Integrated Dell Remote Access Controller 9 (iDRAC9) Version 3.00.00.00 User's Guide October 2018 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Overview.....................................................................................................................15 Benefits of using iDRAC with Lifecycle Controller.................................................................................................... 15 Key features........................................................................................................................................................................ 16 New in this release........
Chapter 3: Setting up managed system....................................................................................... 42 Setting up iDRAC IP address..........................................................................................................................................42 Setting up iDRAC IP using iDRAC settings utility................................................................................................ 43 Setting up iDRAC IP using the CMC web interface......................
Restore operation sequence..................................................................................................................................... 77 Monitoring iDRAC using other Systems Management tools...................................................................................78 Support Server Configuration Profile (SCP) — Import and Export ....................................................................78 Secure Boot Configuration from BIOS Settings (F2)...........................
Uploading custom signing certificate......................................................................................................................97 Downloading custom SSL certificate signing certificate ..................................................................................98 Deleting custom SSL certificate signing certificate............................................................................................98 Configuring multiple iDRACs using RACADM.............................
Using public key authentication for SSH..............................................................................................................122 Chapter 7: Configuring user accounts and privileges..................................................................125 Recommended characters in user names and passwords..................................................................................... 125 Configuring local users...........................................................................
Setting event alerts using RACADM..................................................................................................................... 154 Setting alert recurrence event..................................................................................................................................... 154 Setting alert recurrence events using RACADM................................................................................................
Chapter 13: Monitoring and managing power.............................................................................. 174 Monitoring power.............................................................................................................................................................174 Monitoring performance index of CPU, memory, and input output modules using web interface........ 174 Monitoring performance index for of CPU, memory, and input output modules using RACADM.........
Monitoring backplane using iDRAC settings utility........................................................................................... 203 Viewing storage device topology................................................................................................................................ 203 Managing physical disks................................................................................................................................................
Chapter 17: Configuring and using virtual console..................................................................... 236 Supported screen resolutions and refresh rates..................................................................................................... 236 Configuring virtual console........................................................................................................................................... 237 Configuring virtual console using web interface...................
Launching virtual media without using virtual console.................................................................................... 263 Adding virtual media images................................................................................................................................... 264 Viewing virtual device details................................................................................................................................. 264 Resetting USB..............................
Managing remote file share.................................................................................................................................... 287 Configuring remote file share using web interface...........................................................................................288 Configuring remote file share using RACADM...................................................................................................289 Deploying operating system using virtual media..............
Active Directory.............................................................................................................................................................. 303 Single Sign-On................................................................................................................................................................. 305 Smart card login.........................................................................................................................................
1 Overview The Integrated Dell Remote Access Controller (iDRAC) is designed to make you more productive as a system administrator and improve the overall availability of Dell EMC servers. iDRAC alerts you to system issues, helps you to perform remote management, and reduces the need for physical access to the system. iDRAC with Lifecycle Controller technology is part of a larger data center solution that increases availability of business critical applications and workloads.
Key features The key features of iDRAC include: NOTE: Some of the features are available only with iDRAC Enterprise license. For information on the features available for a license, see iDRAC licenses on page 19. Inventory and Monitoring ● View managed server health. ● Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents. ● View and export system inventory. ● View sensor information such as temperature, voltage, and intrusion.
○ Blink or unblink component LEDs. ○ Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update ● Manage iDRAC licenses. ● Update BIOS and device firmware for devices supported by Lifecycle Controller. ● Update or rollback iDRAC firmware and Lifecycle Controller firmware using a single firmware image. ● Manage staged updates. ● Back up and restore server profile.
● ● ● ● Set user passwords and BIOS passwords using one-way hash format for improved security. FIPS 140-2 Level 1 capability. Support for TLS 1.2, 1.1, and 1.0. To enhance security, default setting is TLS 1.1 and higher. SMCLP and web interfaces that support 128 bit and 40-bit encryption (for countries where 128 bit is not acceptable), using the TLS 1.2 standard. NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher. ● Session time-out configuration (in seconds).
How to use this guide The contents of this user's guide enable you to perform various tasks using: ● iDRAC web interface — Only the task-related information is provided here. For information about the fields and options, see the iDRAC Online Help that you can access from the web interface. ● RACADM — The RACADM command or the object that you must use is provided here. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
Table 1. Default License iDRAC Basic License iDRAC Express License ● PowerEdge R4XX ● PowerEdge R5XX ● PowerEdge T4XX ● ● ● ● ● ● ● ● ● ● ● ● PowerEdge C41XX PowerEdge FC6XX PowerEdge R6XX PowerEdge R64XX PowerEdge R7XX PowerEdge R74XX PowerEdge R74XX PowerEdge R8XX PowerEdge R9XX PowerEdge R9XX PowerEdge T6XX Dell Precision Rack R7920 NOTE: The default license available with PowerEdge C64XX systems is Basic Plus. The Basic Plus license was custom made for C64XX systems.
License component state or condition and available operations The following table provides the list of license operations available based on the license state or condition: Table 2.
Table 3.
Table 3.
Table 3.
Table 3. Licensed features in iDRAC9 Feature iDRAC9 Basic iDRAC9 Express iDRAC9 Express for Blades iDRAC9 Enterprise Diagnostics, Service, and Logging Embedded diagnostic tools Yes Yes Yes Yes Part Replacement No Yes Yes Yes NOTE: After performing part replacement on RAID hardware, once the process is complete for replacing firmware and configuration, Lifecycle Logs reports double part replacement entries which is expected behavior.
Table 3. Licensed features in iDRAC9 Feature iDRAC9 Basic iDRAC9 Express iDRAC9 Express for Blades iDRAC9 Enterprise Enhanced Logging in Lifecycle Controller Log Yes Yes Yes Yes Work notes Yes Yes Yes Yes Remote Syslog No No No Yes License management Yes Yes Yes Yes Table 3.
Table 4. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description secure the web server. The default HTTP and HTTPS ports can be changed. The user access is based on user privileges. OpenManage Enterprise (OME) Modular Web Interface NOTE: This interface is only available for MX platforms.
Table 4. Interfaces and protocols to access iDRAC Interface or Protocol Description of-band systems management. It is suitable for a wide range of servers ranging from stand-alone servers to rack mount and bladed environments and for large scale cloud environments.
Table 5. Ports iDRAC listens for connections Port number Type Function Configurabl e port Maximum Encryption Level 23 TCP TELNET Yes None 80 TCP HTTP Yes None 161 UDP SNMP Agent Yes None 443 TCP HTTPS Yes 256-bit SSL 623 UDP RMCP/RMCP+ No 128-bit SSL 5900 TCP Virtual console keyboard and mouse redirection, Virtual Media, Virtual folders, and Remote File Share Yes 128-bit SSL 5901 TCP VNC Yes 128-bit SSL NOTE: Port 5901 opens when VNC feature is enabled.
● The Dell Remote Access Configuration Tool User’s Guide provides information on how to use the tool to discover iDRAC IP addresses in your network and perform one-to-many firmware updates and active directory configurations for the discovered IP addresses. ● The Dell Systems Software Support Matrix provides information about the various Dell systems, the operating systems supported by these systems, and the Dell OpenManage components that can be installed on these systems.
Accessing documents using product selector You can also access documents by selecting your product. 1. 2. 3. 4. Go to https://www.dell.com/support. Click Browse all products. Click the desired product category, such as Servers, Software, Storage, and so on. Click the desired product and then click the desired version if applicable. NOTE: For some products, you may need to navigate through the subcategories. 5. Click DOCUMENTATION. 6. Click MANUALS AND DOCUMENTS.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. You can also log in using Single Sign-On or Smart Card. To improve security, each system is shipped with a unique password for iDRAC, which is available on the system information tag. This unique password improves security of iDRAC and your server. The default user name is root.
NOTE: In addition to Active Directory, openLDAP, openDS, Novell eDir, and Fedora-based directory services are supported. NOTE: LDAP authentication with OpenDS is supported. The DH key must be larger than 768 bits. To log in to iDRAC as local user, Active Directory user, or LDAP user: 1. Open a supported web browser. 2. In the Address field, type https://[iDRAC-IP-address] and press Enter.
Logging in to iDRAC as an Active Directory user using a smart card Before you log in as an Active Directory user using smart card, ensure that you: ● Upload a Trusted Certificate Authority (CA) certificate (CA-signed Active Directory certificate) to iDRAC. ● Configure the DNS server. ● Enable Active Directory login. ● Enable smart card login. To log in to iDRAC as an Active Directory user using smart card: 1. Log in to iDRAC using the link https://[IP address].
Accessing iDRAC using remote RACADM You can use remote RACADM to access iDRAC using RACADM utility. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. If the management station has not stored the iDRAC’s SSL certificate in its default certificate storage, a warning message is displayed when you run the RACADM command. However, the command is executed successfully.
Table 7. Possible values for system status (continued) Host System Lifecycle Controller (LC) Real Time Status Overall Status ● Lifecycle Controller Unified Server Configurator ● Server has halted at F1/F2 error prompt because of a POST error ● Server has halted at F1/F2/F11 prompt because there are no bootable devices available ● Server has entered F2 setup menu ● Server has entered F11 Boot Manager menu 1. 2. 3. 4.
Table 8. Multiple iDRAC sessions (continued) Interface Number of Sessions Telnet - 2 Serial - 1 Accessing iDRAC using SMCLP SMCLP is the default command line prompt when you log in to iDRAC using Telnet or SSH. For more information, see Using SMCLP on page 280. Secure default password All supported systems are shipped with a unique default password for iDRAC, unless you choose to set calvin as the password while ordering the system. The unique password helps improve the security of iDRAC and your server.
Resetting default password using local RACADM 1. Log in to the host OS installed on the system. 2. Access the local RACADM interface. 3. Follow the instructions in Changing the default login password using RACADM on page 39. Resetting default password using OpenManage Mobile You can use the OpenManage Mobile (OMM) to log in and change the default password. To log in to iDRAC using OMM, scan the QR code on the system information tag.
Changing the default login password The warning message that allows you to change the default password is displayed if: ● You log in to iDRAC with Configure User privilege. ● The default password warning feature is enabled. ● The default iDRAC user name and password are provided on the system information tag. A warning message is also displayed when you log in to iDRAC using SSH, Telnet, remote RACADM, or the Web interface.
Enabling or disabling default password warning message You can enable or disable the display of the default password warning message. To do this, you must have Configure Users privilege. IP Blocking You can use IP blocking to dynamically determine when excessive login failures occur from an IP address and block or prevent the IP address from logging into the iDRAC9 for a preselected time span. IP blocking includes: ● The number of allowable login failures.
1. Go to iDRAC Settings > Connectivity > Network > OS to iDRAC Pass-through. The OS to iDRAC Pass-through page is displayed. 2. Change the State to Enabled. 3. Select any of the following options for Pass-through Mode: ● LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or NDC. ● USB NIC — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the internal USB bus. 4.
3 Setting up managed system If you need to run local RACADM or enable Last Crash Screen capture, install the following from the Dell Systems Management Tools and Documentation DVD: ● Local RACADM ● Server Administrator For more information about Server Administrator, see OpenManage Server Administrator User's Guide available at https:// www.dell.com/openmanagemanuals.
Setting up iDRAC IP using iDRAC settings utility To set up the iDRAC IP address: 1. Turn on the managed system. 2. Press during Power-on Self-test (POST). 3. In the System Setup Main Menu page, click iDRAC Settings. The iDRAC Settings page is displayed. 4. Click Network. The Network page is displayed. 5. Specify the following settings: ● ● ● ● ● ● Network Settings Common Settings IPv4 Settings IPv6 Settings IPMI Settings VLAN Settings 6. Click Back, click Finish, and then click Yes.
5. Under Network Speed, select either 10 Mbps or 100 Mbps. NOTE: You cannot manually set the Network Speed to 1000 Mbps. This option is available only if Auto Negotiation option is enabled. 6. Under Duplex Mode, select Half Duplex or Full Duplex option. NOTE: If you enable Auto Negotiation, this option is grayed-out. NOTE: If network teaming is configured for the host OS using the same network adapter as NIC Selection, then the Failover Network should also be configured.
NOTE: If you configure static IP, the current IP address 1 displays static IP and the IP address 2 displays dynamic IP. If you clear the static IP settings, the current IP address 1 displays dynamic IP. 6. If you are using DHCP, enable DHCPv6 to obtain DNS Server addresses to obtain Primary and Secondary DNS server addresses from DHCPv6 server. You can configure the following if required: ● In the Static Preferred DNS Server box, enter the static DNS server IPv6 address.
