Dell EMC OpenManage Server Administrator Version 9.3.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction................................................................................................................................. 6 Installation...............................................................................................................................................................................6 What is new in this release.............................................................................................................................................
System Tree................................................................................................................................................................... 27 Action Window...............................................................................................................................................................28 Data Area......................................................................................................................................................
8 Troubleshooting......................................................................................................................... 62 Login Failure Scenarios....................................................................................................................................................... 62 Fixing A Faulty Server Administrator Installation On Supported Windows Operating Systems................................62 Server Administrator services........................................
1 Introduction Server Administrator provides a comprehensive, one-to-one systems management solution in two ways: from an integrated, web browserbased graphical user interface (GUI) and from a command line interface (CLI) through the operating system. Server Administrator enables system administrators to manage systems locally and remotely on a network. It enables system administrators to focus on managing their entire network by providing comprehensive one-to-one systems management.
• • ESXi 6.7 U2 operating system supports the yx3x and yx4x generation of PowerEdge servers. • ESXi 6.7 U3 operating system supports the yx3x, yx4x, and yx5x generation of PowerEdge servers. Support for the following platforms: • • PowerEdge R6525. • PowerEdge C6525. Support for the following browsers: • • Google Chrome - 75 • Safari - 12.
Remote Access Controller The Remote Access Controller provides a complete remote system management solution for systems equipped with the Baseboard Management Controller (BMC)/Integrated Dell Remote Access Controller (iDRAC) solution. The Remote Access Controller provides remote access to an inoperable system, allowing you to get the system up and running as quickly as possible.
Server Administrator Home Page The Server Administrator home page provides easy-to-set up and easy-to-use Web browser-based system management tasks from the managed system or from a remote host through a LAN, dial-up service, or wireless network. When the Systems Management Server Administrator Connection Service (DSM SA Connection Service) is installed and configured on the managed system, you can perform remote management functions from any system that has a supported Web browser and connection.
Accessing documents from the Dell EMC support site You can access the required documents using the following links: • • • • • • • • For Dell EMC Enterprise Systems Management documents — www.dell.com/SoftwareSecurityManuals For Dell EMC OpenManage documents — www.dell.com/OpenManageManuals For Dell EMC Remote Enterprise Systems Management documents — www.dell.com/esmmanuals For iDRAC documents — www.dell.com/idracmanuals For Dell EMC OpenManage Connections Enterprise Systems Management documents — www.
2 Setup And Administration Server Administrator provides security through role- based access control (RBAC), authentication, and encryption for both the Webbased and command line interfaces. Topics: • • • • Role-Based Access Control Authentication Encryption Assigning User Privileges Role-Based Access Control RBAC manages security by determining the operations that can be executed by persons in particular roles.
Service User Privilege Level Required Remote Access User, Power User, Administrator, Elevated Administrator Administrator, Elevated Administrator Storage Management User, Power User, Administrator, Elevated Administrator Administrator, Elevated Administrator Authentication The Server Administrator authentication scheme ensures that the correct access types are assigned to the correct user privileges.
NOTE: For instructions on assigning user privileges for each supported operating system, see your operating system documentation. NOTE: To add users to OpenManage software, add new users to the operating system. You do not have to create new users from within the OpenManage software. Adding users to a domain on Windows operating systems NOTE: You must have Microsoft Active Directory installed on your system to perform the following procedures.
NOTE: Set root as the primary group. 2. Type passwd and press . 3. When prompted, enter a password for the new user. NOTE: Assign a password to every user account that can access Server Administrator to protect access to your critical system components. The new user can now log in to Server Administrator with Power User group privileges. Editing Server Administrator user privileges on Linux operating systems NOTE: You must be logged in as root or an equivalent user. 1.
• Server Administrator uses the default operating system user privileges, if: • • a user is degraded in the omarolemap file • there are duplicate entries of user names or user groups along with same You can also use Space as a delimiter for columns instead of [Tab]. Creating Server Administrator Users For VMware ESXi 6.X To add a user to the Users table: 1. Log in to the host using the vSphere Client. 2. Click the Users & Groups tab and click Users. 3.
