiring IP address advertises vendor class identifier. (Option 60) 5. The DHCP server matches the vendor class to the vendor option in the dhcpd.conf file and sends the SCP file location and, if specified the SCP file name to the iDRAC. 6. The iDRAC processes the SCP file and configures all the attributes listed in the file.
7. Click in the ASCII: section and type iDRAC. 8. Click OK and then Close. 9. On the DHCP window, right-click IPv4 and select Set Predefined Options. 10. From the Option class drop-down menu, select iDRAC (created in step 4) and click Add. 11. In the Option Type dialog box, enter the following information: • • • • Name — iDRAC Data Type — String Code — 060 Description — Dell vendor class identifier 12. Click OK to return to the DHCP window. 13.
} option time-offset -18000; # Eastern Standard Time option vendor-class-identifier "iDRAC"; set vendor-string = option vendor-class-identifier; option myname "-f system_config.xml -i 192.168.0.130 -u user -p password -n cifs -s 2 -d 0 -t 500"; range dynamic-bootp 192.168.0.128 192.168.0.
Enabling Auto Config using iDRAC web interface Make sure that DHCPv4 and the Enable IPv4 options are enabled and Auto-discovery is disabled. To enable Auto Config: 1. In the iDRAC web interface, go to iDRAC Settings > Connectivity > Network > Auto Config. The Network page is displayed. 2. In the Auto Config section, select one of the following options from the Enable DHCP Provisioning drop-down menu: • • • Enable Once — Configures the component only once using the SCP file referenced by the DHCP server.
You must set the Salt attribute when the associated hash is set. NOTE: The attributes are not applicable to the INI configuration file. Hash password in server configuration profile The new hash passwords can be optionally exported in the server configuration profile. When importing server configuration profile, you can uncomment the existing password attribute or the new password hash attribute(s). If both are uncommented an error is generated and the password is not set.
Setting up managed system location using web interface To specify the system location details: 1. In the iDRAC web interface, go to System > Details > System Details. The System Details page is displayed. 2. Under System Location, enter the location details of the managed system in the data center. For information about the options, see the iDRAC Online Help. 3. Click Apply. The system location details are saved in iDRAC.
• Maximum Performance (Performance Optimized) : • • Reduced probability of memory or CPU throttling. • Increased probability of turbo mode activation. • Generally, higher fan speeds at idle and stress loads. Minimum Power (Performance per Watt Optimized): • • • Optimized for lowest system power consumption based on optimum fan power state. Generally, lower fan speeds at idle and stress loads.
Modifying thermal settings using RACADM To modify the thermal settings, use the objects in the system.thermalsettings group with the set sub command as provided in the following table. Table 11. Thermal Settings Object Description Usage Example AirExhaustTemp Allows you to set the maximum air exhaust temperature limit.
Object Description FanSpeedHighOffsetVal • • • Usage Values from 0-100 Getting this variable reads the fan speed offset value in %PWM for High Fan Speed Offset setting. This value depends on the system. Use FanSpeedOffset object to set this value using index value 1. Example racadm get system.thermalsettin gs FanSpeedHighOffsetVa l A numerical value, for example 66, is returned.
Object Description FanSpeedMediumOffsetVal • • • Usage Values from 0-100 Getting this variable reads the fan speed offset value in %PWM for Medium Fan Speed Offset setting. This value depends on the system. Use FanSpeedOffset object to set this value using index value 2 Example racadm get system.thermalsettin gs FanSpeedMediumOffset Val This returns a value such as “47”.
Object Description Usage Example MinimumFanSpeed • Allows configuring the Minimum Fan speed that is required for the system to operate. It defines the baseline (floor) value for fan speed and system allows fans to go lower than this defined fan speed value. This value is %PWM value for fan speed.
To set up the management station: 1. Install a supported operating system. For more information, see the release notes. 2. Install and configure a supported Web browser. For more information, see the release notes. 3. Install the latest Java Runtime Environment (JRE) (required if Java plug-in type is used to access iDRAC using a Web browser). NOTE: You need Java 8 or later to use this feature and to launch iDRAC Virtual Console over an IPv6 network. 4.
3. Click Custom Level , select Medium-Low, and click Reset. Click OK to confirm. Adding iDRAC IP to the trusted-sites list When you access iDRAC Web interface, you are prompted to add iDRAC IP address to the list of trusted domains if the IP address is missing from the list. When completed, click Refresh or relaunch the web browser to establish a connection to iDRAC web interface. If you are not prompted to add the IP, it is recommended that you add the IP manually to the trusted-sites list.
Configuring Firefox to enable Active Directory SSO To configure the browser settings for Firefox: 1. In Firefox address bar, enter about:config. 2. In Filter, enter network.negotiate. 3. Add the domain name to network.negotiate-auth.trusted-uris (using comma separated list.) 4. Add the domain name to network.negotiate-auth.delegation-uris (using comma separated list.) Configuring web browsers to use virtual console To use Virtual Console on your management station: 1.
NOTE: Install a 32-bit or 64-bit JRE version on a 64-bit operating system or a 32-bit JRE version on a 32-bit operating system. To configure IE to use Java plug-in: • • Disable automatic prompting for file downloads in Internet Explorer. Disable Enhanced Security Mode in Internet Explorer. Configuring IE to use ActiveX plug-in You must configure the IE browser settings before you start and run ActiveX based Virtual Console and Virtual Media applications.
Additional settings for Windows Vista or newer Microsoft operating systems The Internet Explorer browsers in Windows Vista or newer operating systems have an additional security feature called Protected Mode. To launch and run ActiveX applications in Internet Explorer browsers with Protected Mode: 1. Run IE as an administrator. 2. Go to Tools > Internet Options > Security > Trusted Sites. 3. Make sure that the Enable Protected Mode option is not selected for Trusted Sites zone.
Viewing localized versions of web interface iDRAC web interface is supported in the following languages: • • • • • • English (en-us) French (fr) German (de) Spanish (es) Japanese (ja) Simplified Chinese (zh-cn) The ISO identifiers in parentheses denote the supported language variants. For some supported languages, resizing the browser window to 1024 pixels wide is required to view all features. iDRAC Web interface is designed to work with localized keyboards for the supported language variants.
• You can create custom repositories by using the Dell Repository Manager. For more information, see Dell Repository Manager Data Center User's Guide. iDRAC can provide a difference report between the BIOS and firmware installed on the system and the updates available in the repository. All applicable updates contained in the repository are applied to the system. This feature is available with iDRAC Enterprise license.
When you check for updates, the version marked as Available does not always indicate that it is the latest version available. Before you install the update, ensure that the version you choose to install is newer than the version currently installed. If you want to control the version that iDRAC detects, create a custom repository using Dell Repository Manager (DRM) and configure iDRAC to use that repository to check for updates.
Updating device firmware using RACADM To update device firmware using RACADM, use the update subcommand. For more information, see the RACADM Reference Guide for iDRAC and CMC available at dell.com/idracmanuals. Examples: • To generate a comparison report using an update repository: racadm update –f catalog.xml –l //192.168.1.1 –u test –p passwd --verifycatalog • To perform all applicable updates from an update repository using myfile.
For information about the fields, see the iDRAC Online Help. 8. Click Schedule Update. The next scheduled job is created in the job queue. Five minutes after the first instance of the recurring job starts, the job for the next time period is created. Scheduling automatic firmware update using RACADM To schedule automatic firmware update, use the following commands: • To enable automatic firmware update: racadm set lifecycleController.lcattributes.AutoUpdate.
Updating firmware using DUP Before you update firmware using Dell Update Package (DUP), make sure to: • • Install and enable the IPMI and managed system drivers. Enable and start the Windows Management Instrumentation (WMI) service if your system is running Windows operating system, NOTE: While updating the iDRAC firmware using the DUP utility in Linux, if you see error messages such as usb 5-2: device descriptor read/64, error -71 displayed on the console, ignore them.
• During the update, chassis action power commands are disabled. The updates for components such as Programmable System-on-Chip (PSoC) of IOM that requires all the servers to be idle, the update is applied on the next chassis power-up cycle. CMC settings to update CMC firmware from iDRAC In the PowerEdge FX2/FX2s chassis, before performing the firmware update from iDRAC for CMC and its shared components, do the following: 1. Launch the CMC Web interface 2. Go to iDRAC Settings > Settings > CMC.
You can perform firmware rollback for the following components: • • • • • • iDRAC with Lifecycle Controller BIOS Network Interface Card (NIC) Power Supply Unit (PSU) RAID Controller Backplane NOTE: You cannot perform firmware rollback for Diagnostics, Driver Packs, and CPLD. Before rolling back the firmware, make sure that: • • • You have Configure privilege to roll back iDRAC firmware.
Rollback firmware using RACADM 1. Check the rollback status and the FQDD using the swinventory command: racadm swinventory For the device for which you want to rollback the firmware, the Rollback Version must be Available. Also, note the FQDD. 2. Rollback the device firmware using: racadm rollback For more information, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
The backup file contains encrypted user sensitive data, configuration information, and firmware images that you can use for import server profile operation. Backup events are recorded in the Lifecycle Log. NOTE: If you are exporting the server profile using NFS on Windows 10 operating system and face issues accessing the exported server profile, enable Client for NFS in Windows Features. Backing up server profile using iDRAC web interface To back up the server profile using iDRAC Web interface: 1.
NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters. For information about the fields, see the iDRAC Online Help 5. Click Backup Now. A recurring job is represented in the job queue with a start date and time of the next scheduled backup operation. Five minutes after the first instance of the recurring job starts, the job for the next time period is created.
Easy Restore uses the Easy Restore flash memory to back up the data. When you replace the motherboard and power on the system, the BIOS queries the iDRAC and prompts you to restore the backed-up data. The first BIOS screen prompts you to restore the Service Tag, licenses, and UEFI diagnostic application. The second BIOS screen prompts you to restore system configuration settings.
Monitoring iDRAC using other Systems Management tools You can discover and monitor iDRAC using Dell Management Console or Dell OpenManage Essentials. You can also use Dell Remote Access Configuration Tool (DRACT) to discover iDRACs, update firmware, and set up Active Directory. For more information, see the respective user’s guides. Support Server Configuration Profile (SCP) — Import and Export Server Configuration Profile allows you to import and export server configuration files.
PK X.509 Certificate (binary DER format only) 1. .cer 2. .der One 3. .crt KEK DB and DBX X.509 Certificate (binary DER format only) 1. .cer Public Key Store 2. .der 3. .crt 4. .pbk 1. .cer 2. .der 3. .crt 4. .efi X.509 Certificate (binary DER format only) EFI image (system BIOS will calculate and import image digest) More than one More than one The Secure Boot Settings feature can be accessed by clicking System Security under System BIOS Settings.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see iDRAC licenses .