Enabling provisioning server The provisioning server feature allows newly installed servers to automatically discover the remote management console that hosts the provisioning server. The provisioning server provides custom administrative user credentials to iDRAC so that the unprovisioned server can be discovered and managed from the management console. For more information about provisioning server, see the Lifecycle Controller Remote Services Quick Start Guide available at https://www.dell.
Table 10. Different Share Types and pass in values -s (ShareType) pass in CIFS 2 or cifs HTTP 5 or http HTTPS 6 or https NOTE: HTTPS certificates are not supported with Auto Config. Auto Config ignores certificate warnings. Following list describes the required and optional parameters to pass in for the string value: -f (Filename): name of exported Server Configuration Profile file. This is required for iDRAC firmware versions prior to 2.20.20.20. -n (Sharename): name of network share.
The user can configure individual servers requiring different configuration files mapped using individual server Service Tags or server models. In an environment that has different servers with specific requirements, different SCP file names can be used to distinguish each server or server type. For example, if there are two server models to configure — PowerEdge R740s and PowerEdge R540s, use two SCP files, R740-config.xml and R540-config.xml.
4. Scroll down and select 043 Vendor Specific Info. 5. In the Data Entry field, click anywhere in the area under ASCII and enter the IP address of the server that has the share location, which contains the SCP file. The value appears as you type it under the ASCII, but it also appears in binary to the left. 6. Click OK to save the configuration. Configuring option 60 on Windows To configure option 60 on Windows: 1.
● Timetowait (-t) — Indicates the time the host system waits before shutting down. The default setting is 300. ● EndHostPowerState (-e) — Indicates the power state of the host. 0 indicates OFF and 1 indicates ON. The default setting is 1. NOTE: ShutdownType (-d), Timetowait (-t), and EndHostPowerState (-e) are optional attributes. NFS: -f system_config.xml -i 192.168.1.101 -n /nfs_share -s 0 -d 1 CIFS: -f system_config.xml -i 192.168.1.
● Timetowait (-t) — Indicates the time the host system waits before shutting down. The default setting is 300. ● EndHostPowerState (-e) — Indicates the power state of the host. 0 indicates OFF and 1 indicates ON. The default setting is 1. NOTE: ShutdownType (-d), Timetowait (-t), and EndHostPowerState (-e) are optional attributes. The following is an example of a static DHCP reservation from a dhcpd.conf file: host my_host { host my_host { hardware ethernet b8:2a:72:fb:e6:56; fixed-address 192.168.0.
With the new password hash feature: ● You can generate your own SHA256 hashes to set iDRAC user passwords and BIOS passwords. This allows you to have the SHA256 values in the server configuration profile, RACADM, and WSMan. When you provide the SHA256 password values, you cannot authenticate through SNMPv3 and IPMI. NOTE: Remote RACADM or WSMan or Redfish cannot be used for Hash password Configuration / Replacement for IDRAC.
2. Open a Linux command prompt, and run the following command: Generate Hash-> echo-n SOMEPASSWORDALITTLEBITOFSALT|sha256sum -> Generate Hex Representation of Salt -> echo -n ALITTLEBITOFSALT | xxd –p SALT> -> set iDRAC.Users.4.SHA256PasswordSalt 3. Provide hash value and salt in the imported server configuration profile, the RACADM commands, Redfish, or WSMan.
Setting up managed system location using iDRAC settings utility To specify the system location details: 1. In the iDRAC Settings utility, go to System Location. The iDRAC Settings System Location page is displayed. 2. Enter the location details of the managed system in the data center. For information about the options, see the iDRAC Settings Utility Online Help. 3. Click Back, click Finish, and then click Yes. The details are saved.
● Fan Speed Offset — Selecting this option allows additional cooling to the server. In case hardware is added (example, new PCIe cards), it may require additional cooling. A fan speed offset causes fan speeds to increase (by the offset % value) over baseline fan speeds calculated by the Thermal Control algorithm. Possible values are: ○ Low Fan Speed — Drives fan speeds to a moderate fan speed. ○ Medium Fan Speed — Drives fan speeds close to medium. ○ High Fan Speed — Drives fan speeds close to full speed.
Table 11. Thermal Settings Object Description Usage Example AirExhaustTemp Allows you to set the maximum air exhaust temperature limit. To check the existing setting Set to any of the following values (based on the system): on the system: ● 0 — Indicates 40°C racadm get ● 1 — Indicates 45°C system.thermalsetti ● 2 — Indicates 50°C ngs.
Table 11. Thermal Settings Object Description Usage FanSpeedHighOffsetVal ● Getting this variable reads the fan speed offset value in %PWM for High Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 1. Values from 0-100 Example racadm get system.thermalsetti ngs FanSpeedHighOffsetV al A numerical value, for example 66, is returned.
Table 11. Thermal Settings Object Description Usage FanSpeedMediumOffsetV al ● Getting this variable reads the fan speed offset value in %PWM for Medium Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 2 Values from 0-100 Example racadm get system.thermalsetti ngs FanSpeedMediumOffse tVal This returns a value such as “47”.
Table 11. Thermal Settings Object Description Usage Example MinimumFanSpeed ● Allows configuring the Minimum Fan speed that is required for the system to operate. ● It defines the baseline (floor) value for fan speed and system allows fans to go lower than this defined fan speed value. ● This value is %PWM value for fan speed. Values from MFSMinimumLimit to MFSMaximumLimit When get command reports 255, it means user configured offset is not applied.
Setting up management station A management station is a computer used for accessing iDRAC interfaces to remotely monitor and manage the PowerEdge server(s). To set up the management station: 1. Install a supported operating system. For more information, see the release notes. 2. Install and configure a supported Web browser. For more information, see the release notes. 3. Install the latest Java Runtime Environment (JRE) (required if Java plug-in type is used to access iDRAC using a Web browser).
● Adding iDRAC IP to trusted sites ● Configuring IE to enable Active Directory SSO ● Disabling IE Enhanced Security Configuration Resetting Internet Explorer security settings Ensure that Internet Explorer (IE) settings are set to Microsoft-recommended defaults and customize the settings as described in this section. 1. Open IE as an administrator or using an administrator account. 2. Click Tools Internet Options Security Local Network or Local intranet. 3.
Disabling whitelist feature in Firefox Firefox has a "whitelist" security feature that requires user permission to install plug-ins for each distinct site that hosts a plug-in. If enabled, the whitelist feature requires you to install a Virtual Console viewer for each iDRAC you visit, even though the viewer versions are identical. To disable the whitelist feature and avoid unnecessary plug-in installations, perform the following steps: 1. Open a Firefox Web browser window. 2.
You must configure Internet Explorer (IE) settings before you launch and run HTML5 based virtual console and virtual media applications. To configure the browser settings: 1. Disable pop-up blocker. To do this, click Tools > Internet Options > Privacy and clear the Turn on Pop-up Blocker check-box. 2. Start the HTML5 virtual console using any of the following methods: ● In IE, click Tools > Compatibility View Settings and clear the Display intranet sites in Compatibility View checkbox.
● Select Prompt for Download signed ActiveX controls. ● Select Enable or Prompt for Run ActiveX controls and plugins. ● Select Enable or Prompt for Script ActiveX controls marked safe for scripting. 7. Click OK to close the Security Settings window. 8. Click OK to close the Internet Options window. NOTE: On systems with Internet Explorer 11, ensure that you add the iDRAC IP by clicking Tools > Compatibility View settings. NOTE: ● The varying versions of Internet Explorer share Internet Options.
Importing CA certificate to Java trusted certificate store To import the CA certificate to the Java trusted certificate store: 1. Launch the Java Control Panel. 2. Click Security tab and then click Certificates. The Certificates dialog box is displayed. 3. From the Certificate type drop-down menu, select Trusted Certificates. 4. Click Import, browse, select the CA certificate (in Base64 encoded format), and click Open. The selected certificate is imported to the Web start trusted certificate store. 5.
● ● ● ● ● ● RAID Controller Power Supply Unit (PSU) NVMe PCIe devices SAS/SATA hard drives Backplane update for internal and external enclosures OS Collector CAUTION: The PSU firmware update may take several minutes depending on the system configuration and PSU model. To avoid damaging the PSU, do not interrupt the update process or power on the system during PSU firmware update. You must upload the required firmware to iDRAC.
NOTE: When multiple firmware updates are applied through out-of-band methods, the updates are ordered in the most efficient possible manner to reduce unnecessary system restart. Table 13.
If the firmware image file is valid and was successfully uploaded, the Contents column displays a plus icon ( ) icon next to the firmware image file name. Expand the name to view the Device Name, Current, and Available firmware version information. 5. Select the required firmware file and do one of the following: ● For firmware images that do not require a host system reboot, click Install. For example, iDRAC firmware file.
Scheduling automatic firmware updates You can create a periodic recurring schedule for iDRAC to check for new firmware updates. At the scheduled date and time, iDRAC connects to the specified destination, checks for new updates, and applies or stages all applicable updates. A log file is created on the remote server, which contains information about server access and staged firmware updates.
● To schedule the start time and frequency of the firmware update: racadm AutoUpdateScheduler create -u username –p password –l [-f catalogfilename -pu -pp -po -pt ] -time < hh:mm> [-dom < 1 – 28,L,’*’> -wom <1-4,L,’*’> -dow ] -rp <1-366> -a For example, ○ To automatically update firmware using a CIFS share: racadm AutoUpdateScheduler create -u admin -p pwd -l //1.2.3.4/CIFS-share –f cat.
2. Run the DUP. The firmware is updated. A system restart is not required after firmware update is complete. Updating firmware using remote RACADM 1. Download the firmware image to the TFTP or FTP server. For example, C:\downloads\firmimg.d9 2. Run the following RACADM command: TFTP server: ● Using fwupdate command: racadm -r -u -p fwupdate -g -u -a path the location on the TFTP server where firmimg.d9 is stored.
2. Go to iDRAC Settings > Settings > CMC. The Deploy iDRAC page is displayed. 3. From the Chassis Management at Server Mode , select Manage and Monitor, and the click Apply. iDRAC settings to update CMC firmware In the PowerEdge FX2/FX2s chassis, before updating the firmware for CMC and its shared components from iDRAC, do the following settings in iDRAC: 1. Go to iDRAC Settings > Settings > CMC. 2.
● Backplane NOTE: You cannot perform firmware rollback for Diagnostics, Driver Packs, and CPLD. Before rolling back the firmware, make sure that: ● You have Configure privilege to roll back iDRAC firmware. ● You have Server Control privilege and have enabled Lifecycle Controller to roll back firmware for any other device other than the iDRAC. ● Change the NIC mode to Dedicated if the mode is set as Shared LOM.
For the device for which you want to rollback the firmware, the Rollback Version must be Available. Also, note the FQDD. 2. Rollback the device firmware using: racadm rollback For more information, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Rollback firmware using Lifecycle Controller For information, see Lifecycle Controller User’s Guide available at dell.com/idracmanuals.
NOTE: If you are exporting the server profile using NFS on Windows 10 operating system and face issues accessing the exported server profile, enable Client for NFS in Windows Features. Backing up server profile using iDRAC web interface To back up the server profile using iDRAC Web interface: 1. Go to iDRAC Settings > Settings > Backup and Export Server Profile. The Backup and Export Server Profile page is displayed. 2.
5. Click Backup Now. A recurring job is represented in the job queue with a start date and time of the next scheduled backup operation. Five minutes after the first instance of the recurring job starts, the job for the next time period is created. The backup server profile operation is performed at the scheduled date and time. Scheduling automatic backup server profile using RACADM To enable automatic backup use the command: racadm set lifecyclecontroller.lcattributes.
Easy Restore uses the Easy Restore flash memory to back up the data. When you replace the motherboard and power on the system, the BIOS queries the iDRAC and prompts you to restore the backed-up data. The first BIOS screen prompts you to restore the Service Tag, licenses, and UEFI diagnostic application. The second BIOS screen prompts you to restore system configuration settings.
Monitoring iDRAC using other Systems Management tools You can discover and monitor iDRAC using Dell Management Console or Dell OpenManage Essentials. You can also use Dell Remote Access Configuration Tool (DRACT) to discover iDRACs, update firmware, and set up Active Directory. For more information, see the respective user’s guides. Support Server Configuration Profile (SCP) — Import and Export Server Configuration Profile allows you to import and export server configuration files.
Policy Component Acceptable File Formats Acceptable File Extensions PK X.509 Certificate (binary DER format only) 1. .cer 2. .der Max records allowed One 3. .crt KEK DB and DBX X.509 Certificate (binary DER format only) 1. .cer Public Key Store 2. .der 3. .crt 4. .pbk X.509 Certificate (binary DER format only) 1. .cer EFI image (system BIOS will calculate and import image digest) 2. .der 3. .crt 4. .
