iDRAC Service Module - iDRAC Access via Host Operating System This White Paper provides information about the usage and troubleshooting of iDRAC Access via Host Operating System feature in iDRAC Service Module v2.3 or later.
Revisions Date Description July 2016 Initial release December 2016 Revised for iDRAC Service Module release 2.4.0 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Table of contents Revisions ............................................................................................................................................................................................. 2 Executive summary .......................................................................................................................................................................... 4 1 Initial Installation .............................................................................
Executive summary The Dell Integrated Remote Access Controller (iDRAC) Service Module is a lightweight systems management application installed on a physical Host operating system (OS) of a managed server. iDRAC Service Module works as a system management application for Dell’s Out of Band (OOB) system management processor such as the iDRAC. Installing iDRAC Service Module v2.3 or later allows you to access iDRAC remotely through the host OS without configuring the iDRAC explicitly.
5 SNMP traps (unless iDRAC Service Module is supporting this via “Receive SNMP Trap from OS” feature). Email notifications. WSMAN eventing. iDRAC Auto update. The iDRAC OS-to-iDRAC Passthru over USBNIC being a 10Mbps channel, iDRAC Access via Host OS may incur delays to operations requiring high bandwidth; such as LC updates. Console iDRAC integration (OME/OMPC/Tejas etc..) is not supported over iDRAC Access via Host OS in this release. Only IPV4 addresses are supported.
1 Initial Installation This feature will be disabled on a typical or default iDRAC Service Module installation. The user should perform a custom install and enable this feature explicitly to be able to configure and use the same. The Microsoft IP Helper Services should be running for this feature to function. Enabling this feature will expect a port number using which user can connect to iDRAC. From 2.4.
2 iDRAC Access via Microsoft Windows Operating Systems If the feature is enabled using the custom install from the msi; then an entry into the Network Address Translation rules is created which can be viewed using the following command. 1266 will be set as the default listening port number if user has not modified. netsh interface portproxy show all Listen on ipv4: Connect to ipv4: Address Address Port Port --------------- ---------- --------------- ---------* 1266 169.254.0.
The firewall rule indicates the port number used during the installation time or user modified port number using the iDRAC Service Module provided interfaces. To access the iDRAC GUI, use the following format in the browser: https://:1266/login.html Where: Host-name is the complete host-name of the server host OS where iDRAC Service Module is installed and configured for iDRAC access via OS. In the absence of hostname, the OS IP address can be used.
The available options are: 1. Status: The values are not case sensitive. This parameter is mandatory. Values Range {TRUE, FALSE} 2. Port: This is the port number and is similar to what user is prompted for during iDRAC Service Module installation. This parameter is mandatory, if the previous parameter “Status” is TRUE. If the Status value is FALSE; then the rest of the parameters can be ignored.
3 iDRAC Access via Linux Operating Systems Upon adding a valid listen port number; iSM will add DNAT and SNAT rules which will redirect the connections on the user configured listening port to iDRAC. If the listen port number is not specified, then iSM shall configure this feature using the IANA granted port number “1266.” There is an additional NAT rule added in the PREROUTING Chain to block the incoming connections on the listening port.
NOTE1: If value is 0, the parameters , is not required. NOTE2: If value is 1, then the is Mandatory. parameters are optional. NOTE3: Currently, only IPV4 addresses are supported for this feature. Examples 1. To disable the feature: [root@MyDevBox bin]# /opt/dell/srvadmin/iSM/bin/Enable-iDRACAccessHostRoute 0 iDRAC access via Host OS feature configuration has been disabled.
Chain PREROUTING (policy ACCEPT) target prot opt source destination RETURN tcp -- anywhere anywhere DNAT tcp -- 10.11.0.0/16 anywhere Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT tcp -- anywhere 169.254.0.1 tcp dpt:5678 tcp dpt:5678 to:169.254.0.1:443 tcp dpt:https to:169.254.0.2 4. Starting iSM v2.4.0, user can get the present status of this feature configuration.
4 Troubleshooting and Recovery 4.1 Failure to access iDRAC via Host OS due to Iptables holding the lock in Linux OS Symptoms While trying to access iDRAC page via Host OS, it fails to connect to iDRAC page and throws the error “The site can’t be reached.” Reason When executing, Iptables acquires an internal lock and if multiple iptables commands are run simultaneously, one of the commands might fail as the other command had acquired the lock already.
4.3 Failure to access iDRAC via Host OS due to a Firewall rule that is configured by some other application to block the listen port Symptoms While trying to access iDRAC page through Host OS, it fails to connect to iDRAC page and throws the error “The site can’t be reached.” Reason There are scenarios where there is other firewall rules from other applications that has blocked the listen port that is configured for iDRAC Access via Host OS.
4.7 Failure to access iDRAC via Host OS due to iDRAC Network Security Settings Symptoms While trying to access iDRAC page via Host OS, it fails to connect to iDRAC page and displays the error “The site can’t be reached.” Reason After a successful first time configuration of "iDRAC Access via Host OS" using the iDRAC Service Module webpack; the iDRAC interfaces may not be reachable due to default NetworkSecurity settings in iDRAC irrespective of whether default NetworkSecurity settings is enabled or not.
iptables -A OS2iDRAC -p tcp -d 169.254.0.1 --dport 443 -j ACCEPT iptables -A OS2iDRAC -p tcp -i idrac -s 169.254.0.1 -j ACCEPT (By Default, the iDRAC USBNIC IP is 169.254.0.1, iDRAC Secure Port is 443). The iDRAC USBNIC IP and iDRAC Secure Port details can be obtained from the file /opt/dell/srvadmin/iSM/etc/ini/dcos2idrac.ini as mentioned below. connect_address=169.254.0.1 connect_port=443 4.
“The site can’t be reached.” Reason The Microsoft Windows service “IP Helper” is required for this feature to function. Ensure this service is running on your Managed Node, where iDRAC Service Module is installed. Recovery Action If the “IP Helper” service is stopped, start the “IP Helper” service on the Managed Node where iDRAC Service Module is installed. 4.