• Disabling access to modify iDRAC configuration settings on host system Viewing iDRAC information You can view the basic properties of iDRAC. Viewing iDRAC information using web interface In the iDRAC Web interface, go to iDRAC Settings > Overview to view the following information related to iDRAC. For information about the properties, see iDRAC Online Help.
Viewing iDRAC information using RACADM To view iDRAC information using RACADM, see getsysinfo or get sub-command details provided in the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals . Modifying network settings After configuring the iDRAC network settings using the iDRAC Settings utility, you can also modify the settings through the iDRAC Web interface, RACADM, Lifecycle Controller, Dell Deployment Toolkit, and Server Administrator (after booting to the operating system).
• IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are denied. When repeated login failures occur from a particular IP address, it prevents the address from logging in to iDRAC for a preselected time span.
The last byte of the range mask is set to 252, the decimal equivalent of 11111100b. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. FIPS mode FIPS is a computer security standard that United States government agencies and contractors must use. Starting from version iDRAC 2.40.40.40, iDRAC supports enabling FIPS mode. iDRAC will be officially certified to support FIPS mode in the future.
SSH Access iDRAC through firmware RACADM. Telnet Access iDRAC through firmware RACADM. Remote RACADM Remotely access iDRAC. Redfish Enables support for Redfish RESTful API. SNMP Agent Enables support for SNMP queries (GET, GETNEXT, and GETBULK operations) in iDRAC. Automated System Recovery Agent Enable Last System Crash Screen. VNC Server Enable VNC server with or without SSL encryption. Configuring services using web interface To configure the services using iDRAC Web interface: 1.
Configuring TLS By default, iDRAC is configured to use TLS 1.1 and higher. You can configure iDRAC to use any of the following: • • • TLS 1.0 and higher TLS 1.1 and higher TLS 1.2 only NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher. Configuring TLS using web interface 1. Go to iDRAC Settings > Services. 2. Click the Services tab and then click Web Server. 3. In the TLS Protocol drop-down, select the TLS version and click Apply.
Configuring VNC server using iDRAC web interface To configure the VNC server settings: 1. In the iDRAC Web interface, go to Configuration > Virtual Console. The Virtual Console page is displayed. 2. In the VNC Server section, enable the VNC server, specify the password, port number, and enable or disable SSL encryption. For information about the fields, see the iDRAC Online Help. 3. Click Apply. The VNC server is configured.
Configuring LCD setting using web interface To configure the server LCD front panel display: 1. In iDRAC Web interface, go to Configurations > System Settings > Hardware Settings > Front Panel configuration. 2.
• • • Blink On 1 Day Timeout Blink On 1 Week Timeout Blink On 1 Month Timeout 3. Click Apply. The LED blinking on the front panel is configured. Configuring system ID LED setting using RACADM To configure system ID LED, use the setled command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
• The first boot device setting in iDRAC Web Interface overrides the System BIOS boot settings. Setting first boot device using web interface To set the first boot device using iDRAC Web interface: 1. Go to Configuration > System Settings > Hardware Settings > First Boot Device. The First Boot Device page is displayed. 2. Select the required first boot device from the drop-down list, and click Apply. The system boots from the selected device for subsequent reboots. 3.
When enabled through dedicated NIC, you can launch the browser in the host operating system and then access the iDRAC Web interface. The dedicated NIC for the blade servers is through the Chassis Management Controller. Switching between dedicated NIC or shared LOM does not require a reboot or reset of the host operating system or iDRAC.
• • • • • • • • • • • Server 2012 R2 Datacenter Edition Server 2012 for Embedded Systems (Base and R2 w/ SP1) Server 2016 Essentials Edition Server 2016 Standard Edition Server 2016 Datacenter Edition RHEL 7.3 RHEL 6.9 SLES 12 SP2 ESXi 6.0 U3 vSphere 2016 XenServer 7.1 For Linux operating systems, configure the USB NIC as DHCP on the host operating system before enabling USB NIC. For vSphere, you must install the VIB file before enabling USB NIC.
NOTE: If the VLAN is enabled on the iDRAC, the LOM-Passthrough will only function in shared LOM mode with VLAN tagging configured on the host. 5. If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC. The default value is 169.254.1.1. It is recommended to use the default IP address. However, if this IP address conflicts with an IP address of other interfaces of the host system or the local network, you must change it. Do not enter 169.254.0.3 and 169.254.0.4 IPs.
Login Type Certificate Type How to Obtain Smart Card login as a local or Active Directory user • • • User certificate Trusted CA certificate • User Certificate — Export the smart card user certificate as Base64encoded file using the card management software provided by the smart card vendor. Trusted CA certificate — This certificate is issued by a CA. SHA-2 certificates are also supported. Active Directory user login Trusted CA certificate This certificate is issued by a CA.
The iDRAC Web server SSL certificate supports the asterisk character (*) as part of the left-most component of the Common Name when generating a Certificate Signing Request (CSR). For example, *.qa.com, or *.company.qa.com. This is called a wildcard certificate. If a wildcard CSR is generated outside of iDRAC, you can have a signed single wildcard SSL certificate that you can upload for multiple iDRACs and all the iDRACs are trusted by the supported browsers.
NOTE: You must reset iDRAC to apply the new certificate. Until iDRAC is reset, the existing certificate is active. Uploading server certificate using RACADM To upload the SSL server certificate, use the sslcertupload command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. If the CSR is generated outside of iDRAC with a private key available, then to upload the certificate to iDRAC: 1. Send the CSR to a well-known root CA.
For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Downloading custom SSL certificate signing certificate You can download the custom signing certificate using iDRAC Web interface or RACADM. Downloading custom signing certificate To download the custom signing certificate using iDRAC Web interface: 1. Go to iDRAC Settings > Connectivity > SSL. The SSL page is displayed. 2.
1. Query the target iDRAC that contains the required configuration using the following command:. racadm get -f .xml -t xml -c iDRAC.Embedded.1 The command requests the iDRAC configuration and generates the configuration file. NOTE: Redirecting the iDRAC configuration to a file using get -f is only supported with the local and remote RACADM interfaces. NOTE: The generated configuration file does not contain user passwords.
5 Viewing iDRAC and managed system information You can view iDRAC and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.
The Firmware Inventory section displays the firmware version for the following components: • • • • • • • • • • • • • • • BIOS Lifecycle Controller iDRAC OS driver pack 32-bit diagnostics System CPLD PERC controllers Batteries Physical disks Power supply NIC Fibre Channel Backplane Enclosure PCIe SSDs NOTE: Software inventory displays only the last 4 bytes of the firmware version. For example, if the firmware version is FLVDL06, the firmware inventory displays DL06.
• • • During the rebuilding operation to restore redundancy between two SD cards present in the IDSDM, the IDSDM status is not displayed since the IDSDM sensors are powered off. NOTE: If the host system is rebooted during IDSDM rebuild operation, the iDRAC does not display the IDSDM information. To resolve this, rebuild IDSDM again or reset the iDRAC.
To display the performance parameters, the supported sensors must be present in the server. The four system utilization parameters are: • • • • CPU Utilization — Data from RMCs for each CPU core is aggregated to provide cumulative utilization of all the cores in the system. This utilization is based on time spent in active and inactive states. A sample of RMC is taken every six seconds. Memory Utilization — RMCs measure memory traffic occurring at each memory channel or memory controller instance.
Checking the system for Fresh Air compliance Fresh Air cooling directly uses outside air to cool systems in the data center. Fresh Air compliant systems can operate above its normal ambient operating range (temperatures up to 113 °F (45 °C)). NOTE: Some servers or certain configurations of a server may not be Fresh Air compliant. See the specific server manual for details related to Fresh Air compliance or contact Dell for more details. To check the system for Fresh Air compliance: 1.
For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Configuring warning threshold for inlet temperature You can modify the minimum and maximum warning threshold values for the system board inlet temperature sensor. If reset to default action is performed, the temperature thresholds are set to the default values. You must have Configure user privilege to set the warning threshold values for the inlet temperature sensor.
Similarly, you can view the host OS network interface information associated with a network device from the Hardware > Network Devices page. Click View Host OS Network Interfaces. NOTE: For the ESXi host OS in the iDRAC Service Module v2.3.
2. To terminate the session, under the Terminate column, click the Trashcan icon for a session. Terminating iDRAC sessions using RACADM You must have administrator privileges to terminate iDRAC sessions using RACADM. To view the current user sessions, use the getssninfo command. To terminate a user session, use the closessn command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
6 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: • • • • • • • iDRAC Web Interface Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only IPMI Serial Over LAN IPMI Over LAN Remote RACADM Local RACADM Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
• • • • • • • • • Communicating with iDRAC through serial connection using DB9 cable Switching between RAC serial and serial console while using DB9 cable Communicating with iDRAC using IPMI SOL Communicating with iDRAC using IPMI over LAN Enabling or disabling remote RACADM Disabling local RACADM Enabling IPMI on managed system Configuring Linux for serial console during boot in RHEL 6 Supported SSH cryptography schemes Communicating with iDRAC through serial connection using DB9 cable You can use any of
1. In the iDRAC Web interface, go to iDRAC Settings > Network > Serial. The Serial page is displayed. 2. Under RAC Serial, select Enabled and specify the values for the attributes. 3. Click Apply. The RAC serial settings are configured. Enabling RAC serial connection using RACADM To enable RAC serial connection using RACADM, use the set command with the object in the iDRAC.Serial group.
2. Set the IPMI Serial baud rate using the command. racadm set iDRAC.IPMISerial.BaudRate Parameter Allowed values (in bps) 9600, 19200, 57600, and 115200. 3. Enable the IPMI serial hardware flow control using the command. racadm set iDRAC.IPMISerial.FlowContro 1 4. Set the IPMI serial channel minimum privilege level using the command. racadm set iDRAC.IPMISerial.
Switching between RAC serial and serial console while using DB9 cable iDRAC supports Escape key sequences that allow switching between RAC Serial Interface communication and Serial Console on rack and tower servers. Switching from serial console to RAC serial To switch to RAC Serial Interface communication mode when in Serial Console Mode, press Esc+Shift, 9.
NOTE: BIOS sends the screen serial data in 25 x 80 format. The SSH window that is used to invoke the console com2 command must be set to 25 x 80. Then, the redirected screen appears correctly. NOTE: If the boot loader or operating system provides serial redirection such as GRUB or Linux, then the BIOS Redirection After Boot setting must be disabled. This is to avoid potential race condition of multiple components accessing the serial port.
Parameter Description Unique ID of the user NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate is identical to the baud rate of the managed system. Enabling supported protocol The supported protocols are IPMI, SSH, and Telnet. Enabling supported protocol using web interface To enable SSH or Telnet, go to iDRAC Settings > Services and select Enabled for SSH or Telnet, respectively. To enable IPMI, go to iDRAC Settings > Connectivity and select IPMI Settings.