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see iDRAC licenses on page 19.
• Disabling access to modify iDRAC configuration settings on host system Viewing iDRAC information You can view the basic properties of iDRAC. Viewing iDRAC information using web interface In the iDRAC Web interface, go to iDRAC Settings > Overview to view the following information related to iDRAC. For information about the properties, see iDRAC Online Help.
Viewing iDRAC information using RACADM To view iDRAC information using RACADM, see getsysinfo or get sub-command details provided in the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals . Modifying network settings After configuring the iDRAC network settings using the iDRAC Settings utility, you can also modify the settings through the iDRAC Web interface, RACADM, Lifecycle Controller, Dell Deployment Toolkit, and Server Administrator (after booting to the operating system).
Configuring IP filtering In addition to user authentication, use the following options to provide additional security while accessing iDRAC: ● IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are denied.
Examples for IP Filtering The following RACADM commands block all IP addresses except 192.168.0.57: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.57 racadm set iDRAC.IPBlocking.RangeMask 255.255.255.255 To restrict logins to a set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.
Enabling FIPS mode using RACADM Use RACADM CLI to execute the following command: racadm set iDRAC.Security.FIPSMode Disabling FIPS mode To disable FIPS mode, you must reset iDRAC to the factory-default settings. Configuring services You can configure and enable the following services on iDRAC: Local Configuration Disable access to iDRAC configuration (from the host system) using Local RACADM and iDRAC Settings utility. Web Server Enable access to iDRAC web interface.
Enabling or disabling HTTPS redirection If you do not want automatic redirection from HTTP to HTTPs due to certificate warning issue with default iDRAC certificate or as a temporary setting for debugging purpose, you can configure iDRAC such that redirection from http port (default is 80) to https port (default is 443) is disabled. By default, it is enabled. You have to log out and log in to iDRAC for this setting to take effect. When you disable this feature, a warning message is displayed.
Using VNC client to manage remote server You can use a standard open VNC client to manage the remote server using both desktop and mobile devices such as Dell Wyse PocketCloud. When servers in data centers stop functioning, the iDRAC or the operating system sends an alert to the console on the management station. The console sends an email or SMS to a mobile device with required information and launches VNC viewer application on the management station.
2. Configure SSL tunnel to connect to :. For example, 192.168.0.120:5901. 3. Start the tunnel application. To establish connection with the iDRAC VNC server over the SSL encrypted channel, connect the VNC viewer to the localhost (link local IP address) and the local port number (127.0.0.1:).
Configuring LCD setting using RACADM To configure the server LCD front panel display, use the objects in the System.LCD group. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Configuring LCD setting using iDRAC settings utility To configure the server LCD front panel display: 1. In the iDRAC Settings utility, go to Front Panel Security. The iDRAC Settings.Front Panel Security page is displayed. 2. Enable or disable the power button. 3.
Configuring time zone and NTP using iDRAC web interface To configure time zone and NTP using iDRAC web interface: 1. Go to iDRAC Settings > Settings > Time zone and NTP Settings. The Time zone and NTP page is displayed. 2. To configure the time zone, from the Time Zone drop-down menu, select the required time zone, and then click Apply. 3. To configure NTP, enable NTP, enter the NTP server addresses, and then click Apply. For information about the fields, see iDRAC Online Help.
Setting first boot device using RACADM ● To set the first boot device, use the iDRAC.ServerBoot.FirstBootDevice object. ● To enable boot once for a device, use the iDRAC.ServerBoot.BootOnce object. For more information about these objects, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
If you are configuring the server using a Server Configuration Profile through RACADM, WSMan or Redfish and if the network settings are changed in this file, then you must wait for 15 seconds to either enable OS to iDRAC Pass-through feature or set the OS Host IP address. Before enabling OS to iDRAC Pass-through, make sure that: ● iDRAC is configured to use dedicated NIC or shared mode (that is, NIC selection is assigned to one of the LOMs).
● XenServer 7.1 For Linux operating systems, configure the USB NIC as DHCP on the host operating system before enabling USB NIC. For vSphere, you must install the VIB file before enabling USB NIC. NOTE: To configure USB NIC as DHCP in Linux operating system or XenServer, refer to the operating system or hypervisor documentation. Installing VIB file For vSphere operating systems, before enabling the USB NIC, you must install the VIB file. To install the VIB file: 1.
7. Click Test Network Configuration to check if the IP is accessible and the link is established between the iDRAC and the host operating system. Enabling or disabling OS to iDRAC Pass-through using RACADM To enable or disable OS to iDRAC Pass-through using RACADM, use the objects in the iDRAC.OS-BMC group. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
Table 15. Types of certificate based on login type Login Type Certificate Type How to Obtain SHA-2 certificates are also supported. Active Directory user login Trusted CA certificate This certificate is issued by a CA. SHA-2 certificates are also supported. Local User login SSL Certificate Generate a CSR and get it signed from a trusted CA NOTE: iDRAC ships with a default self-signed SSL server certificate. The iDRAC Web server, Virtual Media, and Virtual Console use this certificate.
interface using a supported browser that supports a wildcard certificate, the iDRAC is trusted by the browser. While launching viewers, the iDRACs are trusted by the viewer clients. Generating a new certificate signing request A CSR is a digital request to a Certificate Authority (CA) for a SSL server certificate. SSL server certificates allow clients of the server to trust the identity of the server and to negotiate an encrypted session with the server.
Uploading server certificate using RACADM To upload the SSL server certificate, use the sslcertupload command. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. If the CSR is generated outside of iDRAC with a private key available, then to upload the certificate to iDRAC: 1. Send the CSR to a well-known root CA. CA signs the CSR and the CSR becomes a valid certificate. 2. Upload the private key using the remote racadm sslkeyupload command. 3.
Uploading custom SSL certificate signing certificate using RACADM To upload the custom SSL certificate signing certificate using RACADM, use the sslcertupload command, and then use the racreset command to reset iDRAC. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Downloading custom SSL certificate signing certificate You can download the custom signing certificate using iDRAC Web interface or RACADM.
● The configuration file contains information that is applicable for the particular server. The information is organized under various object groups. ● Some configuration files contain unique iDRAC information, such as the static IP address, that you must modify before you import the file into other iDRACs. You can also use the System Configuration Profile (SCP) to configure multiple iDRACs using RACADM. SCP file contains the component configuration information.
5 Viewing iDRAC and managed system information You can view iDRAC and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.
● USB ● NVMe PCIe SSD devices The Firmware Inventory section displays the firmware version for the following components: ● BIOS ● Lifecycle Controller ● iDRAC ● OS driver pack ● 32-bit diagnostics ● System CPLD ● PERC controllers ● Batteries ● Physical disks ● Power supply ● NIC ● Fibre Channel ● Backplane ● Enclosure ● PCIe SSDs NOTE: Software inventory displays only the last 4 bytes of the firmware version. For example, if the firmware version is FLVDL06, the firmware inventory displays DL06.
○ If IDSDM redundancy is enabled with two SD cards present in the IDSDM, and the status of one SD card is online while the status of the other card is offline. A system reboot is required to restore redundancy between the two SD cards in the IDSDM. After the redundancy is restored, the status of both the SD cards in the IDSDM is online. ○ During the rebuilding operation to restore redundancy between two SD cards present in the IDSDM, the IDSDM status is not displayed since the IDSDM sensors are powered off.
NOTE: This feature is not supported on PowerEdge R930 servers. The CPU and chipset have dedicated Resource monitoring Counters (RMC). The data from these RMCs is queried to obtain utilization information of system resources. The data from RMCs is aggregated by the node manager to measure the cumulative utilization of each of these system resources that is read from iDRAC using existing intercommunication mechanisms to provide data through out-of-band management interfaces.
For information about the displayed properties, see the iDRAC Online Help. Monitoring performance index for of CPU, memory, and input output modules using RACADM Use the SystemPerfStatistics sub command to monitor performance index for CPU, memory, and I/O modules. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Checking the system for Fresh Air compliance Fresh Air cooling directly uses outside air to cool systems in the data center.
Viewing historical temperature data using iDRAC web interface To view historical temperature data: 1. In the iDRAC Web interface, go to System > Overview > Cooling > Temperature overview. The Temperature overview page is displayed. 2. See the System Board Temperature Historical Data section that provides a graphical display of the stored temperature (average and peak values) for the last day, last 30 days, and last year. For more information, see the iDRAC Online Help.
Depending on how the Host OS detects the DHCP server, the corresponding IPv4 or IPv6 DHCP server address may not be displayed. Viewing network interfaces available on host OS using web interface To view the network interfaces available on the host OS using Web interface: 1. Go to System > Host OS > Network Interfaces. The Network Interfaces page displays all the network interfaces that are available on the host operating system. 2.
● System > Details > iDRAC Details. ● System > Server > WWN/MAC. ● iDRAC Settings > Overview > Current Network Settings. CAUTION: With FlexAddress enabled, if you switch from a server–assigned MAC address to a chassis–assigned MAC address and vice–versa, iDRAC IP address also changes. Viewing or terminating iDRAC sessions You can view the number of users currently logged in to iDRAC and terminate the user sessions.
6 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: ● iDRAC Web Interface ● Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only ● IPMI Serial Over LAN ● IPMI Over LAN ● Remote RACADM ● Local RACADM ● Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
Topics: • • • • • • • • • Communicating with iDRAC through serial connection using DB9 cable Switching between RAC serial and serial console while using DB9 cable Communicating with iDRAC using IPMI SOL Communicating with iDRAC using IPMI over LAN Enabling or disabling remote RACADM Disabling local RACADM Enabling IPMI on managed system Configuring Linux for serial console during boot in RHEL 6 Supported SSH cryptography schemes Communicating with iDRAC through serial connection using DB9 cable You can us
NOTE: This is applicable only for iDRAC on rack and tower servers. Enabling RAC serial connection using web interface To enable RAC serial connection: 1. In the iDRAC Web interface, go to iDRAC Settings > Network > Serial. The Serial page is displayed. 2. Under RAC Serial, select Enabled and specify the values for the attributes. 3. Click Apply. The RAC serial settings are configured.
n=1 — Basic Mode Enabling serial connection IPMI serial settings using RACADM 1. Change the IPMI serial-connection mode to the appropriate setting using the command. racadm set iDRAC.Serial.Enable 0 2. Set the IPMI Serial baud rate using the command. racadm set iDRAC.IPMISerial.BaudRate Parameter Allowed values (in bps) 9600, 19200, 57600, and 115200. 3. Enable the IPMI serial hardware flow control using the command. racadm set iDRAC.IPMISerial.FlowContro 1 4.
5. Click Apply. The terminal mode settings are configured. 6. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection. Configuring additional settings for IPMI serial terminal mode using RACADM To configure the Terminal Mode settings, use the set command with the objects in the idrac.ipmiserial group. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.
● Serial Communication — On With Console Redirection ● Serial Port Address — COM2. NOTE: You can set the serial communication field to On with serial redirection via com1 if serial device2 in the serial port address field is also set to com1. ● External serial connector — Serial device 2 ● Failsafe Baud Rate — 115200 ● Remote Terminal Type — VT100/VT220 ● Redirection After Boot — Enabled 5. Click Back and then click Finish. 6. Click Yes to save the changes. 7. Press to exit System Setup.
NOTE: To activate IPMI SOL, you must have the minimum privilege defined in IMPI SOL. For more information, see the IPMI 2.0 specification. 3. Update the IPMI SOL baud rate using the command. racadm set iDRAC.IPMISol.BaudRate NOTE: To redirect the serial console over LAN, make sure that the SOL baud rate is identical to the managed system’s baud rate. Parameter Allowed values (in bps) 9600, 19200, 57600, and 115200. 4. Enable SOL for each user using the command. racadm set iDRAC.
SOL using IPMI protocol The IPMI-based SOL utility and IPMItool use RMCP+ delivered using UDP datagrams to port 623. The RMCP+ provides improved authentication, data integrity checks, encryption, and the ability to carry multiple types of payloads while using IPMI 2.0. For more information, see http://ipmitool.sourceforge.net/manpage.html. The RMCP+ uses a 40-character hexadecimal string (characters 0-9, a-f, and A-F) encryption key for authentication. The default value is a string of 40 zeros.
Using SOL from PuTTY on Windows NOTE: If required, you can change the default SSH or Telnet time-out at iDRAC Settings > Services. To start IPMI SOL from PuTTY on a Windows management station: 1. Run the following command to connect to iDRAC putty.exe [-ssh | -telnet] @ NOTE: The port number is optional. It is required only when the port number is reassigned. 2. Run the command console com2 or connect to start SOL and boot the managed system.