• • • Configuring the SNMP Agent On Systems Running Supported SUSE Linux Enterprise Server Configuring the SNMP Agent on Systems Running Supported VMware ESXi 5.X and ESXi 6.X Operating Systems Configuring the SNMP Agent on Systems Running Supported Ubuntu Server Configuring the SNMP agent on systems running supported Windows operating systems Server Administrator uses the SNMP services provided by the Windows SNMP agent.
b) To add a trap destination for a trap community, select the community name from the Community Name drop-down box and click Add under the Trap Destinations box. The SNMP Service Configuration window appears. c) In the Host name, IP or IPX address box, type the trap destination, Add. The SNMP Service Properties window appears. 6. Click OK to save the changes.
3. Edit this line, replacing public with the new SNMP community name. When edited, the new line should read: com2sec publicsec default community_name or com2sec notConfigUser default community_name. 4. To enable SNMP configuration changes, restart the SNMP agent by typing: systemctl restart snmpd . Configuring Your System To Send Traps To A Management Station Server Administrator generates SNMP traps in response to changes in the status of sensors and other monitored parameters.
To change the default SNMP community name used for retrieving management information from a system running Server Administrator: 1. Open the SNMP agent configuration file, /etc/snmp/snmpd.conf. 2. Find the line that reads: rocommunity public 127.0.0.1. 3. Edit this line by replacing public with the new SNMP community name. When edited, the new line should read: rocommunity community_name 127.0.0.1. 4. To enable SNMP configuration changes, restart the SNMP agent by typing: systemctl restart snmpd .
Configuring Your System To Send Traps To A Management Station Server Administrator generates SNMP traps in response to changes in the status of sensors and other monitored parameters. One or more trap destinations must be configured on the system running Server Administrator for SNMP traps to be sent to a management station. To configure your ESXi system running Server Administrator to send traps to a management station: 1. Install the VMware vSphere CLI. 2.
6. Press to select OK and press The Firewall Configuration screen appears. 7. Press to select OK and press The Choose a Tool menu appears. 8. Press to select Quit and press . Firewall Configuration To open the SNMP port on SUSE Linux Enterprise Server: 1. Configure SuSEfirewall2 by running the following command on a console: a.# yast2 firewall 2. Use the arrow keys to navigate to Allowed Services. 3. Press to open the Additional Allowed Ports dialog box. 4.
3 Using Server Administrator To start a Server Administrator session, double-click the Server Administrator icon on your desktop. The Server Administrator Log in screen is displayed. The default port for Server Administrator is 1311. You can change the port, if required. For instructions on setting up your system preferences, see Systems Management Server Administration Connection Service and Security Setup.
NOTE: If you have provided the system name or FQDN, the Server Administrator Web Server host converts the system name or FQDN to the IP address of the managed system. You can also connect by providing the port number of the managed system in the following format: Hostname:Port number, or IP address:Port number. 3. If you are using an Intranet connection, select Ignore Certificate Warnings. 4. Select Active Directory Login to log in using Microsoft Active Directory authentication.
Using The Active Directory Login You should select Active Directory Login to log in using the Dell Extended Schema Solution in Active Directory. This solution enables you to provide access to Server Administrator; allowing you to add/control Server Administrator users and privileges to existing users in your Active Directory software. For more information, see "Using Microsoft Active Directory" in the Server Administrator Installation Guide at dell.com/openmanagemanuals.
7. Click OK to save the new settings. 8. Close the browser and log in to Server Administrator. Enabling Single Sign-On For Server Administrator On Internet Explorer To allow Single Sign-On for Server Administrator without prompts for user credentials: 1. In your Web browser, click Tools > Internet Options > Security 2. Under Select a zone to view or change security settings, click Trusted Sites, and then click Sites. 3.
GUI Field Name Applicable System System Non-modular system Main System Chassis Non-modular system The following figure shows a sample Server Administrator home page layout for a user logged in with administrator privileges on a nonmodular system. Figure 1. Sample Server Administrator home page — Non-Modular System The following figure shows a sample Server Administrator home page layout for a user logged in with administrator privileges on a modular system. Figure 2.
Server Administrator user interface differences across modular and non-modular systems The following table lists the availability of Server Administrator features across modular and non-modular systems. Table 8.
> System/Server Module, the major categories of system/server module components that may appear are Main System Chassis/ Main System, Software, and Storage. To expand a branch of the tree, click the plus sign ( expanded entry that cannot be expanded further. ) to the left of an object, or double-click the object. A minus sign ( ) indicates an Action Window When you click an item on the system tree, details about the component or object appear in the data area of the action window.