NOTE: IPMI SOL session may terminate while copying large input text from a client running Windows OS to a host running Linux OS. To avoid the session from getting terminated abruptly, convert any large text to a UNIX-based line ending. NOTE: If a SOL session created using RACADM tool exists, starting another SOL session using IPMI tool will not show any notification or error about the existing sessions.
• • For SSH: ssh -l For Telnet: telnet NOTE: If you have changed the port number for the Telnet service from the default (port 23), add the port number to the end of the Telnet command. 3. Enter one of the following commands at the command prompt to start SOL: • • connect console com2 This connects iDRAC to the managed system’s SOL port. Once a SOL session is established, iDRAC command line console is not available.
• • To quit SOL redirection, press Enter, Esc, T. The SOL session closes. To quit a SOL session from Telnet on Linux, press and hold Ctrl+]. A Telnet prompt is displayed. Type quit to exit Telnet. If a SOL session is not terminated completely in the utility, other SOL sessions may not be available. To resolve this, terminate the command line console in the Web interface under iDRAC Settings > Connectivity > Serial Over LAN.
Parameter Description 20-character encryption key in a valid hexadecimal format. NOTE: The iDRAC IPMI supports the RMCP+ protocol. For more information, see the IPMI 2.0 specifications at intel.com. Enabling or disabling remote RACADM You can enable or disable remote RACADM using the iDRAC Web interface or RACADM. You can run up to five remote RACADM sessions in parallel. NOTE: Remote RACADM is enabled by default. Enabling or disabling remote RACADM using web interface 1.
1. Locate the General Setting sections in the file and add the following: serial --unit=1 --speed=57600 terminal --timeout=10 serial 2. Append two options to the kernel line: kernel ............. console=ttyS1,115200n8r console=tty1 3. Disable GRUB's graphical interface and use the text-based interface. Else, the GRUB screen is not displayed in RAC Virtual Console. To disable the graphical interface, comment-out the line starting with splashimage. The following example provides a sample /etc/grub.
si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc 0 l1:1:wait:/etc/rc.d/rc 1 l2:2:wait:/etc/rc.d/rc 2 l3:3:wait:/etc/rc.d/rc 3 l4:4:wait:/etc/rc.d/rc 4 l5:5:wait:/etc/rc.d/rc 5 l6:6:wait:/etc/rc.d/rc 6 #Things to run in every runlevel. ud::once:/sbin/update ud::once:/sbin/update #Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now #When our UPS tells us power has failed, assume we have a few #minutes of power left. Schedule a shutdown for 2 minutes from now.
Supported SSH cryptography schemes To communicate with iDRAC using SSH protocol, it supports multiple cryptography schemes listed in the following table. Table 18. SSH cryptography schemes Scheme Type Algorithms Asymmetric Cryptography Public key ssh-rsa ecdsa-sha2-nistp256 Symmetric Cryptography Key Exchange curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha1 Encryption chacha20-poly1305@openssh.
CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the ’Configure Users’ user privilege. This privilege allows user(s) to configure another user's SSH key. You should grant this privilege carefully. Generating public keys for Windows To use the PuTTY Key Generator application to create the basic key: 1. Start the application and select RSA for the key type. 2. Enter the number of bits for the key. The number of bits must be between 2048 and 4096 bits. 3.
Uploading SSH keys using RACADM To upload the SSH keys, run the following command: NOTE: You cannot upload and copy a key at the same time. • • For local RACADM: racadm sshpkauth -i <2 to 16> -k <1 to 4> -f From remote RACADM using Telnet or SSH: racadm sshpkauth -i <2 to 16> -k <1 to 4> -t For example, to upload a valid key to iDRAC User ID 2 in the first key space using a file, run the following command: $ racadm sshpkauth -i 2 -k 1 -f pkkey.
7 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. The default iDRAC user name and password are provided with the system badge. As an administrator, you can setup user accounts to allow other users to access iDRAC. For more information see the documentation for the server.
NOTE: To improve security, it is recommended to use complex passwords that have eight or more characters and include lowercase alphabets, uppercase alphabets, numbers, and special characters. It is also recommended to regularly change the passwords, if possible. Configuring local users You can configure up to 16 local users in iDRAC with specific access permissions. Before you create an iDRAC user, verify if any current users exist.
and view or edit the myfile.cfg file, which includes all iDRAC configuration parameters. To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. If you use the Server Configuration Profile file to configure users, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol attributes to enable SNMPv3 authentication.
Prerequisites for using Active Directory authentication for iDRAC To use the Active Directory authentication feature of iDRAC, make sure that you have: • • • Deployed an Active Directory infrastructure. See the Microsoft website for more information. Integrated PKI into the Active Directory infrastructure. iDRAC uses the standard Public Key Infrastructure (PKI) mechanism to authenticate securely into the Active Directory. See the Microsoft website for more information.
Importing iDRAC firmware SSL certificate iDRAC SSL certificate is the identical certificate used for iDRAC Web server. All iDRAC controllers are shipped with a default self-signed certificate. If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC Server certificate to the Active Directory Domain controller.
In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to five role groups in each iDRAC. Table reference no shows the default role group privileges. Table 21.
The Directory Service page is displayed. 2. Select the Microsoft Active Directory option and then click Edit. The Active Directory Configuration and Management page is displayed. 3. Click Configure Active Directory. The Active Directory Configuration and Management Step 1 of 4 page is displayed. 4. Optionally, enable certificate validation and upload the CA-signed digital certificate used during initiation of SSL connections when communicating with the Active Directory (AD) server.
• To enforce the certificate validation during SSL handshake (optional), use the following command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 1 In this case, you must upload the CA certificate using the following command: racadm sslcertupload -t 0x2 -f NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog FQDN. Ensure that DNS is configured correctly under Overview > iDRAC Settings > Network.
• RAC LinkID range is: 12070 to 12079 Overview of iDRAC schema extensions Dell has extended the schema to include an Association, Device, and Privilege property. The Association property is used to link together the users or groups with a specific set of privileges to one or more iDRAC devices. This model provides an administrator maximum flexibility over the different combinations of users, iDRAC privileges, and iDRAC devices on the network without much complexity.
Figure 3. Privilege accumulation for a user The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only.
You can copy and run the Schema Extender or LDIF files from any location. Using Dell Schema Extender CAUTION: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To make sure that the Dell Schema Extender utility functions properly, do not modify the name of this file. 1. In the Welcome screen, click Next. 2. Read and understand the warning and click Next. 3. Select Use Current Log In Credentials or enter a user name and password with schema administrator rights. 4.
Table 25. dellRAC4Privileges class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines the privileges (Authorization Rights) for iDRAC Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 26. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.
Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.2 FALSE List of dellRacDevice and Distinguished Name (LDAPTYPE_DN DelliDRACDevice Objects that belong to 1.3.6.1.4.1.1466.115.121.1.12) this role. This attribute is the forward link to the dellAssociationMembers backward link. Link ID: 12070 dellIsLoginUser 1.2.840.113556.1.8000.1280.1.1.2.3 TRUE if the user has Login rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.
Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellRacType 1.2.840.113556.1.8000.1280.1.1.2.13 TRUE This attribute is the Current RAC Type for the delliDRACDevice object and the backward link to the dellAssociationObjectMembers forward link. Case Ignore String (LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.905) dellAssociationMembers 1.2.840.113556.1.8000.1280.1.1.2.14 List of dellAssociationObjectMembers that belong to this Product.
4. Select Privilege Object and click OK. 5. Right-click the privilege object that you created, and select Properties. 6. Click the Remote Management Privileges tab and assign the privileges for the user or group. Creating association object To create association object: NOTE: iDRAC association object is derived from the group and its scope is set to Domain Local. 1. In the Console Root (MMC) window, right-click a container. 2. Select New > Dell Remote Management Object Advanced.
Configuring Active Directory with Extended schema using iDRAC web interface To configure Active Directory with extended schema using Web interface: NOTE: For information about the various fields, see the iDRAC Online Help. 1. In the iDRAC Web interface, go to iDRAC Settings > Users > Directory Services > Microsoft Active Directory. Click Edit The Active Directory Configuration and Management Step 1 of 4 page is displayed. 2.
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Ensure that DNS is configured correctly under iDRAC Settings > Network. Using the following RACADM command may be optional: racadm sslcertdownload -t 1 -f 2. If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following command: racadm set iDRAC.IPv4.DNSFromDHCP 1 3.
Configuring generic LDAP directory service using iDRAC web-based interface To configure the generic LDAP directory service using Web interface: NOTE: For information about the various fields, see the iDRAC Online Help. 1. In the iDRAC Web interface, go to iDRAC Settings > Users > Directory Services > Generic LDAP Directory Service, click Edit. The Generic LDAP Configuration and Management Step 1 of 3 page displays the current generic LDAP settings. 2.
NOTE: When testing LDAP settings with Enable Certificate Validation checked, iDRAC requires that the LDAP server be identified by the FQDN and not an IP address. If the LDAP server is identified by an IP address, certificate validation fails because iDRAC is not able to communicate with the LDAP server. NOTE: When generic LDAP is enabled, iDRAC first tries to login the user as a directory user. If it fails, local user lookup is enabled. The test results and the test log are displayed.
8 System Lockdown mode System Lockdown mode helps in preventing unintended changes after a system is provisioned. This feature can help in protecting the system from unintentional or malicious changes. Lockdown mode is applicable to both configuration and firmware updates. When the system is locked down, any attempt to change the system configuration is blocked. If any attempts are made to change the critical system settings, an error message is displayed.
Table 29.
9 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Generating Kerberos keytab file To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized service on a Windows Kerberos network. The Kerberos configuration on iDRAC involves the same steps as configuring a non–Windows Server Kerberos service as a security principal in Windows Server Active Directory.
Configuring iDRAC SSO login for Active Directory users using web interface To configure iDRAC for Active Directory SSO login: NOTE: For information about the options, see the iDRAC Online Help. 1. Verify whether the iDRAC DNS name matches the iDRAC Fully Qualified Domain Name. To do this, in iDRAC Web interface, go to iDRAC Settings > Network > Common Settings and see the DNS iDRAC Name property. 2.
Uploading trusted CA certificate for smart card using web interface To upload trusted CA certificate for smart card login: 1. In iDRAC Web interface, go to iDRAC Settings > Network > User Authentication > Local Users. The Users page is displayed. 2. In the User ID column, click a user ID number. The Users Main Menu page is displayed. 3. Under Smart Card Configurations, select Upload Trusted CA Certificate and click Next. The Trusted CA Certificate Upload page is displayed. 4.
Enabling or disabling smart card login using iDRAC settings utility To enable or disable the Smart Card logon feature: 1. In the iDRAC Settings utility, go to Smart Card. The iDRAC Settings Smart Card page is displayed. 2. Select Enabled to enable smart card logon. Else, select Disabled. For more information about the options, see iDRAC Settings Utility Online Help. 3. Click Back, click Finish, and then click Yes. The smart card logon feature is enabled or disabled based on the selection.