Using Telnet virtual console Some Telnet clients on the Microsoft operating systems may not display the BIOS setup screen correctly when BIOS Virtual Console is set for VT100/VT220 emulation. If this issue occurs, change the BIOS console to ANSI mode to update the display. To perform this procedure in the BIOS setup menu, select Virtual Console > Remote Terminal Type > ANSI.
Configuring IPMI over LAN using web interface To configure IPMI over LAN: 1. In the iDRAC Web interface, go to iDRAC Settings > Connectivity. The Network page is displayed. 2. Under IPMI Settings, specify the values for the attributes and click Apply. For information about the options, see the iDRAC Online Help. The IPMI over LAN settings are configured. Configuring IPMI over LAN using iDRAC settings utility To configure IPMI over LAN: 1. In the iDRAC Settings Utility, go to Network.
NOTE: Remote RACADM is enabled by default. Enabling or disabling remote RACADM using web interface 1. In iDRAC Web interface, go to iDRAC Settings > Services. 2. Under Remote RACADM, select the desired option and click Apply. The remote RACADM is enabled or disabled based on the selection. Enabling or disabling remote RACADM using RACADM NOTE: It is recommended to run these commands using local RACADM or firmware RACADM. ● To disable remote RACADM: racadm set iDRAC.Racadm.
3. Disable GRUB's graphical interface and use the text-based interface. Else, the GRUB screen is not displayed in RAC Virtual Console. To disable the graphical interface, comment-out the line starting with splashimage. The following example provides a sample /etc/grub.conf file that shows the changes described in this procedure. # grub.conf generated by anaconda # Note that you do not have to rerun grub after making changes to this file # NOTICE: You do not have a /boot partition.
l5:5:wait:/etc/rc.d/rc 5 l6:6:wait:/etc/rc.d/rc 6 #Things to run in every runlevel. ud::once:/sbin/update ud::once:/sbin/update #Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now #When our UPS tells us power has failed, assume we have a few #minutes of power left. Schedule a shutdown for 2 minutes from now. #This does, of course, assume you have power installed and your #UPS is connected and working correctly.
Table 18. SSH cryptography schemes Scheme Type Algorithms Asymmetric Cryptography Public key ssh-rsa ecdsa-sha2-nistp256 Symmetric Cryptography Key Exchange curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha1 Encryption chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com MAC hmac-sha1 hmac-ripemd160 umac-64@openssh.
Generating public keys for Windows To use the PuTTY Key Generator application to create the basic key: 1. Start the application and select RSA for the key type. 2. Enter the number of bits for the key. The number of bits must be between 2048 and 4096 bits. 3. Click Generate and move the mouse in the window as directed. The keys are generated. 4. You can modify the key comment field. 5. Enter a passphrase to secure the key. 6. Save the public and private key.
Uploading SSH keys using RACADM To upload the SSH keys, run the following command: NOTE: You cannot upload and copy a key at the same time. ● For local RACADM: racadm sshpkauth -i <2 to 16> -k <1 to 4> -f ● From remote RACADM using Telnet or SSH: racadm sshpkauth -i <2 to 16> -k <1 to 4> -t For example, to upload a valid key to iDRAC User ID 2 in the first key space using a file, run the following command: $ racadm sshpkauth -i 2 -k 1 -f pkkey.
7 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. The default iDRAC user name and password are provided with the system badge. As an administrator, you can setup user accounts to allow other users to access iDRAC. For more information see the documentation for the server.
NOTE: To improve security, it is recommended to use complex passwords that have eight or more characters and include lowercase alphabets, uppercase alphabets, numbers, and special characters. It is also recommended to regularly change the passwords, if possible. Configuring local users You can configure up to 16 local users in iDRAC with specific access permissions. Before you create an iDRAC user, verify if any current users exist.
and view or edit the myfile.cfg file, which includes all iDRAC configuration parameters. To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. If you use the Server Configuration Profile file to configure users, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol attributes to enable SNMPv3 authentication.
Configuring Active Directory users If your company uses the Microsoft Active Directory software, you can configure the software to provide access to iDRAC, allowing you to add and control iDRAC user privileges to your existing users in your directory service. This is a licensed feature. NOTE: Using Active Directory to recognize iDRAC users is supported on the Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008 operating systems.
8. Select Local Computer, click Finish, and click OK. 9. In the Console 1 window, go to Certificates Personal Certificates folder. 10. Locate and right-click the root CA certificate, select All Tasks, and click Export.... 11. In the Certificate Export Wizard, click Next, and select No do not export the private key. 12. Click Next and select Base-64 encoded X.509 (.cer) as the format. 13. Click Next and save the certificate to a directory on your system. 14.
Figure 1. Configuration of iDRAC with active directory standard schema In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to five role groups in each iDRAC.
Configuring Standard schema Active Directory Before configuring the standard schema Active Directory, ensure that: ● You have the iDRAC enterprise license. ● The configuration is performed on a server that is used as the Domain Controller. ● The dat, time and time zone on the server are correct. ● The iDRAC network settings are configured, or in iDRAC web interface go to iDRAC Settings > Connectivity > Network > Common Settings to configure the network settings.
address of racadm set address of racadm set address of racadm set address of racadm set address of racadm set address of the domain controller> iDRAC.ActiveDirectory.DomainController2 iDRAC.ActiveDirectory.DomainController3 iDRAC.ActiveDirectory.GlobalCatalog1 iDRAC.ActiveDirectory.
Best practices for extended schema The extended schema uses Dell association objects to join iDRAC and permission. This allows you to use iDRAC based on the overall permissions granted. The default Access Control List (ACL) of Dell Association objects allows Self and Domain Administrators to manage the permissions and scope of iDRAC objects. By default, the Dell Association objects do not inherit all permissions from the parent Active Directory objects.
Figure 2. Typical setup for active directory objects You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one iDRAC Device Object for each iDRAC device on the network that you want to integrate with Active Directory for Authentication and Authorization with iDRAC. The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects.
The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both iDRAC1 and iDRAC2.
Classes and attributes Table 22. Class definitions for classes added to the active directory schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.1 delliDRACAssociation 1.2.840.113556.1.8000.1280.1.7.1.2 dellRAC4Privileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 23. DelliDRACdevice class OID 1.2.840.113556.1.8000.1280.1.7.1.
Table 25. dellRAC4Privileges class OID 1.2.840.113556.1.8000.1280.1.1.1.3 dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 26. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 27. dellProduct class OID 1.2.840.113556.1.8000.
Table 28. List of attributes added to the active directory schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued TRUE if the user has Card Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsUserConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.5 TRUE if the user has User Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) delIsLogClearAdmin 1.2.840.113556.1.8000.1280.1.1.2.
Installing Dell extension to the Active Directory users and computers snap-in When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC devices, users and user groups, iDRAC associations, and iDRAC privileges.
Providing user access privileges for association objects To provide access privileges to the authenticated users for accessing the created association objects: 1. Go to Administrative Tools > ADSI Edit. The ADSI Edit window is displayed. 2. In the right-pane, navigate to the created association object, right-click and select Properties. 3. In the Security tab, click Add. 4. Type Authenticated Users, click Check Names, and click OK. The authenticated users is added to the list of Groups and user names. 5.
3. Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed. 4. Specify the location information about Active Directory (AD) servers and user accounts. Also, specify the time iDRAC must wait for responses from AD during login process. NOTE: ● If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN.
3. If DHCP is disabled in iDRAC or you want to manually input your DNS IP address, enter the following command: racadm set iDRAC.IPv4.DNSFromDHCP 0 racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 4. If you want to configure a list of user domains so that you only need to enter the user name during log in to iDRAC web interface, use the following command: racadm set iDRAC.UserDomain..
Configuring generic LDAP directory service using iDRAC webbased interface To configure the generic LDAP directory service using Web interface: NOTE: For information about the various fields, see the iDRAC Online Help. 1. In the iDRAC Web interface, go to iDRAC Settings > Users > Directory Services > Generic LDAP Directory Service, click Edit. The Generic LDAP Configuration and Management Step 1 of 3 page displays the current generic LDAP settings. 2.
NOTE: When testing LDAP settings with Enable Certificate Validation checked, iDRAC requires that the LDAP server be identified by the FQDN and not an IP address. If the LDAP server is identified by an IP address, certificate validation fails because iDRAC is not able to communicate with the LDAP server. NOTE: When generic LDAP is enabled, iDRAC first tries to login the user as a directory user. If it fails, local user lookup is enabled. The test results and the test log are displayed.
8 System Lockdown mode System Lockdown mode helps in preventing unintended changes after a system is provisioned. This feature can help in protecting the system from unintentional or malicious changes. Lockdown mode is applicable to both configuration and firmware updates. When the system is locked down, any attempt to change the system configuration is blocked. If any attempts are made to change the critical system settings, an error message is displayed.
Table 29. Items affected by Lockdown mode Disabled Remain functional ● Modular operations (VLAN configuration, Flex Addressing) ● Group Manager passcode NOTE: When lockdown mode is enabled, OpenID Connect login option is not displayed in iDRAC login page.
9 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Generating Kerberos keytab file To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized service on a Windows Kerberos network. The Kerberos configuration on iDRAC involves the same steps as configuring a non– Windows Server Kerberos service as a security principal in Windows Server Active Directory.
Configuring iDRAC SSO login for Active Directory users using web interface To configure iDRAC for Active Directory SSO login: NOTE: For information about the options, see the iDRAC Online Help. 1. Verify whether the iDRAC DNS name matches the iDRAC Fully Qualified Domain Name. To do this, in iDRAC Web interface, go to iDRAC Settings > Network > Common Settings and see the DNS iDRAC Name property. 2.
Uploading trusted CA certificate for smart card using web interface To upload trusted CA certificate for smart card login: 1. In iDRAC Web interface, go to iDRAC Settings > Network > User Authentication > Local Users. The Users page is displayed. 2. In the User ID column, click a user ID number. The Users Main Menu page is displayed. 3. Under Smart Card Configurations, select Upload Trusted CA Certificate and click Next. The Trusted CA Certificate Upload page is displayed. 4.
Enabling or disabling smart card login using RACADM To enable smart card login, use the set command with objects in the iDRAC.SmartCard group. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Enabling or disabling smart card login using iDRAC settings utility To enable or disable the Smart Card logon feature: 1. In the iDRAC Settings utility, go to Smart Card. The iDRAC Settings Smart Card page is displayed. 2. Select Enabled to enable smart card logon.
10 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
Enabling or disabling alerts using RACADM Use the following command: racadm set iDRAC.IPMILan.AlertEnable n=0 — Disabled n=1 — Enabled Enabling or disabling alerts using iDRAC settings utility To enable or disable generating alerts or event actions: 1. In the iDRAC Settings utility, go to Alerts. The iDRAC Settings Alerts page is displayed. 2. Under Platform Events, select Enabled to enable alert generation or event action. Else, select Disabled.
Setting event alerts You can set event alerts such as e-mail alerts, IPMI alerts, SNMP traps, remote system logs, operating system logs, and WS events to be sent to configured destinations. Setting event alerts using web interface To set an event alert using the web interface: 1. Make sure that you have configured the e-mail alert, IPMI alert, SNMP trap settings, and/or remote system log settings. 2. In iDRAC Web interface, go to Configuration > System Settings > Alerts and Remote System Log Configuration.
Setting event actions You can set event actions such as perform a reboot, power cycle, power off, or perform no action on the system. Setting event actions using web interface To set an event action: 1. In iDRAC Web interface, go to Configuration > System Settings > Alert and Remote System Log Configuration. 2. From the Actions drop-down menu, for each event select an action: ● ● ● ● Reboot Power Cycle Power Off No Action 3. Click Apply. The setting is saved.
For more information about the options, see the iDRAC Online Help. NOTE: The Community String value indicates the community string to use in a Simple Network Management Protocol (SNMP) alert trap sent from iDRAC. Make sure that the destination community string is the same as the iDRAC community string. The default value is Public. 5. To test whether the IP address is receiving the IPMI or SNMP traps, click Send under Test IPMI Trap and Test SNMP Trap respectively. 6. Click Apply.
5. To test the trap, if required: racadm testtrap -i For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Configuring IP alert destinations using iDRAC settings utility You can configure alert destinations (IPv4, IPv6, or FQDN) using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to Alerts. The iDRAC Settings Alerts page is displayed. 2.