• • • Clicking Refresh ( ) reloads the system component status information in the action window data area. Clicking Save As saves an HTML file of the action window in a .zip file. Clicking Clear Log erases all events from the log displayed in the action window data area. • Clicking Help ( ) provides detailed information about the specific window or task button you are viewing. NOTE: The Export, E-mail, and Save As buttons are only visible for users logged in with Power User or Administrator privileges.
• The action window displays the available settings and preferences for the managed system or the Server Administrator Web Server. Managed system preferences When you log in to a remote system, the preferences home page defaults to the Node Configuration window under the Preferences tab. Click the Server Administrator object to enable or disable access to users with User or Power User privileges.
Set up your user preferences: 1. Click Preferences on the global navigation bar. The Preferences home page is displayed. 2. Click General Settings. 3. To add a preselected email recipient, type the email address of your designated service contact in the Mail To: field, and click Apply. NOTE: Click E-mail ( ) in any window to send an e-mail message with an attached HTML file of the window to the designated email address.
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA NOTE: If an incorrect cipher value is set and the connection service fails to start, use the CLI command prompt or manually set the valid ciph
• • either from the instructions on the Certificate Signing Request (CSR) page or by copying the entire text in the text box on the CSR page and pasting it in the CA submit form. The text must be in the Base64–encoded format. NOTE: You also have an option to view the certificate information and export the certificate that is being used in the Base64–encoded format, which can be imported by other web services.
You can download the required version of Tomcat web server package and run the utility from a command prompt. Download the Tomcat web server core distribution package from tomcat.apache.org. The distribution package must be a .zip or .tar.gz file; Windows installer wrapper packages are not supported. To update web server, browse to the wsupdate folder and then run the following command: • • On Windows: omwsupdate.bat [SysMgt folder path] [apache-tomcat.zip/.tar.gz file path] On Linux: omwsupdate.
4 Server Administrator services Server Administrator Instrumentation Service monitors the health of a system and provides rapid access to detailed fault and performance information gathered by industry-standard systems management agents. The reporting and viewing features allow retrieval of the overall health status for each chassis that includes your system. At the subsystem level, you can view information about the voltages, temperatures, fan rpm, and memory function at key points in the system.
If Storage Management Service is installed, depending on the controller and storage attached to the system, the Storage tree object expands to display various objects. For detailed information on the Storage Management Service component, see the Storage Management User's Guide at dell.com/ openmanagemanuals. Server Administrator Home Page System Tree Objects This section provides information about the objects in the System tree on the Server Administrator's home page.
following tabs, depending on the user's group privileges: Licensing, Properties, Shutdown, Logs, Alert Management, and Session Management Licensing Subtabs: Information | Licensing Under the Licensing sub tab, you can: • • Set preferences to use Integrated Dell Remote Access Controller (iDRAC) to import, export, delete, or replace the digital license of the hardware. View details of the device used.
when the log file reaches 80 percent capacity. On PowerEdge 11G systems, the status indicator icon next to the log name changes to • • critical status ( ) when the log file reaches 100 percent capacity. NOTE: Enabling the feature Automatic Backup and Clear ESM Log Entries allows you to create an automatic backup of ESM Logs. This feature is available only on 10th generation and 11th generation of PowerEdge servers.
The available components are: • Batteries • BIOS • Fans • Firmware • Hardware Performance • Intrusion • Memory • Network • Ports • Power Management • Power Supplies • Processors • Remote Access • Removable Flash Media • Slots • Temperatures • Voltages NOTE: The Power Supplies option is not available in PowerEdge 1900. Power Supply Monitoring and Power Monitoring features are available only for systems that have two or more redundant, hot-swappable power supplies installed.
Monitoring and Power Monitoring features are available only for systems that have two or more redundant, hotswappable powers supplies installed. These features are unavailable for permanently installed, nonredundant power supplies that lack power management circuitry.
On the 12th generation PowerEdge and later systems, the configurable BIOS features are grouped as specific categories. The categories include Debug Menu, System Information, Memory Settings, Processor Settings, SATA Settings, Boot Settings, Boot Option Settings, One-Time Boot, Network Settings, Integrated Devices, Slot Disablement, Serial Communication, System Profile Settings, System Security, and Miscellaneous Settings.
Subtab: Fan Probes Under the Properties tab, you can: • View the current readings for your system's fan probes and configure minimum and maximum values for fan probe warning threshold. NOTE: Some fan probe fields differ according to the type of firmware your system has, such as BMC or ESM. Some threshold values are not editable on BMC-based systems. • Select fan control options.