10 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
n=0 — Disabled n=1 — Enabled Enabling or disabling alerts using iDRAC settings utility To enable or disable generating alerts or event actions: 1. In the iDRAC Settings utility, go to Alerts. The iDRAC Settings Alerts page is displayed. 2. Under Platform Events, select Enabled to enable alert generation or event action. Else, select Disabled. For more information about the options, see iDRAC Settings Utility Online Help. 3. Click Back, click Finish, and then click Yes. The alert settings are configured.
Setting event alerts using web interface To set an event alert using the web interface: 1. Make sure that you have configured the e-mail alert, IPMI alert, SNMP trap settings, and/or remote system log settings. 2. In iDRAC Web interface, go to Configuration > System Settings > Alerts and Remote System Log Configuration. 3. Under Category, select one or all of the following alerts for the required events: • • • • • • • Email SNMP Trap IPMI Alert Remote System Log WS Eventing OS Log Redfish Event 4.
1. In iDRAC Web interface, go to Configuration > System Settings > Alert and Remote System Log Configuration. 2. From the Actions drop-down menu, for each event select an action: • • • • Reboot Power Cycle Power Off No Action 3. Click Apply. The setting is saved. Setting event actions using RACADM To configure an event action, use the eventfilters command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
NOTE: The SNMP Trap Format option applies only for SNMP Traps and not for IPMI Traps. IPMI Traps are always sent in SNMP v1 format and is not based on the configured SNMP Trap Format option. The SNMP trap format is configured. Configuring IP alert destinations using RACADM To configure the trap alert settings: 1. To enable traps: racadm set idrac.SNMP.Alert..Enable Parameter Description Destination index. Allowed values are 1 through 8.
For information about the options, see the iDRAC Settings Utility Online Help. 4. Click Back, click Finish, and then click Yes. The alert destinations are configured. Configuring email alert settings You can configure the email address to receive the email alerts. Also, configure the SMTP server address settings. NOTE: If your mail server is Microsoft Exchange Server 2007, ensure that the iDRAC domain name is configured for the mail server to receive the email alerts from iDRAC.
Parameter Description index Email destination index. Allowed values are 1 through 4. custom-message Custom message 4. To test the configured email alert, if required: racadm testemail -i [index] Parameter Description index Email destination index to be tested. Allowed values are 1 through 4. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
if the CMC is not on the network. You can set the value to Disabled to forward the chassis events. By default, this setting is set as Enabled. NOTE: For this setting to take effect, you must ensure that in CMC, the Chassis Management at Server setting must be set to Monitor or Manage and Monitor. When the Chassis Management and Monitoring option is set to Enabled, iDRAC generates and logs chassis events.
Message ID Description CTL Storage Contr DH Cert Mgmt DIS Auto-Discovery ENC Storage Enclosr FAN Fan Event FSD Debug HWC Hardware Config IPA DRAC IP Change ITR Intrusion JCP Job Control LC Lifecycle Controller LIC Licensing LNK Link Status LOG Log event MEM Memory NDR NIC OS Driver NIC NIC Config OSD OS Deployment OSE OS Event PCI PCI Device PDR Physical Disk PR Part Exchange PST BIOS POST PSU Power Supply PSUA PSU Absent PWR Power Usage RAC RAC Event
Message ID Description RFLA IDSDM Absent RFM FlexAddress SD RRDU IDSDM Redundancy RSI Remote Service SEC Security Event SEL Sys Event Log SRD Software RAID SSD PCIe SSD STOR Storage SUP FW Update Job SWC Software Config SWU Software Change SYS System Info TMP Temperature TST Test Alert UEFI UEFI Event USR User Tracking VDR Virtual Disk VF vFlash SD card VFL vFlash Event VFLA vFlash Absent VLT Voltage VME Virtual Media VRM Virtual Console WRK Work Note Conf
11 iDRAC 9 Group Manager iDRAC Group Manager feature is available for Dell's 14th generation servers to offer simplified basic management of iDRACs and associated servers on the associated servers on the local network using the iDRAC GUI. Group Manager allows 1XMany console experience without involving a separate application. It allows the users to view the details of a set of servers by permitting more powerful management than by inspecting servers visually for faults and other manual methods.
The iDRAC members self-select a new primary controller for the group if the current primary goes offline for a prolonged duration, but that does not have any impact on the end user. You can normally access the group manager from all iDRAC members by clicking group manager from the iDRAC index page. Summary View You need to have administrator privileges to access group manager pages. If a non-administrator user logs onto the iDRAC, the group manager section does not appear with their credentials.
For more information see, Configuring user accounts and privileges. Table 32. New User Options Option Description New User Information Allows you to provide the new user's information details. iDRAC Permissions Allows you to define the user's role for future usage. Advanced User Settings Allows you to set (IPMI) user privileges and helps you to enable SNMP. NOTE: Any member iDRAC with system lockdown enabled, that is part of the same group returns an error that the user password was not updated.
Export Use this section to export the Group Summary to the local system. The information can be exported to a csv file format. It contains data related to each individual system in the group. Export includes the following information in csv format.
Jobs View Jobs view allows the user to track the progress of a group job, helps with simple recovery steps to correct connectivity induced failures. It also shows the history of the last group actions that were performed as an audit log. The user can use the jobs view to track the progress of the action across the group or to cancel an action that is schedule to occur in the future.
Group Information Panel Group Information panel in the top right of group manager summary view shows a consolidated group summary. Current group configuration can be edited from the Group Settings page accessible by clicking Group Settings button. It shows how many systems are there in the group. It also provides the information about the Primary and the Secondary controller of the Group. Group Settings Group settings page provides a listing of selected group attributes. Table 36.
Group Manager Single Sign On All iDRACs in the group trust each other based on the shared passcode secret and shared group name. As a result an administrator user at a group member IDRAC is grant administrator level privileges at any group member iDRAC when accessed through Group Manager web interface single sign on. iDRACs logs - as the user that logged on into peer members. is the service tag of the iDRAC where the user first logged in.
12 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WSMan interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utility, go to System Event Log. The iDRAC Settings.System Event Log displays the Total Number of Records. 2. To clear the records, select Yes. Else, select No. 3. To view the system events, click Display System Event Log. 4. Click Back, click Finish, and then click Yes.
2. Click Apply. The filtered log entries are displayed in Log Results. Adding comments to Lifecycle logs To add comments to the Lifecycle logs: 1. In the Lifecycle Log page, click the + icon for the required log entry. The Message ID details are displayed. 2. Enter the comments for the log entry in the Comment box. The comments are displayed in the Comment box. Viewing Lifecycle log using RACADM To view Lifecycle logs, use the lclog command.
Configuring remote system logging You can send lifecycle logs to a remote system. Before doing this, make sure that: • • There is network connectivity between iDRAC and the remote system. The remote system and iDRAC is on the same network. Configuring remote system logging using web interface To configure the remote syslog server settings: 1. In the iDRAC Web interface, go to Configuration > System Settings > Remote Syslog Settings. The Remote Syslog Settings page is displayed 2.
13 Monitoring and managing power You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: • • • • Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
For information about the displayed properties, see the iDRAC Online Help. Monitoring performance index for of CPU, memory, and input output modules using RACADM Use the SystemPerfStatistics sub command to monitor performance index for CPU, memory, and I/O modules. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Setting warning threshold for power consumption You can set the warning threshold value for the power consumption sensor in the rack and tower systems.
• • Reset System (warm boot) Power Cycle System (cold boot) 3. Click Apply. For more information, see the iDRAC Online Help. Executing power control operations using RACADM To perform power actions, use the serveraction command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Power capping You can view the power threshold limits that covers the range of AC and DC power consumption that a system under heavy workload presents to the datacenter.
Configuring power cap policy using RACADM To view and configure the current power cap values, use the following objects with the set command: • • • • System.Power.Cap.Enable System.Power.Cap.Watts System.Power.Cap.Btuhr System.Power.Cap.Percent For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Configuring power cap policy using iDRAC settings utility To view and configure power policies: 1. In iDRAC Settings utility, go to Power Configuration.
Configuring power supply options using iDRAC settings utility To configure the power supply options: 1. In iDRAC Settings utility, go to Power Configuration. NOTE: The Power Configuration link is available only if the server power supply unit supports power monitoring. The iDRAC Settings Power Configuration page is displayed. 2. Under Power Supply Options: • • • • Enable or disable power supply redundancy. Enable or disable hot spare. Set the primary power supply unit.
• • • 172 NOTE: It is important to note that with certain configurations and workloads, it may not be physically possible to reduce exhaust below a desired set point (e.g. Custom exhaust setting of 45C with a high inlet temp {e.g. 30C} and a loaded config {high system power consumption, low airflow}). 3. Sound Cap option is new in the 14th generation of PowerEdge server. It limits CPU power consumption and controls fan speed and acoustical ceiling.
14 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: • • • • • Network Interface Cards (NICs) Converged Network Adapters (CNAs) LAN On Motherboards (LOMs) Network Daughter Cards (NDCs) Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and partition
provide details of the physical mapping of switch ports to server’s network ports and iDRAC (integrated Dell Remote Access Controller) dedicated port connections. All supported network cards are visible in Connection View, irrespective of the brand. Instead of manually checking and troubleshooting the server's networking connections, you can view and manage network cable connections remotely.
Manufacturer Type Broadcom • • • • • • 57414 rNDC 25GE 57416/5720 rNDC 10GbE 57412/5720 rNDC 10GbE 57414 PCIe FH/LP 25GE 57412 PCIe FH/LP 10GbE 57416 PCIe FH/LP 10GbE Intel • • • • • • • • • X710 bNDC 10Gb X710 DP PCIe 10Gb X710 QP PCIe 10Gb X710 + I350 rNDC 10Gb+1Gb X710 rNDC 10Gb X710 bNDC 10Gb XL710 PCIe 40Gb XL710 OCP Mezz 10Gb X710 PCIe 10Gb Mellanox • • • MT27710 rNDC 40Gb MT27710 PCIe 40Gb MT27700 PCIe 100Gb QLogic • • • QL41162 PCIe 10GE 2P QL41112 PCIe 10GE 2P QL41262 PCIe 25GE 2P Inv
and also based on persistence policy setting for that power state. This provides more flexibility in deployments that need rapid reconfiguration of system workloads to another system. The virtual addresses are: • • • • • Virtual MAC Address Virtual iSCSI MAC Address Virtual FIP MAC Address Virtual WWN Virtual WWPN NOTE: When you clear the persistence policy, all the virtual addresses are reset to the default permanent address set at the factory.