Parameter Description n=0 Disables email alerts. n=1 Enables email alerts. 2. To configure email settings: racadm set iDRAC.EmailAlert.Address.[index] [email-address] Parameter Description index Email destination index. Allowed values are 1 through 4. email-address Destination email address that receives the platform event alerts. 3. To configure a custom message: racadm set iDRAC.EmailAlert.CustomMsg.[index] [custom-message] Parameter Description index Email destination index.
Configuring WS Eventing The WS Eventing protocol is used for a client service (subscriber) to register interest (subscription) with a server (event source) for receiving messages containing the server events (notifications or event messages). Clients interested in receiving the WS Eventing messages can subscribe with iDRAC and receive Lifecycle Controller job related events.
For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Alerts message IDs The following table provides the list of message IDs that are displayed for the alerts. Table 30.
Table 30.
Table 30.
11 iDRAC 9 Group Manager iDRAC Group Manager feature is available for Dell's 14th generation servers to offer simplified basic management of iDRACs and associated servers on the associated servers on the local network using the iDRAC GUI. Group Manager allows 1XMany console experience without involving a separate application. It allows the users to view the details of a set of servers by permitting more powerful management than by inspecting servers visually for faults and other manual methods.
iDRAC from where the group was created gets chosen as the primary controller of the group by default. The user does not define a dedicated group manager primary controller to control that group. The primary controller hosts the group manager web interface and provides the GUI based work flows. The iDRAC members self-select a new primary controller for the group if the current primary goes offline for a prolonged duration, but that does not have any impact on the end user.
Add a New User Use this section to create and add a new user profile on all the servers in that group. A group job would be created to add the user to all servers in that group. The status of group job can be found at GroupManager > Jobs page. NOTE: By default iDRAC is configured with a local administrator account. You can access further information for each parameter with local administrator account. For more information see, Configuring user accounts and privileges. Table 32.
Table 33. Configuring alerts options Option Description Email Addresses Allows you to configure multiple Email IDs to receive email notifications about system status change. You can send one test email to the configured account from the system. Alert Categories Allows you to select multiple alert categories to receive email notifications. NOTE: Any member iDRAC with system lockdown enabled, that is part of the same group returns an error that the user password was not updated.
Table 34. Group onboard options Option Description Onboard and Change Login Select a specific row and select the Onboard and Change Login option to get the newly discovered systems to the group. You must provide the admin logon credentials for the new systems to join the group. If the system has the default password, you need to change it while onboarding it to a group. Group onboarding allows you to apply the same group alert settings to the new systems.
NOTE: While an onboarding job is running no other Job can be scheduled. Jobs include: ● Add New User ● Change User Password ● Delete User ● Configure Alerts ● Onboard additional systems ● Change Group Passcode ● Change Group Name Attempting to invoke another Job while an Onboarding task is active, consequences GMGR0039 error code. Once the onboarding task has made its first attempt to onboard all the new systems, Jobs can be created at any point in time.
Table 37. Group setting actions Actions Description Change Passcode Allows you to change the existing group password by entering a New Group Passcode and validating that password by Reenter New Group Passcode. Remove Systems Allows you to remove multiple systems from the group at a time. Delete Group Allows you to delete the group. To use any feature of group manager, the user should have administrator privileges. Any pending jobs will be stopped in case the group is deleted.
12 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WSMan interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utility, go to System Event Log. The iDRAC Settings.System Event Log displays the Total Number of Records. 2. To clear the records, select Yes. Else, select No. 3. To view the system events, click Display System Event Log. 4. Click Back, click Finish, and then click Yes.
● Select the severity level from the Severity drop-down list. ● Enter a keyword. ● Specify the date range. 2. Click Apply. The filtered log entries are displayed in Log Results. Adding comments to Lifecycle logs To add comments to the Lifecycle logs: 1. In the Lifecycle Log page, click the + icon for the required log entry. The Message ID details are displayed. 2. Enter the comments for the log entry in the Comment box. The comments are displayed in the Comment box.
The Work Notes page is displayed. 2. Under Work Notes, enter the text in the blank text box. NOTE: It is recommended not to use too many special characters. 3. Click Save. The work note is added to the log. For more information, see the iDRAC Online Help. Configuring remote system logging You can send lifecycle logs to a remote system. Before doing this, make sure that: ● There is network connectivity between iDRAC and the remote system. ● The remote system and iDRAC is on the same network.
13 Monitoring and managing power You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: ● Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
○ Displays or specifies the warning threshold utilization limit. You must have server configure privilege to set the threshold values. For information about the displayed properties, see the iDRAC Online Help. Monitoring performance index for of CPU, memory, and input output modules using RACADM Use the SystemPerfStatistics sub command to monitor performance index for CPU, memory, and I/O modules. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
2. Select the required power operation: ● ● ● ● ● ● Power On System Power Off System NMI (Non-Masking Interrupt) Graceful Shutdown Reset System (warm boot) Power Cycle System (cold boot) 3. Click Apply. For more information, see the iDRAC Online Help. Executing power control operations using RACADM To perform power actions, use the serveraction command. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
1. In iDRAC Web interface, go to Configuration > Power Management > Power Cap Policy. The current power policy limit is displayed under the Power Cap Limits section. 2. Select Enable under Power Cap. 3. Under Power Cap Limits section, enter the power limit within recommended range in Watts and BTU/hr or the maximum % of recommended system limit. 4. Click Apply to apply the values.
Configuring power supply options using RACADM To ● ● ● ● configure the power supply options, use the following objects with the get/set command: System.Power.RedundancyPolicy System.Power.Hotspare.Enable System.Power.Hotspare.PrimaryPSU System.Power.PFC.Enable For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Configuring power supply options using iDRAC settings utility To configure the power supply options: 1.
● ● ● ● ● 4. dial in custom minimum LFM value for the 3rd Party Card allowing more accurate definition of the card cooling needs for which the user is better aware of through their custom card specification. Displays real-time system airflow metric (CFM, cubic feet per minute) in various iDRAC interfaces to the user to enable datacenter airflow balancing based on aggregation of per server CFM consumption. Allows custom thermal settings like Thermal Profiles (Maximum Performance vs.
14 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: ● Network Interface Cards (NICs) ● Converged Network Adapters (CNAs) ● LAN On Motherboards (LOMs) ● Network Daughter Cards (NDCs) ● Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and partition-l
Connection View Manually checking and troubleshooting the servers’ networking connections is unmanageable in a datacenter environment. iDRAC9 streamlines the job with iDRAC Connection View. This feature allows you to remotely check and troubleshoot network connections from the same centralized GUI that you are using for deploying, updating, monitoring, and maintaining the servers.
Possible Connection View Data Description Stale Data Last known good data, either the Network controller port link is down or the system is powered off. Use the refresh option to refresh the connection view details to get the latest data. Valid Data Displays the Valid Switch Connection ID and the Switch Port Connection ID information. Connection View Supported Network Controllers Following cards or controllers support Connection View feature.
Monitoring FC HBA devices using RACADM To view the FC HBA device information using RACADM, use the hwinventory command. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Dynamic configuration of virtual addresses, initiator, and storage target settings You can dynamically view and configure the virtual address, initiator and storage target settings, and apply a persistence policy.
Table 39.
Table 40.
Table 41.
Enabling or disabling IO Identity Optimization using RACADM To enable I/O Identity Optimization, use the command: racadm set idrac.ioidopt.IOIDOptEnable Enabled After enabling this feature, you must restart the system for the settings to take effect. To disable I/O Identity Optimization, use the command: racadm set idrac.ioidopt.IOIDOptEnable Disabled To view the I/O Identity Optimization setting, use the command: racadm get iDRAC.
NOTE: When a persistent policy is disabled and when you perform the action to lose the virtual address, re-enabling the persistent policy does not retrieve the virtual address. You must set the virtual address again after you enable the persistent policy.
Table 43. iSCSI initiator —default values (continued) iSCSI Initiator Default Values in IPv4 mode Default Values in IscsiInitiatorPrimDns 0.0.0.0 :: IscsiInitiatorIpv4PrimDns 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6PrimDns :: :: IscsiInitiatorSecDns 0.0.0.0 :: IscsiInitiatorIpv4SecDns 0.0.0.0 0.0.0.
15 Managing storage devices Beginning with iDRAC 2.00.00.00 release, iDRAC expands its agent-free management to include direct configuration of the new PERC9 controllers. It enables you to remotely configure the storage components attached to your system at run-time. These components include RAID and non-RAID controllers and the channels, ports, enclosures, and disks attached to them. For the 14th generation of PowerEdge servers, PERC 9 and PERC 10 controllers are supported.
PERC Capability CEM configuration Capable Controller (PERC 9.1 or later) CEM configuration Non-capable Controller (PERC 9.0 and lower) If there is no existing pending or scheduled jobs for the controller, then configuration is applied. If there are pending or scheduled jobs for that controller, then the jobs have to be cleared or you must wait for the jobs to be completed before applying the configuration at run-time. Run-time or real-time means, a reboot is not required.
Hardware and software RAID RAID can be implemented with either hardware or software. A system using hardware RAID has a RAID controller that implements the RAID levels and processes data reads and writes to the physical disks. When using software RAID provided by the operating system, the operating system implements the RAID levels. For this reason, using software RAID by itself can slow the system performance.
● Cost efficiency — Maintaining the redundant data or parity information associated with RAID volumes requires additional disk space. In situations where the data is temporary, easily reproduced, or non-essential, the increased cost of data redundancy may not be justified. ● Mean Time Between Failure (MTBF) — Using additional disks to maintain data redundancy also increases the chance of disk failure at any given moment.
RAID level 1 - mirroring RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks. If a physical disk fails, data can be rebuilt using the data from the other side of the mirror. RAID 1 characteristics: ● Groups n + n disks as one virtual disk with the capacity of n disks. The controllers currently supported by Storage Management allow the selection of two disks when creating a RAID 1.
RAID 5 characteristics: ● Groups n disks as one large virtual disk with a capacity of (n-1) disks. ● Redundant information (parity) is alternately stored on all disks. ● When a disk fails, the virtual disk still works, but it is operating in a degraded state. The data is reconstructed from the surviving disks. ● Better read performance, but slower write performance. ● Redundancy for protection of data.
● ● ● ● ● Redundant information (parity) is alternately stored on all disks. The virtual disk remains functional with up to two disk failures. The data is reconstructed from the surviving disks. Better read performance, but slower write performance. Increased redundancy for protection of data. Two disks per span are required for parity. RAID 6 is more expensive in terms of disk space. RAID level 50 - striping over RAID 5 sets RAID 50 is striping over more than one span of physical disks.
RAID 60 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 6 span. ● Better read performance, but slower write performance. ● Increased redundancy provides greater data protection than a RAID 50. ● Requires proportionally as much parity information as RAID 6. ● Two disks per span are required for parity.
RAID 10 characteristics: ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. Improved read performance and write performance. Redundancy for protection of data.
Table 45. RAID level performance comparison RAID Level Data Availability Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential reads: good. Transactional reads: Very good Fair, unless using writeback cache Poor N + 2 (N = at least two disks) Critical information. Databases and other read intensive transactional uses.
Summary of supported features for storage devices The following table provides the features supported by the storage devices through iDRAC. NOTE: Features such as prepare to remove and blink or unblink component LED are not applicable for HHHL PCIe SSD cards.
Feature Name PERC 10 Controllers PERC 9 Controllers H740P Mini H740P Adapter H840 Adapter H330 Mini H330 Adapte r H730P Mini Set Patrol Read Mode Real-time Real-time Real-time Realtime Realtime Real-time Realtime Realtime Not applicable Manual Patrol Read Mode Real-time Real-time Real-time Realtime Realtime Real-time Realtime Realtime Not applicable Patrol Read Unconfigured Areas Real-time Real-time Real-time Realtime (only in web interface ) Realtime (only in web interfac e)
Feature Name PERC 10 Controllers PERC 9 Controllers H730P Adapte r H740P Mini H740P Adapter H840 Adapter H330 Mini H330 Adapte r H730P Mini Blink or unblink component LEDs Real-time Real-time Real-time Realtime Realtime Real-time Realtime Realtime Real-time Switch controller mode Not applicable Not applicable Not applicable Staged Staged Staged Staged Not applicable T10PI support for Virtual Disks Not applicable Not applicable Not applicable Not Not Not applicabl applicabl app
NOTE: If the NVMe SSDs in the backplane slots support NVMe-MI commands and the I2C connection to backplane slots are fine, the iDRAC discovers these NVMe SSDs and reports them in the interfaces irrespective of the PCI connections to the respective backplane slots. For more information about the displayed properties and to use the filter options, see the iDRAC Online Help. Monitoring storage devices using RACADM To view the storage device information, use the storage command.