• • View the current alert actions settings and set the alert actions that you want to be performed in case the intrusion sensor or drive bay returns a warning or failure value. View the current SNMP trap alert thresholds and set the alert threshold levels for the intrusion sensor. The selected traps are triggered if the system generates a corresponding event at the selected severity level. Memory Click the Memory object to manage your system's memory devices.
NOTE: In the IPv6 Addresses section, Server Administrator displays only two addresses, in addition to the link-local address. NOTE: On systems running Linux operating systems with kernel versions earlier than 3.10, Team Interface speed is not displayed. Ports Click the Ports object to manage your system's external ports. Server Administrator monitors the status of each external port present in your system. NOTE: CMC USB ports attached with blade servers are not enumerated by Server Administrator.
Properties Subtab: Elements Under the Properties tab, you can: • • • View information about your power supply redundancy attributes. Check the status of individual power supply elements, including the Firmware Version of the power supply, and Maximum Output Wattage. Check the status of individual power supply elements, including the Firmware Version of the power supply, Rated Input Wattage, and Maximum Output Wattage. The Rated Input Wattage attribute is displayed only on PMBus systems starting 11G.
Subtabs: LAN | Serial Port | Serial Over LAN | Additional Configuration Configuration Under the Configuration tab when BMC/iDRAC is configured, you can configure the BMC/iDRAC on a LAN, serial port for BMC/iDRAC, and BMC/iDRAC on a serial over LAN connection. NOTE: The Additional configuration tab is available only on systems with iDRAC. Under the Configuration tab, when DRAC is configured, you can configure network properties.
NOTE: Some temperature probe fields differ according to the type of firmware your system has such as BMC or ESM. Some threshold values are not editable on BMC-based systems. When assigning probe threshold values, Server Administrator sometimes rounds the minimum or maximum values you enter to the closest assignable value.
The Storage Management Service provides features for configuring storage devices. In most cases, the Storage Management Service is installed using Typical Setup. The Storage Management Service is available on Microsoft Windows, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server operating systems. When the Storage Management Service is installed, click the Storage object to view the status and settings for various attached array storage devices, system disks, and so on.
5 Server Administrator logs Server Administrator allows you to view and manage hardware, alert, and command logs. All users can access logs and print reports from either the Server Administrator home page or from its command line interface. Users must be logged in with Administrator privileges to clear logs or must be logged in with Administrator or Power User privileges to email logs to their designated service contact.
Hardware log On the 11th generation PowerEdge systems, use the hardware log to look for potential problems with your system's hardware ) when the log file reaches 100 percent capacity. There are components. The hardware log status indicator changes to critical status ( two available hardware logs, depending on your system: the Embedded System Management (ESM) log and the System Event Log (SEL).
NOTE: OMSA may send duplicate SNMP traps or log duplicate events in the Alert Log page or in the operating system log file. The duplicate traps and events are logged either when OMSA services are manually restarted or when the device sensor still indicates a non-normal state when OMSA services starts after an operating system reboot. For detailed information about alert messages, see the Server Administrator Messages Reference Guide at dell.com/ openmanagemanuals.
6 Working with remote access controller The systems baseboard management controller (BMC)/Integrated Dell Remote Access Controller (iDRAC) monitors the system for critical events by communicating with various sensors on the system board and sends alerts and log events when certain parameters exceed their preset thresholds. The BMC/iDRAC supports the industry-standard Intelligent Platform Management Interface (IPMI) specification, enabling you to configure, monitor, and recover systems remotely.
• • • Additional Configuration For iDRAC Configuring Remote Access Device Users Setting Platform Event Filter Alerts You can view BMC/iDRAC or DRAC information based on which hardware is providing the remote access capabilities for the system. The reporting and configuration of BMC/iDRAC and DRAC can also be managed using the omreport/omconfig chassis remoteaccess command-line interface (CLI) command.
Configuring The Remote Access Device To Use A LAN Connection To configure the remote access device for communication over a LAN connection: 1. Click the Modular Enclosure > System/Server Module > Main System Chassis/Main System > Remote Access object. 2. Click the Configuration tab. 3. Click LAN. The LAN Configuration window appears. NOTE: BMC/iDRAC management traffic does not function properly if the LAN on motherboard (LOM) is teamed with any network adapter add-in-cards. 4.
• • • • • • • IP Address Source IP Address Prefix Length Default Gateway DNS Address Source Preferred DNS Server Alternate DNS Server NOTE: You can configure the IPv4 and IPv6 address details only if you enable the IPv4 and IPv6 properties under Additional Configuration. 8. Click Apply Changes. Configuring The Remote Access Device To Use A Serial Port Connection To configure the BMC for communication over a serial port connection: 1.