Manufacturer Type Intel • • • • • • • • • • • • • • • • • • i350 DP FH PCIe 1GB i350 QP PCIe 1GB i350 QP rNDC 1GB i350 Mezz 1GB i350 bNDC 1GB x520 PCIe 10GB x520 bNDC 10GB x520 Mezz 10GB x520 + i350 rNDC 10GB+1GB X710 bNDC 10GB X710 QP bNDC 10GB X710 PCIe 10 GB X710 + I350 rNDC 10GB+1GB X710 rNDC 10GB XL710 QSFP DP LP PCIe 40GE XL710 QSFP DP FH PCIe 40GE X550 DP BT PCIe 2 x 10 Gb X550 DP BT LP PCIe 2 x 10 Gb Mellanox • • • • ConnectX-3 Pro 10G Mezz 10GB ConnectX-4 LX 25GE SFP DP rNDC 25GB ConnectX-4
Virtual or Flex Address and Persistence Policy behavior when iDRAC is set to Flex Address mode or Console mode The following table describes the Virtual Address Management (VAM) configuration and Persistence Policy behavior, and the dependencies. Table 40.
System behavior for FlexAddress and IO Identity Table 41.
Enabling or disabling IO Identity Optimization using RACADM To enable I/O Identity Optimization, use the command: racadm set idrac.ioidopt.IOIDOptEnable Enabled After enabling this feature, you must restart the system for the settings to take effect. To disable I/O Identity Optimization, use the command: racadm set idrac.ioidopt.IOIDOptEnable Disabled To view the I/O Identity Optimization setting, use the command: racadm get iDRAC.
NOTE: If there is a persistence policy in effect and the virtual addresses, initiator, or storage targets are set on a CNAdevice partition, do not reset or clear the values configured for virtual addresses, initiator, and storage targets before changing the VirtualizationMode or the personality of the partition. The action is performed automatically when you disable the persistence policy.
iSCSI Initiator Default Values in IPv4 mode Default Values in IP IscsiInitiatorIpv4SecDns 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6SecDns :: :: IscsiInitiatorName Value Cleared Value Cleared IscsiInitiatorChapId Value Cleared Value Cleared IscsiInitiatorChapPwd Value Cleared Value Cleared IPVer Ipv4 Table 44.
15 Managing storage devices Beginning with iDRAC 2.00.00.00 release, iDRAC expands its agent-free management to include direct configuration of the new PERC9 controllers. It enables you to remotely configure the storage components attached to your system at run-time. These components include RAID and non-RAID controllers and the channels, ports, enclosures, and disks attached to them. For the 14th generation of PowerEdge servers, PERC 9 and PERC 10 controllers are supported.
PERC Capability Real-time CEM configuration Capable Controller (PERC 9.1 or later) NOTE: For the 14th generation of PowerEdge servers, PERC 9 and PERC 10 controllers are supported. If there is no existing pending or scheduled jobs for the controller, then configuration is applied. CEM configuration Non-capable Controller (PERC 9.0 and lower) Configuration is applied. An error message is displayed. Job creation is not successful and you cannot create real-time jobs using Web interface.
Hardware and software RAID RAID can be implemented with either hardware or software. A system using hardware RAID has a RAID controller that implements the RAID levels and processes data reads and writes to the physical disks. When using software RAID provided by the operating system, the operating system implements the RAID levels. For this reason, using software RAID by itself can slow the system performance.
• Volume — Volume refers to a single disk non-RAID virtual disk. You can create volumes using external utilities like the O-ROM . Storage Management does not support the creation of volumes. However, you can view volumes and use drives from these volumes for creation of new virtual disks or Online Capacity Expansion (OCE) of existing virtual disks, provided free space is available. Choosing RAID levels You can use RAID to control data storage on multiple disks.
RAID 1 characteristics: • • • • • • Groups n + n disks as one virtual disk with the capacity of n disks. The controllers currently supported by Storage Management allow the selection of two disks when creating a RAID 1. Because these disks are mirrored, the total storage capacity is equal to one disk. Data is replicated on both the disks. When a disk fails, the virtual disk still works. The data is read from the mirror of the failed disk. Better read performance, but slightly slower write performance.
• • Better read performance, but slower write performance. Redundancy for protection of data. RAID level 6-striping with additional distributed parity RAID 6 provides data redundancy by using data striping in combination with parity information. Similar to RAID 5, the parity is distributed within each stripe. RAID 6, however, uses an additional physical disk to maintain parity, such that each stripe in the disk group maintains two disk blocks with parity information.
RAID 50 characteristics: • • • • • Groups n*s disks as one large virtual disk with a capacity of s*(n-1) disks, where s is the number of spans and n is the number of disks within each span. Redundant information (parity) is alternately stored on all disks of each RAID 5 span. Better read performance, but slower write performance. Requires as much parity information as standard RAID 5. Data is striped across all spans. RAID 50 is more expensive in terms of disk space.
RAID 60 characteristics: • • • • • • Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. Redundant information (parity) is alternately stored on all disks of each RAID 6 span. Better read performance, but slower write performance. Increased redundancy provides greater data protection than a RAID 50. Requires proportionally as much parity information as RAID 6. Two disks per span are required for parity.
RAID 10 characteristics: • • • • • Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. Improved read performance and write performance. Redundancy for protection of data.
RAID Level Data Availability Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential reads: good. Transactional reads: Very good Fair, unless using writeback cache Poor N + 2 (N = at least two disks) Critical information. Databases and other read intensive transactional uses.
NOTE: Features such as prepare to remove and blink or unblink component LED are not applicable for HHHL PCIe SSD cards.
Feature Name PERC 10 Controllers H740P Mini PERC 9 Controllers PCIe SSD H740P Adapter H840 Adapter H330 Mini H330 H730P Adapter Mini H730P FD33xS Adapter Patrol Read Unconfigured Real-time Areas Real-time Real-time Real-time (only in web interface) Real-time (only in web interface ) Realtime (only in web interface ) RealNot time applicable (only in web interface ) Check Consistency Mode Real-time Real-time Real-time Real-time Real-time Real-time Realtime Realtime Not applicable Copyba
Feature Name T10PI support for Virtual Disks PERC 10 Controllers PERC 9 Controllers H740P Mini H740P Adapter H840 Adapter H330 Mini H330 H730P Adapter Mini Not applicable Not applicable Not applicable Not Not applicable applicabl e PCIe SSD H730P FD33xS Adapter Not Not Not Not applicable applicabl applicabl applicable e e NOTE: PERC 10 no longer supports convert drives to non-RAID, convert controller to HBA mode and RAID 10 uneven span support.
Monitoring storage devices using RACADM To view the storage device information, use the storage command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Monitoring backplane using iDRAC settings utility In the iDRAC Settings utility, go to System Summary. The iDRAC Settings.System Summary page is displayed. The Backplane Inventory section displays the backplane information. For information about the fields, see the iDRAC Settings Utility Online Help.
• • If there are no disk drives available in ready state, insert additional disk drives and make sure that the drives are in ready state. If physical disks are in non-RAID mode convert them to RAID mode using iDRAC interfaces such as iDRAC web interface, RACADM, Redfish or WSMan, or . NOTE: During POST, press F2 to enter System Setup or Device Setup. CTRL+R option is no longer supported for PERC 10. CTRL+R only works with PERC 9 while boot mode is set to BIOS.
3. From the Group By drop-down menu, select an enclosure or virtual disks. The parameters associated with the enclosure or the VD are displayed. 4. Click Apply, once you select all the desired parameters. For more information about the fields, see the iDRAC Online Help. The settings are applied based on the option selected in the operation mode.
• • • • • • • • • • Edit policies Initialize Check consistency Cancel check consistency Encrypt virtual disks Assign or unassign dedicated hot spares Blink and unblink virtual disk Cancel background initialization Online capacity expansion RAID level migration NOTE: You can manage and monitor 240 virtual disks using iDRAC interfaces. To create VDs, use either Device Setup (F2), PERCCLI command line tool, or Dell OpenManage Server Administrator (OMSA).
Creating virtual disks using web interface To create virtual disk: 1. In the iDRAC Web interface, go to Storage > Overview > Virtual DisksAdvanced Filter. 2. In the Virtual Disk section, do the following: a) From the Controller drop-down menu, select the controller for which you want to create the virtual disk. b) From the Layout drop-down menu, select the RAID level for the Virtual Disk.
The Disk Cache policy applies to readings on a specific virtual disk. These settings do not affect the read-ahead policy. NOTE: • Controller non-volatile cache and battery backup of controller cache affects the read-policy or the write policy that a controller can support. All PERCs do not have battery and cache. • Read ahead and write back requires cache. Therefore, if the controller does not have cache, it does not allow you to set the policy value.
CAUTION: Performing a fast initialize causes existing data to be inaccessible. The fast initialize task does not write zeroes to the disk blocks on the physical disks. It is because the Fast Initialize task does not perform a write operation, it causes less degradation to the disk. A fast initialization on a virtual disk overwrites the first and last 8 MB of the virtual disk, clearing any boot records or partition information.
Edit Disk capacity Online Capacity Expansion (OCE) allows you to increase the storage capacity of selected RAID levels while the system remains online. The controller redistributes the data on the array(called Reconfiguration), placing new space available at the end of each RAID array.
Change Controller Properties Change Policy Manage Physical Disk Power Slow Initialize Convert to RAID Capable Disks Fast Initialize Convert to Non-RAID Disks Replace Member Disk Change Controller Mode OCE and RLM Restrictions or Limitations Following are the common limitations for OCE and RLM: • • • • • • • • • OCE/RLM is restricted to the scenario where the disk group contains only one VD. OCE is not supported on RAID50 and RAID60. RLM is not supported on RAID10,RAID50 and RAID60.
• • Write Back — Indicates that for the given volume, the controller sends a data transfer completion signal to the host system when the controller cache has received all the data in a transaction. The controller then writes the cached data to the storage device in the background. • Force Write Back — When using force write-back caching, the write cache is enabled regardless of whether the controller has a battery.
• To assign or unassign dedicated hot spares: racadm storage hotspare: -assign
Load balance The Load Balance property provides the ability to automatically use both controller ports or connectors connected to the same enclosure to route I/O requests. This property is available only on SAS controllers. Bgi rate On PERC controllers, background initialization of a redundant virtual disk begins automatically within 0 to 5 minutes after the virtual disk is created.
Configuring controller properties using RACADM • To set Patrol Read Mode: racadm set storage.controller..PatrolReadMode • {Automatic | Manual | Disabled} If Patrol read mode is set to manual, use the following commands to start and stop Patrol read Mode: racadm storage patrolread: -state {start|stop} • • • • • • • • • NOTE: Patrol read mode operations such as Start and Stop are not supported if there are no virtual disks available in the controller.