Global hot spares must be assigned and unassigned manually. They are not assigned to specific virtual disks. If you want to assign a hot spare to a virtual disk (it replaces any physical disk that fails in the virtual disk), then see Assigning or unassigning dedicated hot spares. When deleting virtual disks, all assigned global hot spares may be automatically unassigned when the last virtual disk associated with the controller is deleted.
● Pressing while restarting the server and selecting the required controller. NOTE: If the physical drives connected to a PERC controller are in non-RAID mode, the size of the disk displayed in the iDRAC interfaces, such as iDRAC GUI, RACADM, Redfish and WSMan, may be slightly less than the actual size of the disk. However, you can use the full capacity of the disk to deploy operating systems. NOTE: Hot plugged disks in H330 are always in non-RAID mode.
Rebuild Physical Disk Rebuild Physical Disk is the ability to reconstruct the contents of a failed disk. This is true only when auto rebuild option is set to false. If there is a redundant virtual disk, the rebuild operation can reconstruct the contents of a failed physical disk. A rebuild can take place during normal operation, but it degrades performance. Cancel Rebuild can be used to cancel a rebuild that is in progress. If you cancel a rebuild, the virtual disk remains in a degraded state.
NOTE: RAID 6 and 60 are not supported in H330. Considerations before creating virtual disks Before creating virtual disks, consider the following: ● Virtual disk names not stored on controller—The names of the virtual disks that you create are not stored on the controller. This means that if you reboot using a different operating system, the new operating system may rename the virtual disk using its own naming conventions.
Editing virtual disk cache policies You can change the read, write, or disk cache policy of a virtual disk. NOTE: Some of the controllers do not support all read or write policies. Therefore, when a policy is applied, an error message is displayed. The read policies indicate whether the controller must read sequential sectors of the virtual disk searching for data: ● Adaptive Read Ahead — The controller initiates read ahead only if the two most recent reads requests accessed sequential sectors of the disk.
Checking virtual disk consistency This operation verifies the accuracy of the redundant (parity) information. This task only applies to redundant virtual disks. When necessary, the check consistency task rebuilds the redundant data. If the virtual drive has a degraded status, running a check consistency may be able to return the virtual drive to ready status. You can perform a consistency check using the web interface or RACADM. You can also cancel the check consistency operation.
Encrypting virtual disks When encryption is disabled on a controller (that is, the security key is deleted), manually enable encryption for virtual disks created using SED drives. If the virtual disk is created after encryption is enabled on a controller, the virtual disk is automatically encrypted. It is automatically configured as an encrypted virtual disk unless the enabled encryption option is disabled during the virtual disk creation.
Raid Level Migration RAID Level Migration (RLM) refers to changing a virtual disk´s RAID level. iDRAC9 provides an option to increase the VD size using RLM. In a way, RLM allows migrating the RAID level of a virtual disk which in turn may increase the size of virtual disk. RAID level migration is the process of converting a VD with one RAID Level to another. When you migrate a VD to a different Raid Level, the user data on it is redistributed to the format of the new configuration.
● If the controller already contains the maximum number of virtual disks, you cannot perform a RAID level migration or capacity expansion on any virtual disk. ● The controller changes the write cache policy of all virtual disks undergoing a RLM/OCE to Write-Through until RLM/OCE is complete. ● Reconfiguring Virtual Disks typically impacts disk performance until the reconfiguration operation is complete. ● The total number of physical disks in a disk group cannot exceed 32.
● Initialize: Fast — Updates the metadata on the physical disks so that all the disk space is available for future write operations. The initialize option can be completed quickly because existing information on the physical disks is not erased, although future write operations overwrites any information that remains on the physical disks. ● Initialize: Full — All existing data and file systems are erased. NOTE: The Initialize: Full option is not applicable for PERC H330 controllers.
Managing controllers You can perform the following for controllers: ● Configure controller properties ● Import or auto import foreign configuration ● Clear foreign configuration ● Reset controller configuration ● Create, change, or delete security keys ● Discard preserved cache Configuring controller properties You can configure the following properties for the controller: ● Patrol read mode (auto or manual) ● Start or stop patrol read if patrol read mode is manual ● Patrol read unconfigured areas ● Check
Load balance The Load Balance property provides the ability to automatically use both controller ports or connectors connected to the same enclosure to route I/O requests. This property is available only on SAS controllers. Bgi rate On PERC controllers, background initialization of a redundant virtual disk begins automatically within 0 to 5 minutes after the virtual disk is created.
For information about the fields, see the iDRAC Online Help. 4. From the Apply Operation Mode, select when you want to apply the settings. 5. Click Apply. Based on the selected operation mode, the settings are applied. Configuring controller properties using RACADM ● To set Patrol Read Mode: racadm set storage.controller..
spare. If the physical disk was set as a dedicated hot spare on the previous controller, but the virtual disk to which the hot spare was assigned is no longer present in the foreign configuration, then the physical disk is imported as a global hot spare. If any foreign configurations locked using Local Key manager (LKM) are Detected, then import foreign configuration operation is not possible in iDRAC in this release.
Clearing foreign configuration After moving a physical disk from one controller to another, you may find that the physical disk contains all or some portion of a virtual disk (foreign configuration). You can identify whether a previously used physical disk contains a foreign configuration (virtual disk) by checking the physical disk state. If the physical disk state is Foreign, then the physical disk contains all or some portion of a virtual disk.
Resetting controller configuration using RACADM To reset the controller configuration: racadm storage resetconfig: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Switching the controller mode NOTE: Switching the controller mode is not supported for PERC 10 controllers. On PERC 9.1 controllers, you can change the personality of the controller by switching the mode from RAID to HBA.
Switching the controller mode using the iDRAC web interface To switch the controller mode, perform the following steps: 1. In the iDRAC web interface, click Storage > Overview > Controllers. 2. On the Controllers page, click Setup > Controller Mode. The Current Value column displays the current setting of the controller. 3. From the drop-down menu, select the controller mode you want to switch to, and click Apply. Reboot the system for the change to take effect.
Controller operations in non-RAID mode or HBA mode If ● ● ● the controller is in non-RAID mode (HBA mode), then: Virtual disks or hot spares are not available. Security state of the controller is disabled. All physical disks are in non-RAID mode. You can perform the following operations if the controller is in non-RAID mode: ● Blink/unblink the physical disk.
ways to connect SSDs. You can use an extender to connect the SSDs via backplane, directly connect the SSDs from backplane to mother board using slimline cable without extender, and use HHHL (Add-In) card which sits on the motherboard. NOTE: 14th generation of PowerEdge servers are supporting Industry standard NVMe-MI specification based NVMe SSDs. However, 13th generation of PowerEdge servers used to support Dell proprietary specification based SSDs.
To view PCIe extender cards: racadm storage get controllers To view PCIe SSD backplane information: racadm storage get enclosures NOTE: For all the mentioned commands, PERC devices are also displayed. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Preparing to remove PCIe SSD NOTE: This operation is not supported when PCIe SSD is configured using the S140 controller.
If the job is created successfully, a message indicating that the job ID is created for the selected controller is displayed. Click Job Queue to view the progress of the job in the Job Queue page. If pending operation is not created, an error message is displayed. If pending operation is successful and job creation is not successful, then an error message is displayed.
○ From the drop-down menu, select the type of reboot: ■ No Reboot (Manually Reboot System) ■ Graceful Shutdown ■ Force Shutdown ■ Power Cycle System (cold boot) 5. Click Apply. If the job is not created, a message indicating that the job creation was not successful is displayed. Also, the message ID and the recommended response action is displayed. If the job is created successfully, a message indicating that the job ID is created for the selected controller is displayed.
● Split mode 4:20 — One controller has access to the first 4 drives and the second controller has access to the last 20 drives. The drives connected to the first controller are numbered 0-3 while the drives connected to the second controller are numbered 4-23. ● Split mode 8:16 — One controller has access to the first 8 drives and the second controller has access to the last 16 drives.
7. Go to the Job Queue page and verify that it displays the status as Completed for the job. 8. Power cycle the system for the setting to take effect. Configuring enclosure using RACADM To configure the enclosure or backplane, use the set command with the objects in BackplaneMode. For example, to set the BackplaneMode attribute to split mode: 1. Run the following command to view the current backplane mode: racadm get storage.enclosure.1.
9. Run the following command to cold reboot the server: racadm serveraction powercycle 10. After the system completes POST and CSIOR, type the following command to verify the backplanerequestedmode: racadm get storage.enclosure.1.backplanerequestedmode The output is: BackplaneRequestedMode=None 11. Run the following to verify is the backplane mode is set to split mode: racadm get storage.enclosure.1.backplanecurrentmode The output is: BackplaneCurrentMode=SplitMode 12.
You must have Server Control privilege to modify this setting. NOTE: You cannot set the SGPIO mode using iDRAC Web interface. Setting SGPIO mode using RACADM To configure the SGPIO mode, use the set command with the objects in the SGPIOMode group. If it is set to disabled, it is I2C mode. If enabled, it is set to SGPIO mode. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
● At Next Reboot — Select this option to apply the settings during the next system reboot. ● At Scheduled Time — Select this option to apply the settings at a scheduled day and time: ○ Start Time and End Time — Click the calendar icons and select the days. From the drop-down menus, select the time. The settings are applied between the start time and end time.
○ Start Time and End Time — Click the calendar icons and select the days. From the drop-down menus, select the time. The action is applied between the start time and end time. ○ From the drop-down menu, select the type of reboot: ■ No Reboot (Manually Reboot System) ■ Graceful Shutdown ■ Force Shutdown ■ Power Cycle System (cold boot) 5. If the commit job is not created, a message indicating that the job creation was not successful is displayed.
○ Click Cancel to not create the job and remain on the page to perform more storage configuration operations. Case 3: selected add to pending operations and there are no existing pending operations If you have selected Add to Pending Operations and then clicked Apply, first the pending operation is created for the selected storage configuration operation.
● Select or deselect all physical disk drives or PCIe SSDs — Select the Select/Deselect All option and click Blink to start blinking all the physical disk drives and the PCIe SSDs. Similarly, click Unblink to stop blinking the LEDs. ● Select or deselect individual physical disk drives or PCIe SSDs — Select one or more physical disk drives and click Blink to start blinking the LEDs for the physical disk drives or the PCIe SSDs. Similarly, click Unblink to stop blinking the LEDs. 4.
16 BIOS Settings You can view multiple attributes, which are being used for a specific server under the BIOS Settings. You can modify different parameters of each attribute from this BIOS configuration setting. Once you select one attribute, it shows different parameters which are related to that specific attribute. You can modify multiple parameters of an attribute and apply changes before modifying a different attribute.
modifications. In case, the request fails to remove the BIOS attributes, it throws an error with corresponding HTTP Response Status code mapped to SMIL API error or Job Creation error. An EEMI message is generated and displayed at that point. Pending Value Configuration of a BIOS attribute via iDRAC is not applied immediately to BIOS. It requires a server reboot for the changes to take place. When you modify a BIOS attribute then Pending Value gets updated.
17 Configuring and using virtual console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: ● A maximum of six simultaneous Virtual Console sessions are supported. All the sessions view the same managed server console simultaneously.
Table 48. Supported screen resolutions and refresh rates (continued) Screen Resolution Refresh Rate (Hz) 1920x1200 60 It is recommended that you configure the monitor display resolution to 1920x1200 pixels. NOTE: If you have an active Virtual Console session and a lower resolution monitor is connected to the Virtual Console, the server console resolution may reset if the server is selected on the local console.
While launching Virtual Console using 32-bit or 64-bit IE browsers, use HTML5, or use the required plug-in (Java or ActiveX) that is available in the respective browser. The Internet Options settings are common for all browsers. While launching the Virtual Console using Java plug-in, occasionally you may see a Java compilation error. To resolve this, go to Java control panel > General > Network Settings and select Direct Connection.
NOTE: The Virtual Media viewer is launched if Virtual Console is disabled. 3. From the Tools menu, click Session Options and then Certificate tab. 4. Click Browse Path, specify the location to store the user’s certificate, click Apply, click OK, and exit from the viewer. 5. Launch Virtual Console again. 6. In the certificate warning message, select the Always trust this certificate option, and then click Continue. 7. Exit from the viewer. 8.
● Virtual Media The Pass all keystrokes to server option is not supported on HTML5 virtual console. Use keyboard and keyboard macros for all the functional keys. ● Console control — This has the following configuration options: ○ Keyboard ○ Keyboard Macros ○ Aspect Ratio ○ Touch Mode ○ Mouse Acceleration ● Keyboard — This keyboard uses open source code. The difference from physical keyboard is that the number keys are switched to special character when you the Caps Lock key is enabled.