• • • Enable Serial Over LAN Baud Rate Minimum Privilege Required 5. Click Apply Changes. 6. Click Advanced Settings to further configure BMC. 7. In the Serial Over LAN Configuration Advanced Settings window, you may configure the following information: • • Character Accumulate Interval Character Send Threshold 8. Click Apply Changes. 9. Click Go Back to Serial Over LAN Configuration to return to the Serial Over LAN Configuration window.
1. Click the System object. 2. Click the Alert Management tab. 3. Click Platform Events. The Platform Events window allows you to take individual action on specific platform events. You can select those events for which you want to take shutdown actions and generate alerts for selected actions. You can also send alerts to specific IP address destinations of your choice. NOTE: You must be logged in with Administrator privileges to configure the BMC PEF Alerts.
NOTE: On 12G systems with iDRAC7 specific versions, you can set Platform Event Destination as IPv4, IPv6, or FQDN. 5. Enter a value in the Community String field to act as a password to authenticate messages sent between a management station and a managed system. The community string (also called the community name) is sent in every packet between the management station and a managed system. 6. Click Apply. 7. Click Go Back to Platform Events Page to go back to the Platform Event Filters window.
7 Setting Alert Actions Setting Alert Actions For Systems Running Supported Red Hat Enterprise Linux And SUSE Linux Enterprise Server Operating Systems When you set alert actions for an event, you can specify the action to display an alert on the server. To perform this action, Server Administrator sends a message to /dev/console. If the Server Administrator system is running an X Window System, the messsage is not displayed.
Enabling the Interactive Service Detection 8. Open Services.msc. 9. Navigate to Interactive Service Detection. 10. Right-click Interactive Service Detection and then click Properties. 11. In the General tab, change the Startup Type to Automatic and click Apply. 12. In Service Status click Start. Allowing the service to interact 13. Navigate to DSM SA Data Manager, right-click and then click Properties. 14. In the Logon tab, enable Allow service to interact with desktopand click Apply. 15. Click OK.
Event Description Removable Flash Media Absent The removable flash media is removed. Removable Flash Media Failure The removable flash media is pending a failure condition. Removable Flash Media Warning The removable flash media pending a failure condition. Internal Dual SD Module Card Critical The internal dual SD module card has failed. Internal Dual SD Module Card Warning The internal dual SD module card is pending a failure condition.
8 Troubleshooting Connection Service Failure On Red Hat Enterprise Linux, when SELinux is set to enforced mode, the Systems Management Server Administrator (SM SA) Connection service fails to start. Perform one of the following steps and start this service: • • Set SELinux to Disabled mode or to Permissivemode. Change the SELinux allow_execstack property to ON state. Run the following command: • setsebool allow_execstack on Change the security context for the SM SA connection service.
2. Download the installation package for that version from support.dell.com. 3. Locate SysMgmt.msi in the srvadmin\windows\SystemsManagement directory. 4. Type the following command at the command prompt to force a reinstall msiexec /i SysMgmt.msi REINSTALL=ALL REINSTALLMODE=vamus 5. Select Custom Setup and choose all the features that were originally installed. If you are not sure which features were installed, select all features and perform the installation.
Service Name Description Impact of Failure SM SA Event Manager (Windows) Linux: dsm_sa_eventmgrd (hosted under dataeng service) (This service runs on the managed system. Provides operating system and file event logging service for systems management and is also used by event log analyzers. If this service is stopped, Restart the service event logging features do not function properly Warning Linux: dsm_sa_snmpd (hosted under dataeng service) (This service runs on the managed system.
9 Frequently Asked Questions This section lists the frequently asked questions about Server Administrator. NOTE: The following questions are not specific to this release of Server Administrator. 1. What is the minimum permission level required to install Server Administrator? To install Server Administrator, you must have Administrator level privileges. Power Users and Users do not have permission to install Server Administrator. 2.
9. Does an Underscore character in the domain name cause Server Admin login issues? Yes, an underscore character in the domain name is invalid. All other special characters (except the hyphen) are invalid too. Use casesensitive alphabets and numerals only. 10. How does selecting/deselecting 'Active Directory' on the login page of Server Administrator impact privilege levels? If you do not select the Active Directory check box, you will only have access that is configured in the Microsoft Active Directory.