PERC9 controller provides support for auto import of foreign configuration without requiring user interactions. The auto import can be enabled or disabled. If enabled, the PERC controller can auto import any foreign configuration detected without manual intervention. If disabled the PERC does not auto import any foreign configuration. You must have Login and Server Control privilege to import foreign configurations. This task is not supported on PERC hardware controllers running in HBA mode.
NOTE: To clear foreign configuration on BOSS controllers, click "Reset Configuration". 3. Click Clear Configuration. 4. Click Apply Based on the selected operation mode, the virtual disks residing on the physical disk is erased. Clearing foreign configuration using RACADM To clear foreign configuration: racadm storage clearconfig: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
NOTE: Ensure that you back up the foreign configuration, security key, virtual disks, and hot spares before you switch the mode as the data is deleted. NOTE: Ensure that a CMC license is available for PERC FD33xS and FD33xD storage sleds before you change the controller mode. For more information on CMC license for the storage sleds, see the Dell Chassis Management Controller Version 1.2 for PowerEdge FX2/FX2s User's Guide available at www.dell.com/support.
14G iDRAC interface supports 12 Gbps SAS HBA controller, and HBA330 (integrated and adapter) controllers. You can perform the following for non-RAID controllers: • • • • • • View controller, physical disks, and enclosure properties as applicable for the non-RAID controller. Also, view EMM, fan, power supply unit, and temperature probe properties associated with the enclosure. The properties are displayed based on the type of controller. View software and hardware inventory information.
Running RAID configuration jobs on multiple storage controllers While performing operations on more than two storage controllers from any supported iDRAC interface, make sure to: • • Run the jobs on each controller individually. Wait for each job to complete before starting the configuration and job creation on the next controller. Schedule multiple jobs to run at a later time using the scheduling options.
NOTE: Hot plug capability, prepare to remove, and blink or unblink the device LED is not applicable for HHHL PCIe SSD devices. NOTE: When NVMe devices are controlled behind S140, prepare to remove and cryptographic erase operations are not supported, blink and unblink are supported.
• • The PCIe SSD is blinking the safe to remove LED pattern (blinks amber). The PCIe SSD is no longer accessible by the system. Before preparing the PCIe SSD for removal, ensure that: • • • iDRAC Service Module is installed. Lifecycle Controller is enabled. You have Server Control and Login privileges. Preparing to remove PCIe SSD using web interface To prepare the PCIe SSD for removal: 1. In the iDRAC Web interface, go to Storage > Overview > Physical Disks. The Setup Physical Disk page is displayed.
• You have Server Control and Login privileges. NOTE: • Erasing PCIe SSDs can only be performed as a staged operation. • After the drive is erased, it displays in the operating system as online but it is not initialized. You must initialize and format the drive before using it again. • After you hot-plug a PCIe SSD, it may take several seconds to appear on the web interface. • Cryptographic erase feature is supported for hot-plugged PCIe SSDs for 14th generation PowerEdge servers.
• • • • • Configure universal mode or split mode View slot information (universal or shared) Set SGPIO mode Set Asset Tag Asset Name Configuring backplane mode The Dell 14th generation PowerEdge servers supports a new internal storage topology, where two storage controllers (PERCs) can be connected to a set of internal drives through a single expander. This configuration is used for high performance mode with no failover or High Availability (HA) functionality.
The Edit Enclosure Mode page is displayed. 4. In the Current Value column, select the required enclosure mode for the backplane or enclosure. The options are: • • • • • • Unified Mode Split Mode Split Mode 4:20 Split Mode 8:16 Split Mode 16:8 Split Mode 20:4 NOTE: For C6420, the available modes are: Split Mode and Split Mode-6:6:6:6. For R740xd and R940, power cycle of the server is needed to apply the new backplane zone and for C6420, A/C cycle (of the blade chassis) to apply the new backplane zone. 5.
7. Run the following command to query the job status: racadm jobqueue view -i JID_xxxxxxxx where, JID_xxxxxxxx is the job ID from step 6. The status is displayed as Pending. Continue to query the job ID until you view the Completed status (this process may take up to three minutes). 8. Run the following command to view the backplanerequestedmode attribute value: racadm get storage.enclosure.1.backplanerequestedmode The output is: BackplaneRequestedMode=SplitMode 9.
NOTE: Hot swapping is supported for universal slots. If you want to remove a PCIe SSD drive and swap it with a SAS/ SATA drive, ensure that you first complete the PrepareToRemove task for the PCIe SSD drive. If you do not perform this task, the host operating system may have issues such as a blue screen, kernel panic, and so on. Setting SGPIO mode The storage controller can connect to the backplane in I2C mode (default setting for Dell backplanes) or Serial General Purpose Input/ Output (SGPIO) mode.
Choosing operation mode using web interface To select the operation mode to apply the settings: 1. You can select the operation mode on when you are on any of the following pages: • • • • Storage > Physical Disks . Storage > Virtual Disks Storage > Controllers Storage > Enclosures 2. Select one of the following from the Apply Operation Mode drop-down menu: • • • Apply Now — Select this option to apply the settings immediately. This option is available for PERC 9 controllers only.
• Pending operations are created for import foreign configuration, clear foreign configuration, security key operations, and encrypt virtual disks. But, they are not displayed in the Pending Operations page and in the Pending Operations pop-up message. • Jobs for PCIe SSD cannot be created from the Pending Operations page 3. To delete the pending operations for the selected controller, click Delete All Pending Operations. 4.
• not created, a message indicating that the job creation was not successful is displayed. Also, the message ID and the recommended response action is displayed. • Click Cancel to not create the job and remain on the page to perform more storage configuration operations. If the pending operation is not created successfully and if there are existing pending operations, then an error message is displayed. • • • Click Pending Operations to view the pending operations for the device.
• • Storage > Overview > Physical Disks > Status– Displays the identified Physical Disks page where you can blink or unblink the physical disks and PCIe SSDs. Storage > Overview > Virtual Disks > Status- Displays the identified Virtual Disks page where you can blink or unblink the virtual disks. 2. If you select the physical disk: • • Select or deselect all component LEDs — Select the Select/Deselect All option and click Blink to start blinking the component LEDs.
16 BIOS Settings You can view multiple attributes, which are being used for a specific server under the BIOS Settings. You can modify different parameters of each attribute from this BIOS configuration setting. Once you select one attribute, it shows different parameters which are related to that specific attribute. You can modify multiple parameters of an attribute and apply changes before modifying a different attribute.
Modifying Bios Configuration Modifying BIOS configuration results in audit log entries, which gets entered in LC logs.
17 Configuring and using virtual console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: • • A maximum of six simultaneous Virtual Console sessions are supported. All the sessions view the same managed server console simultaneously.
NOTE: If you have an active Virtual Console session and a lower resolution monitor is connected to the Virtual Console, the server console resolution may reset if the server is selected on the local console. If the system is running a Linux operating system, an X11 console may not be viewable on the local monitor. Press at the iDRAC Virtual Console to switch Linux to a text console.
Launching virtual console using web interface You can launch the virtual console in the following ways: • Go to Configuration > Virtual Console. The Virtual Console page is displayed. Click Launch Virtual Console. The Virtual Console Viewer is launched. The Virtual Console Viewer displays the remote system’s desktop. Using this viewer, you can control the remote system’s mouse and keyboard functions from your management station. Multiple message boxes may appear after you launch the application.
Using virtual console viewer The Virtual Console Viewer provides various controls such as mouse synchronization, virtual console scaling, chat options, keyboard macros, power actions, next boot devices, and access to Virtual Media. For information to use these features, see the iDRAC Online Help. NOTE: If the remote server is powered off, the message ’No Signal’ is displayed.
• • • Keyboard — This keyboard uses open source code. The difference from physical keyboard is that the number keys are switched to special character when you the Caps Lock key is enabled. Functionality remains the same and number is entered if you press the special character when the Caps Lock key is enabled. Keyboard Macros — This is supported in HTML5 virtual console and are listed as the following drop-down options. Click Apply to apply the selected key combination on the server.
• • • • • Absolute (Windows, latest versions of Linux, Mac OS-X) Relative, no acceleration Relative (RHEL, earlier versions of Linux) Linux RHEL 6.x and SUSE Linux Enterprise Server 11 or later Click Apply to apply the selected settings on the server. Virtual Media — Click Connect Virtual Media option to start the virtual media session. The virtual media menu displays the Browse option to browse and map the ISO and IMG files.
Passing all keystrokes through virtual console for Java or ActiveX plug-in You can enable the Pass all keystrokes to server option and send all keystrokes and key combinations from the management station to the managed system through the Virtual Console Viewer. If it is disabled, it directs all the key combinations to the management station where the Virtual Console session is running.
• When Pass All Keys is disabled, the behavior depends on the key combinations pressed and the special combinations interpreted by the operating system on the management station. Java based virtual console session running on Linux operating system The behavior mentioned for Windows operating system is also applicable for Linux operating system with the following exceptions: • • • When Pass all keystrokes to server is enabled, is passed to the operating system on the managed system.
ActiveX based virtual console session running on Windows operating system The behavior of the pass all keystrokes to server feature in ActiveX based Virtual Console session running on Windows operating system is similar to the behavior explained for Java based Virtual Console session running on the Windows management station with the following exceptions: • • • When Pass All Keys is disabled, pressing F1 launches the application Help on both management station and managed system, and the following message
18 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, Redfish, RACADM, and WSMan.
NOTE: The installer will be available to the host operating system for 30 minutes. If you do not start the installation within 30 minutes, you must restart the Service Module installation. Installing iDRAC Service Module from iDRAC Enterprise 1. On the SupportAssist Registration wizard, click Next. 2. On the iDRAC Service Module Setup page, click Install Service Module. 3. Click Launch Virtual Console and click Continue on the security warning dialog box. 4.
Replicate Lifecycle logs to OS log You can replicate the Lifecycle Controller Logs to the OS logs from the time when the feature is enabled in iDRAC. This is similar to the System Event Log (SEL) replication performed by OpenManage Server Administrator. All events that have the OS Log option selected as the target (in the Alerts page, or in the equivalent RACADM or WSMan interfaces) are replicated in the OS log using the iDRAC Service Module.
CIM Interface Get associated instances of an instance Get references of an instance WinRM WMIC winrm e wmi/root/ cimv2/dcim/* dialect:association -filter: {object=DCIM_Account ? CreationClassName=DC IM_Account +Name=iDRAC.Embedded .1#Users.1+SystemCre ationClassName=DCIM_ SPComputerSystem +SystemName=systemmc } winrm e wmi/root/ cimv2/dcim/* dialect:association –associations filter: {object=DCIM_Account ? CreationClassName=DC IM_Account +Name=iDRAC.Embedded .1#Users.
For simplicity, iSM provides a shortcut in the Program Menu of the Windows operating system. When you select the Remote iDRAC Hard Reset option, you are prompted for a confirmation to reset the iDRAC. After you confirm, the iDRAC is reset and the result of the operation is displayed. NOTE: The following warning message appears in the Event Viewer under the Application Logs category. This warning does not require any further action.