Click Apply to apply the selected settings on the server. ● Touch Mode — The HTML5 virtual console supports the Touch Mode feature. The following configuration options are displayed as a drop-down list: ○ Direct ○ Relative Click Apply to apply the selected settings on the server. ● Mouse Acceleration — Select the mouse acceleration based on the operating system.
Option "AccelerationScheme" "lightweight". If synchronization problems continue, do the following additional change in the /.gconf/desktop/gnome/ peripherals/mouse/%gconf.xml file: Change the values for motion_threshold and motion_acceleration to -1. If you turn off mouse acceleration in GNOME desktop, in the Virtual Console viewer, go to Tools > Session Options > Mouse. Under Mouse Acceleration tab, select None.
○ Play/Pause media key ○ Start mail key ○ Select media key ○ Start Application 1 key ○ Start Application 2 key ● All the individual keys (not a combination of different keys, but a single key stroke) are always sent to the managed system. This includes all the Function keys, Shift, Alt, Ctrl key and Menu keys. Some of these keys affect both management station and managed system.
5. Use the SysRq magic key to enable the SysRq function. For example, the following command displays the memory information on the console: echo m > /proc/sysrq-trigger displays Using SSH or Telnet or external serial connector directly connecting through serial cable 1. For telnet/SSH sessions, after logging in using the iDRAC username and password, at the /admin> prompt, run the command console com2. The localhost.localdomain prompt appears. 2.
18 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, Redfish, RACADM, and WSMan.
NOTE: The installer will be available to the host operating system for 30 minutes. If you do not start the installation within 30 minutes, you must restart the Service Module installation. Installing iDRAC Service Module from iDRAC Enterprise 1. On the SupportAssist Registration wizard, click Next. 2. On the iDRAC Service Module Setup page, click Install Service Module. 3. Click Launch Virtual Console and click Continue on the security warning dialog box. 4.
iDRAC. By default, this monitoring feature is enabled. It is not disabled if OpenManage Server Administrator is installed on the host OS. In iSM version 2.0 or later, the operating system information feature is amended with the OS network interface monitoring. When iDRAC Service Module version 2.0 or later is used with iDRAC 2.00.00.00, it starts monitoring the operating system network interfaces. You can view this information using iDRAC web interface, RACADM, or WSMan.
Table 49. Examples of DCIM_account class (continued) CIM Interface WinRM WMIC PowerShell namespace root/ cimv2/dcim Get a specific instance of a class Get associated instances of an instance Get references of an instance winrm g wmi/root/ cimv2/dcim/ DCIM_Account? CreationClassName=D CIM_Account+Name=iD RAC.Embedded.1#User s.2+SystemCreationC lassName=DCIM_SPCom puterSystem+SystemN ame=systemmc wmic /namespace:\ \root\cimv2\dcim PATH dcim_account where Name="iDRAC.Embedde d.1#Users.
○ Using the local Windows Management Instrumentation (WMI): winrm i iDRACHardReset wmi/root/cimv2/dcim/DCIM_iSMService? InstanceID=”iSMExportedFunctions” ○ Using the remote WMI interface: winrm i iDRACHardReset wmi/root/cimv2/dcim/dcim_ismservice -u: p: -r: http:///wsman -a:Basic -encoding:utf-8 -skipCACheck –skipCNCheck ○ Using the Windows PowerShell script with force and without force: Invoke-iDRACHardReset –force Invoke-iDRACHardReset ○ Using the Progr
Table 50. Error Handling Result Description 4 iDRAC reset failed In-band Support for iDRAC SNMP Alerts By using iDRAC Service Module v2.3, you can receive SNMP alerts from the host operating system, which is similar to the alerts that are generated by iDRAC. You can also monitor the iDRAC SNMP alerts without configuring the iDRAC and manage the server remotely by configuring the SNMP traps and destination on the host OS. In iDRAC Service Module v2.
○ To disable this feature: Enable-iDRACSNMPTrap.sh 0 Enable-iDRACSNMPTrap.sh disable NOTE: The --force option configures the Net-SNMP to forward the traps. However, you must configure the trap destination. ● VMware ESXi operating system On all iSM supported ESXi operating systems, the iSM v2.3 supports a Common Management Programming Interface (CMPI) method provider to enable this feature remotely by using the WinRM remote commands. winrm i EnableInBandSNMPTraps http://schemas.dell.
Configuration by using iSM PowerShell cmdlet If this feature is disabled while installing iSM, you can enable the feature by using the following Windows PowerShell command provided by iSM: Enable-iDRACAccessHostRoute If the feature is already configured, you can disable or modify it by using the PowerShell command and the corresponding options. The available options are as follows: ● Status — This parameter is mandatory. The values are not case sensitive and the value can be true, false, or get.
Using iDRAC Service Module from iDRAC web interface To use the iDRAC Service Module from the iDRAC web interface: 1. Go to IDRAC Settings > Overview > iDRAC Service Module > Configure Service Module. The iDRAC Service Module Setup page is displayed. 2. You can view the following: ● Installed iDRAC Service Module version on the host operating system ● Connection status of the iDRAC Service Module with iDRAC. 3.
19 Using USB port for server management On the 14th generation servers, a dedicated micro USB port is available to configure iDRAC. You can perform the following functions using the micro USB port: ● Connect to the system using the USB network interface to access system management tools such as iDRAC web interface and RACADM. ● Configure a server by using SCP files that are stored on a USB drive.
3. Wait for the laptop to acquire IP address 169.254.0.4. It may take several seconds for the IP addresses to be acquired. iDRAC acquires the IP address 169.254.0.3. 4. Start using iDRAC network interfaces such as the web interface, RACADM, Redfish or WSMan. For example, to access the iDRAC web interface, open a supported browser, and type the address 169.254.0.3 and press enter. 5. When iDRAC is using the USB port, the LED blinks indicating activity. The blink frequency is four per second. 6.
For information about the fields, see the iDRAC Online Help. NOTE: iDRAC9 allows you to password protect the compressed file after you select Enabled only for compressed configuration files to compress the file before importing. You can enter a password to secure the file by using Password for Zip file option. 4. Click Apply to apply the settings.
Example of control.
1. Importing – When the server configuration profile is being copied from the USB device. 2. Applying — When the job is in-progress. 3. Completed — When the job has completed successfully. 4. Completed with errors — When the job has completed with errors. 5. Failed — When the job has failed. For more details, see the results file on the USB device. LED blinking behavior The USB LED indicates the status of a server-configuration profile operation being performed using the USB port.
20 Using Quick Sync 2 With Dell OpenManage Mobile running on an Android or iOS mobile device, you can easily access server directly or through OpenManage Essentials or OpenManage Enterprise (OME) console. It allows you to review server details and inventory, view LC and System Event logs, get automatic notifications on mobile device from an OME console, assign IP address and modify iDRAC password, configure key BIOS attributes, and take remediation actions as needed.
1. If enabled, you can specify a time after which the Quick Sync 2 mode is turned off. To turn on, press the activation button again. 2. If disabled, the timer does not allow you to enter a time-out period. ● Quick Sync Read Authentication — Configures to Enabled, this is the default option. ● Quick Sync WiFi — Configures to Enabled, this is the default option. You must have Server Control privilege to configure the settings. A server reboot is not required for the settings to take effect.
21 Managing virtual media Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: ● Remotely access media connected to a remote system over the network ● Install applications ● Update drivers ● Install an operating system on the managed system This is a licensed feature for rack and tower servers. It is available by default for blade servers.
Table 51. Supported drives and devices Drive Supported Storage Media Virtual Optical Drives ● ● ● ● ● Virtual floppy drives ● CD-ROM/DVD image file in the ISO9660 format ● Floppy image file in the ISO9660 format USB flash drives ● USB CD-ROM drive with CD-ROM media ● USB Key image in the ISO9660 format Legacy 1.44 floppy drive with a 1.
Table 52. Attached media state and system response Attached Media State System Response Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed. Server settings for viewing virtual devices in virtual media You must configure the following settings in the management station to allow visibility of empty drives. To do this, in Windows Explorer, from the Organize menu, click Folder and search options.
The following message is displayed: Virtual Console has been disabled. Do you want to continue using Virtual Media redirection? 3. Click OK. The Virtual Media window is displayed. 4. From the Virtual Media menu, click Map CD/DVD or Map Removable Disk. For more information, see Mapping virtual drive. NOTE: The virtual device drive letters on the managed system do not coincide with the physical drive letters on the management station.
A message is displayed warning the user that resetting the USB connection can affect all the input to the target device including Virtual Media, keyboard, and mouse. 3. Click Yes. The USB is reset. NOTE: iDRAC Virtual Media does not terminate even after you log out of iDRAC Web interface session.
Displaying correct virtual drives for mapping On a Linux-based management station, the Virtual Media Client window may display removable disks and floppy disks that are not part of the management station. To make sure that the correct virtual drives are available to map, you must enable the port setting for the connected SATA hard drive. To do this: 1. Reboot the operating system on the management station. During POST, press to enter System Setup. 2. Go to SATA settings. The port details are displayed.
● Map the local or virtual drives (CD/DVD, Floppy, or USB flash device) with the bootable media or image using the Virtual Media options ● Virtual Media is in Attached state for the virtual drives to appear in the boot sequence. To enable the boot once option and boot the managed system from the Virtual Media: 1. In the iDRAC Web interface, go to Overview > Server > Attached Media. 2. Under Virtual Media, select the Enable Boot Once and click Apply. 3. Turn on the managed system and press during boot.
22 Installing and using VMCLI utility The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network. The VMCLI utility supports the following features: ● Manage removable devices or images that are accessible through virtual media.
To ensure security, it is recommended to use the following VMCLI parameters: ● vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users. ● vmcli -r -S -u -p -c {< device-name > | < image-file >} — Indicates whether the iDRAC CA certificate is valid.
For example, under a Linux operating system, the ampersand character (&) following the command causes the program to be spawned as a new background process. This technique is useful in script programs, as it allows the script to proceed after a new process is started for the VMCLI command (otherwise, the script blocks until the VMCLI program is terminated). When multiple VMCLI sessions are started, use the operating system-specific facilities for listing and terminating processes.
23 Managing vFlash SD card The vFlash SD card is a Secure Digital (SD) card that can be ordered and installed from the factory. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. NOTE: There is no limitation of the size of SD card, you can open and replace the factory installed SD card with a higher capacity SD card.
Viewing vFlash SD card properties using RACADM To ● ● ● ● ● view the vFlash SD card properties using RACADM, use the get command with the following objects: iDRAC.vflashsd.AvailableSize iDRAC.vflashsd.Health iDRAC.vflashsd.Licensed iDRAC.vflashsd.Size iDRAC.vflashsd.WriteProtect For more information about these objects, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
The vFlash functionality is enabled or disabled based on the selection. Initializing vFlash SD card The initialize operation reformats the SD card and configures the initial vFlash system information on the card. NOTE: If the SD card is write-protected, then the Initialize option is disabled. Initializing vFlash SD card using web interface To initialize the vFlash SD card: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash.
NOTE: An administrator can perform all operations on the vFlash partitions. Else, you must have Access Virtual Media privilege to create, delete, format, attach, detach, or copy the contents for the partition.
By default, an empty partition is created as read-write. Creating a partition using an image file You can create a new partition on the vFlash SD card using an image file (available in the .img or .iso format.) The partitions are of emulation types: Floppy (.img), Hard Disk (.img), or CD (.iso). The created partition size is equal to the image file size. Before creating a partition from an image file, make sure that: ● ● ● ● ● You have Access Virtual Media privilege. The card is initialized.
Formatting a partition You can format an existing partition on the vFlash SD card based on the type of file system. The supported file system types are EXT2, EXT3, FAT16, and FAT32. You can only format partitions of type Hard Disk or Floppy, and not CD. You cannot format read-only partitions. Before creating a partition from an image file, ensure that: ● You have Access Virtual Media privilege. ● The card is initialized. ● The card is not write-protected.
● You have Access Virtual Media privileges. NOTE: By default, a read-only partition is created. Modifying a partition using web interface To modify a partition: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash > Manage. The Manage Partitions page is displayed. 2. In the Read-Only column: ● Select the checkbox for the partition(s) and click Apply to change to read-only. ● Clear the checkbox for the partition(s) and click Apply to change to read-write.
● Select the checkbox for the partition(s) and click Apply to attach the partition(s). ● Clear the checkbox for the partition(s) and click Apply to detach the partition(s). The partitions are attached or detached, based on the selections. Attaching or detaching partitions using RACADM To attach or detach partitions: 1. Log in to the system using telnet, SSH, or Serial console. 2. Use the following commands: ● To attach a partition: racadm set iDRAC.vflashpartition..