This section provides the command usages for Windows, Linux, and ESXi operating systems.
You can perform this task by using the following methods: • • Install the iDRAC access feature by using the webpack. Configure using iSM PowerShell script Installation by using MSI You can install this feature by using the web-pack. This feature is disabled on a typical iSM installation. If enabled, the default listening port number is 1266. You can modify this port number within the range 1024 through 65535. iSM redirects the connection to the iDRAC. iSM then creates an inbound firewall rule, OS2iDRAC.
If OpenManage Server Administrator is running, the iDRAC Service Module disables the overlapping monitoring features after logging to the OS and iDRAC. When you re-enable these monitoring features through the iDRAC interfaces later, the same checks are performed and the features are enabled depending on whether OpenManage Server Administrator is running or not. Using iDRAC Service Module from iDRAC web interface To use the iDRAC Service Module from the iDRAC web interface: 1.
19 Using USB port for server management On the 14th generation servers, a dedicated micro USB port is available to configure iDRAC. You can perform the following functions using the micro USB port: • • Connect to the system using the USB network interface to access system management tools such as iDRAC web interface and RACADM. Configure a server by using SCP files that are stored on a USB drive.
For example, to access the iDRAC web interface, open a supported browser, and type the address 169.254.0.3 and press enter. 5. When iDRAC is using the USB port, the LED blinks indicating activity. The blink frequency is four per second. 6. After completing the desired actions, disconnect the USB cable from the system. The LED turns off. Configuring iDRAC using server configuration profile on USB device With the iDRAC USB management port, you can configure iDRAC at-the-server.
NOTE: iDRAC9 allows you to password protect the compressed file after you select Enabled only for compressed configuration files to compress the file before importing. You can enter a password to secure the file by using Password for Zip file option. 4. Click Apply to apply the settings. Configuring USB management port using RACADM To configure the USB management port, use the following RACADM sub commands and objects: • To view the USB port status: racadm get iDRAC.USB.
Configuration XML import Host control Instruction ShutdownType NoReboot Graceful,Forced,NoReboot Configuration XML import Host control Instruction TimeToWait 300 Minimum value is 300 -Maximum value is 3600 seconds.
LED blinking behavior The USB LED indicates the status of a server-configuration profile operation being performed using the USB port. The LED may not be available on all systems. • • • • Solid green — The server configuration profile is being copied from the USB device. Blinking green — The job is in progress. Blinking amber — The job has failed or completed with errors. Solid green — The job has completed successfully.
20 Using Quick Sync 2 With Dell OpenManage Mobile running on an Android or iOS mobile device, you can easily access server directly or through OpenManage Essentials or OpenManage Enterprise (OME) console. It allows you to review server details and inventory, view LC and System Event logs, get automatic notifications on mobile device from an OME console, assign IP address and modify iDRAC password, configure key BIOS attributes, and take remediation actions as needed.
• • 2. If disabled, the timer does not allow you to enter a time-out period. Quick Sync Read Authentication — Configures to Enabled, this is the default option. Quick Sync WiFi — Configures to Enabled, this is the default option. You must have Server Control privilege to configure the settings. A server reboot is not required for the settings to take effect. once configured, you can activate the Quick Sync 2 button on the Left Control Panel. Make sure the Quick Sync light turns on.
21 Managing virtual media Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: • • • • Remotely access media connected to a remote system over the network Install applications Update drivers Install an operating system on the managed system This is a licensed feature for rack and tower servers. It is available by default for blade servers.
Table 51. Supported drives and devices Drive Supported Storage Media Virtual Optical Drives • • • • • Legacy 1.44 floppy drive with a 1.
Attached Media State System Response Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed. Server settings for viewing virtual devices in virtual media You must configure the following settings in the management station to allow visibility of empty drives. To do this, in Windows Explorer, from the Organize menu, click Folder and search options.
4. From the Virtual Media menu, click Map CD/DVD or Map Removable Disk. For more information, see Mapping virtual drive. NOTE: The virtual device drive letters on the managed system do not coincide with the physical drive letters on the management station. NOTE: The Virtual Media may not function correctly on Windows operating system clients that are configured with Internet Explorer Enhanced Security.
Mapping virtual drive To map the virtual drive: NOTE: While using ActiveX or Java-based Virtual Media, you must have administrative privileges to map an operating system DVD or a USB flash drive (that is connected to the management station). To map the drives, launch IE as an administrator or add the iDRAC IP address to the list of trusted sites. 1. To establish a Virtual Media session, from the Virtual Media menu, click Connect Virtual Media.
1. From the Virtual Media menu, do any of the following: • • Click the device that you want to unmap. Click Disconnect Virtual Media. A message appears asking for confirmation. 2. Click Yes. The check mark for that menu item does not appear indicating that it is not mapped to the host server. NOTE: After unmapping a USB device attached to vKVM from a client system running the Macintosh operating system, the unmapped device may be unavailable on the client.
22 Installing and using VMCLI utility The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network.
• • vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users. vmcli -r -S -u -p c {< device-name > | < image-file >} — Indicates whether the iDRAC CA certificate is valid. If the certificate is not valid, a warning message is displayed when you run this command.
23 Managing vFlash SD card The vFlash SD card is a Secure Digital (SD) card that can be ordered and installed from the factory. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. NOTE: There is no limitation of the size of SD card, you can open and replace the factory installed SD card with a higher capacity SD card.
• • • • • iDRAC.vflashsd.AvailableSize iDRAC.vflashsd.Health iDRAC.vflashsd.Licensed iDRAC.vflashsd.Size iDRAC.vflashsd.WriteProtect For more information about these objects, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Viewing vFlash SD card properties using iDRAC settings utility To view the vFlash SD card properties, in the iDRAC Settings Utility, go to Media and USB Port Settings. The Media and USB Port Settings page displays the properties.
2. Enable vFLASH and click Initialize. All existing contents are removed and the card is reformatted with the new vFlash system information. If any vFlash partition is attached, the initialize operation fails and an error message is displayed. Initializing vFlash SD card using RACADM To initialize the vFlash SD card using RACADM: racadm set iDRAC.vflashsd.Initialized 1 All existing partitions are deleted and the card is reformatted. For more information, see the iDRAC RACADM CLI Guide available at www.
Creating an empty partition An empty partition, when attached to the system, is similar to an empty USB flash drive. You can create empty partitions on a vFlash SD card. You can create partitions of type Floppy or Hard Disk. The partition type CD is supported only while creating partitions using images. Before creating an empty partition, make sure that: • • • • You have Access Virtual Media privilege. The card is initialized. The card is not write-protected.
Creating a partition using an image file using web interface To create a vFlash partition from an image file: 1. In iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash > Create From Image. The Create Partition from Image File page is displayed. 2. Enter the required information and click Apply. For information about the options, see the iDRAC Online Help. A new partition is created. For CD emulation type, a read-only partition is created.
Viewing available partitions using web interface To view the available vFlash partitions, in the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash > Manage. The Manage Partitions page is displayed listing the available partitions and related information for each partition. For information on the partitions, see the iDRAC Online Help. Viewing available partitions using RACADM To view the available partitions and their properties using RACADM: 1.
• Using set command to specify the Emulation type: racadm set iDRAC.vflashpartition..EmulationType Attaching or detaching partitions When you attach one or more partitions, they are visible to the operating system and BIOS as USB mass storage devices. When you attach multiple partitions, based on the assigned index, they are listed in an ascending order in the operating system and the BIOS boot order menu.
Deleting existing partitions Before deleting existing partition(s), make sure that: • • • • The vFlash functionality is enabled. The card is not write-protected. The partition is not attached. An initialize operation is not being performed on the card. Deleting existing partitions using web interface To delete an existing partition: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash > Manage. The Manage Partitions page is displayed. 2.
Before booting a partition, make sure that: • • • The vFlash partition contains a bootable image (in the .img or .iso format) to boot from the device. The vFlash functionality is enabled. You have Access Virtual Media privileges. Booting to a partition using web interface To set the vFlash partition as a first boot device, see Booting to a partition using web interface.
24 Using SMCLP The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation.
Target Definitions admin1/system1/logs1/log1 admin1/system1/logs1/log1/record* admin1/system1/settings1 admin1/system1/capacities1 admin1/system1/consoles1 admin1/system1/sp1 admin1/system1/sp1/timesvc1 admin1/system1/sp1/capabilities1 admin1/system1/sp1/capabilities1/clpcap1 admin1/system1/sp1/capabilities1/pwrmgtcap1 admin1/system1/sp1/capabilities1/acctmgtcap* admin1/system1/sp1/capabilities1/rolemgtcap* admin1/system1/sp1/capabilities1/elecap1 admin1/system1/sp1/settings1 admin1/system1/
Target admin1/system1/sp1/pwrmgtsvc1 admin1/system1/sp1/account1-16 admin1/sysetm1/sp1/account1-16/identity1 admin1/sysetm1/sp1/account1-16/identity2 admin1/sysetm1/sp1/account1-16/identity3 admin1/sysetm1/sp1/account1-16/identity4 admin1/system1/sp1/acctsvc2 admin1/system1/sp1/acctsvc3 admin1/system1/sp1/rolesvc1 admin1/system1/sp1/rolesvc1/Role1-16 admin1/system1/sp1/rolesvc1/Role1-16/ privilege1 admin1/system1/sp1/rolesvc2 admin1/system1/sp1/rolesvc2/Role1-3 admin1/system1/sp1/rolesvc2/Role4
NOTE: The slash (/) and backslash (\) are interchangeable in SM-CLP address paths. However, a backslash at the end of a command line continues the command on the next line and is ignored when the command is parsed. For example to navigate to the third record in the System Event Log (SEL), enter the following command: ->cd /admin1/system1/logs1/log1/record3 Enter the cd verb with no target to find your current location in the address space. The .. and . abbreviations work as they do in Windows and Linux: ..
The following message is displayed: • system1 has been stopped successfully To switch on the server: start /system1 The following message is displayed: • system1 has been started successfully To reboot the server: reset /system1 The following message is displayed: system1 has been reset successfully SEL management The following examples show how to use the SMCLP to perform SEL-related operations on the managed system.
/system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.000000-000 Description= FAN 7 RPM: fan sensor, detected a failure ElementName= IPMI SEL Record Commands: cd show help exit version Map target navigation The following examples show how to use the cd verb to navigate the MAP. In all examples, the initial default target is assumed to be /.
25 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: • • Remote File Share Console Topics: • • • Deploying operating system using remote file share Deploying operating system using virtual media Deploying embedded operating system on SD card Deploying operating system using remote file share Before you deploy the operating system using Remote File Share (RFS), make sure that: • • Configure User and Access Virtual Media privileges for
• CIFS supports both IPv4 and IPv6 addresses and NFS supports only IPv4 address. • If you are using CIFS and are part of an Active Directory domain, enter the domain name with the IP address in the image file path. • If you want to access a file from an NFS share, configure the following share permissions. These permissions are required because iDRAC interfaces run in non-root mode. • Linux: Ensure that the share permissions are set to at least Read for the Others account.
For SLES, the CD device is /dev/sr0 and the floppy device is /dev/sdc. To make sure that the correct device is used (for either SLES or RHEL), when you connect the virtual device, on the Linux OS you must immediately run the command: tail /var/log/messages | grep SCSI This displays the text that identifies the device (example, SCSI device sdc). This procedure also applies to Virtual Media when you are using Linux distributions in runlevel init 3. By default, the virtual media is not auto-mounted in init 3.
3. Remap the CD/DVD drive. Deploying embedded operating system on SD card To install an embedded hypervisor on an SD card: 1. Insert the two SD cards in the Internal Dual SD Module (IDSDM) slots on the system. 2. Enable SD module and redundancy (if required) in BIOS. 3. Verify if the SD card is available on one of the drives when you during boot. 4. Deploy the embedded operating system and follow the operating system installation instructions.
26 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: • • • • • • • • • Diagnostic console Post code Boot and crash capture videos Last system crash screen System event logs Lifecycle logs Front panel status Trouble indicators System health Topics: • • • • • • • • • • • • Using diagnostic console Viewing post codes Viewing boot and crash capture videos Viewing logs Viewing last system crash screen Viewing System status Hardware trouble indicators V
2. Click Continue. Scheduling remote automated diagnostics You can remotely invoke automated offline diagnostics on a server as a one-time event and return the results. If the diagnostics require a reboot, you can reboot immediately or stage it for a subsequent reboot or maintenance cycle (similar to updates). When diagnostics are run, the results are collected and stored in the internal iDRAC storage.
To view the Post Codes, go to Maintenance > Troubleshooting > Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code. Viewing boot and crash capture videos You can view the video recordings of: • • Last three boot cycles — A boot cycle video logs the sequence of events for a boot cycle. The boot cycle videos are arranged in the order of latest to oldest. Last crash video — A crash video logs the sequence of events leading to the failure.
1. Make sure that the last system crash screen feature is enabled. 2. In iDRAC Web interface, go to Overview > Server > Troubleshooting > Last Crash Screen. The Last Crash Screen page displays the last saved crash screen from the managed system. Click Clear to delete the last crash screen. NOTE: Once iDRAC is reset or an AC power cycle event occurs, then the crash capture data is cleared.
Hardware trouble indicators The hardware related problems are: • • • • • • Failure to power up Noisy fans Loss of network connectivity Hard drive failure USB media failure Physical damage Based on the problem, use the following methods to correct the problem: • • • • Reseat the module or component and restart the system In case of a blade server, insert the module into a different bay in the chassis Replace hard drives or USB flash drives Reconnect or replace the power and network cables If problem pers
Resetting iDRAC using RACADM To restart iDRAC, use the racreset command. For more information, see the Chassis Management Controller RACADM CLI Guide available at www.dell.com/cmcmanuals . Erasing system and user data NOTE: Erasing system and user data is not supported from iDRAC GUI.
1. Go to Maintenance > Diagnostics. The Diagnostics Console page is displayed. 2. Click Reset iDRAC to Default Settings. The completion status is displayed in percentage. iDRAC reboots and is restored to factory defaults. The iDRAC IP is reset and is not accessible. You can configure the IP using the front panel or BIOS. Resetting iDRAC to factory default settings using iDRAC settings utility To reset iDRAC to factory default values using the iDRAC Settings utility: 1.
27 SupportAssist Integration in iDRAC SupportAssist allows you to create SupportAssist collections and utilize other SupportAssist features to monitor your system and datacenter. iDRAC provides an application interfaces for gathering platform information that enables support services to resolve platform and system problems.
Installing Service Module In order to register and use SupportAssist, you must have iDRAC Service Module (iSM) installed in the system. Once you initiate Service Module Installation you can see the installation instructions. The Next button remains disabled until you successfully install iSM. Server OS Proxy Information In case there is an issue with the connection, then the user will be prompted to provide OS proxy information. Enter Server, Port, Username and Password to configure the proxy settings.
After the data is generated, you can view the data which contains multiple XML files and log files. Each time the data collection is performed, an event is recorded in the Lifecycle Controller log. The event includes information such as the user who initiated the report, interface used, and the date and time of export. On Windows, If WMI is disabled, OS Collector collection stops with an error message.
You can enable and schedule Automatic Collection options to avoid any manual intervention and keep a periodical check of the system. By default, when an event is triggered and support case is opened, SupportAssist is configured to automatically collect the system logs from the device that generated the alert and upload it to Dell. You can enable or disable Automatic Collection based on events. You can schedule the Automatic collections based on your suitable requirements.
28 Frequently asked questions This section lists the frequently asked questions for the following: • • • • • • • • • • • • • System Event Log Network security Active Directory Single Sign On Smart card login Virtual console Virtual media vFlash SD card SNMP authentication Storage devices iDRAC Service Module RACADM Miscellaneous Topics: • • • • • • • • • • • • • • System Event Log Network security Active Directory Single Sign-On Smart card login Virtual console Virtual media vFlash SD card SNMP authentic
Network security While accessing the iDRAC Web interface, a security warning appears stating that the SSL certificate issued by the Certificate Authority (CA) is not trusted. iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. This certificate is not issued by a trusted CA. To resolve this, upload a iDRAC server certificate issued by a trusted CA (for example, Microsoft Certificate Authority, Thawte or Verisign).
iDRAC date is within the valid period of the certificates and if the Domain Controller Address configured in iDRAC matches the subject of the Directory Server Certificate. If certificate validation is enabled, when iDRAC establishes the SSL connection with the directory server, iDRAC uses the uploaded CA certificate to verify the directory server certificate.
Always make sure that the group type is Security. You cannot use distribution groups to assign permission on any object, however use them to filter group policy settings. Single Sign-On SSO login fails on Windows Server 2008 R2 x64. What are the settings required to resolve this? 1. Run the technet.microsoft.com/en-us/library/dd560670(WS.10).aspx for the domain controller and domain policy. 2. Configure the computers to use the DES-CBC-MD5 cipher suite. 3. 4. 5. 6.
In general, check if the smart card CSPs are present on a particular client, insert the smart card in the reader at the Windows logon (CtrlAlt-Del) screen and check if Windows detects the smart card and displays the PIN dialog-box. Incorrect Smart Card PIN. Check if the smart card is locked due to too many attempts with an incorrect PIN. In such cases, contact the smart card issuer in the organization to get a new smart card.
Before starting a Virtual Console session, make sure that the correct mouse is selected for your operating system. Make sure that the Single Cursor option under Tools in the iDRAC Virtual Console menu is selected on iDRAC Virtual Console client. The default is two cursor mode. Can a keyboard or mouse be used while installing a Microsoft operating system remotely through the Virtual Console? No.
When iDRAC web interface is launched from the CMC web interface soon after Virtual Console is launched, why does GUI session time-out? When launching the Virtual Console to iDRAC from the CMC web interface a popup is opened to launch the Virtual Console. The popup closes shortly after the Virtual Console opens. When launching both the GUI and Virtual Console to the same iDRAC system on a management station, a session time-out for the iDRAC GUI occurs if the GUI is launched before the popup closes.
• • • • ISO 9660 image 1.44 Floppy disk or floppy image A USB key that is recognized by the operating system as a removable disk A USB key image How to make the USB key a bootable device? You can also boot with a Windows 98 startup disk and copy system files from the startup disk to the USB key. For example, from the DOS prompt, type the following command: sys a: x: /s where, x: is the USB key that is required to be set as a bootable device.
virtual media device, do not attach or detach one or more virtual media or vFlash devices. It is recommended that you connect all the required USB devices first before using them. What does the USB Reset do? It resets the remote and local USB devices connected to the server. How to maximize Virtual Media performance? To maximize Virtual Media performance, launch the Virtual Media with the Virtual Console disabled or do one of the following: • • • Change the performance slider to Maximum Speed.
iDRAC Service Module Before installing or running the iDRAC Service Module, should the OpenManage Server Administrator be uninstalled? No you do not have to uninstall Server Administrator. Before you install or run the iDRAC Service Module, make sure that you have stopped the features of Server Administrator that the iDRAC Service Module provides.
While installing iDRAC Service Module VIB on a VMware ESXi server, iDRAC Service Module creates the vSwtich and Portgroup to communicate with iDRAC over the OS to iDRAC Pass-through in USB NIC mode. After the uninstallation, the virtual switch vSwitchiDRACvusb and the port group iDRAC Network are not deleted. To delete it manually, perform one of the following steps: • • Go to vSphere Client Configuration wizard and delete the entries.
where, filename is the openssl or libopenssl rpm package file. For example: rpm -ivh --force openssl-0.9.8h-30.22.21.1.x86_64.rpm rpm -ivh --force libopenssl0_9_8-0.9.8h-30.22.21.1.x86_64.rpm Why are the remote RACADM and web-based services unavailable after a property change? It may take a while for the remote RACADM services and the Web-based interface to become available after the iDRAC web server resets.
Use the command: racadm getsysinfo For example: $ racadm getniccfg -m server-1 DHCP Enabled = 1 IP Address = 192.168.0.1 Subnet Mask = 255.255.255.0 Gateway = 192.168.0.1 • Using LCD: On the main menu, highlight the server, press the check button, select the required server, and press the check button. How to find the CMC IP address related to the blade server? • From iDRAC web interface: • Go to iDRAC Settings > CMC. The CMC Summary page displays the CMC IP address.
How to change the name of the slot for the system in a chassis? 1. Log in to CMC web interface and go to Chassis > Servers > Setup. 2. Enter the new name for the slot in the row for your server and click Apply. iDRAC on blade server is not responding during boot. Remove and reinsert the server. If the problem persists, contact technical support. When attempting to boot the managed server, the power indicator is green, but there is no POST or no video.
29 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
• • • In iDRAC Web interface, go to Overview > Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan. You can also configure the chassis locator LED and based on the color, assess the system health. If iDRAC Service Module is installed, the operating system host information is displayed. Setting up alerts and configuring email alerts To set up alerts and configure email alerts: 1. Enable alerts. 2.
Launching servers remote console and mounting a USB drive To launch the remote console and mount a USB drive: 1. Connect a USB flash drive (with the required image) to the management station. 2. Use the following method to launch virtual console through the iDRAC Web Interface: • Go to Dashboard > Virtual Console and click Launch Virtual Console. The Virtual Console Viewer is displayed. 3. From the File menu, click Virtual Media > Launch Virtual Media. 4.