● To delete a partition: racadm vflashpartition delete -i 1 ● To delete all partitions, re-initialize the vFlash SD card. Downloading partition contents You can download the contents of a vFlash partition in the .img or .iso format to the: ● Managed system (where iDRAC is operated from) ● Network location mapped to a management station. Before downloading the partition contents, make sure that: ● You have Access Virtual Media privileges. ● The vFlash functionality is enabled.
24 Using SMCLP The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation.
Table 55.
Table 55.
Navigating the map address space Objects that can be managed with SM-CLP are represented by targets arranged in a hierarchical space called the Manageability Access Point (MAP) address space. An address path specifies the path from the root of the address space to an object in the address space. The root target is represented by a slash (/) or a backslash (\). It is the default starting point when you log in to iDRAC. Navigate down from the root using the cd verb. NOTE: The slash (/) and backslash (\) are i
● Map target navigation on page 286 Server power management The following examples show how to use SMCLP to perform power management operations on a managed system.
Commands: cd show help exit version ● To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.
25 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: ● Remote File Share ● Console Topics: • • • Deploying operating system using remote file share Deploying operating system using virtual media Deploying embedded operating system on SD card Deploying operating system using remote file share Before you deploy the operating system using Remote File Share (RFS), make sure that: ● Configure User and Access Virtual Media privileges for iDRA
NOTE: ● CIFS supports both IPv4 and IPv6 addresses and NFS supports only IPv4 address. ● If you are using CIFS and are part of an Active Directory domain, enter the domain name with the IP address in the image file path. ● If you want to access a file from an NFS share, configure the following share permissions. These permissions are required because iDRAC interfaces run in non-root mode. ○ Linux: Ensure that the share permissions are set to at least Read for the Others account.
For SLES, the CD device is /dev/sr0 and the floppy device is /dev/sdc. To make sure that the correct device is used (for either SLES or RHEL), when you connect the virtual device, on the Linux OS you must immediately run the command: tail /var/log/messages | grep SCSI This displays the text that identifies the device (example, SCSI device sdc). This procedure also applies to Virtual Media when you are using Linux distributions in runlevel init 3. By default, the virtual media is not auto-mounted in init 3.
2. Insert the next CD/DVD into the remote optical drive. 3. Remap the CD/DVD drive. Deploying embedded operating system on SD card To install an embedded hypervisor on an SD card: 1. Insert the two SD cards in the Internal Dual SD Module (IDSDM) slots on the system. 2. Enable SD module and redundancy (if required) in BIOS. 3. Verify if the SD card is available on one of the drives when you during boot. 4. Deploy the embedded operating system and follow the operating system installation instructions.
26 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: ● Diagnostic console ● Post code ● Boot and crash capture videos ● Last system crash screen ● System event logs ● Lifecycle logs ● Front panel status ● Trouble indicators ● System health Topics: • • • • • • • • • • • • Using diagnostic console Viewing post codes Viewing boot and crash capture videos Viewing logs Viewing last system crash screen Viewing System status Hardware trouble indicators Vi
● Click Reset iDRAC to Default Settings to reset the iDRAC to the default settings. After you click Reset iDRAC to Default Settings,Reset iDRAC to factory default window is displayed. This action reset the iDRAC to the factory defaults. Chose any of the following options: a. Discard all settings, but preserve user and network settings. b. Discard all settings and reset the default username to root and password to the shipping value (root/shipping value). c.
Viewing post codes Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from power-on-reset, and allows you to diagnose any faults related to system boot-up. The Post Codes page displays the last system post code prior to booting the operating system. To view the Post Codes, go to Maintenance > Troubleshooting > Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code.
Viewing last system crash screen The last crash screen feature captures a screenshot of the most recent system crash, saves, and displays it in iDRAC. This is a licensed feature. To view the last crash screen: 1. Make sure that the last system crash screen feature is enabled. 2. In iDRAC Web interface, go to Overview > Server > Troubleshooting > Last Crash Screen. The Last Crash Screen page displays the last saved crash screen from the managed system. Click Clear to delete the last crash screen.
● Solid amber — Managed system is in failsafe mode. ● Blinking amber — Errors present on managed system. When the system is operating normally (indicated by blue Health icon on the LED front panel), then both Hide Error and UnHide Error is grayed-out. You can hide or unhide the errors only for rack and tower servers. To view system ID LED status using RACADM, use the getled command. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
Restarting iDRAC You can perform a hard or soft iDRAC restart without turning off the server: ● Hard restart — On the server, press and hold the LED button for 15 seconds. ● Soft restart — Using iDRAC Web interface or RACADM. Resetting iDRAC using iDRAC web interface To restart iDRAC, do one of the following in the iDRAC Web interface: ● Go to Maintenance > Diagnostics. Click Reset iDRAC. Resetting iDRAC using RACADM To restart iDRAC, use the racreset command.
For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. NOTE: The Dell tech center link appears on the iDRAC GUI on Dell branded systems. If you erase system data by using WSMan command and want the link to appear again, reboot the host manually and wait for CSIOR to run. NOTE: After you run System Erase, the VDs may still appear. Run CSIOR after System Erase is completed and iDRAC is rebooted.
27 SupportAssist Integration in iDRAC SupportAssist allows you to create SupportAssist collections and utilize other SupportAssist features to monitor your system and datacenter. iDRAC provides an application interfaces for gathering platform information that enables support services to resolve platform and system problems.
End user license agreement After providing all the required information, you need to accept the End User License Agreement (EULA) to complete the registration process. You have the option to print the EULA for further references. You can cancel and terminate the registration process at any point of time. Installing Service Module In order to register and use SupportAssist, you must have iDRAC Service Module (iSM) installed in the system.
The SupportAssist Collection is generated in the standard ZIP format. The collection may contain the following information: ● Hardware inventory for all components (includes system component configuration and firmware details, Motherboard System Event Logs, iDRAC state information and Lifecycle Controller logs). ● Operating system and application information. ● Storage Controller logs. ● iDRAC Debug Logs. ● It contains an HTML5 viewer, that can be accessed once the collection is complete.
Settings This page allows you to configure the collection log settings, and if registered, you can update the contact details, enable or disable email notifications, and change the language settings. Collection Settings You can save the collections to a preferred network location. Use Set Archive Directory to set the network location. You can save the collections to a preferred network location. Use Set Archive Directory to set the network location.
28 Frequently asked questions This section lists the frequently asked questions for the following: ● System Event Log ● Network security ● Active Directory ● Single Sign On ● Smart card login ● Virtual console ● Virtual media ● vFlash SD card ● SNMP authentication ● Storage devices ● iDRAC Service Module ● RACADM ● Miscellaneous Topics: • • • • • • • • • • • • • • System Event Log Network security Active Directory Single Sign-On Smart card login Virtual console Virtual media vFlash SD card SNMP authentica
Network security While accessing the iDRAC Web interface, a security warning appears stating that the SSL certificate issued by the Certificate Authority (CA) is not trusted. iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. This certificate is not issued by a trusted CA. To resolve this, upload a iDRAC server certificate issued by a trusted CA (for example, Microsoft Certificate Authority, Thawte or Verisign).
Certificate Authority (CA) certificate has been uploaded to iDRAC. Please also check if the iDRAC date is within the valid period of the certificates and if the Domain Controller Address configured in iDRAC matches the subject of the Directory Server Certificate. If certificate validation is enabled, when iDRAC establishes the SSL connection with the directory server, iDRAC uses the uploaded CA certificate to verify the directory server certificate.
of that group. When trying to log in to iDRAC using the user present in the child domain, Active Directory Single Sign-On login fails. This may be because of the an incorrect group type. There are two kinds of Group types in the Active Directory server: ● Security — Security groups allow you to manage user and computer access to shared resources and to filter group policy settings. ● Distribution — Distribution groups are intended to be used only as email distribution lists.
The normal Active Directory Smart Card login normally takes less than 10 seconds, however it may take up to four minutes if you have specified the preferred DNS server and the alternate DNS server in the Network page, and the preferred DNS server has failed. DNS time-outs are expected when a DNS server is down. iDRAC logs you in using the alternate DNS server. ActiveX plug-in unable to detect the Smart Card reader. Make sure that the smart card is supported on the Microsoft Windows operating system.
Why does the mouse not synchronize under the Linux text console in Lifecycle Controller? Virtual Console requires the USB mouse driver, but the USB mouse driver is available only under the X-Window operating system. In the Virtual Console viewer, do any of the following: ● Go to Tools > Session Options > Mouse tab. Under Mouse Acceleration, select Linux. ● Under the Tools menu, select Single Cursor option.
The Dell BIOS is emulating the mouse driver as a PS/2 mouse. By design, the PS/2 mouse uses relative position for the mouse pointer, which causes the lag in syncing. iDRAC has a USB mouse driver that allows absolute position and closer tracking of the mouse pointer. Even if iDRAC passes the USB absolute mouse position to the Dell BIOS, the BIOS emulation converts it back to relative position and the behavior remains. To fix this problem, set the mouse mode to USC/Diags in the Configuration screen.
If you are installing the Windows operating system using the Dell Systems Management Tools and Documentation DVD and the network connection is slow, the installation procedure may require an extended amount of time to access iDRAC web interface due to network latency. The installation window does not indicate the installation progress. How to configure the virtual device as a bootable device? On the managed system, access BIOS Setup and go to the boot menu.
where: /dev/sdx is the device name found in step 4 and /mnt/floppy is the mount point. Why are the virtual drives attached to the server removed after performing a remote firmware update using the iDRAC web interface? Firmware updates cause the iDRAC to reset, drop the remote connection, and unmount the virtual drives. The drives reappear when iDRAC reset is complete.
To prevent SNMP authentication errors from being generated, you must enter community names that are accepted by the agent. Since the iDRAC only allows one community name, you must use the same get and set community name for IT Assistant discovery setup. Storage devices Information for all the storage devices connected to the system are not displayed and OpenManage Storage Management displays more storage devices that iDRAC.
Table 56. Example of a routing order Destination Gateway Genmask Flags Metric Ref Use Iface link-local 0.0.0.0 255.255.255.0 U 0 0 0 em1 link-local 0.0.0.0 255.255.255.0 U 0 0 0 enp0s20u12u3 In the example enp0s20u12u3 is the USB NIC interface. The link-local destination mask is repeated and the USB NIC is not the first one in the order. This results in the connectivity issue between iDRAC Service Module and iDRAC over the OS to iDRAC Pass-through.
RACADM After performing an iDRAC reset (using the racadm racreset command), if any command is issued, the following message is displayed. What does this indicate? ERROR: Unable to connect to RAC at specified IP address The message indicates that you must wait until the iDRAC completes the reset before issuing another command. When using RACADM commands and subcommands, some errors are not clear.
Miscellaneous When an OS is installed, hostname may or may not appear/change automatically. There are two scenarios: ● Scenario 1: iDRAC is not showing the latest hostname once you install an OS. You need to install OMSA or iSM along with the iDRAC to get the hostname reflected. ● Scenario 2: iDRAC had a hostname for a specific OS and another different OS has been installed and still the hostname is appearing as the old hostname without overwriting the hostname.
Current IP Address Current Subnet Mask Current Gateway Speed Duplex = = = = = 10.35.155.151 255.255.255.0 10.35.155.1 Autonegotiate Autonegotiate NOTE: You can also perform this using remote RACADM. For more information on CMC RACADM commands, see the Chassis Management Controller RACADM CLI Guide available at https://www.dell.com/cmcmanuals. For more information on iDRAC RACADM commands, see the iDRAC RACADM CLI Guide available at https://www.dell.com/ idracmanuals.
When attempting to boot the managed server, the power indicator is green, but there is no POST or no video. This happens due to any of the following conditions: ● Memory is not installed or is inaccessible. ● CPU is not installed or is inaccessible ● Video riser card is missing or not connected properly. Also, see error messages in iDRAC log using iDRAC web interface or from the server LCD.
29 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
● In iDRAC Web interface, go to Overview > Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan. ● You can also configure the chassis locator LED and based on the color, assess the system health. ● If iDRAC Service Module is installed, the operating system host information is displayed. Setting up alerts and configuring email alerts To set up alerts and configure email alerts: 1. Enable alerts. 2.
● Configuring active directory users ● Configuring generic LDAP users Launching servers remote console and mounting a USB drive To launch the remote console and mount a USB drive: 1. Connect a USB flash drive (with the required image) to the management station. 2. Use the following method to launch virtual console through the iDRAC Web Interface: ● Go to Dashboard > Virtual Console and click Launch Virtual Console. The Virtual Console Viewer is displayed. 3.
5. Import the SCP file to iDRAC.
